Ejemplo n.º 1
0
 def search_certificate(self, hash):
     """
     Searches for a specific certificate using its hash
     :param hash: certificate hash
     :type hash: str
     :return: dict
     """
     c = CensysCertificates(api_id=self.__uid, api_secret=self.__api_key)
     return c.view(hash)
Ejemplo n.º 2
0
    def search_certificate(self, hash):
        """
        Searches for a specific certificate using its hash

        :param hash: certificate hash
        :type hash: str
        :return: dict
        """
        c = CensysCertificates(api_id=self.__uid, api_secret=self.__api_key)
        return c.view(hash)
Ejemplo n.º 3
0
    async def do_search(self):
        try:
            c = CensysCertificates(api_id=self.key[0], api_secret=self.key[1])
        except CensysUnauthorizedException:
            raise MissingKey("Censys ID and/or Secret")

        query = f"parsed.names: {self.word}"
        try:
            response = c.search(query=query, fields=["parsed.names", "metadata"])
            for cert in response:
                self.totalhosts.update(cert["parsed.names"])
        except CensysRateLimitExceededException:
            print("Censys rate limit exceeded")
Ejemplo n.º 4
0
def lookup_certs_censys(other, count):
    """Search the Censys.io API for any certificates that contain the search string

      Updated by: Linda Nguyen
      Update Date: 26Apr2017
      Description: Update logic for the CensysCertificates because no data was being returned
        Args:
            other (str): The string to search for in certificates (named other referencing
                the 'other' indicator type
            count (int): The maximum number of records to retrieve

        Returns (dict):
            Returns a dictionary that contains the following keys:
                records (list): A list of the certificates that matched this search string
                total (int): The total number of certificates that match this search
                count (int): The number of records being returned by this search
            If an error occurs while accessing the api, the dictionary will have the following keys:
                status (int): The status code of the error
                message (str): The error message
    """
    api_id = settings.CENSYS_API_ID
    api_secret = settings.CENSYS_API_SECRET
    count = 100
    try:
        cc = CensysCertificates(api_id=api_id, api_secret=api_secret)
        generator = cc.search(other)
        i = 0
        results = {'records': []}

        for record in generator:
            if i == 0:
                results['total'] = generator.gi_frame.f_locals['payload'][
                    'metadata']['count']
            if type(record['parsed.fingerprint_sha256']) is list:
                for sha256 in record['parsed.fingerprint_sha256']:
                    results['records'].append(cc.view(sha256))

            else:
                sha256 = record['parsed.fingerprint_sha256']
                shalist = cc.view(sha256)
                results['records'].append(shalist)
            i += 1
            if i >= count:
                break

        results['count'] = i
        return results
    except censys.base.CensysException as ce:
        return {'status': ce.status_code, 'message': ce.message}
Ejemplo n.º 5
0
 def __init__(self, credentials):
     self.__ipv4 = CensysIPv4(api_id=credentials.api_id,
                              api_secret=credentials.secret)
     self.__certificate = CensysCertificates(api_id=credentials.api_id,
                                             api_secret=credentials.secret)
     self.__websites = CensysWebsites(api_id=credentials.api_id,
                                      api_secret=credentials.secret)
Ejemplo n.º 6
0
def lookup_certs_censys(other, count):
    api_id = settings.CENSYS_API_ID
    api_secret = settings.CENSYS_API_SECRET

    try:
        cc = CensysCertificates(api_id=api_id, api_secret=api_secret)
        generator = cc.search(other)
        i = 0
        results = {'records':[]}
        for record in generator:
            if i == 0:
                results['total'] = generator.gi_frame.f_locals['payload']['metadata']['count']
            for sha256 in record['parsed.fingerprint_sha256']:
                results['records'].append(cc.view(sha256))
                i+=1
            if i >= count:
                break
        results['count'] = i
        return results
    except CensysException as ce:
        return {'status':ce.status_code,'message':ce.message}
Ejemplo n.º 7
0
def lookup_certs_censys(other, count):
    api_id = settings.CENSYS_API_ID
    api_secret = settings.CENSYS_API_SECRET

