forked from MISP/misp-modules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
socialscan.py
101 lines (85 loc) · 2.66 KB
/
socialscan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
import json
from socialscan.platforms import Platforms
from socialscan.util import sync_execute_queries
moduleinfo = {
'version': '1',
'author': 'Christian Studer',
'description': 'Module to query several online platforms to look for existing accounts.',
'module-type': ['hover']
}
mispattributes = {
'input': [
'github-username',
'target-user',
'email',
'email-src',
'email-dst',
'target-email',
'whois-registrant-email'
],
'output': ['text']
}
moduleconfig = []
_PLATFORMS = [
Platforms.INSTAGRAM,
Platforms.TWITTER,
Platforms.GITHUB,
Platforms.TUMBLR,
Platforms.LASTFM
]
_EMAIL_PLATFORMS = [
Platforms.PINTEREST,
Platforms.SPOTIFY,
Platforms.FIREFOX
]
_EMAIL_PLATFORMS.extend(_PLATFORMS)
_USERNAME_PLATFORMS = [
Platforms.SNAPCHAT,
Platforms.GITLAB,
Platforms.REDDIT,
Platforms.YAHOO
]
_USERNAME_PLATFORMS.extend(_PLATFORMS)
def parse_results(query_results, feature):
results = []
for result in query_results:
if not result.success:
results.append(f'Unable to retrieve the {feature} on {result.platform}.')
continue
if not result.valid:
results.append(f'Invalid response from {result.platform}, or invalid {feature}.')
continue
statement = 'No account' if result.available else 'There is an account'
results.append(f'{statement} linked to the {feature} on {result.platform}.')
to_return = [
{
'types': mispattributes['output'],
'values': result
} for result in results
]
return {'results': to_return}
def parse_email(email):
results = sync_execute_queries([email], platforms=_EMAIL_PLATFORMS)
return parse_results(results, 'email address')
def parse_username(username, platforms=_USERNAME_PLATFORMS):
results = sync_execute_queries([username], platforms=platforms)
return parse_results(results, 'username')
def parse_github_username(username):
return parse_username(username, platforms=[Platforms.GITHUB])
def handler(q=False):
if q is False:
return False
request = json.loads(q)
if request.get('github-username'):
return parse_github_username(request['github-username'])
if request.get('target-user'):
return parse_username(request['target-user'])
for attribute_type in mispattributes['input'][2:]:
if request.get(attribute_type):
return parse_email(request[attribute_type])
return {'error': 'Unsupported attributes type'}
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo