diff --git a/bin/Base64.py b/bin/Base64.py index c740a2f4..4f0389ad 100755 --- a/bin/Base64.py +++ b/bin/Base64.py @@ -18,7 +18,8 @@ import base64 from hashlib import sha1 import magic -def search_base64(content): +def search_base64(content, message): + find = False base64_list = re.findall(regex_base64, content) if(len(base64_list) > 0): @@ -30,7 +31,16 @@ def search_base64(content): #print(type) #print(decode) + find = True save_base64_as_file(decode, type) + print('found {} '.format(type)) + if(find): + publisher.warning('base64 decoded') + #Send to duplicate + p.populate_set_out(message, 'Duplicate') + #send to Browse_warning_paste + msg = ('base64;{}'.format(message)) + p.populate_set_out( msg, 'alertHandler') def save_base64_as_file(decode, type): @@ -85,7 +95,7 @@ if __name__ == '__main__': content = paste.get_p_content() #print(filename) - search_base64(content) + search_base64(content,message) # (Optional) Send that thing to the next queue #p.populate_set_out(something_has_been_done) diff --git a/bin/Bitcoin.py b/bin/Bitcoin.py new file mode 100755 index 00000000..2893a24f --- /dev/null +++ b/bin/Bitcoin.py @@ -0,0 +1,94 @@ +#!/usr/bin/env python3.5 +# -*-coding:UTF-8 -* +""" +The Bitcoin Module +============================ + +It trying to extract Bitcoin address and secret key from paste + + ..seealso:: Paste method (get_regex) + +Requirements +------------ + +*Need running Redis instances. (Redis). + +""" + +from packages import Paste +from Helper import Process +from pubsublogger import publisher + +import re +import time + +from hashlib import sha256 + + +# thank http://rosettacode.org/wiki/Bitcoin/address_validation#Python for this 2 functions + +def decode_base58(bc, length): + n = 0 + for char in bc: + n = n * 58 + digits58.index(char) + return n.to_bytes(length, 'big') +def check_bc(bc): + try: + bcbytes = decode_base58(bc, 25) + return bcbytes[-4:] == sha256(sha256(bcbytes[:-4]).digest()).digest()[:4] + except Exception: + return False +########################################################3 + +def search_key(content, message): + bitcoin_address = re.findall(regex_bitcoin_public_address, content) + bitcoin_private_key = re.findall(regex_bitcoin_private_key, content) + validate_address = False + if(len(bitcoin_address) >0): + #print(message) + for address in bitcoin_address: + if(check_bc(address)): + validate_address = True + print('Bitcoin address found : {}'.format(address)) + if(len(bitcoin_private_key) > 0): + for private_key in bitcoin_private_key: + print('Bitcoin private key found : {}'.format(private_key)) + + if(validate_address): + p.populate_set_out(message, 'Duplicate') + to_print = 'bitcoin found: {} address and {} private Keys'.format(len(bitcoin_address), len(bitcoin_private_key)) + print(to_print) + publisher.warning(to_print) + msg = ('bitcoin;{}'.format(message)) + p.populate_set_out( msg, 'alertHandler') + +if __name__ == "__main__": + publisher.port = 6380 + publisher.channel = "Script" + + config_section = 'Bitcoin' + + # Setup the I/O queues + p = Process(config_section) + + # Sent to the logging a description of the module + publisher.info("Run Keys module ") + + digits58 = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' + + regex_bitcoin_public_address = re.compile(r'(?
- Year: + Year: