misp-modules/misp_modules/modules/expansion/hibp.py

44 lines
1.6 KiB
Python
Raw Normal View History

import requests
import json
misperrors = {'error': 'Error'}
2019-04-02 16:01:33 +02:00
mispattributes = {'input': ['email-dst', 'email-src'], 'output': ['text']} # All mails as input
moduleinfo = {'version': '0.1', 'author': 'Aurélien Schwab', 'description': 'Module to access haveibeenpwned.com API.', 'module-type': ['hover']}
2019-04-02 16:01:33 +02:00
moduleconfig = ['user-agent'] # TODO take this into account in the code
haveibeenpwned_api_url = 'https://api.haveibeenpwned.com/api/v2/breachedaccount/'
2019-04-02 16:01:33 +02:00
default_user_agent = 'MISP-Module' # User agent (must be set, requiered by API))
def handler(q=False):
if q is False:
return False
request = json.loads(q)
for input_type in mispattributes['input']:
if input_type in request:
email = request[input_type]
break
else:
misperrors['error'] = "Unsupported attributes type"
return misperrors
2019-04-02 16:01:33 +02:00
r = requests.get(haveibeenpwned_api_url + email, headers={'user-agent': default_user_agent}) # Real request
if r.status_code == 200: # OK (record found)
breaches = json.loads(r.text)
if breaches:
return {'results': [{'types': mispattributes['output'], 'values': breaches}]}
2019-04-02 16:01:33 +02:00
elif r.status_code == 404: # Not found (not an error)
return {'results': [{'types': mispattributes['output'], 'values': 'OK (Not Found)'}]}
2019-04-02 16:01:33 +02:00
else: # Real error
misperrors['error'] = 'haveibeenpwned.com API not accessible (HTTP ' + str(r.status_code) + ')'
return misperrors['error']
2019-04-02 16:01:33 +02:00
def introspection():
return mispattributes
2019-04-02 16:01:33 +02:00
def version():
moduleinfo['config'] = moduleconfig
2019-04-02 15:39:27 +02:00
return moduleinfo