forked from smicallef/spiderfoot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sfp_openbugbounty.py
104 lines (81 loc) · 3.24 KB
/
sfp_openbugbounty.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#-------------------------------------------------------------------------------
# Name: sfp_openbugbounty
# Purpose: Query the Open Bug Bounty database to see if our target appears.
#
# Author: Steve Micallef <steve@binarypool.com>
#
# Created: 04/10/2015
# Copyright: (c) Steve Micallef
# Licence: GPL
#-------------------------------------------------------------------------------
import sys
import time
import datetime
import re
import json
from sflib import SpiderFoot, SpiderFootPlugin, SpiderFootEvent
class sfp_openbugbounty(SpiderFootPlugin):
"""Open Bug Bounty:Footprint,Investigate,Passive:Leaks, Dumps and Breaches::Check external vulnerability scanning/reporting service openbugbounty.org to see if the target is listed."""
# Default options
opts = {
}
# Option descriptions
optdescs = {
}
# Be sure to completely clear any class variables in setup()
# or you run the risk of data persisting between scan runs.
results = dict()
def setup(self, sfc, userOpts=dict()):
self.sf = sfc
self.results = dict()
# Clear / reset any other class member variables here
# or you risk them persisting between threads.
for opt in userOpts.keys():
self.opts[opt] = userOpts[opt]
# What events is this module interested in for input
def watchedEvents(self):
return ["INTERNET_NAME"]
# What events this module produces
def producedEvents(self):
ret = ["VULNERABILITY"]
return ret
# Query XSSposed.org
def queryOBB(self, qry):
ret = list()
base = "https://www.openbugbounty.org"
url = "https://www.openbugbounty.org/search/?search=" + qry
res = self.sf.fetchUrl(url, timeout=30, useragent=self.opts['_useragent'])
if res['content'] is None:
self.sf.debug("No content returned from openbugbounty.org")
return None
try:
rx = re.compile(".*<div class=.cell1.><a href=.(.*).>(.*" + qry + ").*?</a></div>.*", re.IGNORECASE)
for m in rx.findall(res['content']):
# Report it
if m[1] == qry or m[1].endswith("."+qry):
ret.append("From openbugbounty.org: <SFURL>" + base + m[0] + "</SFURL>")
except Exception as e:
self.sf.error("Error processing response from openbugbounty.org: " + str(e), False)
return None
return ret
# Handle events sent to this module
def handleEvent(self, event):
eventName = event.eventType
srcModuleName = event.module
eventData = event.data
data = list()
self.sf.debug("Received event, " + eventName + ", from " + srcModuleName)
# Don't look up stuff twice
if self.results.has_key(eventData):
self.sf.debug("Skipping " + eventData + " as already mapped.")
return None
else:
self.results[eventData] = True
obb = self.queryOBB(eventData)
if obb:
data.extend(obb)
for n in data:
# Notify other modules of what you've found
e = SpiderFootEvent("VULNERABILITY", n, self.__name__, event)
self.notifyListeners(e)
# End of sfp_openbugbounty class