def test_get_breaches_raise_if_account_is_not_specified(self): # get_account_breaches(account=1, domain=None, truncate_response=False, include_unverified=False): with pytest.raises(AttributeError) as excinfo: # Will raise because the account must be a string (specifically, six.text_type) pyhibp.get_account_breaches(account=None) assert "The account parameter must be specified, and must be a string" in str( excinfo.value)
def test_get_breaches_raise_if_domain_is_not_string(self): # get_account_breaches(account=TEST_ACCOUNT, domain=1, truncate_response=False, include_unverified=False): with pytest.raises(AttributeError) as excinfo: # Will raise because the domain must be a string (specifically, six.text_type) pyhibp.get_account_breaches(account=TEST_ACCOUNT, domain=1) assert "The domain parameter, if specified, must be a string" in str( excinfo.value)
def test_user_agent_must_be_set_or_raise(self, monkeypatch): """ The HIBP backend requires a User-Agent; ensure we're forcing one to be set on all functions """ monkeypatch.setitem(pyhibp.pyHIBP_HEADERS, 'User-Agent', None) with pytest.raises(RuntimeError) as execinfo: pyhibp.get_account_breaches(account=TEST_ACCOUNT) assert "The User-Agent must be set. Call pyhibp.set_user_agent(ua=your_agent_string) first." in str( execinfo.value)
def test_raise_if_useragent_is_not_set(self, monkeypatch): # This should never be encountered normally, since we have the module-level variable/constant; # That said, test it, since we can, and since we might as well cover the line of code. head = {'User-Agent': ''} monkeypatch.setattr(pyhibp, 'pyHIBP_HEADERS', head) with pytest.raises(RuntimeError) as excinfo: pyhibp.get_account_breaches( account="{0}@test-suite.pyhibp.example.com".format( str(uuid.uuid4()))) assert "HTTP 403" in str(excinfo.value)
def test_raise_if_rate_limit_exceeded(self): """ The API will respond the same to all exceeded rate limits across all endpoints """ # The rate limit exists, however all responses are cached; so we need to generate some random "accounts". rand_accts = [ "{0}@test-suite.pyhibp.example.com".format(str(uuid.uuid4())) for j in range(4) ] with pytest.raises(RuntimeError) as excinfo: for item in rand_accts: pyhibp.get_account_breaches(account=item, truncate_response=True) assert "HTTP 429" in str(excinfo.value)
def test_get_breaches_account(self): # get_account_breaches(account=TEST_ACCOUNT, domain=None, truncate_response=False, include_unverified=False): resp = pyhibp.get_account_breaches(account=TEST_ACCOUNT) assert isinstance(resp, list) # As of a manual test, there were 46 accounts for the [email protected]; so >=20 is safe. assert len(resp) >= 20 assert isinstance(resp[0], dict)
def test_get_breaches_account_with_domain(self): # get_account_breaches(account=TEST_ACCOUNT, domain=TEST_DOMAIN, truncate_response=False, include_unverified=False): resp = pyhibp.get_account_breaches(account=TEST_ACCOUNT, domain=TEST_DOMAIN) assert isinstance(resp, list) # We're limiting the domain; so we only expect one breach to be returned assert len(resp) == 1 assert isinstance(resp[0], dict) assert resp[0]['Name'] == TEST_DOMAIN_NAME
def test_get_breaches_account_with_truncation(self): # get_account_breaches(account=TEST_ACCOUNT, domain=None, truncate_response=True, include_unverified=False): resp = pyhibp.get_account_breaches(account=TEST_ACCOUNT, truncate_response=True) assert isinstance(resp, list) assert len(resp) >= 20 assert isinstance(resp[0], dict) # The individual dicts are only the name of the breached website (since we're truncating) item = resp[0] assert len(item) == 1 assert 'Name' in item assert 'DataClasses' not in item
