def test_get_breaches_raise_if_account_is_not_specified(self):
# get_account_breaches(account=1, domain=None, truncate_response=False, include_unverified=False):
with pytest.raises(AttributeError) as excinfo:
# Will raise because the account must be a string (specifically, six.text_type)
pyhibp.get_account_breaches(account=None)
assert "The account parameter must be specified, and must be a string" in str(
excinfo.value)
def test_get_breaches_raise_if_domain_is_not_string(self):
# get_account_breaches(account=TEST_ACCOUNT, domain=1, truncate_response=False, include_unverified=False):
with pytest.raises(AttributeError) as excinfo:
# Will raise because the domain must be a string (specifically, six.text_type)
pyhibp.get_account_breaches(account=TEST_ACCOUNT, domain=1)
assert "The domain parameter, if specified, must be a string" in str(
excinfo.value)
def test_user_agent_must_be_set_or_raise(self, monkeypatch):
"""
The HIBP backend requires a User-Agent; ensure we're forcing one to be set on all functions
"""
monkeypatch.setitem(pyhibp.pyHIBP_HEADERS, 'User-Agent', None)
with pytest.raises(RuntimeError) as execinfo:
pyhibp.get_account_breaches(account=TEST_ACCOUNT)
assert "The User-Agent must be set. Call pyhibp.set_user_agent(ua=your_agent_string) first." in str(
execinfo.value)
def test_raise_if_useragent_is_not_set(self, monkeypatch):
# This should never be encountered normally, since we have the module-level variable/constant;
# That said, test it, since we can, and since we might as well cover the line of code.
head = {'User-Agent': ''}
monkeypatch.setattr(pyhibp, 'pyHIBP_HEADERS', head)
with pytest.raises(RuntimeError) as excinfo:
pyhibp.get_account_breaches(
account="{0}@test-suite.pyhibp.example.com".format(
str(uuid.uuid4())))
assert "HTTP 403" in str(excinfo.value)
def test_raise_if_rate_limit_exceeded(self):
""" The API will respond the same to all exceeded rate limits across all endpoints """
# The rate limit exists, however all responses are cached; so we need to generate some random "accounts".
rand_accts = [
"{0}@test-suite.pyhibp.example.com".format(str(uuid.uuid4()))
for j in range(4)
]
with pytest.raises(RuntimeError) as excinfo:
for item in rand_accts:
pyhibp.get_account_breaches(account=item,
truncate_response=True)
assert "HTTP 429" in str(excinfo.value)
def test_get_breaches_account(self):
# get_account_breaches(account=TEST_ACCOUNT, domain=None, truncate_response=False, include_unverified=False):
resp = pyhibp.get_account_breaches(account=TEST_ACCOUNT)
assert isinstance(resp, list)
# As of a manual test, there were 46 accounts for the [email protected]; so >=20 is safe.
assert len(resp) >= 20
assert isinstance(resp[0], dict)
def test_get_breaches_account_with_domain(self):
# get_account_breaches(account=TEST_ACCOUNT, domain=TEST_DOMAIN, truncate_response=False, include_unverified=False):
resp = pyhibp.get_account_breaches(account=TEST_ACCOUNT,
domain=TEST_DOMAIN)
assert isinstance(resp, list)
# We're limiting the domain; so we only expect one breach to be returned
assert len(resp) == 1
assert isinstance(resp[0], dict)
assert resp[0]['Name'] == TEST_DOMAIN_NAME
def test_get_breaches_account_with_truncation(self):
# get_account_breaches(account=TEST_ACCOUNT, domain=None, truncate_response=True, include_unverified=False):
resp = pyhibp.get_account_breaches(account=TEST_ACCOUNT,
truncate_response=True)
assert isinstance(resp, list)
assert len(resp) >= 20
assert isinstance(resp[0], dict)
# The individual dicts are only the name of the breached website (since we're truncating)
item = resp[0]
assert len(item) == 1
assert 'Name' in item
assert 'DataClasses' not in item
def test_get_breaches_retrieve_all_breaches_with_unverified(self):
# get_account_breaches(account=TEST_ACCOUNT, domain=None, truncate_response=False, include_unverified=True):
resp = pyhibp.get_account_breaches(account=TEST_ACCOUNT,
include_unverified=True)
assert isinstance(resp, list)
assert len(resp) > 50
has_unverified = False
for item in resp:
if not item['IsVerified']:
