bbot 2.0.1.4720rc0__py3-none-any.whl → 2.3.0.5401rc0__py3-none-any.whl

bbot/modules/internal/speculate.py

@@ -32,10 +32,11 @@ class speculate(BaseInternalModule):
         "author": "@liquidsec",
     }
 
-    options = {"max_hosts": 65536, "ports": "80,443"}
+    options = {"max_hosts": 65536, "ports": "80,443", "essential_only": False}
     options_desc = {
         "max_hosts": "Max number of IP_RANGE hosts to convert into IP_ADDRESS events",
         "ports": "The set of ports to speculate on",
+        "essential_only": "Only enable essential speculate features (no extra discovery)",
     }
     scope_distance_modifier = 1
     _priority = 4
@@ -44,14 +45,15 @@ class speculate(BaseInternalModule):
 
     async def setup(self):
         scan_modules = [m for m in self.scan.modules.values() if m._type == "scan"]
-        self.open_port_consumers = any(["OPEN_TCP_PORT" in m.watched_events for m in scan_modules])
+        self.open_port_consumers = any("OPEN_TCP_PORT" in m.watched_events for m in scan_modules)
         # only consider active portscanners (still speculate if only passive ones are enabled)
         self.portscanner_enabled = any(
-            ["portscan" in m.flags and "active" in m.flags for m in self.scan.modules.values()]
+            "portscan" in m.flags and "active" in m.flags for m in self.scan.modules.values()
         )
         self.emit_open_ports = self.open_port_consumers and not self.portscanner_enabled
         self.range_to_ip = True
         self.dns_disable = self.scan.config.get("dns", {}).get("disable", False)
+        self.essential_only = self.config.get("essential_only", False)
         self.org_stubs_seen = set()
 
         port_string = self.config.get("ports", "80,443")
@@ -63,18 +65,26 @@ class speculate(BaseInternalModule):
         if not self.portscanner_enabled:
             self.info(f"No portscanner enabled. Assuming open ports: {', '.join(str(x) for x in self.ports)}")
 
-        target_len = len(self.scan.target)
+        target_len = len(self.scan.target.seeds)
         if target_len > self.config.get("max_hosts", 65536):
             if not self.portscanner_enabled:
                 self.hugewarning(
                     f"Selected target ({target_len:,} hosts) is too large, skipping IP_RANGE --> IP_ADDRESS speculation"
                 )
-                self.hugewarning(f'Enabling the "portscan" module is highly recommended')
+                self.hugewarning('Enabling the "portscan" module is highly recommended')
             self.range_to_ip = False
 
         return True
 
     async def handle_event(self, event):
+        ### BEGIN ESSENTIAL SPECULATION ###
+        # These features are required for smooth operation of bbot
+        # I.e. they are not "osinty" or intended to discover anything, they only compliment other modules
+
+        # we speculate on distance-1 stuff too, because distance-1 open ports are needed by certain modules like sslcert
+        event_in_scope_distance = event.scope_distance <= (self.scan.scope_search_distance + 1)
+        speculate_open_ports = self.emit_open_ports and event_in_scope_distance
+
         # generate individual IP addresses from IP range
         if event.type == "IP_RANGE" and self.range_to_ip:
             net = ipaddress.ip_network(event.data)
@@ -89,28 +99,46 @@ class speculate(BaseInternalModule):
                     context=f"speculate converted range into individual IP_ADDRESS: {ip}",
                 )
 
+        # IP_ADDRESS / DNS_NAME --> OPEN_TCP_PORT
+        if speculate_open_ports:
+            # don't act on unresolved DNS_NAMEs
+            usable_dns = False
+            if event.type == "DNS_NAME":
+                if self.dns_disable or ("a-record" in event.tags or "aaaa-record" in event.tags):
+                    usable_dns = True
+
+            if event.type == "IP_ADDRESS" or usable_dns:
+                for port in self.ports:
+                    await self.emit_event(
+                        self.helpers.make_netloc(event.data, port),
+                        "OPEN_TCP_PORT",
+                        parent=event,
+                        internal=True,
+                        context="speculated {event.type}: {event.data}",
+                    )
+
+        ### END ESSENTIAL SPECULATION ###
+        if self.essential_only:
+            return
+
         # parent domains
         if event.type.startswith("DNS_NAME"):
             parent = self.helpers.parent_domain(event.host_original)
             if parent != event.data:
                 await self.emit_event(
-                    parent, "DNS_NAME", parent=event, context=f"speculated parent {{event.type}}: {{event.data}}"
+                    parent, "DNS_NAME", parent=event, context="speculated parent {event.type}: {event.data}"
                 )
 