    try:
        cc = CensysCertificates(api_id=api_id, api_secret=api_secret)
        generator = cc.search(other)
        i = 0
        results = {'records': []}
        for record in generator:
            if i == 0:
                results['total'] = generator.gi_frame.f_locals['payload'][
                    'metadata']['count']
            for sha256 in record['parsed.fingerprint_sha256']:
                results['records'].append(cc.view(sha256))
                i += 1
            if i >= count:
                break
        results['count'] = i
        return results
    except CensysException as ce:
        return {'status': ce.status_code, 'message': ce.message}
Ejemplo n.º 8
0
 def module_run(self, companies):
     api_id = self.get_key('censysio_id')
     api_secret = self.get_key('censysio_secret')
     c = CensysCertificates(api_id, api_secret)
     SEARCH_FIELDS = [
         'parsed.subject.organization',
         'parsed.subject.organizational_unit',
     ]
     CERT_FIELDS = [
         'parsed.names',
     ]
     for company in companies:
         self.heading(company, level=0)
         try:
             query = ' OR '.join(
                 ['{0}:"{1}"'.format(x, company) for x in SEARCH_FIELDS])
             payload = c.search(query, CERT_FIELDS)
         except CensysException:
             continue
         for result in payload:
             for name in result.get('parsed.names', []):
                 if name.startswith('*.'):
                     self.add_domains(name.replace('*.', ''))
Ejemplo n.º 9
0
def lookup_certs_censys(other, count):
    """Search the Censys.io API for any certificates that contain the search string
    
        Args:
            other (str): The string to search for in certificates (named other referencing
                the 'other' indicator type
            count (int): The maximum number of records to retrieve
            
        Returns (dict):
            Returns a dictionary that contains the following keys:
                records (list): A list of the certificates that matched this search string
                total (int): The total number of certificates that match this search
                count (int): The number of records being returned by this search
            If an error occurs while accessing the api, the dictionary will have the following keys:
                status (int): The status code of the error
                message (str): The error message
    """
    api_id = settings.CENSYS_API_ID
    api_secret = settings.CENSYS_API_SECRET

    try:
        cc = CensysCertificates(api_id=api_id, api_secret=api_secret)
        generator = cc.search(other)
        i = 0
        results = {'records':[]}
        for record in generator:
            if i == 0:
                results['total'] = generator.gi_frame.f_locals['payload']['metadata']['count']
            for sha256 in record['parsed.fingerprint_sha256']:
                results['records'].append(cc.view(sha256))
                i+=1
            if i >= count:
                break
        results['count'] = i
        return results
    except censys.base.CensysException as ce:
        return {'status':ce.status_code,'message':ce.message}
Ejemplo n.º 10
0
    def search_certificates(self, **kwargs) -> Results:
        """
        A method to search the Certificates data set via the API.

        Args:
            query (str): The string search query.
            fields (list, optional): The fields that should be returned with a query.
            overwrite (bool, optional): Whether to overwrite or append default fields
                                        with user fields. Defaults to False.

        Returns:
            Results: A list of results from the query.
        """

        default_fields = [
            "metadata.updated_at",
            "parsed.issuer.common_name",
            "parsed.names",
            "parsed.serial_number",
            "parsed.self_signed",
            "parsed.subject.common_name",
            "parsed.validity.start",
            "parsed.validity.end",
            "parsed.validity.length",
            "metadata.source",
            "metadata.seen_in_scan",
            "tags",
        ]

        query = kwargs.get("query", "")
        fields = kwargs.get("fields", [])
        overwrite = kwargs.get("overwrite", False)

        index = CensysCertificates(api_id=self.api_user,
                                   api_secret=self.api_pass)

