def module_run(self, domains):
key = self.get_key('pwnedlist_api')
secret = self.get_key('pwnedlist_secret')
decrypt_key = secret[:16]
iv = self.get_key('pwnedlist_iv')
# setup the API call
url = 'https://api.pwnedlist.com/api/1/domains/query'
for domain in domains:
self.heading(domain, level=0)
payload = {'domain_identifier': domain, 'daysAgo': 0}
while True:
# build the payload
pwnedlist_payload = self.build_pwnedlist_payload(payload, 'domains.query', key, secret)
# make the request
resp = self.request(url, payload=pwnedlist_payload)
if resp.json: jsonobj = resp.json
else:
self.error('Invalid JSON response for \'%s\'.\n%s' % (domain, resp.text))
break
if len(jsonobj['accounts']) == 0:
self.output('No results returned for \'%s\'.' % (domain))
break
# extract the credentials
for cred in jsonobj['accounts']:
username = cred['plain']
password = aes_decrypt(cred['password'], decrypt_key, iv)
leak = cred['leak_id']
self.output('%s:%s' % (username, password))
self.add_credentials(username=username, password=password, leak=leak)
self.get_pwnedlist_leak(leak)
# paginate
if jsonobj['token']:
payload['token'] = jsonobj['token']
continue
break
def module_run(self, accounts):
key = self.keys.get('pwnedlist_api')
secret = self.keys.get('pwnedlist_secret')
decrypt_key = secret[:16]
iv = self.keys.get('pwnedlist_iv')
# setup the API call
url = 'https://api.pwnedlist.com/api/1/accounts/query'
# build the payload
payload = {'account_identifier': ','.join(accounts), 'daysAgo': 0}
payload = self.build_pwnedlist_payload(payload, 'accounts.query', key, secret)
# make the request
resp = self.request(url, payload=payload)
if resp.json: jsonobj = resp.json
else:
self.error('Invalid JSON response.\n%s' % (resp.text))
return
if len(jsonobj['results']) == 0:
self.output('No results returned.')
else:
# extract the credentials
for cred in jsonobj['results']:
username = cred['plain']
password = aes_decrypt(cred['password'], decrypt_key, iv)
leak = cred['leak_id']
self.add_credentials(username=username, password=password, leak=leak)
self.add_leaks(mute=True, **self.get_pwnedlist_leak(leak))
self.query('DELETE FROM credentials WHERE username = \'%s\' and password IS NULL and hash IS NULL' % (username))
def module_run(self, accounts):
key = self.get_key('pwnedlist_api')
secret = self.get_key('pwnedlist_secret')
decrypt_key = secret[:16]
iv = self.get_key('pwnedlist_iv')
# setup the API call
url = 'https://api.pwnedlist.com/api/1/accounts/query'
# build the payload
payload = {'account_identifier': ','.join(accounts), 'daysAgo': 0}
payload = self.build_pwnedlist_payload(payload, 'accounts.query', key,
secret)
# make the request
resp = self.request(url, payload=payload)
if resp.json: jsonobj = resp.json
else:
self.error('Invalid JSON response.\n%s' % (resp.text))
return
if len(jsonobj['results']) == 0:
self.output('No results returned.')
else:
# extract the credentials
for cred in jsonobj['results']:
username = cred['plain']
password = aes_decrypt(cred['password'], decrypt_key, iv)
leak = cred['leak_id']
self.output('%s:%s' % (username, password))
self.add_credentials(username=username,
password=password,
leak=leak)
self.get_pwnedlist_leak(leak)
self.query(
'DELETE FROM credentials WHERE username = \'%s\' and password IS NULL and hash IS NULL'
% (username))
def module_run(self, domains):
key = self.get_key('pwnedlist_api')
secret = self.get_key('pwnedlist_secret')
decrypt_key = secret[:16]
iv = self.get_key('pwnedlist_iv')
# setup the API call
url = 'https://api.pwnedlist.com/api/1/domains/query'
for domain in domains:
self.heading(domain, level=0)
payload = {'domain_identifier': domain, 'daysAgo': 0}
while True:
# build the payload
pwnedlist_payload = self.build_pwnedlist_payload(payload, 'domains.query', key, secret)
# make the request
resp = self.request(url, payload=pwnedlist_payload)
if resp.json: jsonobj = resp.json
else:
self.error('Invalid JSON response for \'%s\'.\n%s' % (domain, resp.text))
break
if len(jsonobj['accounts']) == 0:
self.output('No results returned for \'%s\'.' % (domain))
break
# extract the credentials
for cred in jsonobj['accounts']:
username = cred['plain']
password = aes_decrypt(cred['password'], decrypt_key, iv)
leak = cred['leak_id']
self.add_credentials(username=username, password=password, leak=leak)
self.add_leaks(mute=True, **self.get_pwnedlist_leak(leak))
# paginate
if jsonobj['token']:
payload['token'] = jsonobj['token']
continue
break
