3 @6^=@sDddlZddlZddlmZddlmZmZmZGdddeZdS)N) IPNetwork) SpiderFootSpiderFootPluginSpiderFootEventc @seZdZdZddddddddddd d Zd d d ddddddddd ZdZdZdZdZ dZ e fddZ ddZ ddZd$d d!Zd"d#ZdS)%sfp_binaryedgezBinaryEdge:Footprint,Investigate,Passive:Search Engines:apikey:Obtain information from BinaryEdge.io's Internet scanning systems about breaches, vulerabilities, torrents and passive DNS.Z TFd) binaryedge_api_keytorrent_age_limit_dayscve_age_limit_daysport_age_limit_daysmaxpagesverifynetblocklookup maxnetblock subnetlookup maxsubnet maxcohostzBinaryEdge.io API Key.zDIgnore any torrent records older than this many days. 0 = unlimited.zJIgnore any vulnerability records older than this many days. 0 = unlimited.zRIgnore any discovered open ports/banners older than this many days. 0 = unlimited.zCVerify that any hostnames found on the target domain still resolve?zMaximum number of pages to iterate through, to avoid exceeding BinaryEdge API usage limits. APIv2 has a maximum of 500 pages (10,000 results).zLook up all IPs on netblocks deemed to be owned by your target for possible blacklisted hosts on the same target subdomain/domain?zyIf looking up owned netblocks, the maximum netblock size to look up all IPs within (CIDR value, 24 = /24, 16 = /16, etc.)z:Look up all IPs on subnets which your target is a part of?zsIf looking up subnets, the maximum subnet size to look up all the IPs within (CIDR value, 24 = /24, 16 = /16, etc.)zbStop reporting co-hosted sites after this many are found, as it would likely indicate web hosting.) r rrrrrrrrrrNrcCsX||_|j|_|j|_|j|_d|_d|_x"t|jD]}|||j |<q>WdS)NrF) sf tempStorageresults reportedhosts checkedips cohostcount errorStatelistkeysopts)selfsfcuserOptsoptr&9/var/www/spiderfoot.crq.systems/modules/sfp_binaryedge.pysetup=s   zsfp_binaryedge.setupcCsdddddgS)N IP_ADDRESS DOMAIN_NAME EMAILADDRNETBLOCK_OWNERNETBLOCK_MEMBERr&)r"r&r&r' watchedEventsLszsfp_binaryedge.watchedEventsc Csddddddddd d g S) N INTERNET_NAME VULNERABILITY TCP_PORT_OPENTCP_PORT_OPEN_BANNEREMAILADDR_COMPROMISED UDP_PORT_OPENUDP_PORT_OPEN_INFOr*CO_HOSTED_SITEMALICIOUS_IPADDRr&)r"r&r&r'producedEventsQszsfp_binaryedge.producedEventsc Csd}t}|jrdS|dkr d}|dkr,d}|dkr8d}|dkrDd}|d krPd }|d kr\d }d }d|jdi}||j|jddd|} |jj| |jdd|d} | dd'kr|jjddd|_dS| ddkr|jjd|dSt | ddkr |jjd|dSyt j | d} Wn0t k rN} z|jjdddSd} ~ XnX| j d r| d!| j d"d#| j d dkr| d d$}||jd%kr|jjd&d| gS|j| |j|||} | r|j| n |j| |S)(Nemailz&/v2/query/dataleaks/email/{0}?page={1}portsz/v2/query/ip/{0}?page={1}torrentz)/v2/query/torrent/historical/{0}?page={1}vulnz/v2/query/cve/ip/{0}?page={1}subsz(/v2/query/domains/subdomain/{0}?page={1}passivez!