Example #1
0
 def module_run(self, domains):
     key = self.get_key('pwnedlist_api')
     secret = self.get_key('pwnedlist_secret')
     decrypt_key = secret[:16]
     iv = self.get_key('pwnedlist_iv')
     # setup the API call
     url = 'https://api.pwnedlist.com/api/1/domains/query'
     for domain in domains:
         self.heading(domain, level=0)
         payload = {'domain_identifier': domain, 'daysAgo': 0}
         while True:
             # build the payload
             pwnedlist_payload = self.build_pwnedlist_payload(payload, 'domains.query', key, secret)
             # make the request
             resp = self.request(url, payload=pwnedlist_payload)
             if resp.json: jsonobj = resp.json
             else:
                 self.error('Invalid JSON response for \'%s\'.\n%s' % (domain, resp.text))
                 break
             if len(jsonobj['accounts']) == 0:
                 self.output('No results returned for \'%s\'.' % (domain))
                 break
             # extract the credentials
             for cred in jsonobj['accounts']:
                 username = cred['plain']
                 password = aes_decrypt(cred['password'], decrypt_key, iv)
                 leak = cred['leak_id']
                 self.output('%s:%s' % (username, password))
                 self.add_credentials(username=username, password=password, leak=leak)
                 self.get_pwnedlist_leak(leak)
             # paginate
             if jsonobj['token']:
                 payload['token'] = jsonobj['token']
                 continue
             break
Example #2
0
 def module_run(self, accounts):
     key = self.keys.get('pwnedlist_api')
     secret = self.keys.get('pwnedlist_secret')
     decrypt_key = secret[:16]
     iv = self.keys.get('pwnedlist_iv')
     # setup the API call
     url = 'https://api.pwnedlist.com/api/1/accounts/query'
     # build the payload
     payload = {'account_identifier': ','.join(accounts), 'daysAgo': 0}
     payload = self.build_pwnedlist_payload(payload, 'accounts.query', key, secret)
     # make the request
     resp = self.request(url, payload=payload)
     if resp.json: jsonobj = resp.json
     else:
         self.error('Invalid JSON response.\n%s' % (resp.text))
         return
     if len(jsonobj['results']) == 0:
         self.output('No results returned.')
     else:
         # extract the credentials
         for cred in jsonobj['results']:
             username = cred['plain']
             password = aes_decrypt(cred['password'], decrypt_key, iv)
             leak = cred['leak_id']
             self.add_credentials(username=username, password=password, leak=leak)
             self.add_leaks(mute=True, **self.get_pwnedlist_leak(leak))
             self.query('DELETE FROM credentials WHERE username = \'%s\' and password IS NULL and hash IS NULL' % (username))
Example #3
0
 def module_run(self, accounts):
     key = self.get_key('pwnedlist_api')
     secret = self.get_key('pwnedlist_secret')
     decrypt_key = secret[:16]
     iv = self.get_key('pwnedlist_iv')
     # setup the API call
     url = 'https://api.pwnedlist.com/api/1/accounts/query'
     # build the payload
     payload = {'account_identifier': ','.join(accounts), 'daysAgo': 0}
     payload = self.build_pwnedlist_payload(payload, 'accounts.query', key,
                                            secret)
     # make the request
     resp = self.request(url, payload=payload)
     if resp.json: jsonobj = resp.json
     else:
         self.error('Invalid JSON response.\n%s' % (resp.text))
         return
     if len(jsonobj['results']) == 0:
         self.output('No results returned.')
     else:
         # extract the credentials
         for cred in jsonobj['results']:
             username = cred['plain']
             password = aes_decrypt(cred['password'], decrypt_key, iv)
             leak = cred['leak_id']
             self.output('%s:%s' % (username, password))
             self.add_credentials(username=username,
                                  password=password,
                                  leak=leak)
             self.get_pwnedlist_leak(leak)
             self.query(
                 'DELETE FROM credentials WHERE username = \'%s\' and password IS NULL and hash IS NULL'
                 % (username))
Example #4
0
 def module_run(self, domains):
     key = self.get_key('pwnedlist_api')
     secret = self.get_key('pwnedlist_secret')
     decrypt_key = secret[:16]
     iv = self.get_key('pwnedlist_iv')
     # setup the API call
     url = 'https://api.pwnedlist.com/api/1/domains/query'
     for domain in domains:
         self.heading(domain, level=0)
         payload = {'domain_identifier': domain, 'daysAgo': 0}
         while True:
             # build the payload
             pwnedlist_payload = self.build_pwnedlist_payload(payload, 'domains.query', key, secret)
             # make the request
             resp = self.request(url, payload=pwnedlist_payload)
             if resp.json: jsonobj = resp.json
             else:
                 self.error('Invalid JSON response for \'%s\'.\n%s' % (domain, resp.text))
                 break
             if len(jsonobj['accounts']) == 0:
                 self.output('No results returned for \'%s\'.' % (domain))
                 break
             # extract the credentials
             for cred in jsonobj['accounts']:
                 username = cred['plain']
                 password = aes_decrypt(cred['password'], decrypt_key, iv)
                 leak = cred['leak_id']
                 self.add_credentials(username=username, password=password, leak=leak)
                 self.add_leaks(mute=True, **self.get_pwnedlist_leak(leak))
             # paginate
             if jsonobj['token']:
                 payload['token'] = jsonobj['token']
                 continue
             break