From 57b631233bf1562cb0d6f1fa18813020025644ab Mon Sep 17 00:00:00 2001 From: Terrtia Date: Thu, 26 Jul 2018 15:31:58 +0200 Subject: [PATCH] add: [BankAccount] iban detection --- bin/BankAccount.py | 107 +++++++++++++++++++++++++++++++++ bin/LAUNCH.sh | 2 + bin/packages/config.cfg.sample | 3 + bin/packages/modules.cfg | 4 ++ 4 files changed, 116 insertions(+) create mode 100755 bin/BankAccount.py diff --git a/bin/BankAccount.py b/bin/BankAccount.py new file mode 100755 index 00000000..f2619cb6 --- /dev/null +++ b/bin/BankAccount.py @@ -0,0 +1,107 @@ +#!/usr/bin/env python3 +# -*-coding:UTF-8 -* + +""" +The ApiKey Module +====================== + +This module is consuming the Redis-list created by the Categ module. + +It apply API_key regexes on paste content and warn if above a threshold. + +""" + +import redis +import time +import re +import string + +from packages import Paste +from pubsublogger import publisher + +from Helper import Process + +import signal + +class TimeoutException(Exception): + pass + +def timeout_handler(signum, frame): + raise TimeoutException + +signal.signal(signal.SIGALRM, timeout_handler) + +LETTERS_IBAN = {ord(d): str(i) for i, d in enumerate(string.digits + string.ascii_uppercase)} + +def iban_number(iban): + return (iban[4:] + iban[:4].translate(LETTERS_IBAN)) + +def is_valid_iban(iban): + iban = iban.replace(' ', '') + iban_numb = iban_number(iban) + iban_numb_check = iban_number(iban[:2] + '00' + iban[4:]) + check_digit = '{:0>2}'.format(98 - (int(iban_numb_check) % 97)) + if check_digit == iban[2:4] and int(iban_numb) % 97 == 1: + # valid iban + print('valid iban') + print(iban) + return True + return False + +def check_all_iban(l_iban, paste, filename): + nb_valid_iban = 0 + for iban in l_iban: + print('checking '+iban) + if is_valid_iban(iban): + print('------') + nb_valid_iban = nb_valid_iban + 1 + if(nb_valid_iban > 0): + to_print = 'Iban;{};{};{};'.format(paste.p_source, paste.p_date, paste.p_name) + publisher.warning('{}Checked found {} IBAN;{}'.format( + to_print, nb_valid_iban, paste.p_path)) + msg = 'infoleak:automatic-detection="iban";{}'.format(filename) + p.populate_set_out(msg, 'Tags') + + #Send to duplicate + p.populate_set_out(filename, 'Duplicate') + +if __name__ == "__main__": + publisher.port = 6380 + publisher.channel = "Script" + + config_section = 'BankAccount' + + p = Process(config_section) + max_execution_time = p.config.getint("BankAccount", "max_execution_time") + + publisher.info("BankAccount started") + + message = p.get_from_set() + + iban_regex = re.compile(r'\b[A-Za-z]{2}[0-9]{2}(?:[ ]?[0-9]{4}){4}(?:[ ]?[0-9]{1,2})?\b') + + while True: + + message = p.get_from_set() + + if message is not None: + + filename = message + paste = Paste.Paste(filename) + content = paste.get_p_content() + + signal.alarm(max_execution_time) + try: + l_iban = iban_regex.findall(content) + except TimeoutException: + print ("{0} processing timeout".format(paste.p_path)) + continue + else: + signal.alarm(0) + + if(len(l_iban) > 0): + check_all_iban(l_iban, paste, filename) + + else: + publisher.debug("Script ApiKey is Idling 10s") + time.sleep(10) diff --git a/bin/LAUNCH.sh b/bin/LAUNCH.sh index 161660ab..998a676a 100755 --- a/bin/LAUNCH.sh +++ b/bin/LAUNCH.sh @@ -144,6 +144,8 @@ function launching_scripts { sleep 0.1 screen -S "Script_AIL" -X screen -t "CreditCards" bash -c 'cd '${AIL_BIN}'; ./CreditCards.py; read x' sleep 0.1 + screen -S "Script_AIL" -X screen -t "BankAccount" bash -c 'cd '${AIL_BIN}'; ./BankAccount.py; read x' + sleep 0.1 screen -S "Script_AIL" -X screen -t "Onion" bash -c 'cd '${AIL_BIN}'; ./Onion.py; read x' sleep 0.1 screen -S "Script_AIL" -X screen -t "Mail" bash -c 'cd '${AIL_BIN}'; ./Mail.py; read x' diff --git a/bin/packages/config.cfg.sample b/bin/packages/config.cfg.sample index 9a22e407..2ed662c1 100644 --- a/bin/packages/config.cfg.sample +++ b/bin/packages/config.cfg.sample @@ -43,6 +43,9 @@ minute_processed_paste = 10 DiffMaxLineLength = 10000 #### Modules #### +[BankAccount] +max_execution_time = 60 + [Categ] #Minimum number of match between the paste and the category file matchingThreshold=1 diff --git a/bin/packages/modules.cfg b/bin/packages/modules.cfg index f50aa263..452850f7 100644 --- a/bin/packages/modules.cfg +++ b/bin/packages/modules.cfg @@ -51,6 +51,10 @@ publish = Redis_CreditCards,Redis_Mail,Redis_Onion,Redis_Web,Redis_Credential,Re subscribe = Redis_CreditCards publish = Redis_Duplicate,Redis_ModuleStats,Redis_alertHandler,Redis_Tags +[BankAccount] +subscribe = Redis_Global +publish = Redis_Duplicate,Redis_Tags + [Mail] subscribe = Redis_Mail publish = Redis_Duplicate,Redis_ModuleStats,Redis_alertHandler,Redis_Tags