-        # we speculate on distance-1 stuff too, because distance-1 open ports are needed by certain modules like sslcert
-        event_in_scope_distance = event.scope_distance <= (self.scan.scope_search_distance + 1)
-        speculate_open_ports = self.emit_open_ports and event_in_scope_distance
-
         # URL --> OPEN_TCP_PORT
-        if event.type == "URL" or (event.type == "URL_UNVERIFIED" and self.open_port_consumers):
+        event_is_url = event.type == "URL"
+        if event_is_url or (event.type == "URL_UNVERIFIED" and self.open_port_consumers):
             # only speculate port from a URL if it wouldn't be speculated naturally from the host
             if event.host and (event.port not in self.ports or not speculate_open_ports):
                 await self.emit_event(
                     self.helpers.make_netloc(event.host, event.port),
                     "OPEN_TCP_PORT",
                     parent=event,
-                    internal=True,
-                    quick=(event.type == "URL"),
+                    internal=not event_is_url,  # if the URL is verified, the port is definitely open
                     context=f"speculated {{event.type}} from {event.type}: {{event.data}}",
                 )
 
@@ -144,25 +172,6 @@ class speculate(BaseInternalModule):
                     context="speculated {event.type}: {event.data}",
                 )
 
-        # IP_ADDRESS / DNS_NAME --> OPEN_TCP_PORT
-        if speculate_open_ports:
-            # don't act on unresolved DNS_NAMEs
-            usable_dns = False
-            if event.type == "DNS_NAME":
-                if self.dns_disable or ("a-record" in event.tags or "aaaa-record" in event.tags):
-                    usable_dns = True
-
-            if event.type == "IP_ADDRESS" or usable_dns:
-                for port in self.ports:
-                    await self.emit_event(
-                        self.helpers.make_netloc(event.data, port),
-                        "OPEN_TCP_PORT",
-                        parent=event,
-                        internal=True,
-                        quick=True,
-                        context="speculated {event.type}: {event.data}",
-                    )
-
         # ORG_STUB from TLD, SOCIAL, AZURE_TENANT
         org_stubs = set()
         if event.type == "DNS_NAME" and event.scope_distance == 0:

bbot/modules/internetdb.py

@@ -48,6 +48,9 @@ class internetdb(BaseModule):
         "show_open_ports": "Display OPEN_TCP_PORT events in output, even if they didn't lead to an interesting discovery"
     }
 
+    # we get lots of 404s, that's normal
+    _api_failure_abort_threshold = 9999999999
+
     _qsize = 500
 
     base_url = "https://internetdb.shodan.io"
@@ -64,7 +67,7 @@ class internetdb(BaseModule):
         if ip is None:
             return
         url = f"{self.base_url}/{ip}"
-        r = await self.request_with_fail_count(url)
+        r = await self.api_request(url)
         if r is None:
             self.debug(f"No response for {event.data}")
             return
@@ -113,7 +116,6 @@ class internetdb(BaseModule):
                 "OPEN_TCP_PORT",
                 parent=event,
                 internal=(not self.show_open_ports),
-                quick=True,
                 context=f'{{module}} queried Shodan\'s InternetDB API for "{query_host}" and found {{event.type}}: {{event.data}}',
             )
         vulns = data.get("vulns", [])

bbot/modules/ip2location.py

@@ -32,12 +32,10 @@ class IP2Location(BaseModule):
 
     async def ping(self):
         url = self.build_url("8.8.8.8")
-        r = await self.request_with_fail_count(url)
-        resp_content = getattr(r, "text", "")
-        assert getattr(r, "status_code", 0) == 200, resp_content
+        await super().ping(url)
 
     def build_url(self, data):
-        url = f"{self.base_url}/?key={self.api_key}&ip={data}&format=json&source=bbot"
+        url = f"{self.base_url}/?key={{api_key}}&ip={data}&format=json&source=bbot"
         if self.lang:
             url = f"{url}&lang={self.lang}"
         return url
@@ -45,7 +43,7 @@ class IP2Location(BaseModule):
     async def handle_event(self, event):
         try:
             url = self.build_url(event.data)
-            result = await self.request_with_fail_count(url)
+            result = await self.api_request(url)
             if result:
                 geo_data = result.json()
                 if not geo_data:

