3 @6^ @s8ddlZddlZddlmZmZmZGdddeZdS)N) SpiderFootSpiderFootPluginSpiderFootEventc@sheZdZdZdddddZddd d dZd ZdZd Ze fd dZ ddZ ddZ dddZ ddZd S)sfp_securitytrailszuSecurityTrails:Investigate,Passive:Search Engines:apikey:Obtain Passive DNS and other information from SecurityTrailsTFd)api_keyverifycohostsamedomain maxcohostzSecurityTrails API key.zMVerify co-hosts are valid by checking if they still resolve to the shared IP.z>Treat co-hosted sites on the same target domain as co-hosting?zbStop reporting co-hosted sites after this many are found, as it would likely indicate web hosting.NrcCs>||_|j|_d|_x"t|jD]}|||j|<q$WdS)Nr)sf tempStorageresults cohostcountlistkeysopts)selfsfcuserOptsoptr=/var/www/spiderfoot.crq.systems/modules/sfp_securitytrails.pysetup+s  zsfp_securitytrails.setupcCsdddddgS)N IP_ADDRESS IPV6_ADDRESS DOMAIN_NAME EMAILADDRNETBLOCK_OWNERr)rrrr watchedEvents7sz sfp_securitytrails.watchedEventscCsddddddgS)NCO_HOSTED_SITErAFFILIATE_DOMAIN_NAME INTERNET_NAMEAFFILIATE_INTERNET_NAMEPROVIDER_HOSTINGr)rrrrproducedEvents<sz!sfp_securitytrails.producedEventsc Csd}d|jdi}|dkr,d|d}d}n(dt|}d|d|d }d |d <|jj||jd d ||d} | dd kr|jjddd|_dS| ddkr|jjd|dSytj| d}|dkr|j ddS|j dddkrXt |j dgdkr@t j d|r"|j |j dn |j d}|j|||d|S|j |j dg|Sn |j dgSWn8tk r} z|jjdt| ddSd} ~ XnXdS)!NZAPIKEYrdomainz)https://api.securitytrails.com/v1/domain/z /subdomainsz4https://api.securitytrails.com/v1/search/list/?page=z{"filter": { "z": "z" } }zapplication/jsonz Content-Type _fetchtimeoutr)timeout useragentheaderspostDatacode400429500403zcSecurityTrails API key seems to have been rejected or you have exceeded usage limits for the month.FTcontentz!No SecurityTrails info found for subdomainsZ record_countrrrecordsr&z4Error processing JSON response from SecurityTrails: )r.r/r0r1)rstrr fetchUrlerror errorStateinfojsonloadsgetlentimesleepextendquery Exception) rqry querytypepageaccumr9r+urlrequestreserrrrACsF       zsfp_securitytrails.querycCs2|j}|j}|j}|jrdS|jjd|d||jddkrZ|jjddd|_dS||jkr||jjd|d dSd|j|<|d#kr|}|j |d }t }t }|dk rx0|D]&} d| krx>| dD]2} | |krqt d| |j |} |j | |j| qWd| kr|j|jdkr*q| d} |jdsh|jj| ddrh|jjd| dq| |kr| |kr|jdr|jj| | r|jjd| dq|j| jt d| |j |} |j | |jd7_qW|d$kr|} |j | d}t }|dk rx|D]} d| kr| ds6q| d} | j|kr|j| jnqt d| |j |} |j | |jj| |jdrt d| |j |}|j |qW|d%kr.|}|j |d }t }|dk r.xR|D]J} | j|kr|j| jnqt d!| d"||j |} |j | qWdS)&NzReceived event, z, from rrzAYou enabled sfp_securitytrails but did not set an API uid/secret!FTz Skipping z as already mapped.rrNETLBLOCK_OWNERipv4Z host_providerr$hostnamer r )includeParentsz" because it is on the same domain.r zHost z no longer resolves to our IP.r r&rZ whois_emailr# _internettldsr!rr'r".)rrrK)r)r) eventTypemoduledatar8r debugrr7rrArr__name__notifyListenersappendr getTargetmatches validateIPlowerisDomain)revent eventName srcModuleName eventDataiprecmyresZhostersrdatrJhemailevtr'rrr handleEventws                      zsfp_securitytrails.handleEvent)r&N)rU __module__ __qualname____doc__roptdescsrr8rdictrrr%rArirrrrrs"  4r)r:r>sflibrrrrrrrr s