Skip to content

Commit

Permalink
Remove modules' dependency on self.sf for logging (smicallef#1461)
Browse files Browse the repository at this point in the history 
* Remove modules' logging dependency on self.sf
  • Loading branch information
@TheTechromancer
TheTechromancer committed Oct 3, 2021
1 parent 1017041 commit a34d8a8
Show file tree
Hide file tree
Showing 225 changed files with 2,188 additions and 1,853 deletions.
4 changes: 2 additions & 2 deletions modules/sfp__stor_db.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,11 +53,11 @@ def handleEvent(self, sfEvent):

if self.opts['maxstorage'] != 0:
if len(sfEvent.data) > self.opts['maxstorage']:
self.sf.debug("Storing an event: " + sfEvent.eventType)
self.debug("Storing an event: " + sfEvent.eventType)
self.__sfdb__.scanEventStore(self.getScanId(), sfEvent, self.opts['maxstorage'])
return

self.sf.debug("Storing an event: " + sfEvent.eventType)
self.debug("Storing an event: " + sfEvent.eventType)
self.__sfdb__.scanEventStore(self.getScanId(), sfEvent)

# End of sfp__stor_db class
32 changes: 16 additions & 16 deletions modules/sfp_abstractapi.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,30 +78,30 @@ def parseApiResponse(self, res):
return None

if res['code'] == '429':
self.sf.error("You are being rate-limited by AbstractAPI.")
self.error("You are being rate-limited by AbstractAPI.")
return None

if res['code'] == '401':
self.sf.error("Unauthorized. Invalid AbstractAPI API key.")
self.error("Unauthorized. Invalid AbstractAPI API key.")
self.errorState = True
return None

if res['code'] == '422':
self.sf.error("Usage quota reached. Insufficient API credit.")
self.error("Usage quota reached. Insufficient API credit.")
self.errorState = True
return None

if res['code'] == '500' or res['code'] == '503':
self.sf.error("Abstract API service is unavailable")
self.error("Abstract API service is unavailable")
self.errorState = True
return None

if res['code'] == '204':
self.sf.debug("No response data for target")
self.debug("No response data for target")
return None

if res['code'] != '200':
self.sf.error(f"Unexpected reply from AbstractAPI: {res['code']}")
self.error(f"Unexpected reply from AbstractAPI: {res['code']}")
return None

if res['content'] is None:
Expand All @@ -110,7 +110,7 @@ def parseApiResponse(self, res):
try:
return json.loads(res['content'])
except Exception as e:
self.sf.debug(f"Error processing JSON response: {e}")
self.debug(f"Error processing JSON response: {e}")

return None

Expand Down Expand Up @@ -141,7 +141,7 @@ def queryCompanyEnrichment(self, qry):
time.sleep(1)

if not res:
self.sf.debug("No response from AbstractAPI Company Enrichment API endpoint")
self.debug("No response from AbstractAPI Company Enrichment API endpoint")
return None

return self.parseApiResponse(res)
Expand Down Expand Up @@ -173,7 +173,7 @@ def queryPhoneValidation(self, qry):
time.sleep(1)

if not res:
self.sf.debug("No response from AbstractAPI Phone Validation API endpoint")
self.debug("No response from AbstractAPI Phone Validation API endpoint")
return None

return self.parseApiResponse(res)
Expand Down Expand Up @@ -205,7 +205,7 @@ def queryIpGeolocation(self, qry):
time.sleep(1)

if not res:
self.sf.debug("No response from AbstractAPI Phone Validation API endpoint")
self.debug("No response from AbstractAPI Phone Validation API endpoint")
return None

return self.parseApiResponse(res)
Expand All @@ -215,16 +215,16 @@ def handleEvent(self, event):
srcModuleName = event.module
eventData = event.data

self.sf.debug(f"Received event, {eventName}, from {srcModuleName}")
self.debug(f"Received event, {eventName}, from {srcModuleName}")

