U @6^"@sHddlZddlZddlZddlZddlmZmZmZGdddeZdS)N) SpiderFootSpiderFootPluginSpiderFootEventc@sneZdZdZdddddddZdd d d d d dZdZdZdZe fddZ ddZ ddZ ddZ ddZdS) sfp_circlluzCIRCL.LU:Investigate,Passive:Reputation Systems:apikey:Obtain information from CIRCL.LU's Passive DNS and Passive SSL databases.rTFd) api_key_loginapi_key_passwordage_limit_daysverifycohostsamedomain maxcohostzCIRCL.LU login.zCIRCL.LU password.zHIgnore any Passive DNS records older than this many days. 0 = unlimited.zMVerify co-hosts are valid by checking if they still resolve to the shared IP.z>Treat co-hosted sites on the same target domain as co-hosting?zbStop reporting co-hosted sites after this many are found, as it would likely indicate web hosting.NcCs:||_||_d|_t|D]}|||j|<q"dS)Nr)sf tempStorageresults cohostcountlistkeysopts)selfsfcuserOptsoptr6/var/www/spiderfoot.crq.systems/modules/sfp_circllu.pysetup2s  zsfp_circllu.setupcCs ddddgS)N INTERNET_NAMENETBLOCK_OWNER IP_ADDRESS DOMAIN_NAMErrrrr watchedEvents>szsfp_circllu.watchedEventscCs dddgS)NrSSL_CERTIFICATE_ISSUEDCO_HOSTED_SITErr rrrproducedEventsBszsfp_circllu.producedEventsc Csd}|jrdS|dkr d|}nd|}|jdd|jd}t|d}dd |i}|jj|d d |d }|d dkr|jddd|_dS|ddkr|jd|dS|dS)NPDNSz https://www.circl.lu/pdns/query/z"https://www.circl.lu/v2pssl/query/r:r zutf-8 AuthorizationzBasic %sr)timeout useragentheaderscode)400429500403zNCIRCL.LU access seems to have been rejected or you have exceeded usage limits.FTcontentzNo CIRCL.LU info found for ) errorStaterbase64 b64encodeencoderfetchUrlerrorinfo) rqryqtypereturlsecretZb64_valr+resrrrqueryEs.    zsfp_circllu.queryc CsL|j}|j}|j}d}|jr dS|jd|d||dkrX|jd|ddS|jddkst|jddkr|jd d d |_dS||jkr|jd |d dSd |j|<|dkrd|kr| d\}}t |dkr|jdn"| |d}|s:|j d|n"| |d}|s:|j d||rzt |}|D]} |} | |kr|td| |j|} || || dD]N} tdt|| d| tj} | rtd| dd|j| } || qqPWn:tk r} z|jdt| d W5d} ~ XYnX|dkrH| |d}|sJ|j d|dS| dD]}t|dkrlqTzt |}WnDtk r} z$|jdt| d WYqTW5d} ~ XYnXt td|jd }|jd dkr|d!|kr|jd"qTt}|dkrV|d#d$krV|d%|krV||d&sV||d&|d'kr|d%|kr||d&s||d&|D]}|dkr|jd(r|j||s|jd)q|jd*s|j|d d+r|jd |d,q|j|jd-krtd.||j|} || |jd/7_qqTdS)0NzReceived event, z, from rz Ignoring z , from self.rrr z7You enabled sfp_circllu but did not set an credentials!FTz Skipping z as already mapped.)rr/z/Network size bigger than permitted by CIRCL.LU.PSSLz'No CIRCL.LU passive SSL data found for rZsubjectsz'.*["'](.+CN=([a-zA-Z0-9\-\*\.])+)["'].*r"rz)Invalid response returned from CIRCL.LU: )rrrr%z'No CIRCL.LU passive DNS data found for  iQr Z time_lastz#Record found but too old, skipping.ZrrtypeArdataZrrname)rrr z"Host no longer resolves to our IP.r )includeParentsz" because it is on the same domain.r r#) eventTypemoduledatar2rdebugrr7rsplitintr?r8jsonloadsr__name__notifyListenersrefindallstr IGNORECASE BaseExceptionlentimer getTargetmatchesappend validateIPr)revent eventName srcModuleName eventDatar;addrmaskjipZipeZcrtrelinerec age_limit_tscohostscorrr handleEventfs          (     &   zsfp_circllu.handleEvent)rQ __module__ __qualname____doc__roptdescsrr2rdictrr!r$r?rmrrrrrs.   !r) rOr3rSrYsflibrrrrrrrr s