From fca270f154aa757d4c215253f5f2b26323bcccc8 Mon Sep 17 00:00:00 2001 From: Chan9390 Date: Mon, 18 Dec 2017 22:09:48 +0530 Subject: [PATCH] Added vault --- config_sample.py | 2 +- domain/domain_censys.py | 13 +++++++++---- domain/domain_emailhunter.py | 7 ++++--- domain/domain_github.py | 9 +++++---- domain/domain_googletracking.py | 7 +++---- domain/domain_pastes.py | 10 ++++++---- domain/domain_shodan.py | 6 +++--- domain/domain_zoomeye.py | 9 ++++----- domain/template.py | 2 +- emails/email_basic_checks.py | 7 ++++--- emails/email_clearbit.py | 7 ++++--- emails/email_fullcontact.py | 7 ++++--- emails/email_haveibeenpwned.py | 1 - emails/email_pastes.py | 21 ++++++++++----------- emails/template.py | 2 +- ip/ip_shodan.py | 7 ++++--- ip/ip_virustotal.py | 6 +++--- ip/template.py | 2 +- requirements.txt | 3 ++- username/template.py | 2 +- username/username_gitlabdetails.py | 1 - username/username_gitscrape.py | 8 ++++---- username/username_traviscidetails.py | 7 ++++--- username/username_twitterdetails.py | 18 ++++++++++++++---- username/username_youtubedetails.py | 6 +++--- vault.py | 22 ++++++++++++++++++++++ 26 files changed, 117 insertions(+), 75 deletions(-) create mode 100644 vault.py diff --git a/config_sample.py b/config_sample.py index 621e3857..286270c5 100755 --- a/config_sample.py +++ b/config_sample.py @@ -28,7 +28,7 @@ twitter_consumer_key="" twitter_consumer_secret="" twitter_access_token = "" -twiter_access_token_secret = "" +twitter_access_token_secret = "" zoomeyeuser = "" zoomeyepass = "" clearbit_apikey = "" diff --git a/domain/domain_censys.py b/domain/domain_censys.py index 016a375c..b57a5ac4 100755 --- a/domain/domain_censys.py +++ b/domain/domain_censys.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base import re, sys, json, time, requests -import config as cfg +import vault from termcolor import colored @@ -13,7 +13,7 @@ class style: def check_api_keys(): try: - if cfg.censysio_id != "" and cfg.censysio_id != "XYZ" and cfg.censysio_secret != "" and cfg.censysio_secret != "XYZ": + if vault.get_key('censysio_id') != None and vault.get_key('censysio_secret') != None: return True else: return False @@ -26,12 +26,15 @@ def censys_search(domain): pages = float('inf') page = 1 + censysio_id = vault.get_key('censysio_id') + censysio_secret = vault.get_key('censysio_secret') + while page <= pages: print "Parsed and collected results from page %s" % (str(page)) #time.sleep(0.5) params = {'query': domain, 'page': page} res = requests.post("https://www.censys.io/api/v1/search/ipv4", json=params, - auth=(cfg.censysio_id, cfg.censysio_secret)) + auth=(censysio_id, censysio_secret)) payload = res.json() if 'error' not in payload.keys(): @@ -62,8 +65,10 @@ def censys_search(domain): def view(server, temp_dict): + censysio_id = vault.get_key('censysio_id') + censysio_secret = vault.get_key('censysio_secret') res = requests.get("https://www.censys.io/api/v1/view/ipv4/%s" % (server), - auth=(cfg.censysio_id, cfg.censysio_secret)) + auth=(censysio_id, censysio_secret)) payload = res.json() try: diff --git a/domain/domain_emailhunter.py b/domain/domain_emailhunter.py index 00c338e0..0e5af961 100755 --- a/domain/domain_emailhunter.py +++ b/domain/domain_emailhunter.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import requests import json import sys @@ -19,7 +19,8 @@ class style: def emailhunter(domain): collected_emails = [] time.sleep(0.3) - url = "https://api.emailhunter.co/v1/search?api_key=%s&domain=%s" % (cfg.emailhunter, domain) + emailhunter_api = vault.get_key('emailhunter') + url = "https://api.emailhunter.co/v1/search?api_key=%s&domain=%s" % (emailhunter_api, domain) res = requests.get(url) try: parsed = json.loads(res.text) @@ -38,7 +39,7 @@ def banner(): def main(domain): - if cfg.emailhunter != "": + if vault.get_key('emailhunter') != None: return emailhunter(domain) else: return [False, "INVALID_API"] diff --git a/domain/domain_github.py b/domain/domain_github.py index a7e15df9..8852e387 100755 --- a/domain/domain_github.py +++ b/domain/domain_github.