        return self._process_search(
            query,
            index,
            self._combine_fields(default_fields, fields, overwrite=overwrite),
        )
Ejemplo n.º 11
0
 def setUpClass(cls):
     cls._api = CensysCertificates()
Ejemplo n.º 12
0
    def module_run(self, companies):
        api_id = self.get_key('censysio_id')
        api_secret = self.get_key('censysio_secret')
        c = CensysIPv4(api_id, api_secret)
        cs = CensysCertificates(api_id, api_secret)
        IPV4_FIELDS = [
            'ip',
            'protocols',
            'location.country',
            'location.latitude',
            'location.longitude',
            '443.https.tls.certificate.parsed.names',
            '25.smtp.starttls.tls.certificate.parsed.names',
            '110.pop3.starttls.tls.certificate.parsed.names',
        ]
        SEARCH_FIELDS = [
            '443.https.tls.certificate.parsed.subject.organization',
            '25.smtp.starttls.tls.certificate.parsed.subject.organization',
            '465.smtp.tls.tls.certificate.parsed.subject.organization',
            '587.smtp.starttls.tls.certificate.parsed.subject.organization',
            '1521.oracle.banner.tls.certificate.parsed.subject.organization',
            '3306.mysql.banner.tls.certificate.parsed.subject.organizationn',
            '3389.rdp.banner.tls.certificate.parsed.subject.organization',
            '5432.postgres.banner.tls.certificate.parsed.subject.organization',
            '8883.mqtt.banner.tls.certificate.parsed.subject.organization',
            '443.https.tls.certificate.parsed.subject.organization_unit',
            '25.smtp.starttls.tls.certificate.parsed.subject.organization_unit',
            '465.smtp.tls.tls.certificate.parsed.subject.organization_unit',
            '587.smtp.starttls.tls.certificate.parsed.subject.organization_unit',
            '1521.oracle.banner.tls.certificate.parsed.subject.organization_unit',
            '3306.mysql.banner.tls.certificate.parsed.subject.organizationn_unit',
            '3389.rdp.banner.tls.certificate.parsed.subject.organization_unit',
            '5432.postgres.banner.tls.certificate.parsed.subject.organization_unit',
            '8883.mqtt.banner.tls.certificate.parsed.subject.organization_unit'
        ]
        CERT_FIELDS = [
            'parsed.names',
        ]
        CERT_SEARCH_FIELDS = [
            'parsed.subject.organization',
            'parsed.subject.organizational_unit',
        ]
        for company in companies:
            self.heading(company, level=0)

            # IPv4 query
            try:
                query = ' OR '.join(
                    ['{0}:"{1}"'.format(x, company) for x in SEARCH_FIELDS])
                payload = c.search(query, IPV4_FIELDS)
            except CensysException:
                continue
            for result in payload:
                names = set()
                for k, v in result.items():
                    if k.endswith('.parsed.names'):
                        for name in v:
                            names.add(name)
                if len(names) < 1:
                    # make sure we have at least a blank name
                    names.add('')
                for name in names:
                    if name.startswith('*.'):
                        self.insert_domains(name.replace('*.', ''))
                        continue
                    self.insert_hosts(
                        host=name,
                        ip_address=result['ip'],
                        country=result.get('location.country', ''),
                        latitude=result.get('location.latitude', ''),
                        longitude=result.get('location.longitude', ''))
                for protocol in result['protocols']:
                    port, service = protocol.split('/')
                    self.insert_ports(ip_address=result['ip'],
                                      host=name,
                                      port=port,
                                      protocol=service)
Ejemplo n.º 13
0
 def __init__(self, data):
     self.__ipv4 = CensysIPv4(api_id=data.api_id, api_secret=data.secret)
     self.__certificate = CensysCertificates(api_id=data.api_id, api_secret=data.secret)
     self.__websites = CensysWebsites(api_id=data.api_id, api_secret=data.secret)
Ejemplo n.º 14
0
    def __init__(self, api_id, api_secret, **kwargs):

        logging.basicConfig(filename='censys_maltego_transform.log',
                            level=logging.DEBUG)
        self.max_pages = kwargs.get('max_pages', 1)
        self.start_page = kwargs.get('start_pages', 1)