has_unverified = True
# If we see any unverified items, that's enough.
break
assert has_unverified
def email():
pyhibp.set_user_agent(
ua="Awesome application/0.0.1 (An awesome description)")
HIBP_API_KEY = 'aa3876c762b9457385e2278befd83ac8'
if HIBP_API_KEY:
pyhibp.set_api_key(key=HIBP_API_KEY)
resp = pyhibp.get_all_breaches()
dict = []
email_name = "*****@*****.**"
_resp = pyhibp.get_account_breaches(account=email_name,
truncate_response=True)
print(_resp)
for x in _resp:
email = models.infected_email(email=email_name, site=x['Name'])
email.save()
print(x['Name'])
def hibpEmailVerification(email):
pyhibp.set_user_agent(ua="A e-mail breach verification")
# Have I Been Pawned Key
HIBP_API_KEY = '362134bc48ee49ed8dad0efad610a49a'
retorno = "Não encontramos evidências de que seu e-mail foi vazado!"
if HIBP_API_KEY:
pyhibp.set_api_key(key=HIBP_API_KEY)
resp = pyhibp.get_account_breaches(account=f"{email}",
truncate_response=True)
if resp:
retorno = resp
return retorno
def check_hibp(self, email, password, elastic=False):
print("---" + Fore.CYAN + "Have I Been Pwned" + Fore.RESET + "---")
to_elastic = {"email": email, "password": password, "results": []}
try:
resp = pyhibp.get_account_breaches(account=email, truncate_response=True)
if resp:
for name in resp:
to_elastic['results'].append(name['Name'])
print(Fore.MAGENTA + name['Name'] + Fore.RESET)
else:
print(Fore.RED + "Nothing found" + Fore.RESET)
except Exception as e:
print(Fore.RED + str(e) + Fore.RESET)
if len(to_elastic['results']) > 0:
if elastic:
self.put_elastic('hibp', 'email', to_elastic)
return True
else:
return False
def __init__(self, email=None, phone_num=None):
with open('private_key.json') as f:
KEY = json.load(f)
API_KEY = KEY['pwnd_token']
f.close()
pyhibp.set_api_key(key=API_KEY)
pyhibp.set_user_agent(ua="Making a test application for a project.")
self.phone_num = phone_num
self.email = email
self.breaches = pyhibp.get_account_breaches(account=self.email,
truncate_response=True,
include_unverified=True)
self.breaches_num = len(self.get_list_breaches())
if (not (self.email or self.phone_num)):
print('This user has an invalid email or phone number.')
return None
def combinedfile(breach_file, unique_emails, resume):
config.set("settings", "combinedfilename", breach_file)
config.set("settings", "completedemails", "0")
if resume == False:
config.set("settings", "totalemailsscanned", "0")
config.write(open("settings.conf", "w"))
if resume == False:
with open(breach_file, 'w') as f:
f.write(f"Emails,Breaches,Breach Informations,Paste Information\n")
f.close()
i = 0
for email in unique_emails:
i += 1
e = email
time.sleep(delay)
resp = pyhibp.get_account_breaches(account=e, truncate_response=True)
time.sleep(delay)
pastes = pyhibp.get_pastes(email_address=e)
breaches = f"Found in {len(resp)} Breaches"
if resp:
Breach_Informations = str(resp)[:32700]
pas = f"Found in {len(pastes)} Pastes"
with open(breach_file, 'a', encoding='UTF-8') as f:
string = f"""{e},{breaches},"{Breach_Informations}",{pas}\n"""
f.write(string)
time.sleep(delay)
per = percentage(i, len(unique_emails))
print(f"{per}% Completed")
if resume:
config.set("settings", "totalemailsscanned", str(i))
config.write(open("settings.conf", "w"))
else:
resume_count = int(config['settings']['totalemailsscanned'])
config.set("settings", "totalemailsscanned", str(resume_count + 1))
config.write(open("settings.conf", "w"))
config.set("settings", "completedemails", "1")
config.write(open("settings.conf", "w"))
def Search(self):
try:
Data_to_Cache = []
Directory = General.Make_Directory(self.Concat_Plugin_Name)
logger = logging.getLogger()
logger.setLevel(logging.INFO)
Log_File = General.Logging(Directory, self.Concat_Plugin_Name)
handler = logging.FileHandler(os.path.join(Directory, Log_File), "w")
handler.setLevel(logging.DEBUG)
formatter = logging.Formatter("%(levelname)s - %(message)s")
handler.setFormatter(formatter)
logger.addHandler(handler)
try:
pyhibp.set_api_key(key=Load_Configuration())
except:
logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to set API key, make sure it is set in the configuration file.")
if self.Type == "email":
Local_Plugin_Name = self.Plugin_Name + " " + self.Type
Cached_Data_Object = General.Cache(Directory, Local_Plugin_Name)
Cached_Data = Cached_Data_Object.Get_Cache()
for Query in self.Query_List:
Query_Response = pyhibp.get_pastes(email_address=Query)
logging.info(Query_Response)
if Query_Response:
Current_Domain = Query_Response[0]["Source"]
ID = Query_Response[0]["Id"]
Link = f"https://www.{Current_Domain}.com/{ID}"
JSON_Query_Response = Common.JSON_Handler(Query_Response).Dump_JSON()
if Link not in Cached_Data and Link not in Data_to_Cache:
Output_file = General.Create_Query_Results_Output_File(Directory, Query, self.Plugin_Name, JSON_Query_Response, "email", self.The_File_Extension)
if Output_file:
Output_Connections = General.Connections(Query, Local_Plugin_Name, self.Domain, self.Result_Type_1, self.Task_ID, Local_Plugin_Name.lower())
Output_Connections.Output([Output_file], Link, General.Get_Title(Link), self.Concat_Plugin_Name)
Data_to_Cache.append(Link)
else:
logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to create output file. File may already exist.")
Cached_Data_Object.Write_Cache(Data_to_Cache)
elif self.Type == "breach":
Local_Plugin_Name = self.Plugin_Name + " " + self.Type
Cached_Data_Object = General.Cache(Directory, Local_Plugin_Name)
Cached_Data = Cached_Data_Object.Get_Cache()
for Query in self.Query_List:
Query_Response = pyhibp.get_single_breach(breach_name=Query)
if Query_Response:
Current_Domain = Query_Response["Domain"]
Link = f"https://www.{Current_Domain}.com/"
JSON_Query_Response = Common.JSON_Handler(Query_Response).Dump_JSON()
if Link not in Cached_Data and Link not in Data_to_Cache:
Output_file = General.Create_Query_Results_Output_File(Directory, Query, Local_Plugin_Name, JSON_Query_Response, "breach", self.The_File_Extension)
if Output_file:
Output_Connections = General.Connections(Query, Local_Plugin_Name, self.Domain, self.Result_Type_2, self.Task_ID, Local_Plugin_Name.lower())
Output_Connections.Output([Output_file], Link, General.Get_Title(Link), self.Concat_Plugin_Name)
Data_to_Cache.append(Link)
else:
logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to create output file. File may already exist.")
Cached_Data_Object.Write_Cache(Data_to_Cache)
elif self.Type == "password":
Local_Plugin_Name = self.Plugin_Name + " " + self.Type
Cached_Data_Object = General.Cache(Directory, Local_Plugin_Name)
Cached_Data = Cached_Data_Object.Get_Cache()
for Query in self.Query_List:
Query_Response = pw.is_password_breached(password=Query)
logging.info(Query_Response)
if Query_Response:
Link = f"https://{self.Domain}/Passwords?{Query}"
if Link not in Cached_Data and Link not in Data_to_Cache:
Output_file = General.Create_Query_Results_Output_File(Directory, Query, self.Plugin_Name, str(Query_Response), "password", ".txt")
if Output_file:
Output_Connections = General.Connections(Query, Local_Plugin_Name, self.Domain, self.Result_Type_2, self.Task_ID, Local_Plugin_Name.lower())
Output_Connections.Output([Output_file], Link, General.Get_Title(Link), self.Concat_Plugin_Name)
Data_to_Cache.append(Link)
else:
logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to create output file. File may already exist.")