def test_get_breaches_retrieve_all_breaches_with_unverified(self): # get_account_breaches(account=TEST_ACCOUNT, domain=None, truncate_response=False, include_unverified=True): resp = pyhibp.get_account_breaches(account=TEST_ACCOUNT, include_unverified=True) assert isinstance(resp, list) assert len(resp) > 50 has_unverified = False for item in resp: if not item['IsVerified']: has_unverified = True # If we see any unverified items, that's enough. break assert has_unverified
def email(): pyhibp.set_user_agent( ua="Awesome application/0.0.1 (An awesome description)") HIBP_API_KEY = 'aa3876c762b9457385e2278befd83ac8' if HIBP_API_KEY: pyhibp.set_api_key(key=HIBP_API_KEY) resp = pyhibp.get_all_breaches() dict = [] email_name = "*****@*****.**" _resp = pyhibp.get_account_breaches(account=email_name, truncate_response=True) print(_resp) for x in _resp: email = models.infected_email(email=email_name, site=x['Name']) email.save() print(x['Name'])
def hibpEmailVerification(email): pyhibp.set_user_agent(ua="A e-mail breach verification") # Have I Been Pawned Key HIBP_API_KEY = '362134bc48ee49ed8dad0efad610a49a' retorno = "Não encontramos evidências de que seu e-mail foi vazado!" if HIBP_API_KEY: pyhibp.set_api_key(key=HIBP_API_KEY) resp = pyhibp.get_account_breaches(account=f"{email}", truncate_response=True) if resp: retorno = resp return retorno
def check_hibp(self, email, password, elastic=False): print("---" + Fore.CYAN + "Have I Been Pwned" + Fore.RESET + "---") to_elastic = {"email": email, "password": password, "results": []} try: resp = pyhibp.get_account_breaches(account=email, truncate_response=True) if resp: for name in resp: to_elastic['results'].append(name['Name']) print(Fore.MAGENTA + name['Name'] + Fore.RESET) else: print(Fore.RED + "Nothing found" + Fore.RESET) except Exception as e: print(Fore.RED + str(e) + Fore.RESET) if len(to_elastic['results']) > 0: if elastic: self.put_elastic('hibp', 'email', to_elastic) return True else: return False
def __init__(self, email=None, phone_num=None): with open('private_key.json') as f: KEY = json.load(f) API_KEY = KEY['pwnd_token'] f.close() pyhibp.set_api_key(key=API_KEY) pyhibp.set_user_agent(ua="Making a test application for a project.") self.phone_num = phone_num self.email = email self.breaches = pyhibp.get_account_breaches(account=self.email, truncate_response=True, include_unverified=True) self.breaches_num = len(self.get_list_breaches()) if (not (self.email or self.phone_num)): print('This user has an invalid email or phone number.') return None
def combinedfile(breach_file, unique_emails, resume): config.set("settings", "combinedfilename", breach_file) config.set("settings", "completedemails", "0") if resume == False: config.set("settings", "totalemailsscanned", "0") config.write(open("settings.conf", "w")) if resume == False: with open(breach_file, 'w') as f: f.write(f"Emails,Breaches,Breach Informations,Paste Information\n") f.close() i = 0 for email in unique_emails: i += 1 e = email time.sleep(delay) resp = pyhibp.get_account_breaches(account=e, truncate_response=True) time.sleep(delay) pastes = pyhibp.get_pastes(email_address=e) breaches = f"Found in {len(resp)} Breaches" if resp: Breach_Informations = str(resp)[:32700] pas = f"Found in {len(pastes)} Pastes" with open(breach_file, 'a', encoding='UTF-8') as f: string = f"""{e},{breaches},"{Breach_Informations}",{pas}\n""" f.write(string) time.sleep(delay) per = percentage(i, len(unique_emails)) print(f"{per}% Completed") if resume: config.set("settings", "totalemailsscanned", str(i)) config.write(open("settings.conf", "w")) else: resume_count = int(config['settings']['totalemailsscanned']) config.set("settings", "totalemailsscanned", str(resume_count + 1)) config.write(open("settings.conf", "w")) config.set("settings", "completedemails", "1") config.write(open("settings.conf", "w"))