/v2/query/domains/ip/{0}?page={1}zhttps://api.binaryedge.iozX-Keyr zutf-8replace)errors _fetchtimeoutr)timeout useragentheaderscode429500zbBinaryEdge.io API key seems to have been rejected or you have exceeded usage limits for the month.FTcontentz No BinaryEdge.io info found for rz2Error processing JSON response from BinaryEdge.io.pagetotalpagesizer r9rz Maximum number of pages reached.)rGrH)rrr!formatencoderfetchUrlerrorinfolenjsonloads Exceptiongetappendqueryextend) r"qry querytyperJretZretarrZqueryurlZ binaryedgeurlrEurlresrQer&r&r'rXWs^   .    zsfp_binaryedge.querycCs |j}|j}|j}|jrdS|jjd|d||jddkrZ|jjddd|_dS||jkr||jjd|d dSd|j|<|d kr|jd sdSt |j |jd kr|jjd t t |j dt |jd dS|dkr@|jdsdSt |j |jdkr@|jjd t t |j dt |jddSt }|j drx:t |D]"}|jt |d|jt |<q\Wn |j||dkrd}|j|d}|dkr|jjd|dSx|D]} d| krq|jjd| d} x| D]} | d} | |krq|jj| ddr|jdrH|jj| sHqtd| |j|} |j| |jj| |jdrtd| |j|} |j| d|j| <q|j|jdkrt|| |j|} |j| |jd 7_qWqW|d!krd"}|j|d#}|dkr|jjd$|dSxf|D]^} d| kr6q$|jjd%| d} x4| D],} t||d&| d'|j|} |j| qPWq$W|dkrhd}|j|d(}|dkr|jjd)|dSx|D]} d| kr֐q|jjd*| d} xv| D]n} | |jkrqn d|j| <|jdrB|jj| sB|jjd+| d,qt|| |j|} |j| qWqWx:|D]0}|jrdS||jkrqpd-}|j|d.}|dkr|jjd/|dSx|D]} d| krڐq|jjd0| d} x| D]} | d1jd2d3}ttjd4|jd5}|jd5d6krN||krN|jjd7qd8| jd.d9jd:d;| jd.jd}|dkr|jjd?|dSx|D]} d| krqd@| dkr*q|jjdA| dd@} x| D]} | jd2d3}ttjd4|jdB}|jdBd6kr||kr|jjd7qHx4| dCD](}|dD}t|||j|} |j| qWqHWqWqWx|D]}|jrdS||jkrq|j|dE}|dkr<|jjdF|dSx|D]} d| krXqD|jjdG| d}t }xz|D]p} xf| d@D]X}|d1jd2d3}ttjd4|jdH}|jdHd6kr||kr|jjd7q|dIdJdKt |dIdL}dM}dN}|dIdOdPkr*dQ}dR}|dKt |dIdL|krt|||j|}|j||j|dKt |dIdLy2|dSdTdUdV}t|||j|} |j| Wn0tk r} z|jjdWWYdd} ~ XnXqWqzWqDWqWx|D]}d|j|< qWdS)XNzReceived event, z, from r rz6You enabled sfp_binaryedge but did not set an API key!FTz Skipping z as already mapped.r,rrz$Network size bigger than permitted: z > r-rr NETBLOCK_r)r6r?zNo Passive DNS info for eventsz*Found passive DNS results in BinaryEdge.iodomain)includeParentsrr/ _internettldsr*rr9r+r3r:zNo leak info for z2Found compromised account results in BinaryEdge.ioz []r>zNo hosts found for z#Found host results in BinaryEdge.iozCouldn't resolve z, so skipping.r7r<zNo torrent info for z&Found torrent results in BinaryEdge.ioorigintsiiQrrz#Record found but too old, skipping.z Torrent: z???namez @ sourcer0r=zNo vulnerability info for rz,Found vulnerability results in BinaryEdge.iorZcvescver;zNo port/banner info for z*Found port/banner results in BinaryEdge.iortargetip:portr1r2protocoludpr4r5resultdataservicebannerzNo banner information found.) eventTypemodulerrrrdebugr!rPrr prefixlenstrr startswithrWrXrQ getTargetmatches resolveHostr__name__notifyListenersisDomainrr checkForStoprrVinttime BaseException)r"event eventName srcModuleName eventDataqrylistipaddrevtTyper\recr^hostevtr_addr created_ts age_limit_tsdatcrjZallresr;precentityZevttypeZevtbtypeevrtr&r&r' handleEvents                                             ,          "         6 zsfp_binaryedge.handleEvent)r9)r~ __module__ __qualname____doc__r!optdescsrrrrrdictr(r.r8rXrr&r&r&r'rsB >r) rSrnetaddrrsflibrrrrr&r&r&r' s