Skip to content

BBOT 3.0 - blazed_elijah#2007

Open
TheTechromancer wants to merge 349 commits intodevfrom
3.0
Open

BBOT 3.0 - blazed_elijah#2007
TheTechromancer wants to merge 349 commits intodevfrom
3.0

Conversation

@TheTechromancer
Copy link
Collaborator

@TheTechromancer TheTechromancer commented Nov 22, 2024
edited
Loading

Summary

BBOT 3.0 "blazed_elijah" contains changes needed to store BBOT data in a persistent database. The idea is to release it alongside BBOT server, a tiny CLI-only database. This will be paired with a series of blog posts showing how BBOT server can be used on the command line to script out bug bounty hunting, threat intel, and ASM (i.e. running scheduled scans, exporting to CSV, diffing results over time, etc.).

Together, BBOT 3.0 and BBOT server will give us a solid foundation to build a bunch of other useful tooling, like asset inventory. Sometime in the future, it may also be useful to frontend.

Breaking changes

1. .data and .data_json event fields

The main breaking change in BBOT 3.0 is that the name of the .data field is different based on whether it's a str or dict.

  • .data: string
  • .data_json: dictionary

The siem_friendly option has been removed, since BBOT data is now SIEM-friendly by default.

2. Changes to vulnerabilities

The VULNERABILITY event type has been removed in favor of FINDING, which now has several improvements:

  • A name field which holds a generic description common to all findings of the same type. This makes it easier to collapse and categorize them.
  • A confidence field
  • A severity field

Features

Potential changes

@TheTechromancer TheTechromancer changed the base branch from stable to dev November 22, 2024 01:58
@TheTechromancer TheTechromancer self-assigned this Nov 22, 2024
@codecov
Copy link

codecov bot commented Nov 22, 2024
edited
Loading

Codecov Report

❌ Patch coverage is 92.20415% with 139 lines in your changes missing coverage. Please review.
✅ Project coverage is 92%. Comparing base (9007f51) to head (389b8aa).

Files with missing lines Patch % Lines
bbot/modules/shodan_enterprise.py 83% 14 Missing ⚠️
bbot/modules/base.py 62% 13 Missing ⚠️
bbot/modules/kreuzberg.py 46% 13 Missing ⚠️
bbot/constants.py 71% 11 Missing ⚠️
bbot/scanner/scanner.py 87% 11 Missing ⚠️
bbot/core/helpers/depsinstaller/installer.py 62% 10 Missing ⚠️
bbot/modules/output/nats.py 80% 7 Missing ⚠️
bbot/core/event/base.py 88% 6 Missing ⚠️
bbot/models/pydantic.py 94% 6 Missing ⚠️
bbot/modules/internal/excavate.py 78% 6 Missing ⚠️
... and 16 more
Additional details and impacted files 
@@          Coverage Diff           @@
##             dev   #2007    +/-   ##
======================================
- Coverage     92%     92%    -0%     
======================================
  Files        416     436    +20     
  Lines      34690   35642   +952     
======================================
+ Hits       31644   32504   +860     
- Misses      3046    3138    +92

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@TheTechromancer TheTechromancer force-pushed the 3.0 branch 2 times, most recently from 5cb7f10 to 1a36dae Compare November 25, 2024 15:29
@liquidsec
Fix install_core_deps running ansible on every test invocation
5537ce4 
openssl_dev_headers is not a real binary, so which() always fails,
causing the full ansible playbook + ansible-galaxy collection install
to run every time (~15s). Added _core_dep_satisfied() to check for
the actual header file instead. Also deferred ansible/tldextract/sudo
setup to only run when there's actually something to install.

Reduces single module test time from ~17s to ~2s.
@liquidsec
fix benchmark report: uv.lock conflict, duplicate comments, broken fo…
2a3900d 
…rmatting

- git clean before branch checkout to prevent uv.lock conflicts when
  switching between Poetry/UV branches
- refactor comment posting so both success and failure paths search for
  existing comments before creating new ones
- fix fallback message using template literal instead of .join('\\n')
  which produced literal \n characters instead of newlines
@liquidsec
fix lint: remove extraneous f-string prefix
081586d
@liquidsec
Merge pull request #2932 from blacklanternsecurity/fix-benchmarks-3-0
5098cef 
Fix benchmark report: uv.lock conflict, duplicate comments, broken formatting
@liquidsec
Merge pull request #2931 from blacklanternsecurity/fix-core-deps-cache
38d90f2 
Fix install_core_deps running ansible on every test invocation
@liquidsec
Fix community.general collection install skipped when core deps alrea…
86fb46d 
…dy satisfied
liquidsec and others added 22 commits February 27, 2026 22:37
@liquidsec
Fix omitted event types leaking to console output
7707229
@Control-Punk-Delete
module shodan_enterpris unit test added
4daf95d
@xxixo
shodan_enterprise module unit test fix
ca389fc
@xxixo
Remove debug log
7e5d62e
@liquidsec
Move always_emit check after _omit clause and add tests
bafc1ef
@liquidsec
Fix formatting
80c92c8
@liquidsec
Merge pull request #2934 from blacklanternsecurity/fix-omit-events
610c3f4 
Fix omitted event types leaking to console output
@TheTechromancer
use API instead of python library, add in_scope_only option, warnings
692cb85
@TheTechromancer
Merge branch '3.0' into stable
691285e
@TheTechromancer
fix tests for 3.0
f8e11a6
@TheTechromancer
ruffed
48f44c1
@liquidsec
Fix double-parsing of targets in BBOTTarget init
6fdb2fd
@liquidsec
Merge branch '3.0' into fix-target-double-parsing
0da987c
@TheTechromancer
Merge pull request #2940 from blacklanternsecurity/fix-target-double-…
cc18e37 
…parsing

Fix double-parsing of targets in BBOTTarget init
@TheTechromancer
merge dev
a93b378
@TheTechromancer
agents.md
3a48e1e
@TheTechromancer
remove slop
a7a25fd
@TheTechromancer
Merge pull request #2941 from blacklanternsecurity/agents-md
ec4094e 
AGENTS.md
@liquidsec
Fix lightfuzz crash on non-ASCII parameter values in is_base64()
7aed19a
@TheTechromancer
Merge pull request #2939 from Control-Punk-Delete/stable
f6ae3a1 
Shodan Enterprise Module
@liquidsec
Fix excavate crash when jQuery parameter extraction fails JSON parsing
389b8aa
@liquidsec
Fix lightfuzz crash when additional_param_value is None in crypto sub…
1d633cc 
…module
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@liquidsec liquidsec liquidsec approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

@TheTechromancer TheTechromancer

Labels

None yet

Projects

None yet

Milestone

BBOT 3.0 - blazed_elijah

Development

Successfully merging this pull request may close these issues.

4 participants

@TheTechromancer @liquidsec @xxixo @Control-Punk-Delete