Cached_Data_Object.Write_Cache(Data_to_Cache)
elif self.Type == "account":
Local_Plugin_Name = self.Plugin_Name + " " + self.Type
Cached_Data_Object = General.Cache(Directory, Local_Plugin_Name)
Cached_Data = Cached_Data_Object.Get_Cache()
for Query in self.Query_List:
Query_Response = pyhibp.get_account_breaches(account=Query, truncate_response=True)
if Query_Response:
Current_Step = 0
for Response in Query_Response:
Current_Response = pyhibp.get_single_breach(breach_name=Response['Name'])
JSON_Query_Response = Common.JSON_Handler(Query_Response).Dump_JSON()
Link = "https://" + Current_Response['self.Domain']
if Current_Response['self.Domain'] not in Cached_Data and Current_Response['self.Domain'] not in Data_to_Cache and Current_Step < int(self.Limit):
Output_file = General.Create_Query_Results_Output_File(Directory, Query, Local_Plugin_Name, JSON_Query_Response, "account", self.The_File_Extension)
if Output_file:
Output_Connections = General.Connections(Query, Local_Plugin_Name, Current_Response['self.Domain'], self.Result_Type_1, self.Task_ID, Local_Plugin_Name.lower())
Output_Connections.Output([Output_file], Link, General.Get_Title(Link), self.Concat_Plugin_Name)
Data_to_Cache.append(Current_Response['self.Domain'])
else:
logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to create output file. File may already exist.")
Current_Step += 1
Cached_Data_Object.Write_Cache(Data_to_Cache)
else:
logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - Invalid Type provided.")
except Exception as e:
logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - {str(e)}")
def Search(Query_List, Task_ID, Type_of_Query, **kwargs):
Data_to_Cache = []
Cached_Data = []
try:
if kwargs.get('Limit'):
if int(kwargs["Limit"]) > 0:
Limit = kwargs["Limit"]
else:
Limit = 10
Directory = General.Make_Directory(Concat_Plugin_Name)
logger = logging.getLogger()
logger.setLevel(logging.INFO)
Log_File = General.Logging(Directory, Concat_Plugin_Name)
handler = logging.FileHandler(os.path.join(Directory, Log_File), "w")
handler.setLevel(logging.DEBUG)
formatter = logging.Formatter("%(levelname)s - %(message)s")
handler.setFormatter(formatter)
logger.addHandler(handler)
try:
pyhibp.set_api_key(key=Load_Configuration())
except:
logging.warning(General.Date() + " Failed to set API key, make sure it is set in the configuration file.")
Query_List = General.Convert_to_List(Query_List)
if Type_of_Query == "email":
Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query
Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name)
if not Cached_Data:
Cached_Data = []
for Query in Query_List:
Query_Response = pyhibp.get_pastes(email_address=Query)
logging.info(Query_Response)
if Query_Response:
Domain = Query_Response[0]["Source"]
ID = Query_Response[0]["Id"]
Link = "https://www." + Domain + ".com/" + ID
JSON_Query_Response = json.dumps(Query_Response, indent=4, sort_keys=True)
if Link not in Cached_Data and Link not in Data_to_Cache:
Output_file = General.Create_Query_Results_Output_File(Directory, Query, Plugin_Name, JSON_Query_Response, "email", The_File_Extension)
if Output_file:
General.Connections(Output_file, Query, Local_Plugin_Name, Link, "haveibeenpwned.com", "Data Leakage", Task_ID, General.Get_Title(Link), Local_Plugin_Name.lower())
Data_to_Cache.append(Link)
if Cached_Data:
General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "a")
else:
General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "w")
elif Type_of_Query == "breach":
Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query
Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name)
if not Cached_Data:
Cached_Data = []
for Query in Query_List:
Query_Response = pyhibp.get_single_breach(breach_name=Query)
if Query_Response:
Domain = Query_Response["Domain"]
Link = "https://www." + Domain + ".com/"
JSON_Query_Response = json.dumps(Query_Response, indent=4, sort_keys=True)
if Link not in Cached_Data and Link not in Data_to_Cache:
Output_file = General.Create_Query_Results_Output_File(Directory, Query, Local_Plugin_Name, JSON_Query_Response, "breach", The_File_Extension)
if Output_file:
General.Connections(Output_file, Query, Local_Plugin_Name, Link, "haveibeenpwned.com", "Data Leakage", Task_ID, General.Get_Title(Link), Local_Plugin_Name.lower())
Data_to_Cache.append(Link)
if Cached_Data:
General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "a")
else:
General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "w")
elif Type_of_Query == "password":
Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query
Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name)
if not Cached_Data:
