Merge pull request #113 from khast3x/2.5.5

2.5.5

Author: khast3x

.gitignore

@@ -112,3 +112,4 @@ keysbackup.ini
 .vscode/launch.json
 file1.bin
 *.txt
+test.json

README.md

@@ -4,7 +4,7 @@
 
 [![platforms](https://img.shields.io/badge/platforms-Windows%20%7C%20Linux%20%7C%20OSX-success.svg)](https://pypi.org/project/h8mail/) [![PyPI version](https://badge.fury.io/py/h8mail.svg)](https://badge.fury.io/py/h8mail)
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/h8mail.svg)](https://pypi.org/project/h8mail/) [![Downloads](https://pepy.tech/badge/h8mail)](https://pepy.tech/project/h8mail)    [![travis](https://img.shields.io/travis/khast3x/h8mail.svg)](https://travis-ci.org/khast3x/h8mail)   
-[![Docker Pulls](https://img.shields.io/docker/pulls/kh4st3x00/h8mail.svg)](https://hub.docker.com/r/kh4st3x00/h8mail) [![MicroBadger Size (tag)](https://img.shields.io/microbadger/image-size/kh4st3x00/h8mail.svg?color=ok)](https://hub.docker.com/r/kh4st3x00/h8mail/builds)  
+[![Docker Pulls](https://img.shields.io/docker/pulls/kh4st3x00/h8mail.svg)](https://hub.docker.com/r/kh4st3x00/h8mail)    
 **h8mail** is an email OSINT and breach hunting tool using [different breach and reconnaissance services](#apis), or local breaches such as Troy Hunt's "Collection1" and the infamous "Breach Compilation" torrent.  
 
 ----
@@ -60,7 +60,6 @@
 
 
 ####  APIs
-
 | Service | Functions | Status |
 |-|-|-|
 | [HaveIBeenPwned(v3)](https://haveibeenpwned.com/) | Number of email breaches | :white_check_mark: :key: |
@@ -71,9 +70,10 @@
 | [Leak-Lookup](https://leak-lookup.com/) - Public | Number of search-able breach results | :white_check_mark: (:key:) |
 | [Leak-Lookup](https://leak-lookup.com/) - Service | Cleartext passwords, hashs and salts, usernames, IPs, domain | :white_check_mark: :key: |
 | [Emailrep.io](https://emailrep.io/) - Service (free) | Last seen in breaches, social media profiles | :white_check_mark: :key: |
-| [Scylla.sh](https://scylla.sh/) - Service (free) | Cleartext passwords, hashs and salts, usernames, IPs, domain | :white_check_mark: |
+| [scylla.so](https://scylla.so/) - Service (free) | Cleartext passwords, hashs and salts, usernames, IPs, domain | :white_check_mark: |
 | [Dehashed.com](https://dehashed.com/) - Service | Cleartext passwords, hashs and salts, usernames, IPs, domain | :white_check_mark: :key: |
-| :new: [IntelX.io](https://intelx.io/signup) - Service (free trial) | Cleartext passwords, hashs and salts, usernames, IPs, domain, Bitcoin Wallets, IBAN | :white_check_mark: :key: |
+| [IntelX.io](https://intelx.io/signup) - Service (free trial) | Cleartext passwords, hashs and salts, usernames, IPs, domain, Bitcoin Wallets, IBAN | :white_check_mark: :key: |
+| :new: [Breachdirectory.tk](Breachdirectory.tk) - Service (free) | Cleartext passwords, hashs and salts, usernames, domain | :white_check_mark: :key: |
 
