BBOT 3.0 - blazed_elijah

[TheTechromancer]

Summary

BBOT 3.0 "blazed_elijah" contains changes needed to store BBOT data in a persistent database. The idea is to release it alongside BBOT server, a tiny CLI-only database. This will be paired with a series of blog posts showing how BBOT server can be used on the command line to script out bug bounty hunting, threat intel, and ASM (i.e. running scheduled scans, exporting to CSV, diffing results over time, etc.).

Together, BBOT 3.0 and BBOT server will give us a solid foundation to build a bunch of other useful tooling, like asset inventory. Sometime in the future, it may also be useful to frontend.

Breaking changes

1. .data and .data_json event fields

The main breaking change in BBOT 3.0 is that the name of the .data field is different based on whether it's a str or dict.

• .data: string
• .data_json: dictionary

The siem_friendly option has been removed, since BBOT data is now SIEM-friendly by default.

2. Changes to vulnerabilities

The VULNERABILITY event type has been removed in favor of FINDING, which now has several improvements:

• A name field which holds a generic description common to all findings of the same type. This makes it easier to collapse and categorize them.
• A confidence field
• A severity field

Features

• Shodan Enterprise Module  #2939 by @Control-Punk-Delete and @xxixo
• New Module: MongoDB Output #1992
• New Module: Elastic Output #2010
• New Module: RabbitMQ Output #2013
• New Module: Kafka Output #2011
• New Module: ZeroMQ Output #2015
• New Module: NATS Output #2017

Potential changes

• Can "internal" and "omitted" events be merged? #1592

[codecov]

Codecov Report

❌ Patch coverage is 89.37812% with 234 lines in your changes missing coverage. Please review.
✅ Project coverage is 92%. Comparing base (9007f51) to head (4219861).

Files with missing lines	Patch %	Lines
...ot/test/benchmarks/test_event_memory_benchmarks.py	19%	52 Missing ⚠️
bbot/modules/shodan_enterprise.py	83%	14 Missing ⚠️
bbot/modules/base.py	62%	13 Missing ⚠️
bbot/modules/kreuzberg.py	46%	13 Missing ⚠️
bbot/scanner/scanner.py	87%	12 Missing ⚠️
.../test_step_2/module_tests/test_module_lightfuzz.py	92%	12 Missing ⚠️
bbot/constants.py	71%	11 Missing ⚠️
bbot/core/helpers/interactsh.py	58%	11 Missing ⚠️
bbot/core/helpers/depsinstaller/installer.py	62%	10 Missing ⚠️
bbot/modules/output/nats.py	80%	7 Missing ⚠️
... and 25 more

Additional details and impacted files

@@           Coverage Diff           @@
##             dev   #2007     +/-   ##
=======================================
- Coverage     92%     92%     -0%     
=======================================
  Files        416     438     +22     
  Lines      34690   36026   +1336     
=======================================
+ Hits       31644   32810   +1166     
- Misses      3046    3216    +170     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.