Cached_Data = []
for Query in Query_List:
Query_Response = pw.is_password_breached(password=Query)
logging.info(Query_Response)
if Query_Response:
Link = "https://haveibeenpwned.com/Passwords?" + Query
if Link not in Cached_Data and Link not in Data_to_Cache:
Output_file = General.Create_Query_Results_Output_File(Directory, Query, Plugin_Name, str(Query_Response), "password", ".txt")
if Output_file:
General.Connections(Output_file, Query, Local_Plugin_Name, Link, "haveibeenpwned.com", "Data Leakage", Task_ID, General.Get_Title(Link), Local_Plugin_Name.lower())
Data_to_Cache.append(Link)
if Cached_Data:
General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "a")
else:
General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "w")
elif Type_of_Query == "account":
Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query
Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name)
if not Cached_Data:
Cached_Data = []
for Query in Query_List:
Query_Response = pyhibp.get_account_breaches(account=Query, truncate_response=True)
if Query_Response:
Current_Step = 0
for Response in Query_Response:
Current_Response = pyhibp.get_single_breach(breach_name=Response['Name'])
JSON_Query_Response = json.dumps(Current_Response, indent=4, sort_keys=True)
Link = "https://" + Current_Response['Domain']
if Current_Response['Domain'] not in Cached_Data and Current_Response['Domain'] not in Data_to_Cache and Current_Step < int(Limit):
Output_file = General.Create_Query_Results_Output_File(Directory, Query, Local_Plugin_Name, JSON_Query_Response, "account", The_File_Extension)
if Output_file:
General.Connections(Output_file, Query, Local_Plugin_Name, Link, Current_Response['Domain'], "Data Leakage", Task_ID, General.Get_Title(Link), Local_Plugin_Name.lower())
Data_to_Cache.append(Current_Response['Domain'])
Current_Step += 1
if Cached_Data:
General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "a")
else:
General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "w")
else:
logging.warning(General.Date() + " Invalid type provided.")
except:
logging.warning(General.Date() + " Execution error.")
def individual(files, resume):
config.set("settings", "completedcsv", "0")
if resume == False:
config.set("settings", "totalcsvscanned", "0")
config.write(open("settings.conf", "w"))
files = files
csvindex = 0
for fi in files:
print(f'\nNow Scanning : {fi}')
csvindex += 1
with open(fi, 'r') as f:
data_frame = f.readlines()
f.close()
emails = re.findall(r"[a-z0-9\.\-+_]+@[a-z0-9\.\-+_]+\.[a-z]+",
str(data_frame))
#emails = list(dict.fromkeys(emails))
columns = data_frame[0]
breach_file = fi + '_breaches.csv'
with open(breach_file, 'w') as f:
f.write("Emails,Breaches,Breach Information,Paste Information," +
columns)
f.close()
already_scanned = []
i = 0
for e in emails:
i += 1
if e in already_scanned:
pass
else:
print(f' +{e}')
already_scanned.append(e)
time.sleep(delay)
resp = pyhibp.get_account_breaches(account=e,
truncate_response=True)
time.sleep(delay)
pastes = pyhibp.get_pastes(email_address=e)
if resp:
breaches = f"Found in {len(resp)} Breaches"
Breach_Informations = str(resp)[:32700]
try:
lines = []
for i in range(len(data_frame)):
if e in data_frame[i]:
lines.append(data_frame[i])
other_informations = lines[0].replace('\n', '')
except Exception:
other_informations = ""
pas = f"Found in {len(pastes)} Pastes"
with open(breach_file, 'a', encoding='UTF-8') as f:
string = f"""{e},{breaches},"{Breach_Informations}",{pas},{other_informations}\n"""
f.write(string)
f.close()
time.sleep(delay)
if resume:
config.set("settings", "totalcsvscanned", str(csvindex))
config.write(open("settings.conf", "w"))
else:
resume_count = int(config['settings']['totalcsvscanned'])
config.set("settings", "totalcsvscanned", str(resume_count + 1))
config.write(open("settings.conf", "w"))
per = percentage(csvindex, len(files))
print(f"{per}% Completed")
config.set("settings", "completedcsv", "1")
config.write(open("settings.conf", "w"))
def Search(Query_List, Task_ID, Type_of_Query, **kwargs):
try:
Data_to_Cache = []
Directory = General.Make_Directory(Concat_Plugin_Name)
logger = logging.getLogger()
logger.setLevel(logging.INFO)
Log_File = General.Logging(Directory, Concat_Plugin_Name)
handler = logging.FileHandler(os.path.join(Directory, Log_File), "w")
handler.setLevel(logging.DEBUG)
formatter = logging.Formatter("%(levelname)s - %(message)s")
handler.setFormatter(formatter)
logger.addHandler(handler)
try:
pyhibp.set_api_key(key=Load_Configuration())
except:
logging.warning(
f"{General.Date()} - {__name__.strip('plugins.')} - Failed to set API key, make sure it is set in the configuration file."
