def main(params=None): """ Main function to launch phonefy. The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `getParser()`. Args: ----- params: A list with the parameters as grabbed by the terminal. It is None when this is called by an entry_point. Results: -------- list: Returns a list with i3visio entities. """ # Grabbing the parser parser = getParser() if params != None: args = parser.parse_args(params) else: args = parser.parse_args() results = [] if not args.quiet: print(general.title(banner.text)) sayingHello = """ checkfy | Copyright (C) F. Brezo and Y. Rubio (i3visio) 2018 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit """ + general.LICENSE_URL + "\n" print(general.title(sayingHello)) if args.license: general.showLicense() else: # Processing the options returned to remove the "all" option if args.nicks: emails = createEmails(nicks=args.nicks) else: # nicks_file emails = createEmails(nicksFile=args.nicks_file) # Showing the execution time... if not args.quiet: startTime= dt.datetime.now() print(str(startTime) + "\tTrying to identify possible emails " + general.emphasis(str(len(emails))) + " email(s)... Relax!\n") print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) print(args.pattern) if args.type == "twitter": pattern = args.pattern.replace(".", "\.") pattern = pattern.replace("*", ".") pattern = "^{}$".format(pattern) elif args.type == "regexp": pattern = args.pattern # Perform searches, using different Threads results = verifyEmails(emails, pattern) # Sorting list results.sort() print("\nProcess finished.") print("\nValidated emails:\n") print(general.success(json.dumps(results, indent=2, sort_keys=True))) print("\nUp to " + general.emphasis(str(len(results))) + " possible emails foundd.\n") # Trying to store the information recovered if args.output_folder != None: if not os.path.exists(args.output_folder): os.makedirs(args.output_folder) outputPath = os.path.join(args.output_folder, "possible_emails.txt") print("Writing the results onto the file:\n\t" + general.emphasis(outputPath)) with open(outputPath, "w") as oF: for r in results: oF.write(r+"\n") # Showing the execution time... if not args.quiet: # Showing the execution time... endTime= dt.datetime.now() print("\n" + str(endTime) +"\tFinishing execution...\n") print("Total time used:\t" + general.emphasis(str(endTime-startTime))) print("Average seconds/query:\t" + general.emphasis(str((endTime-startTime).total_seconds()/len(emails))) +" seconds\n") # Urging users to place an issue on Github... print(banner.footer) if params: return results
def main(params=None): """ Main function to launch phonefy. The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `getParser()`. Args: ----- params: A list with the parameters as grabbed by the terminal. It is None when this is called by an entry_point. Results: -------- Returns a list with i3visio entities. """ # Grabbing the parser parser = getParser() if params != None: args = parser.parse_args(params) else: args = parser.parse_args() results = [] # Recovering the logger # Calling the logger when being imported logSet.setupLogger(loggerName="osrframework.entify", verbosity=args.verbose, logFolder=args.logfolder) # From now on, the logger can be recovered like this: logger = logging.getLogger("osrframework.entify") logger.info("Selecting the regular expressions to be analysed...") if not args.quiet: print(general.title(banner.text)) sayingHello = """ Entify | Copyright (C) F. Brezo and Y. Rubio (i3visio) 2015-2018 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit """ + general.LICENSE_URL + "\n" print(general.info(sayingHello)) if args.license: general.showLicense() else: listRegexp = [] if args.regexp: listRegexp = regexp_selection.getRegexpsByName(args.regexp) elif args.new_regexp: for i, r in enumerate(args.new_regexp): listRegexp.append( RegexpObject(name="NewRegexp" + str(i), reg_exp=args.new_regexp)) if not args.web: results = scanFolderForRegexp(folder=args.input_folder, listRegexp=listRegexp, recursive=args.recursive, verbosity=args.verbose, logFolder=args.logfolder, quiet=args.quiet) else: results = scanResource(uri=args.web, listRegexp=listRegexp, verbosity=args.verbose, logFolder=args.logfolder) logger.info("Logging the results:\n" + json.dumps(results, indent=2, sort_keys=True)) # Trying to store the information recovered if args.output_folder != None: # Verifying an output folder was selected logger.debug("Preparing the output folder...") if not os.path.exists(args.output_folder): logger.warning( "The output folder \'" + args.output_folder + "\' does not exist. The system will try to create it.") os.makedirs(args.output_folder) # Grabbing the results fileHeader = os.path.join(args.output_folder, args.file_header) for ext in args.extension: # Generating output files general.exportUsufy(results, ext, fileHeader) # Showing the information gathered if requested if not args.quiet: now = dt.datetime.now() print( str(now) + "\tA summary of the results obtained are shown in the following table:\n" ) print(general.success(general.usufyToTextExport(results))) now = dt.datetime.now() print( str(now) + "\tYou can find all the information collected in the following files:" ) for ext in args.extension: # Showing the output files print("\t-" + general.emphasis(fileHeader + "." + ext)) # Urging users to place an issue on Github... print(banner.footer) if params: return results
def scanFolderForRegexp(folder=None, listRegexp=None, recursive=False, verbosity=1, logFolder="./logs", quiet=False): """ [Optionally] recursive method to scan the files in a given folder. Args: ----- folder: the folder to be scanned. listRegexp: listRegexp is an array of <RegexpObject>. recursive: when True, it performs a recursive search on the subfolders. Returns: -------- list: Available objects containing the expressions found in the provided data. An example of the returned data is as follows: ``` [ { "attributes": [], "type": "i3visio.email", "value": "*****@*****.**" }, { "attributes": [], "type": "i3visio.email", "value": "*****@*****.**" } ] ``` """ logSet.setupLogger(loggerName="osrframework.entify", verbosity=verbosity, logFolder=logFolder) logger = logging.getLogger("osrframework.entify") logger.info("Scanning the folder: " + folder) results = [] #onlyfiles = [] #for f in listdir(args.input_folder): # if isfile(join(args.input_folder, f)): # onlyfiles.append(f) onlyfiles = [f for f in listdir(folder) if isfile(join(folder, f))] for i, f in enumerate(onlyfiles): filePath = join(folder, f) logger.debug("Looking for regular expressions in: " + filePath) if not quiet: print( str(i) + "/" + str(len(onlyfiles)) + "\tLooking for regular expressions in: " + filePath) with open(filePath, "r") as tempF: # reading data foundExpr = getEntitiesByRegexp(data=tempF.read(), listRegexp=listRegexp) logger.debug("Updating the " + str(len(foundExpr)) + " results found on: " + filePath) aux = {} aux["type"] = "i3visio.uri" aux["value"] = filePath aux["attributes"] = foundExpr results.append(aux) if recursive: onlyfolders = [f for f in listdir(folder) if isdir(join(folder, f))] for f in onlyfolders: folderPath = join(folder, f) logger.debug("Looking for additional in the folder: " + folderPath) results.update( scanFolderForRegexp(folder=folderPath, listRegexp=listRegexp, recursive=recursive)) # Printing the information if not in quiet mode if not quiet: print(general.success(json.dumps(results, indent=2))) return results