if eventData in self.results:
self.sf.debug(f"Skipping {eventData}, already checked.")
self.debug(f"Skipping {eventData}, already checked.")
return

self.results[eventData] = True

if self.opts["companyenrichment_api_key"] == "" and self.opts["phonevalidation_api_key"] == "" and self.opts["ipgeolocation_api_key"] == "":
self.sf.error(
self.error(
f"You enabled {self.__class__.__name__} but did not set any API keys!"
)
self.errorState = True
Expand All @@ -235,7 +235,7 @@ def handleEvent(self, event):

if eventName == "DOMAIN_NAME":
if self.opts["companyenrichment_api_key"] == "":
self.sf.info(
self.info(
f"No API key set for Company Enrichment API endpoint. Ignoring {eventData}"
)
return
Expand Down Expand Up @@ -277,7 +277,7 @@ def handleEvent(self, event):

elif eventName == "PHONE_NUMBER":
if self.opts["phonevalidation_api_key"] == "":
self.sf.info(
self.info(
f"No API key set for Phone Validation API endpoint. Ignoring {eventData}"
)
return
Expand Down Expand Up @@ -315,7 +315,7 @@ def handleEvent(self, event):

elif eventName in ['IP_ADDRESS', 'IPV6_ADDRESS']:
if self.opts["ipgeolocation_api_key"] == "":
self.sf.info(
self.info(
f"No API key set for IP Geolocation API endpoint. Ignoring {eventData}"
)
return
Expand Down
36 changes: 18 additions & 18 deletions modules/sfp_abusech.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,13 +119,13 @@ def queryFeodoTrackerBlacklist(self, target, targetType):

if targetType == "ip":
if target in blacklist:
self.sf.debug(f"IP address {target} found in Abuse.ch Feodo Tracker.")
self.debug(f"IP address {target} found in Abuse.ch Feodo Tracker.")
return True
elif targetType == "netblock":
netblock = IPNetwork(target)
for ip in blacklist:
if IPAddress(ip) in netblock:
self.sf.debug(f"IP address {ip} found within netblock/subnet {target} in Abuse.ch Feodo Tracker.")
self.debug(f"IP address {ip} found within netblock/subnet {target} in Abuse.ch Feodo Tracker.")
return True

return False
Expand All @@ -143,12 +143,12 @@ def retrieveFeodoTrackerBlacklist(self):
)

if res['code'] != "200":
self.sf.error(f"Unexpected HTTP response code {res['code']} from Abuse.ch Abuse.ch Feodo Tracker.")
self.error(f"Unexpected HTTP response code {res['code']} from Abuse.ch Abuse.ch Feodo Tracker.")
self.errorState = True
return None

if res['content'] is None:
self.sf.error("Received no content from Abuse.ch Feodo Tracker")
self.error("Received no content from Abuse.ch Feodo Tracker")
self.errorState = True
return None

Expand Down Expand Up @@ -190,13 +190,13 @@ def querySslBlacklist(self, target, targetType):

if targetType == "ip":
if target in blacklist:
self.sf.debug(f"IP address {target} found in Abuse.ch SSL Blacklist.")
self.debug(f"IP address {target} found in Abuse.ch SSL Blacklist.")
return True
elif targetType == "netblock":
netblock = IPNetwork(target)
for ip in blacklist:
if IPAddress(ip) in netblock:
self.sf.debug(f"IP address {ip} found within netblock/subnet {target} in Abuse.ch SSL Blacklist.")
self.debug(f"IP address {ip} found within netblock/subnet {target} in Abuse.ch SSL Blacklist.")
return True

return False
Expand All @@ -214,12 +214,12 @@ def retrieveSslBlacklist(self):
)

if res['code'] != "200":
self.sf.error(f"Unexpected HTTP response code {res['code']} from Abuse.ch Abuse.ch Feodo Tracker.")
self.error(f"Unexpected HTTP response code {res['code']} from Abuse.ch Abuse.ch Feodo Tracker.")
self.errorState = True
return None

if res['content'] is None:
self.sf.error("Received no content from Abuse.ch Feodo Tracker")
self.error("Received no content from Abuse.ch Feodo Tracker")
self.errorState = True
return None