bbot/modules/ipneighbor.py

@@ -31,7 +31,7 @@ class ipneighbor(BaseModule):
         netmask = main_ip.max_prefixlen - min(main_ip.max_prefixlen, self.num_bits)
         network = ipaddress.ip_network(f"{main_ip}/{netmask}", strict=False)
         subnet_hash = hash(network)
-        if not subnet_hash in self.processed:
+        if subnet_hash not in self.processed:
             self.processed.add(subnet_hash)
             for ip in network:
                 if ip != main_ip:

bbot/modules/ipstack.py

@@ -23,20 +23,15 @@ class Ipstack(BaseModule):
     suppress_dupes = False
 
     base_url = "http://api.ipstack.com"
+    ping_url = f"{base_url}/check?access_key={{api_key}}"
 
     async def setup(self):
         return await self.require_api_key()
 
-    async def ping(self):
-        url = f"{self.base_url}/check?access_key={self.api_key}"
-        r = await self.request_with_fail_count(url)
-        resp_content = getattr(r, "text", "")
-        assert getattr(r, "status_code", 0) == 200, resp_content
-
     async def handle_event(self, event):
         try:
-            url = f"{self.base_url}/{event.data}?access_key={self.api_key}"
-            result = await self.request_with_fail_count(url)
+            url = f"{self.base_url}/{event.data}?access_key={{api_key}}"
+            result = await self.api_request(url)
             if result:
                 geo_data = result.json()
                 if not geo_data:

bbot/modules/jadx.py

@@ -0,0 +1,87 @@
+from pathlib import Path
+from subprocess import CalledProcessError
+from bbot.modules.internal.base import BaseModule
+
+
+class jadx(BaseModule):
+    watched_events = ["FILESYSTEM"]
+    produced_events = ["FILESYSTEM"]
+    flags = ["passive", "safe"]
+    meta = {
+        "description": "Decompile APKs and XAPKs using JADX",
+        "created_date": "2024-11-04",
+        "author": "@domwhewell-sage",
+    }
+    options = {
+        "threads": 4,
+    }
+    options_desc = {
+        "threads": "Maximum jadx threads for extracting apk's, default: 4",
+    }
+    deps_common = ["java"]
+    deps_ansible = [
+        {
+            "name": "Create jadx directory",
+            "file": {"path": "#{BBOT_TOOLS}/jadx", "state": "directory", "mode": "0755"},
+        },
+        {
+            "name": "Download jadx",
+            "unarchive": {
+                "src": "https://github.com/skylot/jadx/releases/download/v1.5.0/jadx-1.5.0.zip",
+                "include": ["lib/jadx-1.5.0-all.jar", "bin/jadx"],
+                "dest": "#{BBOT_TOOLS}/jadx",
+                "remote_src": True,
+            },
+        },
+    ]
+
+    allowed_file_types = ["java archive", "android application package"]
+
+    async def setup(self):
+        self.threads = self.config.get("threads", 4)
+        return True
+
+    async def filter_event(self, event):
+        if "file" in event.tags:
+            if event.data["magic_description"].lower() not in self.allowed_file_types:
+                return False, f"Jadx is not able to decompile this file type: {event.data['magic_description']}"
+        else:
+            return False, "Event is not a file"
+        return True
+
+    async def handle_event(self, event):
+        path = Path(event.data["path"])
+        output_dir = path.parent / path.name.replace(".", "_")
+        self.helpers.mkdir(output_dir)
+        success = await self.decompile_apk(path, output_dir)
+
+        # If jadx was able to decompile the java archive, emit an event
+        if success:
+            await self.emit_event(
+                {"path": str(output_dir)},
+                "FILESYSTEM",
+                tags="folder",
+                parent=event,
+                context=f'extracted "{path}" to: {output_dir}',
+            )
+        else:
+            output_dir.rmdir()
+
+    async def decompile_apk(self, path, output_dir):
+        command = [
+            f"{self.scan.helpers.tools_dir}/jadx/bin/jadx",
+            "--threads-count",
+            self.threads,
+            "--output-dir",
+            str(output_dir),
+            str(path),
+        ]
+        try:
+            output = await self.run_process(command, check=True)
+        except CalledProcessError as e:
+            self.warning(f"Error decompiling {path}. STDOUT: {e.stdout} STDERR: {repr(e.stderr)}")
+            return False
+        if not (output_dir / "resources").exists() and not (output_dir / "sources").exists():
+            self.warning(f"JADX was unable to decompile {path}: (STDOUT: {output.stdout} STDERR: {output.stderr})")
+            return False
+        return True

