3 @6^"@sHddlZddlZddlZddlZddlmZmZmZGdddeZdS)N) SpiderFootSpiderFootPluginSpiderFootEventc@sneZdZdZdddddddZdd d d d d dZdZdZdZe fddZ ddZ ddZ ddZ ddZdS) sfp_circlluzCIRCL.LU:Investigate,Passive:Reputation Systems:apikey:Obtain information from CIRCL.LU's Passive DNS and Passive SSL databases.rTFd) api_key_loginapi_key_passwordage_limit_daysverifycohostsamedomain maxcohostzCIRCL.LU login.zCIRCL.LU password.zHIgnore any Passive DNS records older than this many days. 0 = unlimited.zMVerify co-hosts are valid by checking if they still resolve to the shared IP.z>Treat co-hosted sites on the same target domain as co-hosting?zbStop reporting co-hosted sites after this many are found, as it would likely indicate web hosting.NcCs>||_|j|_d|_x"t|jD]}|||j|<q$WdS)Nr)sf tempStorageresults cohostcountlistkeysopts)selfsfcuserOptsoptr6/var/www/spiderfoot.crq.systems/modules/sfp_circllu.pysetup2s  zsfp_circllu.setupcCs ddddgS)N INTERNET_NAMENETBLOCK_OWNER IP_ADDRESS DOMAIN_NAMEr)rrrr watchedEvents>szsfp_circllu.watchedEventscCs dddgS)NrSSL_CERTIFICATE_ISSUEDCO_HOSTED_SITEr)rrrrproducedEventsBszsfp_circllu.producedEventsc Csd}|jrdS|dkr d|}nd|}|jdd|jd}tj|jd}dd |i}|jj|d d |d }|d dkr|jjddd|_dS|ddkr|jjd|dS|dS)NPDNSz https://www.circl.lu/pdns/query/z"https://www.circl.lu/v2pssl/query/r:r zutf-8 AuthorizationzBasic %sr)timeout useragentheaderscode400429500403zNCIRCL.LU access seems to have been rejected or you have exceeded usage limits.FTcontentzNo CIRCL.LU info found for )r,r-r.r/) errorStaterbase64 b64encodeencoderfetchUrlerrorinfo) rqryqtypereturlsecretZb64_valr*resrrrqueryEs&      zsfp_circllu.queryc#CsZ|j}|j}|j}d}|jr dS|jjd|d||dkrX|jjd|ddS|jddkst|jddkr|jjd d d |_dS||jkr|jjd |d dSd |j|<|d0kr"d|kr|j d\}}t |dkr|jjdn"|j |d}|s:|jj d|n"|j |d}|s:|jj d||r"yt j|}x|D]} |} | |kr~td| |j|} |j| x^|| dD]N} tjdt|| d| tj} | rtd| dd|j| } |j| qWqRWWn:tk r } z|jjdt| d WYdd} ~ XnX|d1krV|j |d}|sR|jj d|dSx|j dD]}t|dkrxq`yt j|}Wn>tk r} z |jjdt| d w`WYdd} ~ XnXt tjd |jd!}|jd!dkr|d"|kr|jjd#q`t}|dkr\|d$d%kr\|d&|kr\|jj|d's\|j|d'|d2kr|d&|kr|jj|d's|j|d'x|D]}|dkr|jd(r|jj|| r|jjd)q|jd*s|jj|d d+r|jjd |d,q|j|jd-krtd.||j|} |j| |jd/7_qWq`WdS)3NzReceived event, z, from rz Ignoring z , from self.rrr z7You enabled sfp_circllu but did not set an credentials!FTz Skipping z as already mapped.rr/z/Network size bigger than permitted by CIRCL.LU.PSSLz'No CIRCL.LU passive SSL data found for Zsubjectsz'.*["'](.+CN=([a-zA-Z0-9\-\*\.])+)["'].*r!rz)Invalid response returned from CIRCL.LU: rrr$z'No CIRCL.LU passive DNS data found for  iQr Z time_lastz#Record found but too old, skipping.ZrrtypeArdataZrrnamer z"Host no longer resolves to our IP.r )includeParentsz" because it is on the same domain.r r")rr)rrr)rr) eventTypemoduledatar1rdebugrr6rsplitintr>r7jsonloadsr__name__notifyListenersrefindallstr IGNORECASE BaseExceptionlentimer getTargetmatchesappend validateIPr)revent eventName srcModuleName eventDatar:addrmaskjipZipeZcrtrelinerec age_limit_tscohostscorrr handleEventfs           (      (   zsfp_circllu.handleEvent)rP __module__ __qualname____doc__roptdescsrr1rdictrr r#r>rlrrrrrs* !r) rNr2rRrXsflibrrrrrrrr s