)
Query_List = General.Convert_to_List(Query_List)
Limit = General.Get_Limit(kwargs)
if Type_of_Query == "email":
Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query
Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name)
for Query in Query_List:
Query_Response = pyhibp.get_pastes(email_address=Query)
logging.info(Query_Response)
if Query_Response:
Current_Domain = Query_Response[0]["Source"]
ID = Query_Response[0]["Id"]
Link = f"https://www.{Current_Domain}.com/{ID}"
JSON_Query_Response = json.dumps(Query_Response,
indent=4,
sort_keys=True)
if Link not in Cached_Data and Link not in Data_to_Cache:
Output_file = General.Create_Query_Results_Output_File(
Directory, Query, Plugin_Name, JSON_Query_Response,
"email", The_File_Extension)
if Output_file:
Output_Connections = General.Connections(
Query, Local_Plugin_Name, Domain, "Account",
Task_ID, Local_Plugin_Name.lower())
Output_Connections.Output([Output_file], Link,
General.Get_Title(Link),
Concat_Plugin_Name)
Data_to_Cache.append(Link)
else:
logging.warning(
f"{General.Date()} - {__name__.strip('plugins.')} - Failed to create output file. File may already exist."
)
General.Write_Cache(Directory, Cached_Data, Data_to_Cache,
Plugin_Name)
elif Type_of_Query == "breach":
Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query
Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name)
for Query in Query_List:
Query_Response = pyhibp.get_single_breach(breach_name=Query)
if Query_Response:
Current_Domain = Query_Response["Domain"]
Link = f"https://www.{Current_Domain}.com/"
JSON_Query_Response = json.dumps(Query_Response,
indent=4,
sort_keys=True)
if Link not in Cached_Data and Link not in Data_to_Cache:
Output_file = General.Create_Query_Results_Output_File(
Directory, Query, Local_Plugin_Name,
JSON_Query_Response, "breach", The_File_Extension)
if Output_file:
Output_Connections = General.Connections(
Query, Local_Plugin_Name, Domain,
"Credentials", Task_ID,
Local_Plugin_Name.lower())
Output_Connections.Output([Output_file], Link,
General.Get_Title(Link),
Concat_Plugin_Name)
Data_to_Cache.append(Link)
else:
logging.warning(
f"{General.Date()} - {__name__.strip('plugins.')} - Failed to create output file. File may already exist."
)
General.Write_Cache(Directory, Cached_Data, Data_to_Cache,
Plugin_Name)
elif Type_of_Query == "password":
Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query
Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name)
for Query in Query_List:
Query_Response = pw.is_password_breached(password=Query)
logging.info(Query_Response)
if Query_Response:
Link = f"https://{Domain}/Passwords?{Query}"
if Link not in Cached_Data and Link not in Data_to_Cache:
Output_file = General.Create_Query_Results_Output_File(
Directory, Query, Plugin_Name, str(Query_Response),
"password", ".txt")
if Output_file:
Output_Connections = General.Connections(
Query, Local_Plugin_Name, Domain,
"Credentials", Task_ID,
Local_Plugin_Name.lower())
Output_Connections.Output([Output_file], Link,
General.Get_Title(Link),
Concat_Plugin_Name)
Data_to_Cache.append(Link)
else:
logging.warning(
f"{General.Date()} - {__name__.strip('plugins.')} - Failed to create output file. File may already exist."