def Search(self): try: Data_to_Cache = [] Directory = General.Make_Directory(self.Concat_Plugin_Name) logger = logging.getLogger() logger.setLevel(logging.INFO) Log_File = General.Logging(Directory, self.Concat_Plugin_Name) handler = logging.FileHandler(os.path.join(Directory, Log_File), "w") handler.setLevel(logging.DEBUG) formatter = logging.Formatter("%(levelname)s - %(message)s") handler.setFormatter(formatter) logger.addHandler(handler) try: pyhibp.set_api_key(key=Load_Configuration()) except: logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to set API key, make sure it is set in the configuration file.") if self.Type == "email": Local_Plugin_Name = self.Plugin_Name + " " + self.Type Cached_Data_Object = General.Cache(Directory, Local_Plugin_Name) Cached_Data = Cached_Data_Object.Get_Cache() for Query in self.Query_List: Query_Response = pyhibp.get_pastes(email_address=Query) logging.info(Query_Response) if Query_Response: Current_Domain = Query_Response[0]["Source"] ID = Query_Response[0]["Id"] Link = f"https://www.{Current_Domain}.com/{ID}" JSON_Query_Response = Common.JSON_Handler(Query_Response).Dump_JSON() if Link not in Cached_Data and Link not in Data_to_Cache: Output_file = General.Create_Query_Results_Output_File(Directory, Query, self.Plugin_Name, JSON_Query_Response, "email", self.The_File_Extension) if Output_file: Output_Connections = General.Connections(Query, Local_Plugin_Name, self.Domain, self.Result_Type_1, self.Task_ID, Local_Plugin_Name.lower()) Output_Connections.Output([Output_file], Link, General.Get_Title(Link), self.Concat_Plugin_Name) Data_to_Cache.append(Link) else: logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to create output file. File may already exist.") Cached_Data_Object.Write_Cache(Data_to_Cache) elif self.Type == "breach": Local_Plugin_Name = self.Plugin_Name + " " + self.Type Cached_Data_Object = General.Cache(Directory, Local_Plugin_Name) Cached_Data = Cached_Data_Object.Get_Cache() for Query in self.Query_List: Query_Response = pyhibp.get_single_breach(breach_name=Query) if Query_Response: Current_Domain = Query_Response["Domain"] Link = f"https://www.{Current_Domain}.com/" JSON_Query_Response = Common.JSON_Handler(Query_Response).Dump_JSON() if Link not in Cached_Data and Link not in Data_to_Cache: Output_file = General.Create_Query_Results_Output_File(Directory, Query, Local_Plugin_Name, JSON_Query_Response, "breach", self.The_File_Extension) if Output_file: Output_Connections = General.Connections(Query, Local_Plugin_Name, self.Domain, self.Result_Type_2, self.Task_ID, Local_Plugin_Name.lower()) Output_Connections.Output([Output_file], Link, General.Get_Title(Link), self.Concat_Plugin_Name) Data_to_Cache.append(Link) else: logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to create output file. File may already exist.") Cached_Data_Object.Write_Cache(Data_to_Cache) elif self.Type == "password": Local_Plugin_Name = self.Plugin_Name + " " + self.Type Cached_Data_Object = General.Cache(Directory, Local_Plugin_Name) Cached_Data = Cached_Data_Object.Get_Cache() for Query in self.Query_List: Query_Response = pw.is_password_breached(password=Query) logging.info(Query_Response) if Query_Response: Link = f"https://{self.Domain}/Passwords?{Query}" if Link not in Cached_Data and Link not in Data_to_Cache: Output_file = General.Create_Query_Results_Output_File(Directory, Query, self.Plugin_Name, str(Query_Response), "password", ".txt") if Output_file: Output_Connections = General.Connections(Query, Local_Plugin_Name, self.Domain, self.Result_Type_2, self.Task_ID, Local_Plugin_Name.lower()) Output_Connections.Output([Output_file], Link, General.Get_Title(Link), self.Concat_Plugin_Name) Data_to_Cache.append(Link) else: logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to create output file. File may already exist.") Cached_Data_Object.Write_Cache(Data_to_Cache) elif self.Type == "account": Local_Plugin_Name = self.Plugin_Name + " " + self.Type Cached_Data_Object = General.Cache(Directory, Local_Plugin_Name) Cached_Data = Cached_Data_Object.Get_Cache() for Query in