CIRCL
/
AIL-framework
mirror of https://github.com/CIRCL/AIL-framework
2
1
Fork 0
Code Issues Releases Wiki Activity

add: [BankAccount] iban detection

pull/232/head
Terrtia 2018-07-26 15:31:58 +02:00
parent 8beb63b6a8
commit 57b631233b
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
4 changed files with 116 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
bin/BankAccount.py Executable file
View File

@ -0,0 +1,107 @@
#!/usr/bin/env python3
# -*-coding:UTF-8 -*
"""
The ApiKey Module
======================
This module is consuming the Redis-list created by the Categ module.
It apply API_key regexes on paste content and warn if above a threshold.
"""
import redis
import time
import re
import string
from packages import Paste
from pubsublogger import publisher
from Helper import Process
import signal
class TimeoutException(Exception):
pass
def timeout_handler(signum, frame):
raise TimeoutException
signal.signal(signal.SIGALRM, timeout_handler)
LETTERS_IBAN = {ord(d): str(i) for i, d in enumerate(string.digits + string.ascii_uppercase)}
def iban_number(iban):
return (iban[4:] + iban[:4].translate(LETTERS_IBAN))
def is_valid_iban(iban):
iban = iban.replace(' ', '')
iban_numb = iban_number(iban)
iban_numb_check = iban_number(iban[:2] + '00' + iban[4:])
check_digit = '{:0>2}'.format(98 - (int(iban_numb_check) % 97))
if check_digit == iban[2:4] and int(iban_numb) % 97 == 1:
# valid iban
print('valid iban')
print(iban)
return True
return False
def check_all_iban(l_iban, paste, filename):
nb_valid_iban = 0
for iban in l_iban:
print('checking '+iban)
if is_valid_iban(iban):
print('------')
nb_valid_iban = nb_valid_iban + 1
if(nb_valid_iban > 0):
to_print = 'Iban;{};{};{};'.format(paste.p_source, paste.p_date, paste.p_name)
publisher.warning('{}Checked found {} IBAN;{}'.format(
to_print, nb_valid_iban, paste.p_path))
msg = 'infoleak:automatic-detection="iban";{}'.format(filename)
p.populate_set_out(msg, 'Tags')
#Send to duplicate
p.populate_set_out(filename, 'Duplicate')
if __name__ == "__main__":
publisher.port = 6380
publisher.channel = "Script"
config_section = 'BankAccount'
p = Process(config_section)
max_execution_time = p.config.getint("BankAccount", "max_execution_time")
publisher.info("BankAccount started")
message = p.get_from_set()
iban_regex = re.compile(r'\b[A-Za-z]{2}[0-9]{2}(?:[ ]?[0-9]{4}){4}(?:[ ]?[0-9]{1,2})?\b')
while True:
message = p.get_from_set()
if message is not None:
filename = message
paste = Paste.Paste(filename)
content = paste.get_p_content()
signal.alarm(max_execution_time)
try:
l_iban = iban_regex.findall(content)
except TimeoutException:
print ("{0} processing timeout".format(paste.p_path))
continue
else:
signal.alarm(0)
if(len(l_iban) > 0):
check_all_iban(l_iban, paste, filename)
else:
publisher.debug("Script ApiKey is Idling 10s")
time.sleep(10)

2
bin/LAUNCH.sh
View File

@ -144,6 +144,8 @@ function launching_scripts {
sleep 0.1 sleep 0.1
screen -S "Script_AIL" -X screen -t "CreditCards" bash -c 'cd '${AIL_BIN}'; ./CreditCards.py; read x' screen -S "Script_AIL" -X screen -t "CreditCards" bash -c 'cd '${AIL_BIN}'; ./CreditCards.py; read x'
sleep 0.1 sleep 0.1
screen -S "Script_AIL" -X screen -t "BankAccount" bash -c 'cd '${AIL_BIN}'; ./BankAccount.py; read x'
sleep 0.1
screen -S "Script_AIL" -X screen -t "Onion" bash -c 'cd '${AIL_BIN}'; ./Onion.py; read x' screen -S "Script_AIL" -X screen -t "Onion" bash -c 'cd '${AIL_BIN}'; ./Onion.py; read x'
sleep 0.1 sleep 0.1
screen -S "Script_AIL" -X screen -t "Mail" bash -c 'cd '${AIL_BIN}'; ./Mail.py; read x' screen -S "Script_AIL" -X screen -t "Mail" bash -c 'cd '${AIL_BIN}'; ./Mail.py; read x'

3
bin/packages/config.cfg.sample
View File

@ -43,6 +43,9 @@ minute_processed_paste = 10
DiffMaxLineLength = 10000 DiffMaxLineLength = 10000
#### Modules #### #### Modules ####
[BankAccount]
max_execution_time = 60
[Categ] [Categ]
#Minimum number of match between the paste and the category file #Minimum number of match between the paste and the category file
matchingThreshold=1 matchingThreshold=1

4
bin/packages/modules.cfg
View File

@ -51,6 +51,10 @@ publish = Redis_CreditCards,Redis_Mail,Redis_Onion,Redis_Web,Redis_Credential,Re
subscribe = Redis_CreditCards subscribe = Redis_CreditCards
publish = Redis_Duplicate,Redis_ModuleStats,Redis_alertHandler,Redis_Tags publish = Redis_Duplicate,Redis_ModuleStats,Redis_alertHandler,Redis_Tags
[BankAccount]
subscribe = Redis_Global
publish = Redis_Duplicate,Redis_Tags
[Mail] [Mail]
subscribe = Redis_Mail subscribe = Redis_Mail
publish = Redis_Duplicate,Redis_ModuleStats,Redis_alertHandler,Redis_Tags publish = Redis_Duplicate,Redis_ModuleStats,Redis_alertHandler,Redis_Tags