CIRCL
/
AIL-framework
mirror of https://github.com/CIRCL/AIL-framework
2
1
Fork 0
Code Issues Releases Wiki Activity

chg: [bitcoin tags + correlation] add bech32 adresses

pull/534/head
Terrtia 2020-09-01 14:03:32 +02:00
parent b671e4c7f4
commit 4a0613e3c9
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
bin/Cryptocurrencies.py
View File

@ -44,8 +44,9 @@ def search_crytocurrency(item_id, item_content):
is_cryptocurrency_found = False is_cryptocurrency_found = False
for crypto_name in cryptocurrency_dict: for dict_field in cryptocurrency_dict:
crypto_dict = cryptocurrency_dict[crypto_name] crypto_dict = cryptocurrency_dict[dict_field]
crypto_name = crypto_dict['name']
signal.alarm(crypto_dict['max_execution_time']) signal.alarm(crypto_dict['max_execution_time'])
try: try:
@ -62,7 +63,7 @@ def search_crytocurrency(item_id, item_content):
is_valid_crypto_addr = False is_valid_crypto_addr = False
# validate cryptocurrency address # validate cryptocurrency address
for address in crypto_addr: for address in crypto_addr:
if(Cryptocurrency.verify_cryptocurrency_address(crypto_name, address)): if(Cryptocurrency.verify_cryptocurrency_address(dict_field, address)):
is_valid_crypto_addr = True is_valid_crypto_addr = True
print('{} address found : {}'.format(crypto_name, address)) print('{} address found : {}'.format(crypto_name, address))
# build bitcoin correlation # build bitcoin correlation
@ -127,6 +128,17 @@ cryptocurrency_dict = {
'tag': 'infoleak:automatic-detection="bitcoin-private-key"', 'tag': 'infoleak:automatic-detection="bitcoin-private-key"',
}, },
}, },
'bitcoin-bech32': {
'name': 'bitcoin', # e.g. bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq
'regex': r'\bbc(?:0(?:[ac-hj-np-z02-9]{39}|[ac-hj-np-z02-9]{59})|1[ac-hj-np-z02-9]{8,87})\b',
'max_execution_time': default_max_execution_time,
'tag': 'infoleak:automatic-detection="bitcoin-address"',
'private_key': {
'regex': r'\b(?<![+/=])[5KL][1-9A-HJ-NP-Za-km-z]{50,51}(?![+/=])\b',
'max_execution_time': default_max_execution_time,
'tag': 'infoleak:automatic-detection="bitcoin-private-key"',
},
},
'ethereum': { 'ethereum': {
'name': 'ethereum', # e.g. 0x8466b50B53c521d0B4B163d186596F94fB8466f1 'name': 'ethereum', # e.g. 0x8466b50B53c521d0B4B163d186596F94fB8466f1
'regex': r'\b(?<![+/=])0x[A-Za-z0-9]{40}(?![+/=])\b', 'regex': r'\b(?<![+/=])0x[A-Za-z0-9]{40}(?![+/=])\b',