)
General.Write_Cache(Directory, Cached_Data, Data_to_Cache,
Plugin_Name)
elif Type_of_Query == "account":
Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query
Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name)
for Query in Query_List:
Query_Response = pyhibp.get_account_breaches(
account=Query, truncate_response=True)
if Query_Response:
Current_Step = 0
for Response in Query_Response:
Current_Response = pyhibp.get_single_breach(
breach_name=Response['Name'])
JSON_Query_Response = json.dumps(Current_Response,
indent=4,
sort_keys=True)
Link = "https://" + Current_Response['Domain']
if Current_Response[
'Domain'] not in Cached_Data and Current_Response[
'Domain'] not in Data_to_Cache and Current_Step < int(
Limit):
Output_file = General.Create_Query_Results_Output_File(
Directory, Query, Local_Plugin_Name,
JSON_Query_Response, "account",
The_File_Extension)
if Output_file:
Output_Connections = General.Connections(
Query, Local_Plugin_Name,
Current_Response['Domain'], "Account",
Task_ID, Local_Plugin_Name.lower())
Output_Connections.Output(
[Output_file], Link,
General.Get_Title(Link),
Concat_Plugin_Name)
Data_to_Cache.append(
Current_Response['Domain'])
else:
logging.warning(
f"{General.Date()} - {__name__.strip('plugins.')} - Failed to create output file. File may already exist."
)
Current_Step += 1
General.Write_Cache(Directory, Cached_Data, Data_to_Cache,
Plugin_Name)
else:
logging.warning(
f"{General.Date()} - {__name__.strip('plugins.')} - Invalid type provided."
)
except Exception as e:
logging.warning(
f"{General.Date()} - {__name__.strip('plugins.')} - {str(e)}")
def test_get_breaches_return_false_if_no_accounts(self):
# get_account_breaches(account=TEST_PASSWORD_SHA1_HASH, domain=None, truncate_response=False, include_unverified=False):
resp = pyhibp.get_account_breaches(
account=TEST_NONEXISTENT_ACCOUNT_NAME)
assert not resp
assert isinstance(resp, bool)
def test_get_breaches_api_key_must_be_specified_or_raise(self):
with pytest.raises(RuntimeError) as excinfo:
# Will raise because an API key has not been set on this request.
pyhibp.get_account_breaches(account=TEST_ACCOUNT)
assert "A HIBP API key is required for this call. Call pyhibp.set_api_key(key=your_key) first." in str(
excinfo.value)
# List of Breaches with included passwords (this is only a small amount of pages which are used by my users)
pws = ['Adobe', 'LinkedIn', 'Dubsmash', 'Netlog', 'OnlinerSpambot', 'MyFitnessPal' 'Lastfm', 'MyHeritage', 'DVDShopCH', 'Evite', 'Dropbox', '8fit', 'ArmorGames', 'BTCE', 'Canva', 'CafePress', 'ShareThis', 'Coinmama', 'Trillian']
# read config file
with open('config.json') as config_file:
data = json.load(config_file)
onlyPw=data['onlyPw']
# configure HIBP Agent
pyhibp.set_user_agent(ua="Awesome application/0.0.1 (An awesome description)")
pyhibp.set_api_key(key=data['api-key'])
# check only one account
if len(sys.argv) > 1:
resp = pyhibp.get_account_breaches(account=sys.argv[1], truncate_response=True)
if resp:
print("Account ",sys.argv[1],"was hacked on these sites",resp)
# check a whole list
else:
with open("list.txt") as f:
list = f.read().splitlines()
for user in list:
resp = pyhibp.get_account_breaches(account=user, truncate_response=True)
time.sleep(1.5)
search=json.dumps(resp)
# show only breaches with password
if onlyPw:
if any(x in search for x in pws):
print("Account ",user.strip(),"password leaked by these site hacks",resp)
# show all breaches
def test_raise_if_invalid_format_submitted(self):
# For example, if a null (0x00) character is submitted to an endpoint.
with pytest.raises(RuntimeError) as execinfo:
pyhibp.get_account_breaches(account="\0")
assert "HTTP 400" in str(execinfo.value)