def main(params=None): """ Main function to launch phonefy. The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `getParser()`. Args: ----- params: A list with the parameters as grabbed by the terminal. It is None when this is called by an entry_point. Results: -------- list: Returns a list with i3visio entities. """ # Grabbing the parser parser = getParser() if params != None: args = parser.parse_args(params) else: args = parser.parse_args() results = [] if not args.quiet: print(general.title(banner.text)) sayingHello = """ Domainfy | Copyright (C) F. Brezo and Y. Rubio (i3visio) 2016-2018 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit """ + general.LICENSE_URL + "\n" print(general.title(sayingHello)) if args.license: general.showLicense() else: # Processing the options returned to remove the "all" option tlds = [] if "all" in args.tlds: for typeTld in TLD.keys(): for tld in TLD[typeTld]: if tld not in args.exclude: tlds.append({ "tld" : tld, "type" : typeTld }) elif "none" in args.tlds: pass else: for typeTld in TLD.keys(): if typeTld in args.tlds: for tld in TLD[typeTld]: if tld not in args.exclude: tlds.append({ "tld" : tld, "type" : typeTld }) for new in args.user_defined: if new not in args.exclude: tlds.append({"tld": new, "type": "user_defined"}) if args.nicks: domains = createDomains(tlds, nicks=args.nicks) else: # nicks_file domains = createDomains(tlds, nicksFile=args.nicks_file) # Showing the execution time... if not args.quiet: startTime= dt.datetime.now() print(str(startTime) + "\tTrying to identify the existence of " + general.emphasis(str(len(domains))) + " domain(s)... Relax!\n") print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) # Perform searches, using different Threads results = performSearch(domains, args.threads, args.whois) # Trying to store the information recovered if args.output_folder != None: if not os.path.exists(args.output_folder): os.makedirs(args.output_folder) # Grabbing the results fileHeader = os.path.join(args.output_folder, args.file_header) for ext in args.extension: # Generating output files general.exportUsufy(results, ext, fileHeader) # Showing the information gathered if requested if not args.quiet: print("A summary of the results obtained is shown in the following table:\n") try: print(general.success(general.usufyToTextExport(results))) except: print(general.warning("\nSomething happened when exporting the results. The Json will be shown instead:\n")) print(general.warning(json.dumps(results, indent=2))) now = dt.datetime.now() print("\n" + str(now) + "\tYou can find all the information collected in the following files:") for ext in args.extension: # Showing the output files print("\t" + general.emphasis(fileHeader + "." + ext)) # Showing the execution time... if not args.quiet: # Showing the execution time... endTime= dt.datetime.now() print("\n" + str(endTime) +"\tFinishing execution...\n") print("Total time used:\t" + general.emphasis(str(endTime-startTime))) print("Average seconds/query:\t" + general.emphasis(str((endTime-startTime).total_seconds()/len(domains))) +" seconds\n") # Urging users to place an issue on Github... print(banner.footer) if params: return results
def main(params=None): """ Main function to launch phonefy. The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `getParser()`. Args: ----- params: A list with the parameters as grabbed by the terminal. It is None when this is called by an entry_point. Returns: -------- A list of i3visio entities. """ # Grabbing the parser parser = getParser() if params != None: args = parser.parse_args(params) else: args = parser.parse_args() results = [] if not args.quiet: print(general.title(banner.text)) sayingHello = """ Phonefy | Copyright (C) F. Brezo and Y. Rubio (i3visio) 2014-2018 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit """ + general.LICENSE_URL + "\n" print(general.title(sayingHello)) if args.license: general.showLicense() else: # Showing the execution time... startTime = dt.datetime.now() #TODO: Get the number searchable platforms in this context print( str(startTime) + "\tStarting search in different platform(s)... Relax!\n") print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) try: results = processPhoneList(platformNames=args.platforms, numbers=args.numbers, excludePlatformNames=args.exclude) except KeyboardInterrupt: print( general.error( "\n[!] Process manually stopped by the user. Workers terminated without providing any result.\n" )) # Trying to store the information recovered if args.output_folder != None: # Verifying an output folder was selected if not os.path.exists(args.output_folder): os.makedirs(args.output_folder) # Grabbing the results fileHeader = os.path.join(args.output_folder, args.file_header) for ext in args.extension: # Generating output files general.exportUsufy(results, ext, fileHeader) # Showing the information gathered if requested if not args.quiet: now = dt.datetime.now() print( str(now) + "\tA summary of the results obtained are shown in the following table:\n" ) print(general.success(general.usufyToTextExport(results))) if args.web_browser: general.openResultsInBrowser(results) now = dt.datetime.now() print( "\n" + str(now) + "\tYou can find all the information collected in the following files:" ) for ext in args.extension: # Showing the output files print("\t" + general.emphasis(fileHeader + "." + ext)) # Showing the execution time... endTime = dt.datetime.now() print("\n" + str(endTime) + "\tFinishing execution...\n") print("Total time consumed:\t" + general.emphasis(str(endTime - startTime)) + "\n") #TODO: Get the number searchable platforms in this context #print("Average seconds/query:\t" + general.emphasis(str((endTime-startTime).total_seconds()/len(listPlatforms))) +" seconds\n") # Urging users to place an issue on Github... print(banner.footer) if params: return results
def main(params=None): """ Main function to launch usufy. The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `getParser()`. Args: ----- params: A list with the parameters as grabbed by the terminal. It is None when this is called by an entry_point. Returns: -------- dict: A Json representing the matching results. """ # Grabbing the parser parser = getParser() if params != None: args = parser.parse_args(params) else: args = parser.parse_args() # Recovering the logger # Calling the logger when being imported osrframework.utils.logger.setupLogger(loggerName="osrframework.usufy", verbosity=args.verbose, logFolder=args.logfolder) # From now on, the logger can be recovered like this: logger = logging.getLogger("osrframework.usufy") print(general.title(banner.text)) sayingHello = """ Usufy | Copyright (C) F. Brezo and Y. Rubio (i3visio) 2014-2018 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit """ + general.LICENSE_URL + "\n" logger.info(sayingHello) print(general.title(sayingHello)) logger.info("Starting usufy...") if args.license: general.showLicense() elif args.fuzz: logger.info("Performing the fuzzing tasks...") res = fuzzUsufy(args.fuzz, args.fuzz_config) logger.info("Recovered platforms:\n" + str(res)) else: logger.debug("Recovering the list of platforms to be processed...") # Recovering the list of platforms to be launched listPlatforms = platform_selection.getPlatformsByName( platformNames=args.platforms, tags=args.tags, mode="usufy", excludePlatformNames=args.exclude) logger.debug("Platforms recovered.") if args.info: # Information actions... if args.info == 'list_platforms': infoPlatforms = "Listing the platforms:\n" for p in listPlatforms: infoPlatforms += "\t\t" + (str(p) + ": ").ljust( 16, ' ') + str(p.tags) + "\n" logger.info(infoPlatforms) return infoPlatforms elif args.info == 'list_tags': logger.info("Listing the tags:") tags = {} # Going through all the selected platforms to get their tags for p in listPlatforms: for t in p.tags: if t not in tags.keys(): tags[t] = 1 else: tags[t] += 1 infoTags = "List of tags:\n" # Displaying the results in a sorted list for t in tags.keys(): infoTags += "\t\t" + (t + ": ").ljust(16, ' ') + str( tags[t]) + " time(s)\n" logger.info(infoTags) return infoTags else: pass # performing the test elif args.benchmark: logger.warning( "The benchmark mode may last some minutes as it will be performing similar queries to the ones performed by the program in production. " ) logger.info("Launching the benchmarking tests...") platforms = platform_selection.getAllPlatformNames("usufy") res = benchmark.doBenchmark(platforms) strTimes = "" for e in sorted(res.keys()): strTimes += str(e) + "\t" + str(res[e]) + "\n" logger.info(strTimes) return strTimes # showing the tags of the usufy platforms elif args.show_tags: logger.info("Collecting the list of tags...") tags = platform_selection.getAllPlatformNamesByTag("usufy") logger.info(json.dumps(tags, indent=2)) print( general.info( "This is the list of platforms grouped by tag.