fixing comments/docs related to nomenclature changes

bbot/core/event/base.py

@@ -111,7 +111,7 @@ class BaseEvent:
 
     _always_emit_tags = ["affiliate", "seed"]
     # Bypass scope checking and dns resolution, distribute immediately to modules
-    # This is useful for "end-of-line" events like FINDING and VULNERABILITY
+    # This is useful for "end-of-line" events like FINDING
     _quick_emit = False
     # Data validation, if data is a dictionary
     _data_validator = None
@@ -1061,7 +1061,7 @@ def _host(self):
 
 class ClosestHostEvent(DictHostEvent):
     # if a host/path/url isn't specified, this event type grabs it from the closest parent
-    # inherited by FINDING and VULNERABILITY
+    # inherited by FINDING
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         if not self.host:

bbot/test/test_step_2/module_tests/test_module_azure_tenant.py

@@ -294,7 +294,7 @@ def check(self, module_test, events):
             and e.data.get("url") == "https://authfs.example.com/adfs/ls/"  # url is cleaned
             and "azure-federated" in e.tags
             for e in events
-        ), "Should emit Federated Auth FINDING with INFORMATIONAL severity"
+        ), "Should emit Federated Auth FINDING with INFO severity"
 
         # URL_UNVERIFIED also gets cleaned (query string removed)
         assert any(

bbot/test/test_step_2/module_tests/test_module_hunt.py

@@ -25,7 +25,7 @@ def check(self, module_test, events):
                 break
 
         assert finding_event is not None
-        # Hunt emits INFORMATIONAL severity and LOW confidence
+        # Hunt emits INFO severity and LOW confidence
         assert finding_event.data["severity"] == "INFO"
         assert finding_event.data["confidence"] == "LOW"
 

bbot/test/test_step_2/module_tests/test_module_trufflehog.py

@@ -1330,6 +1330,6 @@ def check(self, module_test, events):
         finding_events = [e for e in events if e.type == "FINDING"]
         assert len(finding_events) == 1
         assert "Possible Secret Found" in finding_events[0].data["description"]
-        # Trufflehog emits HIGH severity and MODERATE confidence for possible secrets
+        # Trufflehog emits HIGH severity and MEDIUM confidence for possible secrets
         assert finding_events[0].data["severity"] == "HIGH"
         assert finding_events[0].data["confidence"] == "MEDIUM"

bbot/test/test_step_2/module_tests/test_module_web_report.py

@@ -9,7 +9,7 @@ class TestWebReport(ModuleTestBase):
     async def setup_before_prep(self, module_test):
         # trufflehog --> FINDING
         # dotnetnuke --> TECHNOLOGY
-        # badsecrets --> VULNERABILITY
+        # badsecrets --> FINDING
         respond_args = {"response_data": web_body}
         module_test.set_expect_requests(respond_args=respond_args)
 

docs/modules/nuclei.md

@@ -7,9 +7,8 @@ BBOT integrates with [Nuclei](https://github.com/projectdiscovery/nuclei), an op
 ![Nuclei Killchain](https://github.com/blacklanternsecurity/bbot/assets/24899338/7174c4ba-4a6e-4596-bb89-5a0c5f5abe74)
 
 
-* The BBOT Nuclei module ingests **[URL]** events and emits events of type **[VULNERABILITY]** or **[FINDING]**
-* Vulnerabilities will inherit their severity from the Nuclei templates
-* Nuclei templates of severity INFO will be emitted as **[FINDINGS]**
+* The BBOT Nuclei module ingests **[URL]** events and emits **[FINDING]** events
+* Findings will inherit their severity from the Nuclei templates
 
 ## Default Behavior
 

docs/scanning/events.md

@@ -141,18 +141,10 @@ Below is a full list of event types along with which modules produce/consume the
 | WEB_PARAMETER       | 7                     | 4                     | hunt, lightfuzz, paramminer_cookies, paramminer_getparams, paramminer_headers, reflected_parameters, web_parameters                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | excavate, paramminer_cookies, paramminer_getparams, paramminer_headers                                                                                                                                                                                                                                                                                                                                                                                                      |
 <!-- END BBOT EVENTS -->
 
-## Findings Vs. Vulnerabilities
+## Findings
 
-BBOT has a sharp distinction between Findings and Vulnerabilities:
+All vulnerability discoveries, security-relevant observations, and other notable results in BBOT are emitted as **`FINDING`** events.
 
-**VULNERABILITY**
-
-* There's a higher standard for what is allowed to be a vulnerability. They should be considered **confirmed** and **actionable** - no additional confirmation required
-* They are always assigned a severity. The possible severities are: LOW, MEDIUM, HIGH, or CRITICAL
-
-**FINDING**
-
-* Findings can range anywhere from "slightly interesting behavior" to "likely, but unconfirmed vulnerability"
-* Are often false positives
-
-By making this separation, actionable vulnerabilities can be identified quickly in the midst of a large scan
+* Findings are always assigned a **severity** (`INFO`, `LOW`, `MEDIUM`, `HIGH`, or `CRITICAL`) and a **confidence** (`UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, or `CONFIRMED`).
+* Findings can range anywhere from "slightly interesting behavior" to confirmed, actionable vulnerabilities.
+* Use severity and confidence together to prioritize results: a `HIGH` severity / `CONFIRMED` confidence finding is immediately actionable, while a `LOW` severity / `LOW` confidence finding may warrant further investigation.

docs/scanning/output.md

@@ -102,24 +102,23 @@ config:
 bbot -t evilcorp.com -om discord -c modules.discord.webhook_url=https://discord.com/api/webhooks/1234/deadbeef
 ```
 
-By default, only `VULNERABILITY` and `FINDING` events are sent, but this can be customized by setting `event_types` in the config like so:
+By default, only `FINDING` events are sent, but this can be customized by setting `event_types` in the config like so:
 
 ```yaml title="discord_preset.yml"
 config:
   modules:
     discord:
       event_types:
-        - VULNERABILITY
         - FINDING
         - STORAGE_BUCKET
 ```
 
 ...or on the command line:
 ```bash
-bbot -t evilcorp.com -om discord -c modules.discord.event_types=["STORAGE_BUCKET","FINDING","VULNERABILITY"]
+bbot -t evilcorp.com -om discord -c modules.discord.event_types=["STORAGE_BUCKET","FINDING"]
 ```
 
-You can also filter on the severity of `VULNERABILITY` events by setting `min_severity`:
+You can also filter on the severity of `FINDING` events by setting `min_severity`:
 
 
 ```yaml title="discord_preset.yml"