bbot/modules/leakix.py

@@ -15,31 +15,32 @@ class leakix(subdomain_enum_apikey):
     }
 
     base_url = "https://leakix.net"
+    ping_url = f"{base_url}/host/1.1.1.1"
 
     async def setup(self):
         ret = await super(subdomain_enum_apikey, self).setup()
-        self.headers = {"Accept": "application/json"}
         self.api_key = self.config.get("api_key", "")
         if self.api_key:
-            self.headers["api-key"] = self.api_key
             return await self.require_api_key()
         return ret
 
-    async def ping(self):
-        url = f"{self.base_url}/host/1.2.3.4.5"
-        r = await self.helpers.request(url, headers=self.headers)
-        resp_content = getattr(r, "text", "")
-        assert getattr(r, "status_code", 0) != 401, resp_content
+    def prepare_api_request(self, url, kwargs):
+        if self.api_key:
+            kwargs["headers"]["api-key"] = self.api_key
+            kwargs["headers"]["Accept"] = "application/json"
+        return url, kwargs
 
     async def request_url(self, query):
         url = f"{self.base_url}/api/subdomains/{self.helpers.quote(query)}"
-        response = await self.request_with_fail_count(url, headers=self.headers)
+        response = await self.api_request(url)
         return response
 
-    def parse_results(self, r, query=None):
+    async def parse_results(self, r, query=None):
+        results = set()
         json = r.json()
         if json:
             for entry in json:
                 subdomain = entry.get("subdomain", "")
                 if subdomain:
-                    yield subdomain
+                    results.add(subdomain)
+        return results

bbot/modules/myssl.py

@@ -15,9 +15,9 @@ class myssl(subdomain_enum):
 
     async def request_url(self, query):
         url = f"{self.base_url}?domain={self.helpers.quote(query)}"
-        return await self.request_with_fail_count(url)
+        return await self.api_request(url)
 
-    def parse_results(self, r, query):
+    async def parse_results(self, r, query):
         results = set()
         json = r.json()
         if json and isinstance(json, dict):

bbot/modules/newsletters.py

@@ -46,11 +46,11 @@ class newsletters(BaseModule):
                 body = _event.data["body"]
                 soup = self.helpers.beautifulsoup(body, "html.parser")
                 if soup is False:
-                    self.debug(f"BeautifulSoup returned False")
+                    self.debug("BeautifulSoup returned False")
                     return
                 result = self.find_type(soup)
                 if result:
-                    description = f"Found a Newsletter Submission Form that could be used for email bombing attacks"
+                    description = "Found a Newsletter Submission Form that could be used for email bombing attacks"
                     data = {"host": str(_event.host), "description": description, "url": _event.data["url"]}
                     await self.emit_event(
                         data,

bbot/modules/otx.py

@@ -15,12 +15,14 @@ class otx(subdomain_enum):
 
     def request_url(self, query):
         url = f"{self.base_url}/api/v1/indicators/domain/{self.helpers.quote(query)}/passive_dns"
-        return self.request_with_fail_count(url)
+        return self.api_request(url)
 
-    def parse_results(self, r, query):
+    async def parse_results(self, r, query):
+        results = set()
         j = r.json()
         if isinstance(j, dict):
             for entry in j.get("passive_dns", []):
                 subdomain = entry.get("hostname", "")
                 if subdomain:
-                    yield subdomain
+                    results.add(subdomain)
+        return results

bbot/modules/output/asset_inventory.py

@@ -91,15 +91,15 @@ class asset_inventory(CSV):
             self.assets[hostkey].absorb_event(event)
 
     async def report(self):
-        stats = dict()
-        totals = dict()
+        stats = {}
+        totals = {}
 
