misp-modules/misp_modules/modules/expansion/hibp.py

# -*- coding: utf-8 -*-
import requests
import json

misperrors = {'error': 'Error'}
mispattributes = {'input': ['email-dst', 'email-src'], 'output': ['text']}
moduleinfo = {'version': '0.2', 'author': 'Corsin Camichel, Aurélien Schwab', 'description': 'Module to access haveibeenpwned.com API (v3).', 'module-type': ['hover']}
moduleconfig = ['api_key']

haveibeenpwned_api_url = 'https://haveibeenpwned.com/api/v3/breachedaccount/'
API_KEY = ""  # details at https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/


def handler(q=False):
    if q is False:
        return False
    request = json.loads(q)
    for input_type in mispattributes['input']:
        if input_type in request:
            email = request[input_type]
            break
    else:
        misperrors['error'] = "Unsupported attributes type"
        return misperrors

    if request.get('config') is None or request['config'].get('api_key') is None:
        misperrors['error'] = 'Have I Been Pwned authentication is incomplete (no API key)'
        return misperrors
    else:
        API_KEY = request['config'].get('api_key')

    r = requests.get(haveibeenpwned_api_url + email, headers={'hibp-api-key': API_KEY})
    if r.status_code == 200:
        breaches = json.loads(r.text)
        if breaches:
            return {'results': [{'types': mispattributes['output'], 'values': breaches}]}
    elif r.status_code == 404:
        return {'results': [{'types': mispattributes['output'], 'values': 'OK (Not Found)'}]}
    else:
        misperrors['error'] = f'haveibeenpwned.com API not accessible (HTTP {str(r.status_code)})'
        return misperrors['error']


def introspection():
    return mispattributes


def version():
    moduleinfo['config'] = moduleconfig
    return moduleinfo
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00			`# -- coding: utf-8 --`
new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00			`import requests`
			`import json`

			`misperrors = {'error': 'Error'}`
fix: Making pep8 happy 2021-03-18 19:22:26 +01:00			`mispattributes = {'input': ['email-dst', 'email-src'], 'output': ['text']}`
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00			`moduleinfo = {'version': '0.2', 'author': 'Corsin Camichel, Aurélien Schwab', 'description': 'Module to access haveibeenpwned.com API (v3).', 'module-type': ['hover']}`
			`moduleconfig = ['api_key']`
fix: pep8 foobar. 2019-04-02 16:01:33 +02:00
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00			`haveibeenpwned_api_url = 'https://haveibeenpwned.com/api/v3/breachedaccount/'`
fix: Making pep8 happy 2021-03-18 19:22:26 +01:00			`API_KEY = "" # details at https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/`

new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00
			`def handler(q=False):`
			`if q is False:`
			`return False`
			`request = json.loads(q)`
			`for input_type in mispattributes['input']:`
			`if input_type in request:`
			`email = request[input_type]`
			`break`
			`else:`
			`misperrors['error'] = "Unsupported attributes type"`
			`return misperrors`

fix: [hibp] Fixed config handling to avoir KeyError exceptions 2021-04-14 16:52:55 +02:00			`if request.get('config') is None or request['config'].get('api_key') is None:`
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00			`misperrors['error'] = 'Have I Been Pwned authentication is incomplete (no API key)'`
			`return misperrors`
			`else:`
			`API_KEY = request['config'].get('api_key')`

			`r = requests.get(haveibeenpwned_api_url + email, headers={'hibp-api-key': API_KEY})`
			`if r.status_code == 200:`
new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00			`breaches = json.loads(r.text)`
			`if breaches:`
			`return {'results': [{'types': mispattributes['output'], 'values': breaches}]}`
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00			`elif r.status_code == 404:`
new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00			`return {'results': [{'types': mispattributes['output'], 'values': 'OK (Not Found)'}]}`
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00			`else:`
fix: [hibp] Fixed config handling to avoir KeyError exceptions 2021-04-14 16:52:55 +02:00			`misperrors['error'] = f'haveibeenpwned.com API not accessible (HTTP {str(r.status_code)})'`
new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00			`return misperrors['error']`

fix: Making pep8 happy 2021-03-18 19:22:26 +01:00
new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00			`def introspection():`
			`return mispattributes`

fix: Making pep8 happy 2021-03-18 19:22:26 +01:00
new: Modules for greynoise, haveibeenpwned and macvendors Source: https://github.com/src7/misp-modules 2019-04-02 15:30:11 +02:00			`def version():`
			`moduleinfo['config'] = moduleconfig`
fix: Typos in variable names 2019-04-02 15:39:27 +02:00			`return moduleinfo`