From 57b631233bf1562cb0d6f1fa18813020025644ab Mon Sep 17 00:00:00 2001 From: Terrtia Date: Thu, 26 Jul 2018 15:31:58 +0200 Subject: [PATCH 1/4] add: [BankAccount] iban detection --- bin/BankAccount.py | 107 +++++++++++++++++++++++++++++++++ bin/LAUNCH.sh | 2 + bin/packages/config.cfg.sample | 3 + bin/packages/modules.cfg | 4 ++ 4 files changed, 116 insertions(+) create mode 100755 bin/BankAccount.py diff --git a/bin/BankAccount.py b/bin/BankAccount.py new file mode 100755 index 00000000..f2619cb6 --- /dev/null +++ b/bin/BankAccount.py @@ -0,0 +1,107 @@ +#!/usr/bin/env python3 +# -*-coding:UTF-8 -* + +""" +The ApiKey Module +====================== + +This module is consuming the Redis-list created by the Categ module. + +It apply API_key regexes on paste content and warn if above a threshold. + +""" + +import redis +import time +import re +import string + +from packages import Paste +from pubsublogger import publisher + +from Helper import Process + +import signal + +class TimeoutException(Exception): + pass + +def timeout_handler(signum, frame): + raise TimeoutException + +signal.signal(signal.SIGALRM, timeout_handler) + +LETTERS_IBAN = {ord(d): str(i) for i, d in enumerate(string.digits + string.ascii_uppercase)} + +def iban_number(iban): + return (iban[4:] + iban[:4].translate(LETTERS_IBAN)) + +def is_valid_iban(iban): + iban = iban.replace(' ', '') + iban_numb = iban_number(iban) + iban_numb_check = iban_number(iban[:2] + '00' + iban[4:]) + check_digit = '{:0>2}'.format(98 - (int(iban_numb_check) % 97)) + if check_digit == iban[2:4] and int(iban_numb) % 97 == 1: + # valid iban + print('valid iban') + print(iban) + return True + return False + +def check_all_iban(l_iban, paste, filename): + nb_valid_iban = 0 + for iban in l_iban: + print('checking '+iban) + if is_valid_iban(iban): + print('------') + nb_valid_iban = nb_valid_iban + 1 + if(nb_valid_iban > 0): + to_print = 'Iban;{};{};{};'.format(paste.p_source, paste.p_date, paste.p_name) + publisher.warning('{}Checked found {} IBAN;{}'.format( + to_print, nb_valid_iban, paste.p_path)) + msg = 'infoleak:automatic-detection="iban";{}'.format(filename) + p.populate_set_out(msg, 'Tags') + + #Send to duplicate + p.populate_set_out(filename, 'Duplicate') + +if __name__ == "__main__": + publisher.port = 6380 + publisher.channel = "Script" + + config_section = 'BankAccount' + + p = Process(config_section) + max_execution_time = p.config.getint("BankAccount", "max_execution_time") + + publisher.info("BankAccount started") + + message = p.get_from_set() + + iban_regex = re.compile(r'\b[A-Za-z]{2}[0-9]{2}(?:[ ]?[0-9]{4}){4}(?:[ ]?[0-9]{1,2})?\b') + + while True: + + message = p.get_from_set() + + if message is not None: + + filename = message + paste = Paste.Paste(filename) + content = paste.get_p_content() + + signal.alarm(max_execution_time) + try: + l_iban = iban_regex.findall(content) + except TimeoutException: + print ("{0} processing timeout".format(paste.p_path)) + continue + else: + signal.alarm(0) + + if(len(l_iban) > 0): + check_all_iban(l_iban, paste, filename) + + else: + publisher.debug("Script ApiKey is Idling 10s") + time.sleep(10) diff --git a/bin/LAUNCH.sh b/bin/LAUNCH.sh index 