         def increment_stat(stat, value):
             try:
                 totals[stat] += 1
             except KeyError:
                 totals[stat] = 1
-            if not stat in stats:
+            if stat not in stats:
                 stats[stat] = {}
             try:
                 stats[stat][value] += 1
@@ -259,17 +259,17 @@ class Asset:
         # ips
         self.ip_addresses = set(_make_ip_list(row.get("IP (External)", "")))
         self.ip_addresses.update(set(_make_ip_list(row.get("IP (Internal)", ""))))
-        # If user reqests a recheck dont import the following fields to force them to be rechecked
+        # If user requests a recheck dont import the following fields to force them to be rechecked
         if not self.recheck:
             # ports
             ports = [i.strip() for i in row.get("Open Ports", "").split(",")]
-            self.ports.update(set(i for i in ports if i and is_port(i)))
+            self.ports.update({i for i in ports if i and is_port(i)})
             # findings
             findings = [i.strip() for i in row.get("Findings", "").splitlines()]
-            self.findings.update(set(i for i in findings if i))
+            self.findings.update({i for i in findings if i})
             # technologies
             technologies = [i.strip() for i in row.get("Technologies", "").splitlines()]
-            self.technologies.update(set(i for i in technologies if i))
+            self.technologies.update({i for i in technologies if i})
             # risk rating
             risk_rating = row.get("Risk Rating", "").strip()
             if risk_rating and risk_rating.isdigit() and int(risk_rating) > self.risk_rating:

bbot/modules/output/base.py

@@ -24,7 +24,7 @@ class BaseOutputModule(BaseModule):
         if event.type in ("FINISHED",):
             return True, "its type is FINISHED"
         if self.errored:
-            return False, f"module is in error state"
+            return False, "module is in error state"
         # exclude non-watched types
         if not any(t in self.get_watched_events() for t in ("*", event.type)):
             return False, "its type is not in watched_events"

bbot/modules/output/csv.py

@@ -64,7 +64,7 @@ class CSV(BaseOutputModule):
                 ),
                 "Source Module": str(getattr(event, "module_sequence", "")),
                 "Scope Distance": str(getattr(event, "scope_distance", "")),
-                "Event Tags": ",".join(sorted(list(getattr(event, "tags", [])))),
+                "Event Tags": ",".join(sorted(getattr(event, "tags", []))),
                 "Discovery Path": " --> ".join(discovery_path),
             }
         )

bbot/modules/output/http.py

@@ -1,4 +1,3 @@
-from bbot.errors import WebError
 from bbot.modules.output.base import BaseOutputModule
 
 
@@ -52,16 +51,23 @@ class HTTP(BaseOutputModule):
 
     async def handle_event(self, event):
         while 1:
-            try:
-                await self.helpers.request(
-                    url=self.url,
-                    method=self.method,
-                    auth=self.auth,
-                    headers=self.headers,
-                    json=event.json(siem_friendly=self.siem_friendly),
-                    raise_error=True,
-                )
-                break
-            except WebError as e:
-                self.warning(f"Error sending {event}: {e}, retrying...")
-                await self.helpers.sleep(1)
+            response = await self.helpers.request(
+                url=self.url,
+                method=self.method,
+                auth=self.auth,
+                headers=self.headers,
+                json=event.json(siem_friendly=self.siem_friendly),
+            )
+            is_success = False if response is None else response.is_success
+            if not is_success:
+                status_code = getattr(response, "status_code", 0)
+                self.warning(f"Error sending {event} (HTTP status code: {status_code}), retrying...")
+                body = getattr(response, "text", "")
+                self.debug(body)
+                if status_code == 429:
+                    sleep_interval = 10
+                else:
+                    sleep_interval = 1
+                await self.helpers.sleep(sleep_interval)
+                continue
+            break