        self.connection = {
            'ipv4':
            CensysIPv4(api_id=api_id, api_secret=api_secret),
            'certificates':
            CensysCertificates(api_id=api_id, api_secret=api_secret)
        }

        self.fields = {
            'certificate': [
                'parsed.names', 'metadata.added_at', 'metadata.seen_in_scan',
                'metadata.source', 'metadata.updated_at', 'tags',
                'parsed.fingerprint_sha1', 'parsed.fingerprint_sha256',
                'parsed.serial_number', 'parsed.subject.common_name',
                'parsed.validity.start', 'parsed.validity.end',
                'parsed.issuer.organization', 'parsed.issuer_dn',
                'parsed.extensions.basic_constraints.is_ca'
            ],
            'ipv4': [
                '443.https.heartbleed.heartbleed_vulnerable',
                '443.https.tls.certificate.parsed.extensions.basic_constraints.is_ca',
                '443.https.tls.certificate.parsed.extensions.subject_alt_name.dns_names',
                '443.https.tls.certificate.parsed.fingerprint_sha256',
                '443.https.tls.certificate.parsed.issuer.common_name',
                '443.https.tls.certificate.parsed.issuer.country',
                '443.https.tls.certificate.parsed.issuer.organization',
                '443.https.tls.certificate.parsed.issuer_dn',
                '443.https.tls.certificate.parsed.names',
                '443.https.tls.certificate.parsed.serial_number',
                '443.https.tls.certificate.parsed.signature.self_signed',
                '443.https.tls.certificate.parsed.subject.common_name',
                '443.https.tls.certificate.parsed.subject_dn',
                '443.https.tls.certificate.parsed.validity.end',
                '443.https.tls.certificate.parsed.validity.start',
                '443.https.tls.cipher_suite.name',
                '443.https.tls.signature.valid',
                '443.https.tls.validation.browser_trusted',
                '443.https.tls.version', 'ip'
            ],
            'ports': ['ip', 'ports', 'protocols', 'tags'],
            'banners': [
                '22.ssh.v2.banner.raw', '143.imap.starttls.banner',
                '21.ftp.banner.banner', '23.telnet.banner.banner',
                '2323.telnet.banner.banner', '25.smtp.starttls.banner',
                '5900.vnc.banner.desktop_name', '5901.vnc.banner.desktop_name',
                '5902.vnc.banner.desktop_name', '5903.vnc.banner.desktop_name',
                '631.ipp.banner.attr_printer_uris',
                '3389.rdp.banner.metadata.description',
                '7547.cwmp.get.headers.www_authenticate'
            ],
            'domain': [
                '443.https.heartbleed.heartbleed_vulnerable',
                '443.https.tls.certificate.parsed.extensions.basic_constraints.is_ca',
                '443.https.tls.certificate.parsed.extensions.subject_alt_name.dns_names',
                '443.https.tls.certificate.parsed.fingerprint_sha256',
                '443.https.tls.certificate.parsed.issuer.common_name',
                '443.https.tls.certificate.parsed.issuer.country',
                '443.https.tls.certificate.parsed.issuer.organization',
                '443.https.tls.certificate.parsed.issuer_dn',
                '443.https.tls.certificate.parsed.names',
                '443.https.tls.certificate.parsed.serial_number',
                '443.https.tls.certificate.parsed.signature.self_signed',
                '443.https.tls.certificate.parsed.subject.common_name',
                '443.https.tls.certificate.parsed.subject_dn',
                '443.https.tls.certificate.parsed.validity.end',
                '443.https.tls.certificate.parsed.validity.start',
                '443.https.tls.cipher_suite.name',
                '443.https.tls.signature.valid',
                '443.https.tls.validation.browser_trusted',
                '443.https.tls.version', 'ip'
            ]
        }

        if api_id and api_secret:
            self.api_id = api_id
            self.api_secret = api_secret
            self.mt = MaltegoTransform()
        else:
            self.mt.addException(
                "Please provide valid credentials as either a script parameter or environmental variable"
            )