\n")) print(json.dumps(tags, indent=2, sort_keys=True)) print( general.info( "[Tip] Remember that you can always launch the platform using the -t option followed by any of the aforementioned.\n" )) return tags # Executing the corresponding process... else: # Showing the execution time... startTime = dt.datetime.now() print( str(startTime) + "\tStarting search in " + general.emphasis(str(len(listPlatforms))) + " platform(s)... Relax!\n") print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) # Defining the list of users to monitor nicks = [] logger.debug("Recovering nicknames to be processed...") if args.nicks: for n in args.nicks: # TO-DO # A trick to avoid having the processing of the properties when being queried by Maltego if "properties.i3visio" not in n: nicks.append(n) else: # Reading the nick files try: nicks = args.list.read().splitlines() except: logger.error( "ERROR: there has been an error when opening the file that stores the nicks.\tPlease, check the existence of this file." ) # Definning the results res = [] if args.output_folder != None: # if Verifying an output folder was selected logger.debug("Preparing the output folder...") if not os.path.exists(args.output_folder): logger.warning( "The output folder \'" + args.output_folder + "\' does not exist. The system will try to create it.") os.makedirs(args.output_folder) # Launching the process... res = processNickList(nicks, listPlatforms, args.output_folder, avoidProcessing=args.avoid_processing, avoidDownload=args.avoid_download, nThreads=args.threads, verbosity=args.verbose, logFolder=args.logfolder) else: try: res = processNickList(nicks, listPlatforms, nThreads=args.threads, verbosity=args.verbose, logFolder=args.logfolder) except Exception as e: print( general.error( "Exception grabbed when processing the nicks: " + str(e))) print(general.error(traceback.print_stack())) logger.info("Listing the results obtained...") # We are going to iterate over the results... strResults = "\t" # Structure returned """ [ { print "attributes": [ { "attributes": [], "type": "i3visio.uri", "value": "http://twitter.com/i3visio" }, { "attributes": [], "type": "i3visio.alias", "value": "i3visio" }, { "attributes": [], "type": "i3visio.platform", "value": "Twitter" } ], "type": "i3visio.profile", "value": "Twitter - i3visio" } , ... ] """ for r in res: # The format of the results (attributes) for a given nick is a list as follows: for att in r["attributes"]: # iterating through the attributes platform = "" uri = "" for details in att["attributes"]: if details["type"] == "i3visio.platform": platform = details["value"] if details["type"] == "i3visio.uri": uri = details["value"] try: strResults += (str(platform) + ":").ljust( 16, ' ') + " " + str(uri) + "\n\t\t" except: pass logger.info(strResults) # Generating summary files for each ... if args.extension: # Storing the file... logger.info("Creating output files as requested.") # Verifying if the outputPath exists if not os.path.exists(args.output_folder): logger.warning( "The output folder \'" + args.output_folder + "\' does not exist. The system will try to create it.") os.makedirs(args.output_folder) # Grabbing the results fileHeader = os.path.join(args.output_folder, args.file_header) # Iterating through the given extensions to print its values for ext in args.extension: # Generating output files general.exportUsufy(res, ext, fileHeader) now = dt.datetime.now() print( str(now) + "\tA summary of the results obtained is shown below:\n") print(general.success(general.usufyToTextExport(res))) if args.web_browser: general.openResultsInBrowser(res) now = dt.datetime.now() print("\n" + str(now) + "\tYou can find all the information here:") for ext in args.extension: # Showing the output files print("\t" + general.emphasis(fileHeader + "." + ext)) # Showing the execution time... endTime = dt.datetime.now() print("\n" + str(endTime) + "\tFinishing execution...\n") print("Total time consumed:\t" + general.emphasis(str(endTime - startTime))) print("Average seconds/query:\t" + general.emphasis( str((endTime - startTime).total_seconds() / len(listPlatforms))) + " seconds\n") # Urging users to place an issue on Github... print(banner.footer) if params: return res
def main(params=None): """ Main function to launch phonefy. The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `getParser()`. Args: ----- params: A list with the parameters as grabbed by the terminal. It is None when this is called by an entry_point. If it is called by osrf the data is already parsed. Returns: -------- A list of i3visio entities. """ if params == None: parser = getParser() args = parser.parse_args(params) else: args = params results = [] if not args.quiet: print(general.title(banner.text)) sayingHello = """ Mailfy | Copyright (C) Yaiza Rubio & Félix Brezo (i3visio) 2014-2018 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit <{}>. """.format(general.LICENSE_URL) print(general.info(sayingHello)) # Displaying a warning if this is being run in a windows system if sys.platform == 'win32': print( general.warning( """OSRFramework has detected that you are running mailfy.py in a Windows system. As the "emailahoy" library is NOT working properly there, "validate_email" will be used instead. Verification may be slower though.""")) if args.license: general.showLicense() else: # processing only the given domains and excluding the ones provided extra_domains = [] for d in args.domains: if d not in args.exclude and not d == "all": extra_domains.append(d) # Two different arrays are mantained since there are some domains that cannot be safely verified if args.create_emails: potentially_existing_emails = grabEmails( nicksFile=args.create_emails, domains=EMAIL_DOMAINS + extra_domains, excludeDomains=args.exclude) potentially_leaked_emails = grabEmails( nicksFile=args.create_emails, domains=LEAKED_DOMAINS + extra_domains, excludeDomains=args.exclude) else: potentially_existing_emails = grabEmails( emails=args.emails, emailsFile=args.emails_file, nicks=args.nicks, nicksFile=args.nicks_file, domains=EMAIL_DOMAINS + extra_domains, excludeDomains=args.exclude) potentially_leaked_emails = grabEmails(emails=args.emails, emailsFile=args.emails_file, nicks=args.nicks, nicksFile=args.nicks_file, domains=LEAKED_DOMAINS + extra_domains, excludeDomains=args.exclude) emails = list( set(potentially_leaked_emails + potentially_existing_emails)) # Showing the execution time... if not args.quiet: startTime = dt.datetime.now() print("{}\tStarting search of {} different emails:\n{}\n".format( str(startTime), general.emphasis(str(len(emails))), json.dumps(emails, indent=2, sort_keys=True))) if not args.quiet: now = dt.datetime.now() print( "\n{}\tStep 1. Trying to determine if the emails provided do exist...\n" .format(str(now))) print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) # Perform searches, using different Threads results = performSearch(potentially_existing_emails, nThreads=args.threads) if not args.quiet: now = dt.datetime.now() print( "\n{}\tStep 2. Checking if the emails have been used to register socialmedia accounts...\n" .format(str(now))) print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) registered = processMailList(platformNames=args.platforms, emails=potentially_existing_emails) results += registered if not args.quiet: if len(results) > 0: for r in registered: print("\t[*] Registered account found: {}".format( general.success(r["value"]))) else: print("\t[*] Registered account found: {}".format( general.error("None"))) now = dt.datetime.now() print( "\n{}\tStep 3. Verifying if the provided emails have been leaked somewhere?