-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Seon.io module #1141
Seon.io module #1141
Conversation
Update - 30/9
Update master 16-01-2021
Codecov Report
@@ Coverage Diff @@
## master #1141 +/- ##
==========================================
- Coverage 50.78% 50.47% -0.31%
==========================================
Files 442 454 +12
Lines 35777 36536 +759
==========================================
+ Hits 18168 18443 +275
- Misses 17609 18093 +484
Continue to review full report at Codecov.
|
modules/sfp_seon.py
Outdated
# Option descriptions | ||
optdescs = { | ||
'api_key': "API Key for seon.io", | ||
'fraud_threshold': 'Minimum fraud score for target to be marked as malicious(0-100)', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing space after malicious.
modules/sfp_seon.py
Outdated
"MALICIOUS_EMAILADDR", | ||
"EMAILADDR_DELIVERABLE", | ||
"EMAILADDR_UNDELIVERABLE", | ||
"SOCIAL_MEDIAL", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo
modules/sfp_seon.py
Outdated
evt = SpiderFootEvent('TCP_PORT_OPEN', f"{eventData}:{port}", self.__name__, event) | ||
self.notifyListeners(evt) | ||
|
||
if resultSet.get('tor'): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These following events should only be reported if they are positive. i.e. I don't think it's valuable to report that something is NOT a VPN, for example, since most things won't be.
modules/sfp_seon.py
Outdated
for site in socialMediaList: | ||
if resultSet.get('account_details').get(site): | ||
if resultSet.get('account_details').get(site).get('url'): | ||
evt = SpiderFootEvent("SOCIAL_MEDIA", f"{site}: <SFURL> {resultSet.get('account_details').get(site).get('url')} </SFURL>", self.__name__, event) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No space after <SFURL>
and before </SFURL>
.
modules/sfp_seon.py
Outdated
evt = SpiderFootEvent("PROVIDER_TELCO", resultSet.get('carrier'), self.__name__, event) | ||
self.notifyListeners(evt) | ||
|
||
evt = SpiderFootEvent('RAW_RIR_DATA', str(resultSet), self.__name__, event) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RAW_RIR_DATA
should only be reported if data was found. Also, it's only being reported in this elif
branch - it should probably be up one further.
modules/sfp_seon.py
Outdated
|
||
# Option descriptions | ||
optdescs = { | ||
'api_key': "API Key for seon.io", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be in the form of <name> API Key.
modules/sfp_seon.py
Outdated
self.errorState = True | ||
return | ||
|
||
if self.errorState: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Check should be higher up.
modules/sfp_seon.py
Outdated
|
||
if resultSet.get('country'): | ||
location = ', '.join(filter(None, [resultSet.get('city'), resultSet.get('state_prov'), resultSet.get('country')])) | ||
location += f"\n-Latitude: {resultSet.get('latitude')}\n-Longitude: {resultSet.get('longitude')}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lat/Lon has its own event type - PHYSICAL_COORDINATES
, so should be a separate additional event.
useragent=self.opts['_useragent'] | ||
) | ||
|
||
return json.loads(res['content']) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should have the regular 404, 429, etc. checks here before returning and setting errorState
if appropriate.
modules/sfp_seon.py
Outdated
|
||
resultSet = data.get('data') | ||
if resultSet: | ||
if resultSet.get('score') >= self.opts['fraud_threshold']: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When using .get()
and expecting an integer for comparison, set 0
as the value to be returned in case the key isn't found (e.g. resultSet.get('score', 0)
, so that you don't raise an exception for trying to compare a None
with a number.
|
||
if resultSet.get('public_proxy'): | ||
evt = SpiderFootEvent("WEBSERVER_TECHNOLOGY", f"Server is Public Proxy: {resultSet.get('public_proxy')}", self.__name__, event) | ||
self.notifyListeners(evt) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the entity isn't a proxy, etc. will this still result in an event? It should not - i.e. we only want events here if the entity is a proxy, etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should not go in if its False
modules/sfp_seon.py
Outdated
evt = SpiderFootEvent('TCP_PORT_OPEN', f"{eventData}:{port}", self.__name__, event) | ||
self.notifyListeners(evt) | ||
|
||
evt = SpiderFootEvent('RAW_RIR_DATA', str(resultSet), self.__name__, event) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RAW_RIR_DATA
should only be reported if data was found for the entity.
No description provided.