U @6^=@sDddlZddlZddlmZddlmZmZmZGdddeZdS)N) IPNetwork) SpiderFootSpiderFootPluginSpiderFootEventc @seZdZdZddddddddddd d Zd d d ddddddddd ZdZdZdZdZ dZ e fddZ ddZ ddZd$d d!Zd"d#ZdS)%sfp_binaryedgezBinaryEdge:Footprint,Investigate,Passive:Search Engines:apikey:Obtain information from BinaryEdge.io's Internet scanning systems about breaches, vulerabilities, torrents and passive DNS.Z TFd) binaryedge_api_keytorrent_age_limit_dayscve_age_limit_daysport_age_limit_daysmaxpagesverifynetblocklookup maxnetblock subnetlookup maxsubnet maxcohostzBinaryEdge.io API Key.zDIgnore any torrent records older than this many days. 0 = unlimited.zJIgnore any vulnerability records older than this many days. 0 = unlimited.zRIgnore any discovered open ports/banners older than this many days. 0 = unlimited.zCVerify that any hostnames found on the target domain still resolve?zMaximum number of pages to iterate through, to avoid exceeding BinaryEdge API usage limits. APIv2 has a maximum of 500 pages (10,000 results).zLook up all IPs on netblocks deemed to be owned by your target for possible blacklisted hosts on the same target subdomain/domain?zyIf looking up owned netblocks, the maximum netblock size to look up all IPs within (CIDR value, 24 = /24, 16 = /16, etc.)z:Look up all IPs on subnets which your target is a part of?zsIf looking up subnets, the maximum subnet size to look up all the IPs within (CIDR value, 24 = /24, 16 = /16, etc.)zbStop reporting co-hosted sites after this many are found, as it would likely indicate web hosting.) r rrrrrrrrrrNrcCsT||_||_||_||_d|_d|_t|D]}|||j |<q|jdsdSt |j |jdkr>|jd t t |j dt |jddSt }| dr~t |D]"}|t |d|jt |<qXn |||dkrd}||d}|dkr|jd|dS|D]} d| krؐq|jd| d} | D]} | d} | |kr q|j| ddr|jdr<|j| s<qtd| |j|} || |j| |jdrtd| |j|} || d|j| <q|j|jdkrt|| |j|} || |jd 7_qq|d!krnd"}||d#}|dkr|jd$|dS|D]Z} d| kr$q|jd%| d} | D],} t||d&| d'|j|} || q<q|dkrHd}||d(}|dkr|jd)|dS|D]} d| krq|jd*| d} | D]n} | |jkrqn d|j| <|jdr&|j| s&|jd+| d,qt|| |j|} || qԐq|D],}|rbdS||jkrrqLd-}||d.}|dkr|jd/|dS|D]} d| krq|jd0| d} | D]} | d1d2d3}ttd4|jd5}|jd5d6kr*||kr*|jd7qd8| d.d9d:d;| d.d}|dkr|jd?|dS|D]} d| krqd@| dkrq|jdA| dd@} | D]} | d2d3}ttd4|jdB}|jdBd6krp||krp|jd7q| dCD](}|dD}t|||j|} || qxqqڐq|D]}|rdS||jkrؐq||dE}|dkr|jdF|dS|D]} d| krq|jdG| d}t }|D]j} | d@D]X}|d1d2d3}ttd4|jdH}|jdHd6kr||kr|jd7qH|dIdJdKt |dIdL}dM}dN}|dIdOdPkrdQ}dR}|dKt |dIdL|kr r-rr NETBLOCK_r)r7r@zNo Passive DNS info for eventsz*Found passive DNS results in BinaryEdge.iodomain)includeParentsrr0 _internettldsr*rr:r+r4r;zNo leak info for z2Found compromised account results in BinaryEdge.ioz []r?zNo hosts found for z#Found host results in BinaryEdge.iozCouldn't resolve z, so skipping.r8r=zNo torrent info for z&Found torrent results in BinaryEdge.ioorigintsiiQrrz#Record found but too old, skipping.z Torrent: z???namez @ sourcer1r>zNo vulnerability info for rz,Found vulnerability results in BinaryEdge.iorZcvescver<zNo port/banner info for z*Found port/banner results in BinaryEdge.iortargetip:portr2r3protocoludpr5r6resultdataservicebannerzNo banner information found.) eventTypemodulersrrdebugr!rQrr prefixlenstrr startswithrXrYrR getTargetmatches resolveHostr__name__notifyListenersisDomainrr checkForStoprrWinttime BaseException)r"event eventName srcModuleName eventDataqrylistipaddrevtTyper]recr_hostevtr`addr created_ts age_limit_tsdatcrkZallresr<precentityZevttypeZevtbtypeevrur&r&r' handleEvents                                             ,                      .zsfp_binaryedge.handleEvent)r:)r __module__ __qualname____doc__r!optdescsrrrrrdictr(r/r9rYrr&r&r&r'rsF >r) rTrnetaddrrsflibrrrrr&r&r&r' s