Expand Down Expand Up @@ -265,17 +265,17 @@ def queryUrlHausBlacklist(self, target, targetType):

if targetType == "ip":
if target in blacklist:
self.sf.debug(f"IP address {target} found in Abuse.ch URL Haus Blacklist.")
self.debug(f"IP address {target} found in Abuse.ch URL Haus Blacklist.")
return True
elif targetType == "netblock":
netblock = IPNetwork(target)
for ip in blacklist:
if IPAddress(ip) in netblock:
self.sf.debug(f"IP address {ip} found within netblock/subnet {target} in Abuse.ch URL Haus Blacklist.")
self.debug(f"IP address {ip} found within netblock/subnet {target} in Abuse.ch URL Haus Blacklist.")
return True
elif targetType == "domain":
if target.lower() in blacklist:
self.sf.debug(f"Host name {target} found in Abuse.ch URL Haus Blacklist.")
self.debug(f"Host name {target} found in Abuse.ch URL Haus Blacklist.")
return True

return False
Expand All @@ -293,12 +293,12 @@ def retrieveUrlHausBlacklist(self):
)

if res['code'] != "200":
self.sf.error(f"Unexpected HTTP response code {res['code']} from Abuse.ch URL Haus.")
self.error(f"Unexpected HTTP response code {res['code']} from Abuse.ch URL Haus.")
self.errorState = True
return None

if res['content'] is None:
self.sf.error("Received no content from Abuse.ch URL Haus")
self.error("Received no content from Abuse.ch URL Haus")
self.errorState = True
return None

Expand Down Expand Up @@ -344,10 +344,10 @@ def handleEvent(self, event):
srcModuleName = event.module
eventData = event.data

self.sf.debug(f"Received event, {eventName}, from {srcModuleName}")
self.debug(f"Received event, {eventName}, from {srcModuleName}")

if eventData in self.results:
self.sf.debug(f"Skipping {eventData}, already checked.")
self.debug(f"Skipping {eventData}, already checked.")
return

if self.errorState:
Expand Down Expand Up @@ -390,22 +390,22 @@ def handleEvent(self, event):
return

if targetType in ['ip', 'netblock']:
self.sf.debug(f"Checking maliciousness of {eventData} ({eventName}) with Abuse.ch Feodo Tracker")
self.debug(f"Checking maliciousness of {eventData} ({eventName}) with Abuse.ch Feodo Tracker")
if self.queryFeodoTrackerBlacklist(eventData, targetType):
url = "https://feodotracker.abuse.ch/downloads/ipblocklist.txt"
text = f"Abuse.ch Feodo Tracker [{eventData}]\n<SFURL>{url}</SFURL>"
evt = SpiderFootEvent(evtType, text, self.__name__, event)
self.notifyListeners(evt)

self.sf.debug(f"Checking maliciousness of {eventData} ({eventName}) with Abuse.ch SSL Blacklist")
self.debug(f"Checking maliciousness of {eventData} ({eventName}) with Abuse.ch SSL Blacklist")
if self.querySslBlacklist(eventData, targetType):
url = "https://sslbl.abuse.ch/blacklist/sslipblacklist.csv"
text = f"Abuse.ch SSL Blacklist [{eventData}]\n<SFURL>{url}</SFURL>"
evt = SpiderFootEvent(evtType, text, self.__name__, event)
self.notifyListeners(evt)

if targetType in ['ip', 'domain']:
self.sf.debug(f"Checking maliciousness of {eventData} ({eventName}) with Abuse.ch URL Haus")
self.debug(f"Checking maliciousness of {eventData} ({eventName}) with Abuse.ch URL Haus")
if self.queryUrlHausBlacklist(eventData, targetType):
url = "https://urlhaus.abuse.ch/downloads/csv_recent/"
text = f"Abuse.ch URL Haus Blacklist [{eventData}]\n<SFURL>{url}</SFURL>"
Expand Down
34 changes: 17 additions & 17 deletions modules/sfp_abuseipdb.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,22 +119,22 @@ def queryBlacklist(self):
time.sleep(1)