161660ab..998a676a 100755 --- a/bin/LAUNCH.sh +++ b/bin/LAUNCH.sh @@ -144,6 +144,8 @@ function launching_scripts { sleep 0.1 screen -S "Script_AIL" -X screen -t "CreditCards" bash -c 'cd '${AIL_BIN}'; ./CreditCards.py; read x' sleep 0.1 + screen -S "Script_AIL" -X screen -t "BankAccount" bash -c 'cd '${AIL_BIN}'; ./BankAccount.py; read x' + sleep 0.1 screen -S "Script_AIL" -X screen -t "Onion" bash -c 'cd '${AIL_BIN}'; ./Onion.py; read x' sleep 0.1 screen -S "Script_AIL" -X screen -t "Mail" bash -c 'cd '${AIL_BIN}'; ./Mail.py; read x' diff --git a/bin/packages/config.cfg.sample b/bin/packages/config.cfg.sample index 9a22e407..2ed662c1 100644 --- a/bin/packages/config.cfg.sample +++ b/bin/packages/config.cfg.sample @@ -43,6 +43,9 @@ minute_processed_paste = 10 DiffMaxLineLength = 10000 #### Modules #### +[BankAccount] +max_execution_time = 60 + [Categ] #Minimum number of match between the paste and the category file matchingThreshold=1 diff --git a/bin/packages/modules.cfg b/bin/packages/modules.cfg index f50aa263..452850f7 100644 --- a/bin/packages/modules.cfg +++ b/bin/packages/modules.cfg @@ -51,6 +51,10 @@ publish = Redis_CreditCards,Redis_Mail,Redis_Onion,Redis_Web,Redis_Credential,Re subscribe = Redis_CreditCards publish = Redis_Duplicate,Redis_ModuleStats,Redis_alertHandler,Redis_Tags +[BankAccount] +subscribe = Redis_Global +publish = Redis_Duplicate,Redis_Tags + [Mail] subscribe = Redis_Mail publish = Redis_Duplicate,Redis_ModuleStats,Redis_alertHandler,Redis_Tags From 153f9f38cc9cf4a1644dd58108d32a7834071bd2 Mon Sep 17 00:00:00 2001 From: Terrtia Date: Fri, 27 Jul 2018 10:20:03 +0200 Subject: [PATCH 2/4] chg: [BankAccount] regex --- bin/BankAccount.py | 36 +++++++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/bin/BankAccount.py b/bin/BankAccount.py index f2619cb6..f8c057c3 100755 --- a/bin/BankAccount.py +++ b/bin/BankAccount.py @@ -2,12 +2,12 @@ # -*-coding:UTF-8 -* """ -The ApiKey Module +The BankAccount Module ====================== This module is consuming the Redis-list created by the Categ module. -It apply API_key regexes on paste content and warn if above a threshold. +It apply BankAccount regexes on paste content and warn if above a threshold. """ @@ -15,6 +15,7 @@ import redis import time import re import string +from itertools import chain from packages import Paste from pubsublogger import publisher @@ -31,15 +32,19 @@ def timeout_handler(signum, frame): signal.signal(signal.SIGALRM, timeout_handler) -LETTERS_IBAN = {ord(d): str(i) for i, d in enumerate(string.digits + string.ascii_uppercase)} +#LETTERS_IBAN = {ord(d): str(i) for i, d in enumerate(string.digits + string.ascii_uppercase)} +_LETTERS_IBAN = chain(enumerate(string.digits + string.ascii_uppercase), + enumerate(string.ascii_lowercase, 10)) +LETTERS_IBAN = {ord(d): str(i) for i, d in _LETTERS_IBAN} def iban_number(iban): - return (iban[4:] + iban[:4].translate(LETTERS_IBAN)) + return (iban[4:] + iban[:4]).translate(LETTERS_IBAN) def is_valid_iban(iban): - iban = iban.replace(' ', '') iban_numb = iban_number(iban) iban_numb_check = iban_number(iban[:2] + '00' + iban[4:]) + print(iban_numb) + print(iban_numb_check) check_digit = '{:0>2}'.format(98 - (int(iban_numb_check) % 97)) if check_digit == iban[2:4] and int(iban_numb) % 97 == 1: # valid iban @@ -51,10 +56,16 @@ def is_valid_iban(iban): def check_all_iban(l_iban, paste, filename): nb_valid_iban = 0 for iban in l_iban: - print('checking '+iban) - if is_valid_iban(iban): - print('------') - nb_valid_iban = nb_valid_iban + 1 + iban = iban[0]+iban[1]+iban[2] + iban = ''.join(e for e in iban if e.isalnum()) + #iban = iban.upper() + res = iban_regex_verify.findall(iban) + if res: + print('checking '+iban) + if is_valid_iban(iban): + print('------') + nb_valid_iban = nb_valid_iban + 1 + if(nb_valid_iban > 0): to_print = 'Iban;{};{};{};'.format(paste.p_source, paste.p_date, paste.p_name) publisher.warning('{}Checked found {} IBAN;{}'.format( @@ -78,7 +89,10 @@ if __name__ == "__main__": message = p.get_from_set() - iban_regex = re.compile(r'\b[A-Za-z]{2}[0-9]{2}(?:[ ]?[0-9]{4}){4}(?:[ ]?[0-9]{1,2})?\b') + #iban_regex = re.compile(r'\b[A-Za-z]{2}[0-9]{2}(?:[ ]?[0-9]{4}){4}(?:[ ]?[0-9]{1,2})?\b') + iban_regex = re.compile(r'\b([A-Za-z]{2}[ \-]?[0-9]{2})(?=(?:[ \-]?[A-Za-z0-9]){9,30})((?:[ \-]?[A-Za-z0-9]{3,5}){2,6})([ \-]?[A-Za-z0-9]{1,3})\b') + iban_regex_verify = re.compile(r'^([A-Z]{2})([0-9]{2})([A-Z0-9]{9,30})$') + while True: @@ -103,5 +117,5 @@ if __name__ == "__main__": check_all_iban(l_iban, paste, filename) else: - publisher.debug("Script ApiKey is Idling 10s") + publisher.debug("Script BankAccount is Idling 10s") time.sleep(10) From 61e98ed8fb2cf73fceac758da6fb35b594e0fb3c Mon Sep 17 00:00:00 2001 From: Terrtia Date: Tue, 31 Jul 2018 10:51:18 +0200 Subject: [PATCH 3/4] clean --- bin/BankAccount.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/bin/BankAccount.py b/bin/BankAccount.py index f8c057c3..4af52a8b 100755 --- a/bin/BankAccount.py +++ b/bin/BankAccount.py @@ -32,7 +32,6 @@ def timeout_handler(signum, frame): signal.signal(signal.SIGALRM, timeout_handler) -#LETTERS_IBAN = {ord(d): str(i) for i, d in enumerate(string.digits + string.ascii_uppercase)} _LETTERS_IBAN = chain(enumerate(string.digits + string.ascii_uppercase), enumerate(string.ascii_lowercase, 10)) LETTERS_IBAN = {ord(d): str(i) for i, d in _LETTERS_IBAN} @@ -43,13 +42,10 @@ def iban_number(iban): def is_valid_iban(iban): iban_numb = iban_number(iban) iban_numb_check = iban_number(iban[:2] + '00' + iban[4:]) - print(iban_numb) - print(iban_numb_check) check_digit = '{:0>2}'.format(98 - (int(iban_numb_check) % 97)) if check_digit == iban[2:4] and int(iban_numb) % 97 == 1: # valid iban print('valid iban') - print(iban) return True return False From b5c1f281e67b07064a9587080bba50db45f607bf Mon Sep 17 00:00:00 2001 From: Terrtia Date: Tue, 31 Jul 2018 10:58:23 +0200 Subject: [PATCH 4/4] fix: typo --- bin/BankAccount.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/bin/BankAccount.py b/bin/BankAccount.py index 4af52a8b..58fa3e64 100755 --- a/bin/BankAccount.py +++ b/bin/BankAccount.py @@ -5,9 +5,7 @@ The BankAccount Module ====================== -This module is consuming the Redis-list created by the Categ module. - -It apply BankAccount regexes on paste content and warn if above a threshold. +It apply IBAN regexes on paste content and warn if above a threshold. """