From daf59f7f036522d066f5c0e527f66dfa989bbe92 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Mon, 13 Apr 2026 15:04:25 -0400 Subject: [PATCH 1/4] Remove noisy debug logging from paramminer and HttpCompare diff --- bbot/core/helpers/diff.py | 9 --------- bbot/modules/paramminer_headers.py | 6 ------ 2 files changed, 15 deletions(-) diff --git a/bbot/core/helpers/diff.py b/bbot/core/helpers/diff.py index 64c1b1e6a5..98a173a1c7 100644 --- a/bbot/core/helpers/diff.py +++ b/bbot/core/helpers/diff.py @@ -98,7 +98,6 @@ async def _baseline(self): baseline_1_json = xmltodict.parse(baseline_1.text) baseline_2_json = xmltodict.parse(baseline_2.text) except ExpatError: - log.debug(f"Can't HTML parse for {self.baseline_url}. Switching to text parsing as a backup") baseline_1_json = baseline_1.text.split("\n") baseline_2_json = baseline_2.text.split("\n") @@ -139,7 +138,6 @@ def compare_headers(self, headers_1, headers_2): for header, value in list(headers.items()): if header.lower() in self.baseline_ignore_headers: with suppress(KeyError): - log.debug(f'found ignored header "{header}" in headers_{i + 1} and removed') del headers[header] ddiff = DeepDiff(headers_1, headers_2, ignore_order=True, view="tree", threshold_to_diff_deeper=0) @@ -237,25 +235,18 @@ async def compare( subject_json = xmltodict.parse(subject_response.text) except ExpatError: - log.debug(f"Can't HTML parse for {subject.split('?')[0]}. Switching to text parsing as a backup") subject_json = subject_response.text.split("\n") diff_reasons = [] if self.baseline.status_code != subject_response.status_code: - log.debug( - f"status code was different [{str(self.baseline.status_code)}] -> [{str(subject_response.status_code)}], no match" - ) diff_reasons.append("code") different_headers = self.compare_headers(self.baseline.headers, subject_response.headers) if different_headers: - log.debug("headers were different, no match") diff_reasons.append("header") if self.compare_body(self.baseline_json, subject_json) is False: - log.debug("difference in HTML body, no match") - diff_reasons.append("body") if not diff_reasons: diff --git a/bbot/modules/paramminer_headers.py b/bbot/modules/paramminer_headers.py index ae573abadf..cdd91b8057 100644 --- a/bbot/modules/paramminer_headers.py +++ b/bbot/modules/paramminer_headers.py @@ -169,7 +169,6 @@ async def handle_event(self, event): if self.config.get("skip_boring_words", True) and parameter_name in self.boring_words: return if parameter_name not in self.wl: # Ensure it's not already in the wordlist - self.debug(f"Adding {parameter_name} to wordlist") self.extracted_words_master.add(parameter_name) elif event.type == "HTTP_RESPONSE": @@ -224,7 +223,6 @@ def gen_count_args(self, url): async def binary_search(self, compare_helper, url, group, reasons=None, reflection=False): if reasons is None: reasons = [] - self.debug(f"Entering recursive binary_search with {len(group):,} sized group") if len(group) == 1 and len(reasons) > 0: yield group[0], reasons, reflection elif len(group) > 1 or (len(group) == 1 and len(reasons) == 0): @@ -233,10 +231,6 @@ async def binary_search(self, compare_helper, url, group, reasons=None, reflecti if match is False: async for r in self.binary_search(compare_helper, url, group_slice, reasons, reflection): yield r - else: - self.debug( - f"binary_search() failed to start with group of size {str(len(group))} and {str(len(reasons))} length reasons" - ) async def check_batch(self, compare_helper, url, header_list): rand = self.rand_string() From fdf93642cbbd5df27c7b8dade6d6353147f2d278 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Mon, 13 Apr 2026 15:22:45 -0400 Subject: [PATCH 2/4] Reduce debug logging noise in event handling, paramminer, HttpCompare, serial, telerik --- bbot/modules/base.py | 6 +----- bbot/modules/lightfuzz/submodules/serial.py | 6 ------ bbot/modules/paramminer_headers.py | 1 + bbot/modules/telerik.py | 1 - 4 files changed, 2 insertions(+), 12 deletions(-) diff --git a/bbot/modules/base.py b/bbot/modules/base.py index d7356bd809..177ff56731 100644 --- a/bbot/modules/base.py +++ b/bbot/modules/base.py @@ -661,7 +661,6 @@ async def _events_waiting(self, batch_size=None): break try: event = self.incoming_event_queue.get_nowait() - self.debug(f"Got {event} from {getattr(event, 'module', 'unknown_module')}") acceptable, reason = await self._event_postcheck(event) if acceptable: if event.type == "FINISHED": @@ -766,7 +765,6 @@ async def _worker(self): break except asyncio.queues.QueueEmpty: continue - self.debug(f"Got {event} from {getattr(event, 'module', 'unknown_module')}") try: async with self._task_counter.count(f"event_postcheck({event})"): acceptable, reason = await self._event_postcheck(event) @@ -781,13 +779,12 @@ async def _worker(self): else: context = f"{self.name}.handle_event({event})" self.scan.stats.event_consumed(event, self) - self.debug(f"Handling {event}") + self.debug(f"Handling {event} from {getattr(event, 'module', 'unknown_module')}") try: await self.run_task(self.handle_event(event), context) except asyncio.CancelledError: self.debug(f"{context} was cancelled") continue - self.debug(f"Finished handling {event}") else: self.debug(f"Not accepting {event} because {reason}") finally: @@ -940,7 +937,6 @@ async def _event_postcheck_inner(self, event): if not filter_result: return False, msg - self.debug(f"{event} passed post-check") return True, "" def _scope_distance_check(self, event): diff --git a/bbot/modules/lightfuzz/submodules/serial.py b/bbot/modules/lightfuzz/submodules/serial.py index 508fe98ab9..148215f249 100644 --- a/bbot/modules/lightfuzz/submodules/serial.py +++ b/bbot/modules/lightfuzz/submodules/serial.py @@ -142,11 +142,8 @@ async def fuzz(self): continue if matches_baseline: - self.debug(f"Payload {payload_type} matches baseline, skipping") continue - self.debug(f"Probe result for {payload_type}: {response}") - status_code = getattr(response, "status_code", 0) if status_code == 0: continue @@ -159,8 +156,6 @@ async def fuzz(self): self.debug(f"Status code {status_code} not in (200, 500), skipping") continue - # if the status code changed to 200, and the response doesn't match our general error exclusions, we have a finding - self.debug(f"Potential finding detected for {payload_type}, needs confirmation") if ( status_code == 200 and "code" in diff_reasons @@ -199,7 +194,6 @@ def get_title(text): # if the first case doesn't match, we check for a telltale error string like "java.io.optionaldataexception" in the response. # but only if the response is a 500, or a 200 with a body diff elif status_code == 500 or (status_code == 200 and diff_reasons == ["body"]): - self.debug(f"500 status code or body match for {payload_type}") for serialization_error in serialization_errors: # check for the error string, but also ensure the error string isn't just always present in the response if ( diff --git a/bbot/modules/paramminer_headers.py b/bbot/modules/paramminer_headers.py index cdd91b8057..166a70976e 100644 --- a/bbot/modules/paramminer_headers.py +++ b/bbot/modules/paramminer_headers.py @@ -223,6 +223,7 @@ def gen_count_args(self, url): async def binary_search(self, compare_helper, url, group, reasons=None, reflection=False): if reasons is None: reasons = [] + self.debug(f"Entering recursive binary_search with {len(group):,} sized group for URL [{url}]") if len(group) == 1 and len(reasons) > 0: yield group[0], reasons, reflection elif len(group) > 1 or (len(group) == 1 and len(reasons) == 0): diff --git a/bbot/modules/telerik.py b/bbot/modules/telerik.py index 493117fc7d..e742ce9b6b 100644 --- a/bbot/modules/telerik.py +++ b/bbot/modules/telerik.py @@ -258,7 +258,6 @@ async def handle_event(self, event): if base_url not in self.RAUConfirmed: self.RAUConfirmed.append(base_url) root_tool_path = self.scan.helpers.tools_dir / "telerik" - self.debug(root_tool_path) for version in self.telerikVersions: command = [ From c33ad4ef8b459bafcad30a7bfb32d25ab528b75f Mon Sep 17 00:00:00 2001 From: liquidsec Date: Mon, 13 Apr 2026 15:31:56 -0400 Subject: [PATCH 3/4] Remove intercept pipeline and output queueing debug noise --- bbot/modules/base.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/bbot/modules/base.py b/bbot/modules/base.py index 177ff56731..2e61ce4b33 100644 --- a/bbot/modules/base.py +++ b/bbot/modules/base.py @@ -1020,11 +1020,7 @@ async def queue_event(self, event): return acceptable, reason = self._event_precheck(event) if not acceptable: - if reason and reason != "its type is not in watched_events": - self.debug(f"Not queueing {event} because {reason}") return - else: - self.debug(f"Queueing {event} because {reason}") try: self.incoming_event_queue.put_nowait(event) event._module_consumers += 1 @@ -1858,12 +1854,10 @@ async def _worker(self): async with self._task_counter.count(f"event_precheck({event})"): precheck_pass, reason = self._event_precheck(event) if not precheck_pass: - self.debug(f"Not intercepting {event} because precheck failed ({reason})") acceptable = False async with self._task_counter.count(f"event_postcheck({event})"): postcheck_pass, reason = await self._event_postcheck(event) if not postcheck_pass: - self.debug(f"Not intercepting {event} because postcheck failed ({reason})") acceptable = False # whether to pass the event on to the rest of the scan @@ -1887,7 +1881,6 @@ async def _worker(self): self.debug(f"Not forwarding {event} because {forward_event_reason}") continue - self.debug(f"Forwarding {event}") await self.forward_event(event, kwargs) except asyncio.CancelledError: From c1579cac5d86d43573a2c0385b8e54359797d344 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Mon, 13 Apr 2026 15:38:11 -0400 Subject: [PATCH 4/4] Log paramminer binary_search entry only on top-level call --- bbot/modules/paramminer_headers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbot/modules/paramminer_headers.py b/bbot/modules/paramminer_headers.py index 166a70976e..96ce4d49a7 100644 --- a/bbot/modules/paramminer_headers.py +++ b/bbot/modules/paramminer_headers.py @@ -223,7 +223,7 @@ def gen_count_args(self, url): async def binary_search(self, compare_helper, url, group, reasons=None, reflection=False): if reasons is None: reasons = [] - self.debug(f"Entering recursive binary_search with {len(group):,} sized group for URL [{url}]") + self.debug(f"Entering binary_search with {len(group):,} sized group for URL [{url}]") if len(group) == 1 and len(reasons) > 0: yield group[0], reasons, reflection elif len(group) > 1 or (len(group) == 1 and len(reasons) == 0):