\n" .format(str(now))) print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) # Verify the existence of the mails found as leaked emails. for query in potentially_leaked_emails: # Iterate through the different leak platforms leaks = hibp.checkIfEmailWasHacked(query) if len(leaks) > 0: if not args.quiet: if len(leaks) > 0: print( "\t[*] '{}' has been found in at least {} different leaks." .format(general.success(query), general.success(str(len(leaks))))) else: print("\t[*] '{}' has NOT been found in any leak.". format(general.error(query))) else: if not args.quiet: print("\t[*] '{}' has NOT been found on any leak yet.". format(general.error(query))) results += leaks # Trying to store the information recovered if args.output_folder != None: if not os.path.exists(args.output_folder): os.makedirs(args.output_folder) # Grabbing the results fileHeader = os.path.join(args.output_folder, args.file_header) for ext in args.extension: # Generating output files general.exportUsufy(results, ext, fileHeader) # Showing the information gathered if requested if not args.quiet: now = dt.datetime.now() print("\n{}\tResults obtained:\n".format(str(now))) print(general.success(general.usufyToTextExport(results))) now = dt.datetime.now() print( "\n" + str(now) + "\tYou can find all the information collected in the following files:" ) for ext in args.extension: # Showing the output files print(general.emphasis("\t" + fileHeader + "." + ext)) # Showing the execution time... if not args.quiet: endTime = dt.datetime.now() print("\n" + str(endTime) + "\tFinishing execution...\n") print("Total time used:\t" + general.emphasis(str(endTime - startTime))) print("Average seconds/query:\t" + general.emphasis( str((endTime - startTime).total_seconds() / len(emails))) + " seconds\n") if not args.quiet: # Urging users to place an issue on Github... print(banner.footer) if params: return results
def main(params=None): """ain function to launch usufy The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `get_parser()`. Args: params: A list with the parameters as grabbed by the terminal. It is None when this is called by an entry_point. If it is called by osrf the data is already parsed. Returns: dict: A Json representing the matching results. """ if params is None: parser = get_parser() args = parser.parse_args(params) else: args = params print(general.title(banner.text)) saying_hello = f""" Usufy | Copyright (C) Yaiza Rubio & Félix Brezo (i3visio) 2014-2020 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit <{general.LICENSE_URL}>. """ print(general.info(saying_hello)) if args.fuzz: res = fuzzUsufy(args.fuzz, args.fuzz_config) else: # Recovering the list of platforms to be launched list_platforms = platform_selection.get_platforms_by_name( platform_names=args.platforms, tags=args.tags, mode="usufy", exclude_platform_names=args.exclude) if args.info: # Information actions... if args.info == 'list_platforms': info_platforms = "Listing the platforms:\n" for p in list_platforms: info_platforms += "\t\t" + (str(p) + ": ").ljust( 16, ' ') + str(p.tags) + "\n" return info_platforms elif args.info == 'list_tags': tags = {} # Going through all the selected platforms to get their tags for p in list_platforms: for t in p.tags: if t not in tags.keys(): tags[t] = 1 else: tags[t] += 1 info_tags = "List of tags:\n" # Displaying the results in a sorted list for t in tags.keys(): info_tags += "\t\t" + (t + ": ").ljust(16, ' ') + str( tags[t]) + " time(s)\n" return info_tags else: pass # performing the test elif args.benchmark: platforms = platform_selection.get_all_platform_names("usufy") res = benchmark.do_benchmark(platforms) str_times = "" for e in sorted(res.keys()): str_times += str(e) + "\t" + str(res[e]) + "\n" return str_times # showing the tags of the usufy platforms elif args.show_tags: tags = platform_selection.get_all_platform_names_by_tag("usufy") print( general.info( "This is the list of platforms grouped by tag.\n")) print(json.dumps(tags, indent=2, sort_keys=True)) print( general.info( "[Tip] Remember that you can always launch the platform using the -t option followed by any of the aforementioned.\n" )) # Executing the corresponding process... else: # Showing the execution time... start_time = dt.datetime.now() print( f"{start_time}\tStarting search in {general.emphasis(str(len(list_platforms)))} platform(s)... Relax!\n" ) print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) # Defining the list of users to monitor nicks = [] if args.nicks: for n in args.nicks: nicks.append(n) else: # Reading the nick files try: nicks = args.list.read().splitlines() except: print( general.error( "ERROR: there has been an error when opening the file that stores the nicks.\tPlease, check the existence of this file." )) # Definning the results res = [] if args.output_folder != None: # if Verifying an output folder was selected if not os.path.exists(args.output_folder): os.makedirs(args.output_folder) # Launching the process... res = process_nick_list(nicks, list_platforms, args.output_folder, avoidProcessing=args.avoid_processing, avoidDownload=args.avoid_download, nThreads=args.threads, verbosity=args.verbose, logFolder=args.logfolder) else: try: res = process_nick_list(nicks, list_platforms, nThreads=args.threads, verbosity=args.verbose, logFolder=args.logfolder) except Exception as e: print( general.error( "Exception grabbed when processing the nicks: " + str(e))) print(general.error(traceback.print_stack())) # We are going to iterate over the results... str_results = "\t" # Structure returned """ [ { "attributes": [ { "attributes": [], "type": "com.i3visio.URI", "value": "http://twitter.com/i3visio" }, { "attributes": [], "type": "com.i3visio.Alias", "value": "i3visio" }, { "attributes": [], "type": "com.i3visio.Platform", "value": "Twitter" } ], "type": "com.i3visio.Profile", "value": "Twitter - i3visio" } , ... ] """ for r in res: # The format of the results (attributes) for a given nick is a list as follows: for att in r["attributes"]: # iterating through the attributes platform = "" uri = "" for details in att["attributes"]: if details["type"] == "com.i3visio.Platform": platform = details["value"] if details["type"] == "com.i3visio.URI": uri = details["value"] try: str_results += (str(platform) + ":").ljust( 16, ' ') + " " + str(uri) + "\n\t\t" except: pass # Generating summary files for each ... if args.extension: # Verifying if the outputPath exists if not os.path.exists(args.output_folder): os.makedirs(args.output_folder) # Grabbing the results file_header = os.path.join(args.output_folder, args.file_header) # Iterating through the given extensions to print its values for ext in args.extension: # Generating output files general.export_usufy(res, ext, file_header) now = dt.datetime.now() print( f"\n{now}\tResults obtained ({general.emphasis(len(res))}):\n") print(general.success(general.osrf_to_text_export(res))) if args.web_browser: general.open_results_in_browser(res) now = dt.datetime.now() print("\n" + str(now) + "\tYou can find all the information here:") for ext in args.extension: # Showing the output files print("\t" + general.emphasis(file_header + "." + ext)) # Showing the execution time... end_time = dt.datetime.now() print(f"\n{end_time}\tFinishing execution...\n") print("Total time consumed:\t" + general.emphasis(str(end_time - start_time))) print("Average seconds/query:\t" + general.emphasis( str((end_time - start_time).total_seconds() / len(list_platforms))) + " seconds\n") # Urging users to place an issue on Github... print(banner.footer) if params: return res