bbot/modules/output/mysql.py

@@ -0,0 +1,51 @@
+from bbot.modules.templates.sql import SQLTemplate
+
+
+class MySQL(SQLTemplate):
+    watched_events = ["*"]
+    meta = {"description": "Output scan data to a MySQL database"}
+    options = {
+        "username": "root",
+        "password": "bbotislife",
+        "host": "localhost",
+        "port": 3306,
+        "database": "bbot",
+    }
+    options_desc = {
+        "username": "The username to connect to MySQL",
+        "password": "The password to connect to MySQL",
+        "host": "The server running MySQL",
+        "port": "The port to connect to MySQL",
+        "database": "The database name to connect to",
+    }
+    deps_pip = ["sqlmodel", "aiomysql"]
+    protocol = "mysql+aiomysql"
+
+    async def create_database(self):
+        from sqlalchemy import text
+        from sqlalchemy.ext.asyncio import create_async_engine
+
+        # Create the engine for the initial connection to the server
+        initial_engine = create_async_engine(self.connection_string().rsplit("/", 1)[0])
+
+        async with initial_engine.connect() as conn:
+            # Check if the database exists
+            result = await conn.execute(text(f"SHOW DATABASES LIKE '{self.database}'"))
+            database_exists = result.scalar() is not None
+
+            # Create the database if it does not exist
+            if not database_exists:
+                # Use aiomysql directly to create the database
+                import aiomysql
+
+                raw_conn = await aiomysql.connect(
+                    user=self.username,
+                    password=self.password,
+                    host=self.host,
+                    port=self.port,
+                )
+                try:
+                    async with raw_conn.cursor() as cursor:
+                        await cursor.execute(f"CREATE DATABASE {self.database}")
+                finally:
+                    await raw_conn.ensure_closed()

bbot/modules/output/neo4j.py

@@ -1,10 +1,15 @@
 import json
+import logging
 from contextlib import suppress
 from neo4j import AsyncGraphDatabase
 
 from bbot.modules.output.base import BaseOutputModule
 
 
+# silence annoying neo4j logger
+logging.getLogger("neo4j").setLevel(logging.CRITICAL)
+
+
 class neo4j(BaseOutputModule):
     """
     # start Neo4j in the background with docker
@@ -48,7 +53,7 @@ class neo4j(BaseOutputModule):
                 ),
             )
             self.session = self.driver.session()
-            await self.handle_event(self.scan.root_event)
+            await self.session.run("Match () Return 1 Limit 1")
         except Exception as e:
             return False, f"Error setting up Neo4j: {e}"
         return True
@@ -110,7 +115,7 @@ class neo4j(BaseOutputModule):
 
         cypher = f"""UNWIND $events AS event
         MERGE (_:{event_type} {{ id: event.id }})
-        SET _ += event
+        SET _ += properties(event)
         RETURN event.data as event_data, event.id as event_id, elementId(_) as neo4j_id"""
         neo4j_ids = {}
         # insert events

bbot/modules/output/postgres.py

@@ -0,0 +1,49 @@
+from bbot.modules.templates.sql import SQLTemplate
+
+
+class Postgres(SQLTemplate):
+    watched_events = ["*"]
+    meta = {"description": "Output scan data to a SQLite database"}
+    options = {
+        "username": "postgres",
+        "password": "bbotislife",
+        "host": "localhost",
+        "port": 5432,
+        "database": "bbot",
+    }
+    options_desc = {
+        "username": "The username to connect to Postgres",
+        "password": "The password to connect to Postgres",
+        "host": "The server running Postgres",
+        "port": "The port to connect to Postgres",
+        "database": "The database name to connect to",
+    }
+    deps_pip = ["sqlmodel", "asyncpg"]
+    protocol = "postgresql+asyncpg"
+
+    async def create_database(self):
+        import asyncpg
+        from sqlalchemy import text
+        from sqlalchemy.ext.asyncio import create_async_engine
+
+        # Create the engine for the initial connection to the server
+        initial_engine = create_async_engine(self.connection_string().rsplit("/", 1)[0])
+
+        async with initial_engine.connect() as conn:
+            # Check if the database exists
+            result = await conn.execute(text(f"SELECT 1 FROM pg_database WHERE datname = '{self.database}'"))
+            database_exists = result.scalar() is not None
+
+            # Create the database if it does not exist
+            if not database_exists:
+                # Use asyncpg directly to create the database
+                raw_conn = await asyncpg.connect(
+                    user=self.username,
+                    password=self.password,
+                    host=self.host,
+                    port=self.port,
+                )
+                try:
+                    await raw_conn.execute(f"CREATE DATABASE {self.database}")
+                finally:
+                    await raw_conn.close()

bbot/modules/output/slack.py

@@ -16,7 +16,6 @@ class Slack(WebhookOutputModule):
         "event_types": "Types of events to send",
         "min_severity": "Only allow VULNERABILITY events of this severity or higher",
     }
-    good_status_code = 200
     content_key = "text"
 
     def format_message_str(self, event):