if res['code'] == '429':
self.sf.error("You are being rate-limited by AbuseIPDB")
self.error("You are being rate-limited by AbuseIPDB")
self.errorState = True
return None

if res['code'] != "200":
self.sf.error(f"Error retrieving search results, code {res['code']}")
self.error(f"Error retrieving search results, code {res['code']}")
self.errorState = True
return None

if res['code'] != "200":
self.sf.error("Error retrieving search results from AbuseIPDB")
self.error("Error retrieving search results from AbuseIPDB")
self.errorState = True
return None

if res['content'] is None:
self.sf.error("Received no content from AbuseIPDB")
self.error("Received no content from AbuseIPDB")
self.errorState = True
return None

Expand Down Expand Up @@ -198,24 +198,24 @@ def queryIpAddress(self, ip):
time.sleep(1)

if res['code'] == '429':
self.sf.error("You are being rate-limited by AbuseIPDB")
self.error("You are being rate-limited by AbuseIPDB")
self.errorState = True
return None

if res['code'] != "200":
self.sf.error("Error retrieving search results from AbuseIPDB")
self.error("Error retrieving search results from AbuseIPDB")
self.errorState = True
return None

if res['content'] is None:
self.sf.error("Received no content from AbuseIPDB")
self.error("Received no content from AbuseIPDB")
self.errorState = True
return None

try:
return json.loads(res['content'])
except Exception as e:
self.sf.debug(f"Error processing JSON response: {e}")
self.debug(f"Error processing JSON response: {e}")
return None

return None
Expand Down Expand Up @@ -252,24 +252,24 @@ def queryNetblock(self, ip):
time.sleep(1)

if res['code'] == '429':
self.sf.error("You are being rate-limited by AbuseIPDB")
self.error("You are being rate-limited by AbuseIPDB")
self.errorState = True
return None

if res['code'] != "200":
self.sf.error("Error retrieving search results from AbuseIPDB")
self.error("Error retrieving search results from AbuseIPDB")
self.errorState = True
return None

if res['content'] is None:
self.sf.error("Received no content from AbuseIPDB")
self.error("Received no content from AbuseIPDB")
self.errorState = True
return None

try:
return json.loads(res['content'])
except Exception as e:
self.sf.debug(f"Error processing JSON response: {e}")
self.debug(f"Error processing JSON response: {e}")

return None

Expand All @@ -278,17 +278,17 @@ def handleEvent(self, event):
srcModuleName = event.module
eventData = event.data

self.sf.debug(f"Received event, {eventName}, from {srcModuleName}")
self.debug(f"Received event, {eventName}, from {srcModuleName}")

if self.opts["api_key"] == "":
self.sf.error(
self.error(
f"You enabled {self.__class__.__name__} but did not set an API key!"
)
self.errorState = True
return

if eventData in self.results:
self.sf.debug(f"Skipping {eventData}, already checked.")
self.debug(f"Skipping {eventData}, already checked.")
return

self.results[eventData] = True
Expand All @@ -303,7 +303,7 @@ def handleEvent(self, event):
else:
return

self.sf.debug(f"Checking maliciousness of IP address {eventData} with AbuseIPDB")
self.debug(f"Checking maliciousness of IP address {eventData} with AbuseIPDB")

blacklist = self.queryBlacklist()

Expand All @@ -313,7 +313,7 @@ def handleEvent(self, event):
if eventData not in blacklist:
return

self.sf.info(f"Malicious IP address {eventData} found in AbuseIPDB blacklist")
self.info(f"Malicious IP address {eventData} found in AbuseIPDB blacklist")

url = f"https://www.abuseipdb.com/check/{eventData}"

Expand Down
Loading

0 comments on commit a34d8a8

Please sign in to comment.