misp-modules/misp_modules/modules/expansion/hibp.py

import requests
import json

misperrors = {'error': 'Error'}
mispattributes = {'input': ['email-dst', 'email-src'], 'output': ['text']}  # All mails as input
moduleinfo = {'version': '0.1', 'author': 'Aurélien Schwab', 'description': 'Module to access haveibeenpwned.com API.', 'module-type': ['hover']}
moduleconfig = ['user-agent']  # TODO take this into account in the code

haveibeenpwned_api_url = 'https://api.haveibeenpwned.com/api/v2/breachedaccount/'
default_user_agent = 'MISP-Module'  # User agent (must be set, requiered by API))


def handler(q=False):
    if q is False:
        return False
    request = json.loads(q)
    for input_type in mispattributes['input']:
        if input_type in request:
            email = request[input_type]
            break
    else:
        misperrors['error'] = "Unsupported attributes type"
        return misperrors

    r = requests.get(haveibeenpwned_api_url + email, headers={'user-agent': default_user_agent})  # Real request
    if r.status_code == 200:  # OK (record found)
        breaches = json.loads(r.text)
        if breaches:
            return {'results': [{'types': mispattributes['output'], 'values': breaches}]}
    elif r.status_code == 404:  # Not found (not an error)
        return {'results': [{'types': mispattributes['output'], 'values': 'OK (Not Found)'}]}
    else:  # Real error
        misperrors['error'] = 'haveibeenpwned.com API not accessible (HTTP ' + str(r.status_code) + ')'
        return misperrors['error']


def introspection():
    return mispattributes


def version():
    moduleinfo['config'] = moduleconfig
    return moduleinfo