misp-modules/misp_modules/modules/expansion/hibp.py

51 lines
1.7 KiB
Python
Raw Normal View History

2021-03-13 17:44:27 +01:00
# -*- coding: utf-8 -*-
import requests
import json
misperrors = {'error': 'Error'}
2021-03-18 19:22:26 +01:00
mispattributes = {'input': ['email-dst', 'email-src'], 'output': ['text']}
2021-03-13 17:44:27 +01:00
moduleinfo = {'version': '0.2', 'author': 'Corsin Camichel, Aurélien Schwab', 'description': 'Module to access haveibeenpwned.com API (v3).', 'module-type': ['hover']}
moduleconfig = ['api_key']
2019-04-02 16:01:33 +02:00
2021-03-13 17:44:27 +01:00
haveibeenpwned_api_url = 'https://haveibeenpwned.com/api/v3/breachedaccount/'
2021-03-18 19:22:26 +01:00
API_KEY = "" # details at https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/
def handler(q=False):
if q is False:
return False
request = json.loads(q)
for input_type in mispattributes['input']:
if input_type in request:
email = request[input_type]
break
else:
misperrors['error'] = "Unsupported attributes type"
return misperrors
if request.get('config') is None or request['config'].get('api_key') is None:
2021-03-13 17:44:27 +01:00
misperrors['error'] = 'Have I Been Pwned authentication is incomplete (no API key)'
return misperrors
else:
API_KEY = request['config'].get('api_key')
r = requests.get(haveibeenpwned_api_url + email, headers={'hibp-api-key': API_KEY})
if r.status_code == 200:
breaches = json.loads(r.text)
if breaches:
return {'results': [{'types': mispattributes['output'], 'values': breaches}]}
2021-03-13 17:44:27 +01:00
elif r.status_code == 404:
return {'results': [{'types': mispattributes['output'], 'values': 'OK (Not Found)'}]}
2021-03-13 17:44:27 +01:00
else:
misperrors['error'] = f'haveibeenpwned.com API not accessible (HTTP {str(r.status_code)})'
return misperrors['error']
2021-03-18 19:22:26 +01:00
def introspection():
return mispattributes
2021-03-18 19:22:26 +01:00
def version():
moduleinfo['config'] = moduleconfig
2019-04-02 15:39:27 +02:00
return moduleinfo