def fuzzUsufy(fDomains=None, fFuzzStruct=None): """ Method to guess the usufy path against a list of domains or subdomains. Args: ----- fDomains: A list to strings containing the domains and (optionally) a nick. fFuzzStruct: A list to strings containing the transforms to be performed. Returns: -------- dict: A dictionary of the form of `{"domain": "url"}`. """ logger = logging.getLogger("osrframework.usufy") if fFuzzStruct == None: # Loading these structures by default fuzzingStructures = [ "http://<DOMAIN>/<USERNAME>", "http://<DOMAIN>/~<USERNAME>", "http://<DOMAIN>/?action=profile;user=<USERNAME>", "http://<DOMAIN>/causes/author/<USERNAME>", "http://<DOMAIN>/channel/<USERNAME>", "http://<DOMAIN>/community/profile/<USERNAME>", "http://<DOMAIN>/component/comprofiler/userprofiler/<USERNAME>", "http://<DOMAIN>/details/@<USERNAME>", "http://<DOMAIN>/foros/member.php?username=<USERNAME>", "http://<DOMAIN>/forum/member/<USERNAME>", "http://<DOMAIN>/forum/member.php?username=<USERNAME>", "http://<DOMAIN>/forum/profile.php?mode=viewprofile&u=<USERNAME>", "http://<DOMAIN>/home/<USERNAME>", "http://<DOMAIN>/index.php?action=profile;user=<USERNAME>", "http://<DOMAIN>/member_profile.php?u=<USERNAME>", "http://<DOMAIN>/member.php?username=<USERNAME>", "http://<DOMAIN>/members/?username=<USERNAME>", "http://<DOMAIN>/members/<USERNAME>", "http://<DOMAIN>/members/view/<USERNAME>", "http://<DOMAIN>/mi-espacio/<USERNAME>", "http://<DOMAIN>/u<USERNAME>", "http://<DOMAIN>/u/<USERNAME>", "http://<DOMAIN>/user-<USERNAME>", "http://<DOMAIN>/user/<USERNAME>", "http://<DOMAIN>/user/<USERNAME>.html", "http://<DOMAIN>/users/<USERNAME>", "http://<DOMAIN>/usr/<USERNAME>", "http://<DOMAIN>/usuario/<USERNAME>", "http://<DOMAIN>/usuarios/<USERNAME>", "http://<DOMAIN>/en/users/<USERNAME>", "http://<DOMAIN>/people/<USERNAME>", "http://<DOMAIN>/profil/<USERNAME>", "http://<DOMAIN>/profile/<USERNAME>", "http://<DOMAIN>/profile/page/<USERNAME>", "http://<DOMAIN>/rapidforum/index.php?action=profile;user=<USERNAME>", "http://<DOMAIN>/social/usuarios/<USERNAME>", "http://<USERNAME>.<DOMAIN>", "http://<USERNAME>.<DOMAIN>/user/" ] else: try: fuzzingStructures = fFuzzStruct.read().splitlines() except: logger.error("Usufy could NOT open the following file: " + fFuzzStruct) res = {} lines = fDomains.read().splitlines() # Going through all the lines for l in lines: domain = l.split()[0] print("Performing tests for" + domain + "...") # selecting the number of nicks to be tested in this domain nick = l.split()[1] # Choosing the errors from the input file #errors = l.split('\t')[2:] # possibleURLs found possibleURL = [] for struct in fuzzingStructures: # initiating list urlToTry = struct.replace("<DOMAIN>", domain) test = urlToTry.replace("<USERNAME>", nick.lower()) print("Processing " + test + "...") i3Browser = browser.Browser() try: html = i3Browser.recoverURL(test) if nick in html: possibleURL.append(test) print(general.success("\tPossible usufy found!!!\n")) except: logger.error("The resource could not be downloaded.") res[domain] = possibleURL print(json.dumps(res, indent=2)) return res
def main(params=None): """Main function to launch mailfy The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `get_parser()`. Args: params: A list with the parameters as grabbed by the terminal. It is None when this is called by an entry_point. If it is called by osrf the data is already parsed. Returns: list. A list of i3visio entities. """ if params is None: parser = get_parser() args = parser.parse_args(params) else: args = params results = [] if not args.quiet: print(general.title(banner.text)) saying_hello = f""" Mailfy | Copyright (C) Yaiza Rubio & Félix Brezo (i3visio) 2014-2020 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit <{general.LICENSE_URL}>. """ print(general.info(saying_hello)) # Displaying a warning if this is being run in a windows system if sys.platform == 'win32': print( general.warning( """OSRFramework has detected that you are running mailfy in a Windows system. As the "emailahoy" library is NOT working properly there, "validate_email" will be used instead. Verification may be slower though.""")) if args.license: general.showLicense() else: # processing only the given domains and excluding the ones provided extra_domains = [] for d in args.domains: if d not in args.exclude and not d == "all": extra_domains.append(d) # Two different arrays are mantained since there are some domains that cannot be safely verified if args.create_emails: potentially_existing_emails = grab_emails( nicks_file=args.create_emails, domains=EMAIL_DOMAINS + extra_domains, exclude_domains=args.exclude) potentially_leaked_emails = grab_emails( nicks_file=args.create_emails, domains=LEAKED_DOMAINS + extra_domains, exclude_domains=args.exclude) else: potentially_existing_emails = grab_emails( emails=args.emails, emails_file=args.emails_file, nicks=args.nicks, nicks_file=args.nicks_file, domains=EMAIL_DOMAINS + extra_domains, exclude_domains=args.exclude) potentially_leaked_emails = grab_emails( emails=args.emails, emails_file=args.emails_file, nicks=args.nicks, nicks_file=args.nicks_file, domains=LEAKED_DOMAINS + extra_domains, exclude_domains=args.exclude) emails = list( set(potentially_leaked_emails + potentially_existing_emails)) if not args.quiet: start_time = dt.datetime.now() print( f"\n{start_time}\t{general.emphasis('Step 1/5')}. Trying to determine if any of the following {general.emphasis(str(len(potentially_existing_emails)))} emails exist using emailahoy3...\n{general.emphasis(json.dumps(potentially_existing_emails, indent=2))}\n" ) print( general.emphasis("\tPress <Ctrl + C> to skip this step...\n")) # Perform searches, using different Threads try: results = verify_with_emailahoy_step_1(potentially_existing_emails, num_threads=args.threads) except KeyboardInterrupt: print( general.warning("\tStep 1 manually skipped by the user...\n")) results = [] # Grabbing the <Platform> objects platforms = platform_selection.get_platforms_by_name(args.platforms, mode="mailfy") names = [p.platformName for p in platforms] if not args.quiet: now = dt.datetime.now() print( f"\n{now}\t{general.emphasis('Step 2/5')}. Checking if the emails have been used to register accounts in {general.emphasis(str(len(platforms)))} platforms...\n{general.emphasis(json.dumps(names, indent=2))}\n" ) print( general.emphasis("\tPress <Ctrl + C> to skip this step...\n")) try: registered = process_mail_list_step_2(platforms=platforms, emails=emails) except KeyboardInterrupt: print( general.warning("\tStep 2 manually skipped by the user...\n")) registered = [] results += registered if not args.quiet: if len(results) > 0: for r in registered: print( f"\t[*] Linked account found: {general.success(r['value'])}" ) else: print(f"\t[*] No account found.") now = dt.datetime.now() print( f"\n{now}\t{general.emphasis('Step 3/5')}. Verifying if the provided emails have been leaked somewhere using HaveIBeenPwned.com...\n" ) print( general.emphasis("\tPress <Ctrl + C> to skip this step...\n")) all_keys = config_api_keys.get_list_of_api_keys() try: # Verify the existence of the mails found as leaked emails. for query in potentially_leaked_emails: # Iterate through the different leak platforms leaks = hibp.check_if_email_was_hacked( query, api_key=all_keys["haveibeenpwned_com"]["api_key"]) if len(leaks) > 0: if not args.quiet: print( f"\t[*] '{general.success(query)}' has been found in at least {general.success(len(leaks))} different leaks." ) else: if not args.quiet: print( f"\t[*] '{general.error(query)}' has NOT been found on any leak yet." ) results += leaks except KeyError: # API_Key not found config_path = os.path.join( configuration.get_config_path()["appPath"], "api_keys.cfg") print( "\t[*] " + general.warning("No API found for HaveIBeenPwned") + f". Request one at <https://haveibeenpwned.com/API/Key> and add it to '{config_path}'." ) except KeyboardInterrupt: print( general.warning("\tStep 3 manually skipped by the user...\n")) if not args.quiet: now = dt.datetime.now() print( f"\n{now}\t{general.emphasis('Step 4/5')}. Verifying if the provided emails have been leaked somewhere using Dehashed.com...\n" ) print( general.emphasis("\tPress <Ctrl + C> to skip this step...\n")) try: # Verify the existence of the mails found as leaked emails. for query in emails: try: # Iterate through the different leak platforms leaks = dehashed.check_if_email_was_hacked(query) if len(leaks) > 0: if not args.quiet: print( f"\t[*] '{general.success(query)}' has been found in at least {general.success(len(leaks))} different leaks as shown by Dehashed.com." ) else: if not args.quiet: print( f"\t[*] '{general.error(query)}' has NOT been found on any leak yet." ) results += leaks except Exception as e: print( general.warning( f"Something happened when querying Dehashed.com about '{email}'. Omitting..." )) except KeyboardInterrupt: print( general.warning("\tStep 4 manually skipped by the user...\n")) if not args.quiet: now = dt.datetime.now() print( f"\n{now}\t{general.emphasis('Step 5/5')}. Verifying if the provided emails have registered a domain using ViewDNS.info...\n" ) print( general.emphasis("\tPress <Ctrl + C> to skip this step...\n")) try: # Verify the existence of the mails found as leaked emails. for query in potentially_leaked_emails: try: # Iterate through the different leak platforms domains = viewdns.check_reverse_whois(query) if len(domains) > 0: if not args.quiet: print( f"\t[*] '{general.success(query)}' has registered at least {general.success(len(domains))} different domains as shown by ViewDNS.info." ) else: if not args.quiet: print( f"\t[*] '{general.error(query)}' has NOT registered a domain yet." ) results += domains except Exception as e: print( general.warning( f"Something happened when querying Viewdns.info about '{query}'. Omitting..." )) except KeyboardInterrupt: print( general.warning("\tStep 5 manually skipped by the user...\n")) # Trying to store the information recovered if args.output_folder != None: if not os.path.exists(args.output_folder): os.makedirs(args.output_folder) # Grabbing the results fileHeader = os.path.join(args.output_folder, args.file_header) for ext in args.extension: # Generating output files general.export_usufy(results, ext, fileHeader) # Showing the information gathered if requested if not args.quiet: now = dt.datetime.now() print(f"\n{now}\tResults obtained:\n") print(general.success(general.osrf_to_text_export(results))) now = dt.datetime.now() print( f"\n{now}\tYou can find all the information collected in the following files:" ) for ext in args.extension: # Showing the output files print(general.emphasis("\t" + fileHeader + "." + ext)) # Showing the execution time... if not args.quiet: end_time = dt.datetime.now() print("\n{end_time}\tFinishing execution...\n") print("Total time used:\t" + general.emphasis(str(end_time - start_time))) if not args.quiet: # Urging users to place an issue on Github... print(banner.footer) if params: return results
def main(params=None): """Main function to launch phonefy The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `get_parser()`. Args: params: A list with the parameters as grabbed by the terminal. It is None when this is called by an entry_point. If it is called by osrf the data is already parsed. Returns: A list of i3visio entities. """ if params == None: parser = get_parser() args = parser.parse_args(params) else: args = params results = [] if not args.quiet: print(general.title(banner.text)) saying_hello = f""" Phonefy | Copyright (C) Yaiza Rubio & Félix Brezo (i3visio) 2014-2020 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit <{general.LICENSE_URL}>. """ print(general.info(saying_hello)) if args.license: general.showLicense() else: # Showing the execution time... start_time = dt.datetime.now() print(f"\n{start_time}\tStarting search in different platform(s)... Relax!\n") print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) try: results = process_phone_list(platformNames=args.platforms, numbers=args.numbers, exclude_platform_names=args.exclude) except KeyboardInterrupt: print(general.error("\n[!] Process manually stopped by the user. Workers terminated without providing any result.\n")) # Trying to store the information recovered if args.output_folder != None: # Verifying an output folder was selected if not os.path.exists(args.output_folder): os.makedirs(args.output_folder) # Grabbing the results file_header = os.path.join(args.output_folder, args.file_header) for ext in args.extension: # Generating output files general.export_usufy(results, ext, file_header) # Showing the information gathered if requested if not args.quiet: now = dt.datetime.now() print(f"\n{now}\tResults obtained:\n") print(general.success(general.osrf_to_text_export(results))) if args.web_browser: general.open_results_in_browser(results) now = dt.datetime.now() print(f"\n{now}\tYou can find all the information collected in the following files:") for ext in args.extension: # Showing the output files print("\t" + general.emphasis(file_header + "." + ext)) # Showing the execution time... end_time = dt.datetime.now() print(f"\n{end_time}\tFinishing execution...\n") print("Total time consumed:\t" + general.emphasis(str(end_time-start_time)) + "\n") # Urging users to place an issue on Github... print(banner.footer) if params: return results
def main(args): """ Main function to launch phonefy. The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `getParser()`. Args: ----- args: The parameters as processed by this modules `getParser()`. Results: -------- Returns a list with i3visio entities. """ results = [] if not args.quiet: print(general.title(banner.text)) sayingHello = """ mailfy.py Copyright (C) F. Brezo and Y. Rubio (i3visio) 2016-2017 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit """ + general.LICENSE_URL + "\n" print(general.title(sayingHello)) # Displaying a warning if this is being run in a windows system if sys.platform == 'win32': print( general.warning( """OSRFramework has detected that you are running mailfy.py in a Windows system. As the "emailahoy" library is NOT working properly there, "validate_email" will be used instead. Verification may be slower though.""")) if args.license: general.showLicense() else: # Grabbing the list of global domains if args.is_leaked: domains = LEAKED_DOMAINS # Processing the options returned to remove the "all" option elif "all" in args.domains: domains = EMAIL_DOMAINS else: # processing only the given domains and excluding the ones provided domains = [] for d in args.domains: if d not in args.exclude: domains.append(d) if args.create_emails: emails = grabEmails(nicksFile=args.create_emails, domains=domains, excludeDomains=args.exclude) else: emails = grabEmails(emails=args.emails, emailsFile=args.emails_file, nicks=args.nicks, nicksFile=args.nicks_file, domains=domains, excludeDomains=args.exclude) startTime = dt.datetime.now() if not args.is_leaked: # Showing the execution time... if not args.quiet: print( str(startTime) + "\tStarting search in " + general.emphasis(str(len(emails))) + " different emails:\n" + json.dumps(emails, indent=2, sort_keys=True) + "\n") print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) # Perform searches, using different Threads tmp = performSearch(emails, args.threads) # We make a strict copy of the object results = list(tmp) if not args.quiet: now = dt.datetime.now() print( str(now) + "\tMailfy has found " + general.emphasis(str(len(results))) + " existing email(s). Has it been leaked somewhere?") # Verify the existence of the mails found as leaked emails. for r in tmp: # We assume that the first attribute is always the email query = r["attributes"][0]["value"] leaks = hibp.checkIfEmailWasHacked(query) if len(leaks) > 0: if not args.quiet: print( general.success("\t" + query + " has been found in at least " + str(len(leaks)) + " different leaks.")) email, alias, domain = getMoreInfo(query) for leak in leaks: # Creating a new full entity from scratch new = {} new["type"] = "i3visio.profile" new["value"] = leak["value"] + " - " + alias["value"] new["attributes"] = [] new["attributes"].append(email) new["attributes"].append(alias) new["attributes"].append(domain) # leak contains a i3visio.platform built by HIBP new["attributes"].append(leak) results.append(new) else: if not args.quiet: print( general.warning( "\t" + query + " has NOT been found on any leak yet.")) else: if not args.quiet: print( "\n" + str(startTime) + "\tStarting search of " + general.emphasis(str(len(emails))) + " different emails in leaked databases.\nNote that this will take between 1 and 2 seconds per query due to HIBP API restrictions:\n" + json.dumps(emails, indent=2, sort_keys=True) + "\n") print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) # Perform is_leaked function results = [] for i, e in enumerate(emails): if not args.quiet: print("\t" + str(i + 1) + "/" + str(len(emails)) + " - Searching if " + e + " has been leaked somewhere...") leaks = hibp.checkIfEmailWasHacked(e) if len(leaks) > 0: if not args.quiet: print( general.success("\t" + e + " has been found in at least " + str(len(leaks)) + " different leaks.")) email, alias, domain = getMoreInfo(e) for leak in leaks: # Creating a new full entity from scratch new = {} new["type"] = "i3visio.profile" new["value"] = leak["value"] + " - " + alias["value"] new["attributes"] = [] new["attributes"].append(email) new["attributes"].append(alias) new["attributes"].append(domain) # leak contains a i3visio.platform built by HIBP new["attributes"].append(leak) results.append(new) # Trying to store the information recovered if args.output_folder != None: if not os.path.exists(args.output_folder): os.makedirs(args.output_folder) # Grabbing the results fileHeader = os.path.join(args.output_folder, args.file_header) for ext in args.extension: # Generating output files general.exportUsufy(results, ext, fileHeader) # Showing the information gathered if requested if not args.quiet: now = dt.datetime.now() print( "\n" + str(now) + "\tA summary of the results obtained are shown in the following table:\n" ) print(general.success(general.usufyToTextExport(results))) now = dt.datetime.now() print( "\n" + str(now) + "\tYou can find all the information collected in the following files:" ) for ext in args.extension: # Showing the output files print(general.emphasis("\t" + fileHeader + "." + ext)) # Showing the execution time... if not args.quiet: endTime = dt.datetime.now() print("\n" + str(endTime) + "\tFinishing execution...\n") print("Total time used:\t" + general.emphasis(str(endTime - startTime))) print("Average seconds/query:\t" + general.emphasis( str((endTime - startTime).total_seconds() / len(emails))) + " seconds\n") if not args.quiet: # Urging users to place an issue on Github... print(banner.footer) return results
class OSRFConsoleMain(cmd.Cmd): """ OSRFramework console application to control the different framework utils The user can type 'help' at any time to find the available commands included in the framework. """ DISCLAIMER = """\tOSRFramework """ + osrframework.__version__ + """ - Copyright (C) F. Brezo and Y. Rubio (i3visio) 2016-2017 This program comes with ABSOLUTELY NO WARRANTY. This software is free software, and you are really welcome to redistribute it under certain conditions. For additional information about the terms and conditions of the AGPLv3+ license, visit <http://www.gnu.org/licenses/agpl-3.0.txt>.""" intro = banner.text + "\n" + DISCLAIMER + "\n" info = general.info("") + general.emphasis(""" General information ===================""") + """ OSRFConsole is a terminal GUI to interact with OSRFramework utilities. OSRFramework stands for Open Sources Research Framework. It includes a set of tools that help the analyst in the task of user profiling making use of different OSINT tools. To get additional information about the available commands type 'help'. """ + general.emphasis("""Modules available: ------------------""") + """ - """ + general.success("usufy") + """ --> the Jewel of the Chrown. A tool that verifies if a username exists in """ + str(len(platform_selection.getAllPlatformNames("usufy"))) + """ platforms. - """ + general.success("mailfy") + """ --> a tool to check if a username has been registered in up to """ + str(len(mailfy.EMAIL_DOMAINS )) + """ email providers. - """ + general.success("searchfy") + """ --> a tool to look for profiles using full names and other info in """ + str(len(platform_selection.getAllPlatformNames("searchfy"))) + """ platforms. - """ + general.success("domainfy") + """ --> a tool to check the existence of a given domain in up to """ + str(domainfy.getNumberTLD()) + """ different TLDs. - """ + general.success("phonefy") + """ --> a tool that checks if a phone number has been linked to spam practices in """ + str(len(platform_selection.getAllPlatformNames("phonefy"))) + """ platforms. - """ + general.success("entify") + """ --> a util to look for regular expressions using """ + str(len(regexp_selection.getAllRegexpNames())) + """ patterns.""" # Appending the self.info data to the headers... intro += info # Defining the prompt prompt = general.emphasis('\nosrf > ') ruler = '=' def do_info(self, line): """ Command that shows again the general information about the application Args: ----- line: the string of the line typed. """ configInfo = """ """ + general.emphasis("""Additional configuration files: -------------------------------""") + """ You will be able to find more configuration options in the following files in your system. The relevant paths are the ones that follow:""" # Get the configuration folders in each system paths = configuration.getConfigPath() configInfo += """ - Configuration details about the login credentials in OSRFramework: """ + general.info(os.path.join(paths["appPath"], "accounts.cfg")) + """ - Configuration details about the API credentials already configured: """ + general.info(os.path.join(paths["appPath"], "api_keys.cfg")) + """ - Connection configuration about how the browsers will be connected: """ + general.info(os.path.join(paths["appPath"], "browser.cfg")) + """ - General default configuration of the the utils: """ + general.info(os.path.join(paths["appPath"], "general.cfg")) + """ - Directory containing default files as a backup: """ + general.info(paths["appPathDefaults"]) + """ - Directory containing the user-defined patterns for entify.py: """ + general.info(paths["appPathPatterns"]) + """ - Directory containing the user-defined wrappers for usufy platforms: """ + general.info(paths["appPathWrappers"]) print(self.info + configInfo) def do_use(self, line): """ This command will define which of the framework's utilities will be loaded. The available options are the following: - domainfy - entify - mailfy - phonefy - searchfy - usufy For example, type 'use usufy' to load the usufy util. You can always use the <TAB> to be helped using the autocomplete options. Args: ----- line: the string of the line typed. """ if line not in UTILS: print(general.warning("[!] Util is not correct. Try 'help use' to check the available options.")) return False elif line == "domainfy": OSRFConsoleDomainfy().cmdloop() elif line == "entify": OSRFConsoleEntify().cmdloop() elif line == "mailfy": OSRFConsoleMailfy().cmdloop() elif line == "phonefy": OSRFConsolePhonefy().cmdloop() elif line == "searchfy": OSRFConsoleSearchfy().cmdloop() elif line == "usufy": OSRFConsoleUsufy().cmdloop() else: print(general.warning("[!] Not implemented yet. Try 'help use' to check the available options.")) def complete_use(self, text, line, begidx, endidx): if not text: completions = UTILS else: completions = [ f for f in UTILS if f.startswith(text.lower()) ] return completions def do_exit(self, line): """ This command will exit the osrfconsole normally Args: ----- line: the string of the line typed. """ print("\nExiting...\n") sys.exit()
def main(args): """ Main function to launch usufy. The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `getParser()`. Args: ----- args: Arguments received in the command line. Returns: -------- A list of i3visio entities. """ results = [] if not args.maltego: print(general.title(banner.text)) sayingHello = """ searchfy.py Copyright (C) F. Brezo and Y. Rubio (i3visio) 2014-2017 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit """ + general.LICENSE_URL + "\n" print(general.title(sayingHello)) if args.license: general.showLicense() else: # Showing the execution time... startTime = dt.datetime.now() print( str(startTime) + "\tStarting search in different platform(s)... Relax!\n") print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) # Performing the search try: results = performSearch(platformNames=args.platforms, queries=args.queries, process=args.process, excludePlatformNames=args.exclude) except KeyboardInterrupt: print( general.error( "\n[!] Process manually stopped by the user. Workers terminated without providing any result.\n" )) results = [] # Generating summary files for each ... if args.extension: # Storing the file... if not args.maltego: # Verifying if the outputPath exists if not os.path.exists(args.output_folder): os.makedirs(args.output_folder) # Grabbing the results fileHeader = os.path.join(args.output_folder, args.file_header) if not args.maltego: # Iterating through the given extensions to print its values for ext in args.extension: # Generating output files general.exportUsufy(results, ext, fileHeader) # Generating the Maltego output if args.maltego: general.listToMaltego(results) # Printing the results if requested if not args.maltego: now = dt.datetime.now() print( str(now) + "\tA summary of the results obtained are listed in the following table:\n" ) print(general.success(general.usufyToTextExport(results))) if args.web_browser: general.openResultsInBrowser(results) now = dt.datetime.now() print( "\n" + str(now) + "\tYou can find all the information collected in the following files:" ) for ext in args.extension: # Showing the output files print("\t" + general.emphasis(fileHeader + "." + ext)) # Showing the execution time... endTime = dt.datetime.now() print("\n" + str(endTime) + "\tFinishing execution...\n") print("Total time used:\t" + general.emphasis(str(endTime - startTime))) print("Average seconds/query:\t" + general.emphasis( str((endTime - startTime).total_seconds() / len(args.platforms))) + " seconds\n") # Urging users to place an issue on Github... print(banner.footer) return results
def main(params=None): """Main function to launch phonefy The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `get_parser()`. Args: params: A list with the parameters as grabbed by the terminal. It is None when this is called by an entry_point. If it is called by osrf the data is already parsed. Returns: list: Returns a list with i3visio entities. """ if params is None: parser = get_parser() args = parser.parse_args(params) else: args = params results = [] if not args.quiet: print(general.title(banner.text)) saying_hello = """ Checkfy | Copyright (C) Yaiza Rubio & Félix Brezo (i3visio) 2014-2020 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit <{}>. """.format(general.LICENSE_URL) print(general.info(saying_hello)) if args.license: general.showLicense() else: if args.type == "twitter": pattern = args.email_pattern.replace(".", "\.") pattern = pattern.replace("*", ".") pattern = "^{}$".format(pattern) elif args.type == "regexp": pattern = args.email_pattern start_time = dt.datetime.now() print( f"{str(start_time)}\tPattern type identified as '{args.type}'. Regular expression: '{pattern}'.\n" ) # Processing the options returned to remove the "all" option if args.nicks: emails = create_emails(nicks=args.nicks) else: # nicks_file emails = create_emails(nicks_file=args.nicks_file) now = dt.datetime.now() print( f"{str(now)}\tTrying to identify possible emails {general.emphasis(str(len(emails)))} email(s)... Relax!\n" ) print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) # Perform searches, using different Threads results = verify_emails(emails, pattern) # Sorting list results.sort() now = dt.datetime.now() print(f"{now}\tTask finished. Validated emails:\n") print(general.success(json.dumps(results, indent=2, sort_keys=True))) print() now = dt.datetime.now() print( f"{now}\tUp to {general.emphasis(str(len(results)))} possible emails found.\n" ) # Trying to store the information recovered if args.output_folder is not None: if not os.path.exists(args.output_folder): os.makedirs(args.output_folder) output_path = os.path.join(args.output_folder, "possible_emails.txt") print( f"Writing the results onto the file:\n\t{general.emphasis(output_path)}" ) with open(output_path, "w") as file: for res in results: file.write(f"{res}\n") # Showing the execution time... if not args.quiet: # Showing the execution time... end_time = dt.datetime.now() print(f"\n{end_time}\tFinishing execution...\n") print( f"Total time used:\t{general.emphasis(str(end_time-start_time))}" ) # Urging users to place an issue on Github... print(banner.footer) if params: return results
def main(params=None): """Main function to launch phonefy The function is created in this way so as to let other applications make use of the full configuration capabilities of the application. The parameters received are used as parsed by this modules `get_parser()`. Args: params: A list with the parameters as grabbed by the terminal. It is None when this is called by an entry_point. If it is called by osrf the data is already parsed. Returns: list: Returns a list with i3visio entities. """ if params is None: parser = get_parser() args = parser.parse_args(params) else: args = params results = [] if not args.quiet: print(general.title(banner.text)) saying_hello = f""" Domainfy | Copyright (C) Yaiza Rubio & Félix Brezo (i3visio) 2014-2020 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For additional info, visit <{general.LICENSE_URL}>. """ print(general.info(saying_hello)) if args.license: general.showLicense() else: # Processing the options returned to remove the "all" option tlds = [] if "all" in args.tlds: for type_tld in TLD.keys(): for tld in TLD[type_tld]: if tld not in args.exclude: tlds.append({"tld": tld, "type": type_tld}) elif "none" in args.tlds: pass else: for type_tld in TLD.keys(): if type_tld in args.tlds: for tld in TLD[type_tld]: if tld not in args.exclude: tlds.append({"tld": tld, "type": type_tld}) for new in args.user_defined: if new not in args.exclude: if new[0] == ".": tlds.append({"tld": new, "type": "user_defined"}) else: tlds.append({"tld": "." + new, "type": "user_defined"}) if args.nicks: domains = create_domains(tlds, nicks=args.nicks) else: # nicks_file domains = create_domains(tlds, nicks_file=args.nicks_file) # Showing the execution time... if not args.quiet: startTime = dt.datetime.now() print( f"{startTime}\tTrying to get information about {general.emphasis(str(len(domains)))} domain(s)…\n" ) if len(domains) > 200: print( """ Note that a full '-t all' search may take around 3.5 mins. If that's too long for you, try narrowing the search using '-t cc' or similar arguments. Otherwise, just wait and keep calm! """) print(general.emphasis("\tPress <Ctrl + C> to stop...\n")) # Perform searches, using different Threads results = perform_search(domains, args.threads, args.whois) # Trying to store the information recovered if args.output_folder is not None: if not os.path.exists(args.output_folder): os.makedirs(args.output_folder) # Grabbing the results file_header = os.path.join(args.output_folder, args.file_header) for ext in args.extension: # Generating output files general.export_usufy(results, ext, file_header) # Showing the information gathered if requested if not args.quiet: now = dt.datetime.now() print( f"\n{now}\t{general.success(len(results))} results obtained:\n" ) try: print(general.success(general.osrf_to_text_export(results))) except Exception: print( general.warning( "\nSomething happened when exporting the results. The Json will be shown instead:\n" )) print(general.warning(json.dumps(results, indent=2))) now = dt.datetime.now() print( f"\n{now}\tYou can find all the information collected in the following files:" ) for ext in args.extension: # Showing the output files print(f"\t{general.emphasis(file_header + '.' + ext)}") # Showing the execution time... if not args.quiet: # Showing the execution time... endTime = dt.datetime.now() print("\n{}\tFinishing execution...\n".format(endTime)) print("Total time used:\t" + general.emphasis(str(endTime - startTime))) print("Average seconds/query:\t" + general.emphasis( str((endTime - startTime).total_seconds() / len(domains))) + " seconds\n") # Urging users to place an issue on Github... print(banner.footer) if params: return results