3 @6^@s@ddlZddlZddlZddlmZmZmZGdddeZdS)N) SpiderFootSpiderFootPluginSpiderFootEventc @sveZdZdZdddddddddd Zdd d d d d dddd ZdZdZefddZ ddZ ddZ ddZ ddZ dS) sfp_intelxzIntelligenceX:Investigate,Passive:Search Engines:apikey:Obtain information from IntelligenceX about identified IP addresses, domains, e-mail addresses and phone numbers.z$9df61df0-84f7-4dc7-b34c-8ccfb8646acezpublic.intelx.ioFZ) api_keybase_url checkcohostscheckaffiliatesnetblocklookup maxnetblock subnetlookup maxsubnetmaxagezIntelligenceX API key.z||_|j|_d|_x"t|jD]}|||j|<q$WdS)NF)sf tempStorageresults errorStatelistkeysopts)selfsfcuserOptsoptr5/var/www/spiderfoot.crq.systems/modules/sfp_intelx.pysetup7s  zsfp_intelx.setupcCsdddddddgS)N IP_ADDRESSAFFILIATE_IPADDR INTERNET_NAME EMAILADDRCO_HOSTED_SITE PHONE_NUMBERBITCOIN_ADDRESSr)rrrr watchedEventsCszsfp_intelx.watchedEventscCsddgS)N LEAKSITE_URLDARKNET_MENTION_URLr)rrrrproducedEventsHszsfp_intelx.producedEventsc Csd}d|jdd}|gdddddddgd }d |jd d }|jj|tj|||jd d }|ddkr|jjd|dSytj|d}Wn4tk r}z|jjddd|_ dSd}~XnX|j dddkr|dt |d}d} d} d} x| dkr| | kr|j rdS|jj||d}|ddkrP|jjd|dSytj|d}Wn0tk r}z|jjdddSd}~XnX|d} | d7} | dkr|jj d|StjdqW|jj ddS)Nrr)z User-Agentzx-keyrd) termZbucketsZ lookuplevelZ maxresultstimeoutZdatefromZdatetosortmedia terminatezhttps://r z/intelligent/search _fetchtimeout)postDataheadersr.contentz No IntelligenceX info found for z2Error processing JSON response from IntelligenceX.FTstatusz /result?id=%sid)r4z-No IntelligenceX info found for results from zResults found, returningzNo results found.)rr7)rrfetchUrljsondumpsinfoloads Exceptionerrorrgetstr checkForStopdebugtimesleep) rqryretr4payloadurlreseZ resulturllimitcountr6rrrqueryKsd     zsfp_intelx.queryc CsD|j}|j}|j}|jrdS|jddks8|jddkrP|jjddd|_dS|jjd|d|||jkr|jjd |d dSd|j|<|j d r|jd  rdS|d kr|jd rdS|j |}|dkrdS|jj d|t t j dd|jd}x2|jdtD]}yt tjj|djdddjdd}||krh|jjdwd} d} |ddkrd} |ddd} |dj drd } |d!} | s| r|jjd"t|dd#wWn>tk r} z |jjd$t| dwWYdd} ~ XnXt| | |j|} |j| qWdS)%Nrr+r zBYou enabled sfp_intelx but did not set an API key and/or base URL!FTzReceived event, z, from z Skipping z as already mapped. AFFILIATEr r#r z!Found IntelligenceX URL data for ii\&rrecordsadded.rz%Y-%m-%dT%H:%M:%Sz%sz#Record found but too old, skipping.bucketZpastesr'Z keyvaluesvaluezdarknet.r(namezUnexpected record, skipping ()z&Error processing content from IntelX: ) eventTypemoduledatarrrrBrFr startswithrQr?intrGrCdictdatetimestrptimesplitstrftimerD BaseExceptionr__name__notifyListeners) revent eventName srcModuleName eventDatar?agelimitrec last_seenvalevtrNrrr handleEventsZ   *  zsfp_intelx.handleEvent)re __module__ __qualname____doc__roptdescsrrr_rr&r)rQrprrrrrs4 Gr)r=rGr`sflibrrrrrrrrs