-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dehashed Module #1133
Dehashed Module #1133
Conversation
Update - 30/9
Update master 16-01-2021
Codecov Report
@@ Coverage Diff @@
## master #1133 +/- ##
==========================================
- Coverage 50.78% 50.69% -0.09%
==========================================
Files 442 444 +2
Lines 35777 35946 +169
==========================================
+ Hits 18168 18222 +54
- Misses 17609 17724 +115
Continue to review full report at Codecov.
|
modules/sfp_dehashed.py
Outdated
'api_key': 'Token for api key', | ||
'per_page': 'Maximum number of results per page.(Max: 10000)', | ||
'max_pages': 'Maximum number of pages to fetch(Max: 10 pages)', | ||
'pause': 'Amount of time to wait before each API call' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Number of seconds to wait between each API call."
modules/sfp_dehashed.py
Outdated
|
||
# Option descriptions | ||
optdescs = { | ||
'api_key_username': 'Username for api key', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Dehashed username."
modules/sfp_dehashed.py
Outdated
# Option descriptions | ||
optdescs = { | ||
'api_key_username': 'Username for api key', | ||
'api_key': 'Token for api key', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Dehashed API key."
modules/sfp_dehashed.py
Outdated
self.notifyListeners(evt) | ||
|
||
if password: | ||
evt = SpiderFootEvent('PASSWORD_COMPROMISED', f"{email} : {password} [{leakSource}]", self.__name__, pevent) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove space before and after :
(same as scylla module)
modules/sfp_dehashed.py
Outdated
self.notifyListeners(evt) | ||
|
||
if passwordHash: | ||
evt = SpiderFootEvent('HASH_COMPROMISED', f"{email} : {passwordHash} [{leakSource}]", self.__name__, pevent) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove space before and after :
(same as scylla module)
time.sleep(self.opts['pause']) | ||
|
||
if res['code'] == "400": | ||
self.sf.error("Too many requests were performed in a small amount of time. Please wait a bit before querying the API.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure how useful such an error would be since it would occur mid-scan, and the SpiderFoot user wouldn't be able to do anything about it. Better if it backed off and tried again after a few seconds.
modules/sfp_dehashed.py
Outdated
self.notifyListeners(evt) | ||
|
||
if passwordHash: | ||
evt = SpiderFootEvent('HASH_COMPROMISED', f"{email} : {passwordHash} [{leakSource}]", self.__name__, event) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove space before and after :
(same as scylla module)
modules/sfp_dehashed.py
Outdated
self.notifyListeners(evt) | ||
|
||
if password: | ||
evt = SpiderFootEvent('PASSWORD_COMPROMISED', f"{email} : {password} [{leakSource}]", self.__name__, event) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove space before and after :
(same as scylla module)
modules/sfp_dehashed.py
Outdated
headers=headers, | ||
timeout=15, | ||
useragent=self.opts['_useragent'], | ||
verify=False) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd leave verify
enabled (default) since we are wanting to ensure certificate validity of the Dehashed endpoint.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just some minor feedback. I'll merge once updated. Thanks Krishnasis!
return None | ||
|
||
# Handle events sent to this module | ||
def handleEvent(self, event): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to prevent reporting duplicate events. If you test the module with airbnb.com, you'll see many of the same emails and breaches reported multiple times.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Update :
- Skipping same email + breached data
- not reporting same emails
No description provided.