BBOT 3.0 - blazed_elijah

[TheTechromancer]

Summary

BBOT 3.0 "blazed_elijah" contains changes needed to store BBOT data in a persistent database. The idea is to release it alongside BBOT server, a tiny CLI-only database. This will be paired with a series of blog posts showing how BBOT server can be used on the command line to script out bug bounty hunting, threat intel, and ASM (i.e. running scheduled scans, exporting to CSV, diffing results over time, etc.).

Together, BBOT 3.0 and BBOT server will give us a solid foundation to build a bunch of other useful tooling, like asset inventory. Sometime in the future, it may also be useful to frontend.

Breaking changes

1. .data and .data_json event fields

The main breaking change in BBOT 3.0 is that the name of the .data field is different based on whether it's a str or dict.

• .data: string
• .data_json: dictionary

The siem_friendly option has been removed, since BBOT data is now SIEM-friendly by default.

2. Changes to vulnerabilities

The VULNERABILITY event type has been removed in favor of FINDING, which now has several improvements:

• A name field which holds a generic description common to all findings of the same type. This makes it easier to collapse and categorize them.
• A confidence field
• A severity field

Features

• https://github.com/blacklanternsecurity/bbot/pull/1992
• https://github.com/blacklanternsecurity/bbot/pull/2010
• https://github.com/blacklanternsecurity/bbot/pull/2013
• https://github.com/blacklanternsecurity/bbot/pull/2011
• https://github.com/blacklanternsecurity/bbot/pull/2015
• https://github.com/blacklanternsecurity/bbot/pull/2017

Potential changes

• https://github.com/blacklanternsecurity/bbot/issues/1592

[codecov[bot]]

Codecov Report

:x: Patch coverage is 91.72474% with 95 lines in your changes missing coverage. Please review. :white_check_mark: Project coverage is 92%. Comparing base (66de321) to head (da75243).

Files with missing lines	Patch %	Lines
bbot/modules/base.py	37%	14 Missing :warning:
bbot/constants.py	71%	11 Missing :warning:
bbot/scanner/scanner.py	85%	11 Missing :warning:
bbot/modules/output/nats.py	80%	7 Missing :warning:
bbot/models/pydantic.py	94%	6 Missing :warning:
bbot/modules/output/mongo.py	90%	6 Missing :warning:
bbot/core/event/base.py	89%	5 Missing :warning:
bbot/modules/internal/excavate.py	80%	5 Missing :warning:
bbot/core/config/logger.py	20%	4 Missing :warning:
bbot/modules/output/zeromq.py	88%	4 Missing :warning:
... and 10 more

Additional details and impacted files

@@          Coverage Diff           @@
##             dev   #2007    +/-   ##
======================================
- Coverage     92%     92%    -0%     
======================================
  Files        410     426    +16     
  Lines      33933   34632   +699     
======================================
+ Hits       30982   31599   +617     
- Misses      2951    3033    +82     

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:

• :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions[bot]]

📊 Performance Benchmark Report

Comparing dev (baseline) vs 3.0 (current)

📈 Detailed Results (All Benchmarks)

📋 Complete results for all benchmarks - includes both significant and insignificant changes

🧪 Test Name	📏 Base	📏 Current	📈 Change	🎯 Status
Bloom Filter Dns Mutation Tracking Performance	4.23ms	4.20ms	-0.5% ⚪	✅
Bloom Filter Large Scale Dns Brute Force	17.74ms	17.78ms	+0.2% ⚪	✅
Large Closest Match Lookup	358.24ms	352.35ms	-1.6% ⚪	✅
Realistic Closest Match Workload	194.68ms	192.60ms	-1.1% ⚪	✅
Event Validation Full Scan Startup Small Batch	445.46ms	470.62ms	+5.6% ⚪	✅
Event Validation Full Scan Startup Large Batch	793.67ms	812.09ms	+2.3% ⚪	✅
Make Event Autodetection Small	31.19ms	31.21ms	+0.1% ⚪	✅
Make Event Autodetection Large	318.93ms	318.31ms	-0.2% ⚪	✅
Make Event Explicit Types	14.02ms	13.90ms	-0.9% ⚪	✅
Excavate Single Thread Small	4.013s	4.029s	+0.4% ⚪	✅
Excavate Single Thread Large	9.522s	9.465s	-0.6% ⚪	✅
Excavate Parallel Tasks Small	4.156s	4.144s	-0.3% ⚪	✅
Excavate Parallel Tasks Large	7.067s	7.065s	-0.0% ⚪	✅
Is Ip Performance	3.21ms	3.23ms	+0.6% ⚪	✅
Make Ip Type Performance	11.48ms	11.65ms	+1.5% ⚪	✅
Mixed Ip Operations	4.48ms	4.58ms	+2.3% ⚪	✅
Typical Queue Shuffle	61.61µs	63.49µs	+3.0% ⚪	✅
Priority Queue Shuffle	701.63µs	724.52µs	+3.3% ⚪	✅

🎯 Performance Summary

✅ No significant performance changes detected (all changes <10%)

---

🐍 Python Version 3.11.14

[liquidsec]

@TheTechromancer we should now add to the list of breaking changes, the removal of vulnerability event type and the addition of severity and confidence as attributes on finding types