self.Query_List: Query_Response = pyhibp.get_account_breaches(account=Query, truncate_response=True) if Query_Response: Current_Step = 0 for Response in Query_Response: Current_Response = pyhibp.get_single_breach(breach_name=Response['Name']) JSON_Query_Response = Common.JSON_Handler(Query_Response).Dump_JSON() Link = "https://" + Current_Response['self.Domain'] if Current_Response['self.Domain'] not in Cached_Data and Current_Response['self.Domain'] not in Data_to_Cache and Current_Step < int(self.Limit): Output_file = General.Create_Query_Results_Output_File(Directory, Query, Local_Plugin_Name, JSON_Query_Response, "account", self.The_File_Extension) if Output_file: Output_Connections = General.Connections(Query, Local_Plugin_Name, Current_Response['self.Domain'], self.Result_Type_1, self.Task_ID, Local_Plugin_Name.lower()) Output_Connections.Output([Output_file], Link, General.Get_Title(Link), self.Concat_Plugin_Name) Data_to_Cache.append(Current_Response['self.Domain']) else: logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to create output file. File may already exist.") Current_Step += 1 Cached_Data_Object.Write_Cache(Data_to_Cache) else: logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - Invalid Type provided.") except Exception as e: logging.warning(f"{Common.Date()} - {self.Logging_Plugin_Name} - {str(e)}")
def Search(Query_List, Task_ID, Type_of_Query, **kwargs): Data_to_Cache = [] Cached_Data = [] try: if kwargs.get('Limit'): if int(kwargs["Limit"]) > 0: Limit = kwargs["Limit"] else: Limit = 10 Directory = General.Make_Directory(Concat_Plugin_Name) logger = logging.getLogger() logger.setLevel(logging.INFO) Log_File = General.Logging(Directory, Concat_Plugin_Name) handler = logging.FileHandler(os.path.join(Directory, Log_File), "w") handler.setLevel(logging.DEBUG) formatter = logging.Formatter("%(levelname)s - %(message)s") handler.setFormatter(formatter) logger.addHandler(handler) try: pyhibp.set_api_key(key=Load_Configuration()) except: logging.warning(General.Date() + " Failed to set API key, make sure it is set in the configuration file.") Query_List = General.Convert_to_List(Query_List) if Type_of_Query == "email": Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name) if not Cached_Data: Cached_Data = [] for Query in Query_List: Query_Response = pyhibp.get_pastes(email_address=Query) logging.info(Query_Response) if Query_Response: Domain = Query_Response[0]["Source"] ID = Query_Response[0]["Id"] Link = "https://www." + Domain + ".com/" + ID JSON_Query_Response = json.dumps(Query_Response, indent=4, sort_keys=True) if Link not in Cached_Data and Link not in Data_to_Cache: Output_file = General.Create_Query_Results_Output_File(Directory, Query, Plugin_Name, JSON_Query_Response, "email", The_File_Extension) if Output_file: General.Connections(Output_file, Query, Local_Plugin_Name, Link, "haveibeenpwned.com", "Data Leakage", Task_ID, General.Get_Title(Link), Local_Plugin_Name.lower()) Data_to_Cache.append(Link) if Cached_Data: General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "a") else: General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "w") elif Type_of_Query == "breach": Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name) if not Cached_Data: Cached_Data = [] for Query in Query_List: Query_Response = pyhibp.get_single_breach(breach_name=Query) if Query_Response: Domain = Query_Response["Domain"] Link = "https://www." + Domain + ".com/" JSON_Query_Response = json.dumps(Query_Response, indent=4, sort_keys=True) if Link not in Cached_Data and Link not in Data_to_Cache: Output_file = General.Create_Query_Results_Output_File(Directory, Query, Local_Plugin_Name, JSON_Query_Response, "breach", The_File_Extension) if Output_file: General.Connections(Output_file, Query, Local_Plugin_Name, Link, "haveibeenpwned.com", "Data Leakage", Task_ID, General.Get_Title(Link), Local_Plugin_Name.lower()) Data_to_Cache.append(Link) if Cached_Data: General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "a") else: General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "w") elif Type_of_Query == "password": Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name) if not Cached_Data: Cached_Data = [] for Query in Query_List: Query_Response = pw.is_password_breached(password=Query) logging.info(Query_Response) if Query_Response: Link = "https://haveibeenpwned.com/Passwords?" + Query if Link not in Cached_Data and Link not in Data_to_Cache: Output_file = General.Create_Query_Results_Output_File(Directory, Query, Plugin_Name, str(Query_Response), "password", ".txt") if Output_file: General.Connections(Output_file, Query, Local_Plugin_Name, Link, "haveibeenpwned.com", "Data Leakage", Task_ID, General.Get_Title(Link), Local_Plugin_Name.lower()) Data_to_Cache.append(Link) if Cached_Data: General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "a") else: General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "w") elif Type_of_Query == "account": Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name) if not Cached_Data: Cached_Data = [] for Query in Query_List: Query_Response = pyhibp.get_account_breaches(account=Query, truncate_response=True) if Query_Response: Current_Step = 0 for Response in Query_Response: Current_Response = pyhibp.get_single_breach(breach_name=Response['Name']) JSON_Query_Response = json.dumps(Current_Response, indent=4, sort_keys=True) Link = "https://" + Current_Response['Domain'] if Current_Response['Domain'] not in Cached_Data and Current_Response['Domain'] not in Data_to_Cache and Current_Step < int(Limit): Output_file = General.Create_Query_Results_Output_File(Directory, Query, Local_Plugin_Name, JSON_Query_Response, "account", The_File_Extension) if Output_file: General.Connections(Output_file, Query, Local_Plugin_Name, Link, Current_Response['Domain'], "Data Leakage", Task_ID, General.Get_Title(Link), Local_Plugin_Name.lower()) Data_to_Cache.append(Current_Response['Domain']) Current_Step += 1 if Cached_Data: General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "a") else: General.Write_Cache(Directory, Data_to_Cache, Local_Plugin_Name, "w") else: logging.warning(General.Date() + " Invalid type provided.") except: logging.warning(General.Date() + " Execution error.")
def individual(files, resume): config.set("settings", "completedcsv", "0") if resume == False: config.set("settings", "totalcsvscanned", "0") config.write(open("settings.conf", "w")) files = files csvindex = 0 for fi in files: print(f'\nNow Scanning : {fi}') csvindex += 1 with open(fi, 'r') as f: data_frame = f.readlines() f.close() emails = re.findall(r"[a-z0-9\.\-+_]+@[a-z0-9\.\-+_]+\.[a-z]+", str(data_frame)) #emails = list(dict.fromkeys(emails)) columns = data_frame[0] breach_file = fi + '_breaches.csv' with open(breach_file, 'w') as f: f.write("Emails,Breaches,Breach Information,Paste Information," + columns) f.close() already_scanned = [] i = 0 for e in emails: i += 1 if e in already_scanned: pass else: print(f' +{e}') already_scanned.append(e) time.sleep(delay) resp = pyhibp.get_account_breaches(account=e, truncate_response=True) time.sleep(delay) pastes = pyhibp.get_pastes(email_address=e) if resp: breaches = f"Found in {len(resp)} Breaches" Breach_Informations = str(resp)[:32700] try: lines = [] for i in range(len(data_frame)): if e in data_frame[i]: lines.append(data_frame[i]) other_informations = lines[0].replace('\n', '') except Exception: other_informations = "" pas = f"Found in {len(pastes)} Pastes" with open(breach_file, 'a', encoding='UTF-8') as f: string = f"""{e},{breaches},"{Breach_Informations}",{pas},{other_informations}\n""" f.write(string) f.close() time.sleep(delay) if resume: config.set("settings", "totalcsvscanned", str(csvindex)) config.write(open("settings.conf", "w")) else: resume_count = int(config['settings']['totalcsvscanned']) config.set("settings", "totalcsvscanned", str(resume_count + 1)) config.write(open("settings.conf", "w")) per = percentage(csvindex, len(files)) print(f"{per}% Completed") config.set("settings", "completedcsv", "1") config.write(open("settings.conf", "w"))
def Search(Query_List, Task_ID, Type_of_Query, **kwargs): try: Data_to_Cache = [] Directory = General.Make_Directory(Concat_Plugin_Name) logger = logging.getLogger() logger.setLevel(logging.INFO) Log_File = General.Logging(Directory, Concat_Plugin_Name) handler = logging.FileHandler(os.path.join(Directory, Log_File), "w") handler.setLevel(logging.DEBUG) formatter = logging.Formatter("%(levelname)s - %(message)s") handler.setFormatter(formatter) logger.addHandler(handler) try: pyhibp.set_api_key(key=Load_Configuration()) except: logging.warning( f"{General.Date()} - {__name__.strip('plugins.')} - Failed to set API key, make sure it is set in the configuration file." ) Query_List = General.Convert_to_List(Query_List) Limit = General.Get_Limit(kwargs) if Type_of_Query == "email": Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name) for Query in Query_List: Query_Response = pyhibp.get_pastes(email_address=Query) logging.info(Query_Response) if Query_Response: Current_Domain = Query_Response[0]["Source"] ID = Query_Response[0]["Id"] Link = f"https://www.{Current_Domain}.com/{ID}" JSON_Query_Response = json.dumps(Query_Response, indent=4, sort_keys=True) if Link not in Cached_Data and Link not in Data_to_Cache: Output_file = General.Create_Query_Results_Output_File( Directory, Query, Plugin_Name, JSON_Query_Response, "email", The_File_Extension) if Output_file: Output_Connections = General.Connections( Query, Local_Plugin_Name, Domain, "Account", Task_ID, Local_Plugin_Name.lower()) Output_Connections.Output([Output_file], Link, General.Get_Title(Link), Concat_Plugin_Name) Data_to_Cache.append(Link) else: logging.warning( f"{General.Date()} - {__name__.strip('plugins.')} - Failed to create output file. File may already exist." ) General.Write_Cache(Directory, Cached_Data, Data_to_Cache, Plugin_Name) elif Type_of_Query == "breach": Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name) for Query in Query_List: Query_Response = pyhibp.get_single_breach(breach_name=Query) if Query_Response: Current_Domain = Query_Response["Domain"] Link = f"https://www.{Current_Domain}.com/" JSON_Query_Response = json.dumps(Query_Response, indent=4, sort_keys=True) if Link not in Cached_Data and Link not in Data_to_Cache: Output_file = General.Create_Query_Results_Output_File( Directory, Query, Local_Plugin_Name, JSON_Query_Response, "breach", The_File_Extension) if Output_file: Output_Connections = General.Connections( Query, Local_Plugin_Name, Domain, "Credentials", Task_ID, Local_Plugin_Name.lower()) Output_Connections.Output([Output_file], Link, General.Get_Title(Link), Concat_Plugin_Name) Data_to_Cache.append(Link) else: logging.warning( f"{General.Date()} - {__name__.strip('plugins.')} - Failed to create output file. File may already exist." ) General.Write_Cache(Directory, Cached_Data, Data_to_Cache, Plugin_Name) elif Type_of_Query == "password": Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name) for Query in Query_List: Query_Response = pw.is_password_breached(password=Query) logging.info(Query_Response) if Query_Response: Link = f"https://{Domain}/Passwords?{Query}" if Link not in Cached_Data and Link not in Data_to_Cache: Output_file = General.Create_Query_Results_Output_File( Directory, Query, Plugin_Name, str(Query_Response), "password", ".txt") if Output_file: Output_Connections = General.Connections( Query, Local_Plugin_Name, Domain, "Credentials", Task_ID, Local_Plugin_Name.lower()) Output_Connections.Output([Output_file], Link, General.Get_Title(Link), Concat_Plugin_Name) Data_to_Cache.append(Link) else: logging.warning( f"{General.Date()} - {__name__.strip('plugins.')