blacklanternsecurity · TheTechromancer · Sep 22, 2023 · Sep 17, 2023 · Sep 17, 2023 · Sep 17, 2023
diff --git a/bbot/modules/output/json.py b/bbot/modules/output/json.py
@@ -6,12 +6,12 @@
 
 class JSON(BaseOutputModule):
     watched_events = ["*"]
-    meta = {"description": "Output to JSON"}
+    meta = {"description": "Output to Newline-Delimited JSON (NDJSON)"}
     options = {"output_file": "", "console": False}
     options_desc = {"output_file": "Output to file", "console": "Output to console"}
 
     async def setup(self):
-        self._prep_output_dir("output.json")
+        self._prep_output_dir("output.ndjson")
         return True
 
     async def handle_event(self, event):

diff --git a/bbot/test/test_output.json → bbot/test/test_output.ndjson b/bbot/test/test_output.json → bbot/test/test_output.ndjson
diff --git a/bbot/test/test_step_1/test_cli.py b/bbot/test/test_step_1/test_cli.py
@@ -26,7 +26,7 @@ async def test_cli(monkeypatch, bbot_config):
     assert (scan_home / "wordcloud.tsv").is_file(), "wordcloud.tsv not found"
     assert (scan_home / "output.txt").is_file(), "output.txt not found"
     assert (scan_home / "output.csv").is_file(), "output.csv not found"
-    assert (scan_home / "output.json").is_file(), "output.json not found"
+    assert (scan_home / "output.ndjson").is_file(), "output.ndjson not found"
     with open(scan_home / "output.csv") as f:
         lines = f.readlines()
         assert lines[0] == "Event type,Event data,IP Address,Source Module,Scope Distance,Event Tags\n"

diff --git a/bbot/test/test_step_1/test_python_api.py b/bbot/test/test_step_1/test_python_api.py
@@ -15,7 +15,7 @@ async def test_python_api(bbot_config):
     scan2 = Scanner("127.0.0.1", config=bbot_config, output_modules=["json"], name="python_api_test")
     await scan2.async_start_without_generator()
     scan_home = scan2.helpers.scans_dir / "python_api_test"
-    out_file = scan_home / "output.json"
+    out_file = scan_home / "output.ndjson"
     assert list(scan2.helpers.read_file(out_file))
     scan_log = scan_home / "scan.log"
     debug_log = scan_home / "debug.log"
@@ -31,7 +31,7 @@ async def test_python_api(bbot_config):
     assert "scan_logging_test" not in open(debug_log).read()
 
     scan_home = scan3.helpers.scans_dir / "scan_logging_test"
-    out_file = scan_home / "output.json"
+    out_file = scan_home / "output.ndjson"
     assert list(scan3.helpers.read_file(out_file))
     scan_log = scan_home / "scan.log"
     debug_log = scan_home / "debug.log"
@@ -58,7 +58,7 @@ def test_python_api_sync(bbot_config):
     # make sure output files work
     scan2 = Scanner("127.0.0.1", config=bbot_config, output_modules=["json"], name="python_api_test")
     scan2.start_without_generator()
-    out_file = scan2.helpers.scans_dir / "python_api_test" / "output.json"
+    out_file = scan2.helpers.scans_dir / "python_api_test" / "output.ndjson"
     assert list(scan2.helpers.read_file(out_file))
     # make sure config loads properly
     bbot_home = "/tmp/.bbot_python_api_test"

diff --git a/bbot/test/test_step_2/module_tests/test_module_json.py b/bbot/test/test_step_2/module_tests/test_module_json.py
@@ -6,7 +6,7 @@
 
 class TestJSON(ModuleTestBase):
     def check(self, module_test, events):
-        txt_file = module_test.scan.home / "output.json"
+        txt_file = module_test.scan.home / "output.ndjson"
         lines = list(module_test.scan.helpers.read_file(txt_file))
         assert lines
         e = event_from_json(json.loads(lines[0]))

diff --git a/docs/scanning/output.md b/docs/scanning/output.md
@@ -1,7 +1,7 @@
 # Output
 
 By default, BBOT saves its output in TXT, JSON, and CSV formats:
-![image](https://github.com/blacklanternsecurity/bbot/assets/20261699/779207f4-1c2f-4f65-a132-794ca8bd2f8a)
+![bbot output](https://github.com/blacklanternsecurity/bbot/assets/20261699/bb3da441-2682-408f-b955-19b268823b82)
 
 Every BBOT scan gets a unique and mildly-entertaining name like **`demonic_jimmy`**. Output for that scan, including scan stats and any web screenshots, etc., are saved to a folder by that name in `~/.bbot/scans`. The most recent 20 scans are kept, and older ones are removed. You can change the location of BBOT's output with `--output`, and you can also pick a custom scan name with `--name`.
 
@@ -64,7 +64,7 @@ You can filter on the JSON output with `jq`:
 
 ```bash
 # pull out only the .data attribute of every DNS_NAME
-$ jq -r 'select(.type=="DNS_NAME") | .data' ~/.bbot/scans/extreme_johnny/output.json
+$ jq -r 'select(.type=="DNS_NAME") | .data' ~/.bbot/scans/extreme_johnny/output.ndjson
 evilcorp.com
 www.evilcorp.com
 mail.evilcorp.com