misp-modules/misp_modules/modules/expansion/hibp.py

# -*- coding: utf-8 -*-
import requests
import json

misperrors = {'error': 'Error'}
mispattributes = {'input': ['email-dst', 'email-src'], 'output': ['text']}
moduleinfo = {
    'version': '0.2',
    'author': 'Corsin Camichel, Aurélien Schwab',
    'description': 'Module to access haveibeenpwned.com API.',
    'module-type': ['hover'],
    'name': 'Have I Been Pwned Lookup',
    'logo': 'hibp.png',
    'requirements': [],
    'features': 'The module takes an email address as input and queries haveibeenpwned.com API to find additional information about it. This additional information actually tells if any account using the email address has already been compromised in a data breach.',
    'references': ['https://haveibeenpwned.com/'],
    'input': 'An email address',
    'output': 'Additional information about the email address.',
}
moduleconfig = ['api_key']

haveibeenpwned_api_url = 'https://haveibeenpwned.com/api/v3/breachedaccount/'
API_KEY = ""  # details at https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/


def handler(q=False):
    if q is False:
        return False
    request = json.loads(q)
    for input_type in mispattributes['input']:
        if input_type in request:
            email = request[input_type]
            break
    else:
        misperrors['error'] = "Unsupported attributes type"
        return misperrors

    if request.get('config') is None or request['config'].get('api_key') is None:
        misperrors['error'] = 'Have I Been Pwned authentication is incomplete (no API key)'
        return misperrors
    else:
        API_KEY = request['config'].get('api_key')

    r = requests.get(haveibeenpwned_api_url + email, headers={'hibp-api-key': API_KEY})
    if r.status_code == 200:
        breaches = json.loads(r.text)
        if breaches:
            return {'results': [{'types': mispattributes['output'], 'values': breaches}]}
    elif r.status_code == 404:
        return {'results': [{'types': mispattributes['output'], 'values': 'OK (Not Found)'}]}
    else:
        misperrors['error'] = f'haveibeenpwned.com API not accessible (HTTP {str(r.status_code)})'
        return misperrors['error']


def introspection():
    return mispattributes


def version():
    moduleinfo['config'] = moduleconfig
    return moduleinfo
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00			`# -- coding: utf-8 --`
new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00			`import requests`
			`import json`

			`misperrors = {'error': 'Error'}`
fix: Making pep8 happy 2021-03-18 19:22:26 +01:00			`mispattributes = {'input': ['email-dst', 'email-src'], 'output': ['text']}`
chg: [doc] Big doc revamp #680 2024-08-12 11:23:10 +02:00			`moduleinfo = {`
			`'version': '0.2',`
			`'author': 'Corsin Camichel, Aurélien Schwab',`
			`'description': 'Module to access haveibeenpwned.com API.',`
			`'module-type': ['hover'],`
			`'name': 'Have I Been Pwned Lookup',`
			`'logo': 'hibp.png',`
			`'requirements': [],`
			`'features': 'The module takes an email address as input and queries haveibeenpwned.com API to find additional information about it. This additional information actually tells if any account using the email address has already been compromised in a data breach.',`
			`'references': ['https://haveibeenpwned.com/'],`
			`'input': 'An email address',`
			`'output': 'Additional information about the email address.',`
			`}`
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00			`moduleconfig = ['api_key']`
fix: pep8 foobar. 2019-04-02 16:01:33 +02:00
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00			`haveibeenpwned_api_url = 'https://haveibeenpwned.com/api/v3/breachedaccount/'`
fix: Making pep8 happy 2021-03-18 19:22:26 +01:00			`API_KEY = "" # details at https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/`

new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00
			`def handler(q=False):`
			`if q is False:`
			`return False`
			`request = json.loads(q)`
			`for input_type in mispattributes['input']:`
			`if input_type in request:`
			`email = request[input_type]`
			`break`
			`else:`
			`misperrors['error'] = "Unsupported attributes type"`
			`return misperrors`

fix: [hibp] Fixed config handling to avoir KeyError exceptions 2021-04-14 16:52:55 +02:00			`if request.get('config') is None or request['config'].get('api_key') is None:`
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00			`misperrors['error'] = 'Have I Been Pwned authentication is incomplete (no API key)'`
			`return misperrors`
			`else:`
			`API_KEY = request['config'].get('api_key')`

			`r = requests.get(haveibeenpwned_api_url + email, headers={'hibp-api-key': API_KEY})`
			`if r.status_code == 200:`
new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00			`breaches = json.loads(r.text)`
			`if breaches:`
			`return {'results': [{'types': mispattributes['output'], 'values': breaches}]}`
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00			`elif r.status_code == 404:`
new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00			`return {'results': [{'types': mispattributes['output'], 'values': 'OK (Not Found)'}]}`
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00			`else:`
fix: [hibp] Fixed config handling to avoir KeyError exceptions 2021-04-14 16:52:55 +02:00			`misperrors['error'] = f'haveibeenpwned.com API not accessible (HTTP {str(r.status_code)})'`
new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00			`return misperrors['error']`

fix: Making pep8 happy 2021-03-18 19:22:26 +01:00
new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00			`def introspection():`
			`return mispattributes`

fix: Making pep8 happy 2021-03-18 19:22:26 +01:00
new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00			`def version():`
			`moduleinfo['config'] = moduleconfig`
fix: Typos in variable names 2019-04-02 15:39:27 +02:00			`return moduleinfo`