3 @6^"@sZddlZddlZddlmZmZmZdddgddddd gd dd ZGd d d eZdS)N) SpiderFootSpiderFootPluginSpiderFootEventZ abuseipdbipqueryipz9https://www.abuseipdb.com/check/{0}/json?key={1}&days={2})idtypechecksurlZabuseipdbnetblocknetblockzGhttps://www.abuseipdb.com/check-block/json?network={0}&key={1}&days={2})zAbuseIPDB Single IPzAbuseIPDB Netblockc@sreZdZdZddddddZdddd d dZd Zefd d ZddZ ddZ ddZ ddZ ddZ ddZd S) sfp_abuseipdbzzAbuseIPDB:Investigate,Passive:Reputation Systems:apikey:Check if a netblock or IP is malicious according to AbuseIPDB.com.T)api_keydaysbackcheckaffiliateschecknetblocks checksubnetszAbuseIPDB.com API key.zHow far back to query, in days?zApply checks to affiliates?z=Report if any malicious IPs are found within owned netblocks?zJCheck if any malicious IPs are found within the same subnet of the target?NcCs8||_|j|_x"t|jD]}|||j|<qWdS)N)sf tempStorageresultslistkeysopts)selfsfcuserOptsoptr8/var/www/spiderfoot.crq.systems/modules/sfp_abuseipdb.pysetup;s zsfp_abuseipdb.setupcCs ddddgS)N IP_ADDRESSAFFILIATE_IPADDRNETBLOCK_OWNERNETBLOCK_MEMBERr)rrrr watchedEventsGszsfp_abuseipdb.watchedEventscCs ddddgS)NMALICIOUS_IPADDRMALICIOUS_AFFILIATE_IPADDRMALICIOUS_SUBNETMALICIOUS_NETBLOCKr)rrrrproducedEventsMszsfp_abuseipdb.producedEventscCst|dkrDx6|D].}tj||tjtjBr|jjd|dSqWt|dkrx6|D].}tj||tjtjBrV|jjd|dSqVW|jjddS)Nrz#Found to be bad against bad regex: Tz$Found to be good againt good regex: FzNeither good nor bad, unknown.)lenrematch IGNORECASEDOTALLrdebug)rcontent goodregexbadregexrxrrrcontentMaliciousRs     zsfp_abuseipdb.contentMaliciousc CsF|jd}|jd}|jjd|d|xttjD]}t|d}||kodt|ddkrz)r!r") eventTypemoduledatarr0rrgetrr:rrM checkForStopr__name__notifyListeners) revent eventName srcModuleName eventDatarErFtypeIdevtTyper textevtrrr handleEventsH     zsfp_abuseipdb.handleEvent)rS __module__ __qualname____doc__roptdescsrdictr r%r*r5rJrMr]rrrrr !s&  r )r,r?sflibrrrr:r rrrr s