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import sys import json import requests @@ -16,7 +16,8 @@ class style: def github_search(query): - endpoint_git = "https://api.github.com/search/code?q=\"%s\"&access_token=%s" % (query, cfg.github_access_token) + github_access_token = vault.get_key('github_access_token') + endpoint_git = "https://api.github.com/search/code?q=\"%s\"&access_token=%s" % (query, github_access_token) req = requests.get(endpoint_git) data = json.loads(req.content) return data.get('total_count'), data.get('items') @@ -27,9 +28,9 @@ def banner(): def main(domain): - if cfg.github_access_token != "": + if vault.get_key('github_access_token') != None: count, results = github_search(domain) - return [count, results] + return [count, results] else: return [False, "INVALID_API"] diff --git a/domain/domain_googletracking.py b/domain/domain_googletracking.py index 1d7c65c9..79dc3821 100755 --- a/domain/domain_googletracking.py +++ b/domain/domain_googletracking.py @@ -1,11 +1,10 @@ #!/usr/bin/env python import base -import config as cfg +import vault import re import requests import sys -from config import spyonweb_access_token from termcolor import colored ENABLED = True @@ -70,7 +69,7 @@ def extract_tracking_codes(domain): def spyonweb_request(data,request_type="domain"): params = {} - params['access_token'] = spyonweb_access_token + params['access_token'] = vault.get_key('spyonweb_access_token') response = requests.get('https://api.spyonweb.com/v1/' + request_type + '/' + data, params=params) if response.status_code == 200: @@ -102,7 +101,7 @@ def spyonweb_analytics_codes(connections): def main(domain): - if spyonweb_access_token != "XYZ" and spyonweb_access_token != "": + if vault.get_key('spyonweb_access_token') != None: connections = extract_tracking_codes(domain) if 'err' in connections: return [ connections ] diff --git a/domain/domain_pastes.py b/domain/domain_pastes.py index dbc49700..cbf24e5c 100755 --- a/domain/domain_pastes.py +++ b/domain/domain_pastes.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import requests import json import sys @@ -36,8 +36,10 @@ def colorize(string): def google_search(domain): + google_cse_key = vault.get_key('google_cse_key') + google_cse_cx = vault.get_key('google_cse_cx') url = "https://www.googleapis.com/customsearch/v1?key=%s&cx=%s&q=\"%s\"&start=1" % ( - cfg.google_cse_key, cfg.google_cse_cx, domain) + google_cse_key, google_cse_cx, domain) all_results = [] r = requests.get(url, headers={'referer': 'www.datasploit.info/hello'}) data = json.loads(r.content) @@ -48,7 +50,7 @@ def google_search(domain): while "nextPage" in data['queries']: next_index = data['queries']['nextPage'][0]['startIndex'] url = "https://www.googleapis.com/customsearch/v1?key=%s&cx=%s&q=\"%s\"&start=%s" % ( - cfg.google_cse_key, cfg.google_cse_cx, domain, next_index) + google_cse_key, google_cse_cx, domain, next_index) data = json.loads(requests.get(url).content) if 'error' in data: return True, all_results @@ -62,7 +64,7 @@ def banner(): def main(domain): - if cfg.google_cse_key != "" and cfg.google_cse_key != "XYZ" and cfg.google_cse_cx != "" and cfg.google_cse_cx != "XYZ": + if vault.get_key('google_cse_key') != None and vault.get_key('google_cse_cx') != None: status, data = google_search(domain) return [status, data] else: diff --git a/domain/domain_shodan.py b/domain/domain_shodan.py index 98770e18..86b5d9d4 100755 --- a/domain/domain_shodan.py +++ b/domain/domain_shodan.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import requests import json import sys @@ -19,7 +19,7 @@ class style: def shodandomainsearch(domain): time.sleep(0.3) endpoint = "https://api.shodan.io/shodan/host/search?key=%s&query=hostname:%s&facets={facets}" % ( - cfg.shodan_api, domain) + vault.get_key('shodan_api'), domain) req = requests.get(endpoint) return req.content @@ -29,7 +29,7 @@ def banner(): def main(domain): - if cfg.shodan_api != "": + if vault.get_key('shodan_api') != None: return json.loads(shodandomainsearch(domain)) else: return [False, "INVALID_API"] diff --git a/domain/domain_zoomeye.py b/domain/domain_zoomeye.py index 210be4d0..75878ee1 100755 --- a/domain/domain_zoomeye.py +++ b/domain/domain_zoomeye.py @@ -4,7 +4,7 @@ import requests import json import sys -import config as cfg +import vault from termcolor import colored import time @@ -17,8 +17,8 @@ class style: def get_accesstoken_zoomeye(domain): - username = cfg.zoomeyeuser - password = cfg.zoomeyepass + username = vault.get_key('zoomeyeuser') + password = vault.get_key('zoomeyepass') headers = {'Content-type': 'application/json', 'Accept': 'text/plain'} datalogin = '{"username": "%s","password": "%s"}' % (username, password) s = requests.post("https://api.zoomeye.org/user/login", data=datalogin, headers=headers) @@ -44,7 +44,7 @@ def banner(): def main(domain): - if cfg.zoomeyepass != "" and cfg.zoomeyeuser != "": + if vault.get_key('zoomeyepass') != "" and vault.get_key('zoomeyeuser') != "": zoomeye_results = search_zoomeye(domain) if zoomeye_results[0]: return True, json.loads(zoomeye_results) @@ -81,4 +81,3 @@ def output(data, domain=""): result = main(domain) if result: output(result, domain) - diff --git a/domain/template.py b/domain/template.py index 0a50c001..09830303 100755 --- a/domain/template.py +++ b/domain/template.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import sys # Control whether the module is enabled or not diff --git a/emails/email_basic_checks.py b/emails/email_basic_checks.py index 64b2d740..6c8f5ff5 100755 --- a/emails/email_basic_checks.py +++ b/emails/email_basic_checks.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import requests import json import sys @@ -18,8 +18,9 @@ class style: def basic_checks(email): if re.match('[^@]+@[^@]+\.[^@]+', email): - if cfg.mailboxlayer_api != "" and cfg.mailboxlayer_api != "XYZ" and cfg.mailboxlayer_api != "" and cfg.mailboxlayer_api != "XYZ": - url = "http://apilayer.net/api/check?access_key=%s&email=%s&smtp=1&format=1" % (cfg.mailboxlayer_api, email) + mailboxlayer_api = vault.get_key('mailboxlayer_api') + if vault.get_key('mailboxlayer_api') != None: + url = "http://apilayer.net/api/check?access_key=%s&email=%s&smtp=1&format=1" % (mailboxlayer_api, email) req = requests.get(url) resp = json.loads(req.text) return resp diff --git a/emails/email_clearbit.py b/emails/email_clearbit.py index 5e726d7a..e6608e2f 100755 --- a/emails/email_clearbit.py +++ b/emails/email_clearbit.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import sys import requests import json @@ -21,8 +21,9 @@ def banner(): def main(email): - if cfg.clearbit_apikey != "": - headers = {"Authorization": "Bearer %s" % cfg.clearbit_apikey} + clearbit_apikey = vault.get_key('clearbit_apikey') + if clearbit_apikey != None: + headers = {"Authorization": "Bearer %s" % clearbit_apikey} req = requests.get("https://person.clearbit.com/v1/people/email/%s" % (email), headers=headers) person_details = json.loads(req.content) if "error" in req.content and "queued" in req.content: diff --git a/emails/email_fullcontact.py b/emails/email_fullcontact.py index 30f2cf9b..6d698809 100755 --- a/emails/email_fullcontact.py +++ b/emails/email_fullcontact.py @@ -3,7 +3,7 @@ import base import requests import sys -import config as cfg +import vault import json from termcolor import colored @@ -16,9 +16,10 @@ class style: def main(email): - if cfg.fullcontact_api != "": + fullcontact_api = vault.get_key('fullcontact_api') + if fullcontact_api != None: req = requests.get("https://api.fullcontact.com/v2/person.json?email=%s" % email, - headers={"X-FullContact-APIKey": cfg.fullcontact_api}) + headers={"X-FullContact-APIKey": fullcontact_api}) data = json.loads(req.content) return data else: diff --git a/emails/email_haveibeenpwned.py b/emails/email_haveibeenpwned.py index bd8288a8..69d2bf9f 100755 --- a/emails/email_haveibeenpwned.py +++ b/emails/email_haveibeenpwned.py @@ -1,7 +1,6 @@ #!/usr/bin/env python import base -import config as cfg import sys import requests import json diff --git a/emails/email_pastes.py b/emails/email_pastes.py index 4b2fa7f2..e521b9bb 100755 --- a/emails/email_pastes.py +++ b/emails/email_pastes.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import requests import json import sys @@ -36,8 +36,10 @@ def colorize(string): def google_search(email): + google_cse_key = vault.get_key('google_cse_key') + google_cse_cx = vault.get_key('google_cse_cx') url = "https://www.googleapis.com/customsearch/v1?key=%s&cx=%s&q=\"%s\"&start=1" % ( - cfg.google_cse_key, cfg.google_cse_cx, email) + google_cse_key, google_cse_cx, email) all_results = [] r = requests.get(url, headers={'referer': 'www.datasploit.info/hello'}) data = json.loads(r.content) @@ -48,7 +50,7 @@ def google_search(email): while "nextPage" in data['queries']: next_index = data['queries']['nextPage'][0]['startIndex'] url = "https://www.googleapis.com/customsearch/v1?key=%s&cx=%s&q=\"%s\"&start=%s" % ( - cfg.google_cse_key, cfg.google_cse_cx, email, next_index) + google_cse_key, google_cse_cx, email, next_index) data = json.loads(requests.get(url).content) if 'error' in data: return True, all_results @@ -62,14 +64,11 @@ def banner(): def main(email): - try: - if cfg.google_cse_key != "" and cfg.google_cse_key != "XYZ" and cfg.google_cse_cx != "" and cfg.google_cse_cx != "XYZ": - status, data = google_search(email) - return [status, data] - else: - return False, "INVALID_API" - except: - return False, "INVALID_API" + if vault.get_key('google_cse_key') != None and vault.get_key('google_cse_cx') != None: + status, data = google_search(email) + return [status, data] + else: + return [False, "INVALID_API"] def output(data, email): diff --git a/emails/template.py b/emails/template.py index 72d1221a..b2e4e42d 100755 --- a/emails/template.py +++ b/emails/template.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import sys # Control whether the module is enabled or not diff --git a/ip/ip_shodan.py b/ip/ip_shodan.py index eb939fb9..98fbe5cc 100755 --- a/ip/ip_shodan.py +++ b/ip/ip_shodan.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import requests import json import sys @@ -20,8 +20,9 @@ def banner(): def main(ip): - if cfg.shodan_api != "": - endpoint = "https://api.shodan.io/shodan/host/" + str(ip) + "?key=" + cfg.shodan_api + shodan_api = vault.get_key('shodan_api') + if shodan_api != None: + endpoint = "https://api.shodan.io/shodan/host/" + str(ip) + "?key=" + shodan_api req = requests.get(endpoint) return json.loads(req.content) else: diff --git a/ip/ip_virustotal.py b/ip/ip_virustotal.py index 84978e88..4cea3e76 100644 --- a/ip/ip_virustotal.py +++ b/ip/ip_virustotal.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import sys import requests import json @@ -22,9 +22,9 @@ def banner(): def main(ip): # Use the ip variable to do some stuff and return the data - if cfg.virustotal_public_api != "": + if vault.get_key('virustotal_public_api') != None: print ip - api = cfg.virustotal_public_api + api = vault.get_key('virustotal_public_api') params = "{'ip': '%s', 'apikey': '%s'}" % (ip, api) url = "http://www.virustotal.com/vtapi/v2/ip-address/report?ip=%s&apikey=%s" % (ip, api) req = requests.get(url, params) diff --git a/ip/template.py b/ip/template.py index d374a169..52b57340 100755 --- a/ip/template.py +++ b/ip/template.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import sys # Control whether the module is enabled or not diff --git a/requirements.txt b/requirements.txt index a4b64422..fd9c4215 100644 --- a/requirements.txt +++ b/requirements.txt @@ -27,4 +27,5 @@ termcolor tweepy TravisPy netaddr -tld \ No newline at end of file +tld +configobj diff --git a/username/template.py b/username/template.py index 911f06a8..0427ea0a 100755 --- a/username/template.py +++ b/username/template.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import sys # Control whether the module is enabled or not diff --git a/username/username_gitlabdetails.py b/username/username_gitlabdetails.py index cc365f4c..4564e347 100644 --- a/username/username_gitlabdetails.py +++ b/username/username_gitlabdetails.py @@ -1,6 +1,5 @@ #!/usr/bin/env python import base -import config as cfg import sys from termcolor import colored diff --git a/username/username_gitscrape.py b/username/username_gitscrape.py index 3b6d32bc..f6194cb6 100755 --- a/username/username_gitscrape.py +++ b/username/username_gitscrape.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import sys import json import time @@ -24,7 +24,7 @@ def banner(): def find_repos(username): - access_token = cfg.github_access_token + access_token = vault.get_key('github_access_token') list_repos = [] url = "https://api.github.com/users/%s/repos?access_token=%s" % (username, access_token) req = requests.get(url) @@ -42,7 +42,7 @@ def find_repos(username): def find_commits(repo_name): list_commits = [] - access_token = cfg.github_access_token + access_token = vault.get_key('github_access_token') for x in xrange(1, 10): url = "https://api.github.com/repos/%s/commits?page=%s&access_token=%s" % (repo_name, x, access_token) req = requests.get(url) @@ -59,7 +59,7 @@ def find_commits(repo_name): def main(username): - if cfg.github_access_token != "": + if vault.get_key('github_access_token') != None: repo_list = find_repos(username) master_list = {} if not repo_list == "API_LIMIT": diff --git a/username/username_traviscidetails.py b/username/username_traviscidetails.py index 081053d8..95555860 100644 --- a/username/username_traviscidetails.py +++ b/username/username_traviscidetails.py @@ -7,7 +7,7 @@ import base import sys from termcolor import colored -from config import github_access_token +import vault #module dependencies @@ -17,7 +17,7 @@ import warnings warnings.filterwarnings('ignore') - + # Control whether the module is enabled or not ENABLED = True @@ -33,7 +33,8 @@ def banner(): def main(username): - if github_access_token != "XYZ" and github_access_token != "": + github_access_token = vault.get_key('github_access_token') + if github_access_token != None: # Use the username variable to do some stuff and return the data token = TravisPy.github_auth(github_access_token) q=urllib2.urlopen("https://api.travis-ci.org/repos/%s" % username) diff --git a/username/username_twitterdetails.py b/username/username_twitterdetails.py index cef8b019..704dbb00 100755 --- a/username/username_twitterdetails.py +++ b/username/username_twitterdetails.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base -import config as cfg +import vault import os import re import sys @@ -24,8 +24,13 @@ def banner(): def twitterdetails(username): - auth = tweepy.OAuthHandler(cfg.twitter_consumer_key, cfg.twitter_consumer_secret) - auth.set_access_token(cfg.twitter_access_token, cfg.twiter_access_token_secret) + twitter_consumer_key = vault.get_key('twitter_consumer_key') + twitter_consumer_secret = vault.get_key('twitter_consumer_secret') + twitter_access_token = vault.get_key('twitter_access_token') + twiter_access_token_secret = vault.get_key('twitter_access_token_secret') + + auth = tweepy.OAuthHandler(twitter_consumer_key, twitter_consumer_secret) + auth.set_access_token(twitter_access_token, twitter_access_token_secret) # preparing auth api = tweepy.API(auth) @@ -84,7 +89,12 @@ def twitterdetails(username): def main(username): - if cfg.twitter_consumer_key != "" and cfg.twitter_consumer_secret != "" and cfg.twitter_access_token != "" and cfg.twiter_access_token_secret != "": + twitter_consumer_key = vault.get_key('twitter_consumer_key') + twitter_consumer_secret = vault.get_key('twitter_consumer_secret') + twitter_access_token = vault.get_key('twitter_access_token') + twiter_access_token_secret = vault.get_key('twitter_access_token_secret') + + if twitter_consumer_key != None and twitter_consumer_secret != None and twitter_access_token != None and twiter_access_token_secret != None: r = requests.get("https://twitter.com/%s" % username) if r.status_code == 200: activitydetails, userdetails = twitterdetails(username) diff --git a/username/username_youtubedetails.py b/username/username_youtubedetails.py index 0dfb5d44..4e5d15ae 100644 --- a/username/username_youtubedetails.py +++ b/username/username_youtubedetails.py @@ -1,13 +1,12 @@ #!/usr/bin/env python import base -import config as cfg +import vault import httplib2 import os import sys import urllib from apiclient.discovery import build -from config import google_api from termcolor import colored @@ -133,7 +132,8 @@ def analyze_activity(service, **kwargs): def main(username): - if google_api != "XYZ" and google_api != "": + google_api = vault.get_key('google_api') + if google_api != None: API_SERVICE_NAME = "youtube" API_VERSION = "v3" max_results = 50 diff --git a/vault.py b/vault.py new file mode 100644 index 00000000..7f4534d8 --- /dev/null +++ b/vault.py @@ -0,0 +1,22 @@ +import os +from termcolor import colored +from configobj import ConfigObj + +def get_key(a): + config_path = os.path.dirname(__file__) + config_file = "%s/config.py" % config_path + if os.path.exists(config_file): + config = ConfigObj(config_file) + try: + if config[a] != '': + return config[a] + else: + msg = "[-] " + a + " not configured" + print colored(msg, 'yellow') + return None + except: + msg = "[!] " + a + " not present" + print colored(msg, 'yellow') + return None + else: + print colored("[-] Error opening config file", 'yellow')