U @6^@s4ddlmZddlmZmZmZGdddeZdS)) IPNetwork) SpiderFootSpiderFootPluginSpiderFootEventc@speZdZdZdddddZdddddZd Zd d d Zefd dZ ddZ ddZ ddZ ddZ ddZd S)sfp_uceprotectzUCEPROTECT:Investigate,Passive:Reputation Systems::Query the UCEPROTECT databases for open relays, open proxies, vulnerable servers, etc.T)netblocklookup maxnetblock subnetlookup maxsubnetzLook up all IPs on netblocks deemed to be owned by your target for possible blacklisted hosts on the same target subdomain/domain?zyIf looking up owned netblocks, the maximum netblock size to look up all IPs within (CIDR value, 24 = /24, 16 = /16, etc.)zKLook up all IPs on subnets which your target is a part of for blacklisting?zsIf looking up subnets, the maximum subnet size to look up all the IPs within (CIDR value, 24 = /24, 16 = /16, etc.)Nz&UCEPROTECT - Level 1 (high likelihood)z+UCEPROTECT - Level 2 (some false positives))zdnsbl-1.uceprotect.netzdnsbl-2.uceprotect.netcCs4||_||_t|D]}|||j|<qdS)N)sf tempStorageresultslistkeysopts)selfsfcuserOptsoptr9/var/www/spiderfoot.crq.systems/modules/sfp_uceprotect.pysetup3s zsfp_uceprotect.setupcCs ddddgS)N IP_ADDRESSAFFILIATE_IPADDRNETBLOCK_OWNERNETBLOCK_MEMBERrrrrr watchedEvents;szsfp_uceprotect.watchedEventscCs ddddgS)NBLACKLISTED_IPADDRBLACKLISTED_AFFILIATE_IPADDRBLACKLISTED_SUBNETBLACKLISTED_NETBLOCKrrrrrproducedEventsBszsfp_uceprotect.producedEventscCsdt|dS)N.)joinreversedsplit)ripaddrrrr reverseAddrGszsfp_uceprotect.reverseAddrc Cs|j}|jD]}|r dSz@||d|}|jd||j|}|jdt||snWq d}|D]}t|j|tkr|j|d|d}qqvt|t |j| kr|jdt|qvt|} |j|| d|d}qqv|dk r`|dkrd} |d kr*d } |d kr8d } |d krFd} t | ||j |} | | Wq tk r} z(|jd|d|dt| W5d} ~ XYq Xq dS)Nr$zChecking Blacklist: zAddresses returned: z ()zReturn code not found in list: rr rrrr"rr!zUnable to resolve z / z: ) eventTypechecks checkForStopr)r debug resolveHoststrtyperrr__name__notifyListeners BaseException) rqaddr parentEvent eventNamedomainlookupaddrstextaddrkeevtrrr queryAddrJsH       8zsfp_uceprotect.queryAddrcCsR|j}|j}|j}|}t}|jd|d|||jkrBdSd|j|<|dkr|jdsbdSt|j |jdkr|jdt t|j dt |jddS|d kr|jd sdSt|j |jd kr|jdt t|j dt |jd dS| d rBt|D]&}| r,dS| t ||qn | ||dS) NzReceived event, z, from Trrr z$Network size bigger than permitted: z > rr r NETBLOCK_)r+moduledatarr r.rrr prefixlenr0 startswithr-r@)reventr7 srcModuleName eventDatar6addrlistr<rrr handleEvent{sN            zsfp_uceprotect.handleEvent)r2 __module__ __qualname____doc__roptdescsrr,dictrrr#r)r@rJrrrrrs* 1rN)netaddrrsflibrrrrrrrrs