} - Failed to create output file. File may already exist." ) General.Write_Cache(Directory, Cached_Data, Data_to_Cache, Plugin_Name) elif Type_of_Query == "account": Local_Plugin_Name = Plugin_Name + "-" + Type_of_Query Cached_Data = General.Get_Cache(Directory, Local_Plugin_Name) for Query in Query_List: Query_Response = pyhibp.get_account_breaches( account=Query, truncate_response=True) if Query_Response: Current_Step = 0 for Response in Query_Response: Current_Response = pyhibp.get_single_breach( breach_name=Response['Name']) JSON_Query_Response = json.dumps(Current_Response, indent=4, sort_keys=True) Link = "https://" + Current_Response['Domain'] if Current_Response[ 'Domain'] not in Cached_Data and Current_Response[ 'Domain'] not in Data_to_Cache and Current_Step < int( Limit): Output_file = General.Create_Query_Results_Output_File( Directory, Query, Local_Plugin_Name, JSON_Query_Response, "account", The_File_Extension) if Output_file: Output_Connections = General.Connections( Query, Local_Plugin_Name, Current_Response['Domain'], "Account", Task_ID, Local_Plugin_Name.lower()) Output_Connections.Output( [Output_file], Link, General.Get_Title(Link), Concat_Plugin_Name) Data_to_Cache.append( Current_Response['Domain']) else: logging.warning( f"{General.Date()} - {__name__.strip('plugins.')} - Failed to create output file. File may already exist." ) Current_Step += 1 General.Write_Cache(Directory, Cached_Data, Data_to_Cache, Plugin_Name) else: logging.warning( f"{General.Date()} - {__name__.strip('plugins.')} - Invalid type provided." ) except Exception as e: logging.warning( f"{General.Date()} - {__name__.strip('plugins.')} - {str(e)}")
def test_get_breaches_return_false_if_no_accounts(self): # get_account_breaches(account=TEST_PASSWORD_SHA1_HASH, domain=None, truncate_response=False, include_unverified=False): resp = pyhibp.get_account_breaches( account=TEST_NONEXISTENT_ACCOUNT_NAME) assert not resp assert isinstance(resp, bool)
def test_get_breaches_api_key_must_be_specified_or_raise(self): with pytest.raises(RuntimeError) as excinfo: # Will raise because an API key has not been set on this request. pyhibp.get_account_breaches(account=TEST_ACCOUNT) assert "A HIBP API key is required for this call. Call pyhibp.set_api_key(key=your_key) first." in str( excinfo.value)
# List of Breaches with included passwords (this is only a small amount of pages which are used by my users) pws = ['Adobe', 'LinkedIn', 'Dubsmash', 'Netlog', 'OnlinerSpambot', 'MyFitnessPal' 'Lastfm', 'MyHeritage', 'DVDShopCH', 'Evite', 'Dropbox', '8fit', 'ArmorGames', 'BTCE', 'Canva', 'CafePress', 'ShareThis', 'Coinmama', 'Trillian'] # read config file with open('config.json') as config_file: data = json.load(config_file) onlyPw=data['onlyPw'] # configure HIBP Agent pyhibp.set_user_agent(ua="Awesome application/0.0.1 (An awesome description)") pyhibp.set_api_key(key=data['api-key']) # check only one account if len(sys.argv) > 1: resp = pyhibp.get_account_breaches(account=sys.argv[1], truncate_response=True) if resp: print("Account ",sys.argv[1],"was hacked on these sites",resp) # check a whole list else: with open("list.txt") as f: list = f.read().splitlines() for user in list: resp = pyhibp.get_account_breaches(account=user, truncate_response=True) time.sleep(1.5) search=json.dumps(resp) # show only breaches with password if onlyPw: if any(x in search for x in pws): print("Account ",user.strip(),"password leaked by these site hacks",resp) # show all breaches
def test_raise_if_invalid_format_submitted(self): # For example, if a null (0x00) character is submitted to an endpoint. with pytest.raises(RuntimeError) as execinfo: pyhibp.get_account_breaches(account="\0") assert "HTTP 400" in str(execinfo.value)