blacklanternsecurity
diff --git a/‎AGENTS.md‎
Lines changed: 9 additions & 7 deletions b/‎AGENTS.md‎
Lines changed: 9 additions & 7 deletions
diff --git a/‎README.md‎
Lines changed: 15 additions & 15 deletions b/‎README.md‎
Lines changed: 15 additions & 15 deletions
diff --git a/‎bbot/cli.py‎
Lines changed: 18 additions & 10 deletions b/‎bbot/cli.py‎
Lines changed: 18 additions & 10 deletions
@@ -191,7 +191,7 @@ from bbot.modules.base import BaseModule
 class my_module(BaseModule):
     watched_events = ["DNS_NAME"]
     produced_events = ["EMAIL_ADDRESS"]
-    flags = ["passive", "safe", "email-enum"]
+    flags = ["passive", "email-enum"]
     meta = {
         "description": "Query example.com for email addresses",
         "created_date": "2025-01-01",
@@ -275,21 +275,23 @@ produced_events = ["OPEN_TCP_PORT"]
 ```
 
 ##### `flags` (list)
-Tags that describe the module's behavior. Must include at least one safety flag (`safe` or `aggressive`) and one activity flag (`passive` or `active`).
+Tags that describe the module's behavior. Must include at least one activity flag (`passive` or `active`). Must also include `safe`, `loud`, or `invasive` (or a combination of `loud` and `invasive`).
 
 Common flags:
 - `passive` / `active` - whether the module touches the target directly
-- `safe` / `aggressive` - risk level
+- `safe` - non-intrusive and non-destructive
+- `loud` - generates a large amount of network traffic
+- `invasive` - intrusive or potentially destructive
 - `subdomain-enum` - participates in subdomain enumeration
-- `web-basic` - basic web scanning
+- `web` - basic web scanning
 - `email-enum` - email discovery
 
 ```python
 # crt.py - queries a third-party API, never touches the target
-flags = ["subdomain-enum", "passive", "safe"]
+flags = ["subdomain-enum", "passive"]
 
 # sslcert.py - connects directly to target ports
-flags = ["affiliates", "subdomain-enum", "email-enum", "active", "safe", "web-basic"]
+flags = ["affiliates", "subdomain-enum", "email-enum", "active", "web"]
 ```
 
 ##### `meta` (dict)
@@ -797,7 +799,7 @@ from bbot.modules.templates.subdomain_enum import subdomain_enum
 
 
 class crt(subdomain_enum):
-    flags = ["subdomain-enum", "passive", "safe"]
+    flags = ["subdomain-enum", "passive"]
     watched_events = ["DNS_NAME"]
     produced_events = ["DNS_NAME"]
     meta = {
 
@@ -144,16 +144,16 @@ output_modules:
 
 ```bash
 # run a light web scan against www.evilcorp.com
-bbot -t www.evilcorp.com -p web-basic
+bbot -t www.evilcorp.com -p web
 
 # run a heavy web scan against www.evilcorp.com
-bbot -t www.evilcorp.com -p web-thorough
+bbot -t www.evilcorp.com -p web-heavy
 ```
 
-<!-- BBOT WEB-BASIC PRESET EXPANDABLE -->
+<!-- BBOT WEB PRESET EXPANDABLE -->
 
 <details>
-<summary><b><code>web-basic.yml</code></b></summary>
+<summary><b><code>web.yml</code></b></summary>
 
 ```yaml
 description: Quick web scan
@@ -162,43 +162,43 @@ include:
   - iis-shortnames
 
 flags:
-  - web-basic
+  - web
 
 ```
 
 </details>
 
-<!-- END BBOT WEB-BASIC PRESET EXPANDABLE -->
+<!-- END BBOT WEB PRESET EXPANDABLE -->
 
-<!-- BBOT WEB-THOROUGH PRESET EXPANDABLE -->
+<!-- BBOT WEB-HEAVY PRESET EXPANDABLE -->
 
 <details>
-<summary><b><code>web-thorough.yml</code></b></summary>
+<summary><b><code>web-heavy.yml</code></b></summary>
 
 ```yaml
 description: Aggressive web scan
 
 include:
-  # include the web-basic preset
-  - web-basic
+  # include the web preset
+  - web
 
 flags:
-  - web-thorough
+  - web-heavy
 
 ```
 
 </details>
 
-<!-- END BBOT WEB-THOROUGH PRESET EXPANDABLE -->
+<!-- END BBOT WEB-HEAVY PRESET EXPANDABLE -->
 
 ### 5) Everything Everywhere All at Once
 
 ```bash
 # everything everywhere all at once
-bbot -t evilcorp.com -p kitchen-sink --allow-deadly
+bbot -t evilcorp.com -p kitchen-sink
 
 # roughly equivalent to:
-bbot -t evilcorp.com -p subdomain-enum cloud-enum code-enum email-enum spider web-basic paramminer dirbust-light web-screenshots --allow-deadly
+bbot -t evilcorp.com -p subdomain-enum cloud-enum code-enum email-enum spider web paramminer dirbust-light web-screenshots
 ```
 
 <!-- BBOT KITCHEN-SINK PRESET EXPANDABLE -->
@@ -215,7 +215,7 @@ include:
   - code-enum
   - email-enum
   - spider
-  - web-basic
+  - web
   - paramminer
   - dirbust-light
   - web-screenshots
 
@@ -168,16 +168,6 @@ async def _main():
             sys.exit(0)
             return
 
-        # deadly modules (no scan required yet)
-        deadly_modules = [
-            m for m in baked_preset.scan_modules if "deadly" in baked_preset.preloaded_module(m).get("flags", [])
-        ]
-        if deadly_modules and not options.allow_deadly:
-            log.hugewarning(f"You enabled the following deadly modules: {','.join(deadly_modules)}")
-            log.hugewarning("Deadly modules are highly intrusive")
-            log.hugewarning("Please specify --allow-deadly to continue")
-            return False
-
         try:
             scan = Scanner(preset=baked_preset)
         except (PresetAbortError, ValidationError) as e:
@@ -241,6 +231,24 @@ async def _main():
                                     f'YOUR TARGET CONTAINS A CLOUD DOMAIN: "{event.host}". You\'re in for a wild ride!'
                                 )
 
+                # warn about loud/invasive modules
+                loud_modules = []
+                invasive_modules = []
+                for m in scan.preset.scan_modules:
+                    flags = scan.preset.preloaded_module(m).get("flags", [])
+                    if "loud" in flags:
+                        loud_modules.append(m)
+                    if "invasive" in flags:
+                        invasive_modules.append(m)
+                if loud_modules:
+                    log.hugewarning(
+                        f"LOUD modules enabled: {','.join(loud_modules)}. These generate a lot of traffic. To exclude, use -ef loud"
+                    )
+                if invasive_modules:
+                    log.hugewarning(
+                        f"INVASIVE modules enabled: {','.join(invasive_modules)}. These may be intrusive or destructive. To exclude, use -ef invasive"
+                    )
+
                 if not options.yes:
                     log.hugesuccess(f"Scan ready. Press enter to execute {scan.name}")
                     input()