 *:key: - API key required*  
 
@@ -222,7 +222,7 @@ $ h8mail -u "https://pastebin.com/raw/kQ6WNKqY" "list_of_urls.txt"
 * h8mail's Pypi integration is strongly based on the work of audreyr's [CookieCutter PyPackage](https://github.com/audreyr/cookiecutter-pypackage)
 * Logo generated using Hatchful by Shopify
 * [Jake Creps](https://twitter.com/jakecreps) for his [h8mail v2 introduction](https://jakecreps.com/2019/06/21/h8mail/)  
-* [Alejandro Caceres](https://twitter.com/_hyp3ri0n) for making scylla.sh available. Be sure to [support](https://www.buymeacoffee.com/Eiw47ImnT) him if you can
+* [Alejandro Caceres](https://twitter.com/_hyp3ri0n) for making scylla.so available. Be sure to [support](https://www.buymeacoffee.com/Eiw47ImnT) him if you can
 * [IntelX](https://intelx.io) for being developer friendly
 
 :purple_heart: **h8mail can be found in:**

h8mail/utils/classes.py

@@ -254,19 +254,23 @@ def get_intelx(self, api_keys):
                     )
                 # print(contents) # Contains search data
             for file in intel_files:
-                if self.debug:
-                    c.info_news(
-                        "["
-                        + self.target
-                        + f"]>[intelx.io] [DEBUG] Keeping {file}"
-                    )
-                else:
-                    c.info_news(
-                        "["
-                        + self.target
-                        + f"]>[intelx.io] Removing {file}"
-                    )
-                    remove(file)
+                try:
+                    if self.debug:
+                        c.info_news(
+                            "["
+                            + self.target
+                            + f"]>[intelx.io] [DEBUG] Keeping {file}"
+                        )
+                    else:
+                        c.info_news(
+                            "["
+                            + self.target
+                            + f"]>[intelx.io] Removing {file}"
+                        )
+                        remove(file)
+                except Exception as ex:
+                    c.bad_news("intelx.io cleanup error: " + self.target)
+                    print(ex)
 
         except Exception as ex:
             c.bad_news("intelx.io error: " + self.target)
@@ -366,22 +370,22 @@ def get_emailrepio(self, api_key=""):
 
     def get_scylla(self, user_query="email"):
         try:
-            c.info_news("[" + self.target + "]>[scylla.sh]")
+            c.info_news("[" + self.target + "]>[scylla.so]")
             sleep(0.5)
             self.headers.update({"Accept": "application/json"})
             if user_query == "email":
-                uri_scylla = 'Email: "' + self.target + '"'
+                uri_scylla = 'email: "' + self.target + '"'
             elif user_query == "password":
-                uri_scylla = 'Password: "' + self.target + '"'
+                uri_scylla = 'password: "' + self.target + '"'
             elif user_query == "username":
-                uri_scylla = 'User: "' + self.target + '"'
+                uri_scylla = 'name: "' + self.target + '"'
             elif user_query == "ip":
-                uri_scylla = 'IP: "' + self.target + '"'
+                uri_scylla = 'ip: "' + self.target + '"'
             elif user_query == "hash":
-                uri_scylla = 'Hash: "' + self.target + '"'
+                uri_scylla = 'passhash: "' + self.target + '"'
             elif user_query == "domain":
-                uri_scylla = 'Email: "*@' + self.target + '"'
-            url = "https://scylla.sh/search?q={}".format(
+                uri_scylla = 'email: "*@' + self.target + '"'
+            url = "https://scylla.so/search?q={}".format(
                 requests.utils.requote_uri(uri_scylla)
             )
 
@@ -394,7 +398,7 @@ def get_scylla(self, user_query="email"):
             self.headers.popitem()
 
             if response.status_code not in [200, 404]:
-                c.bad_news("Could not contact scylla.sh for " + self.target)
+                c.bad_news("Could not contact scylla.so for " + self.target)
                 print(response.status_code)
                 print(response)
                 return
@@ -405,13 +409,13 @@ def get_scylla(self, user_query="email"):
                     if k is not None:
                         total += 1
             c.good_news(
-                "Found {num} entries for {target} using scylla.sh ".format(
+                "Found {num} entries for {target} using scylla.so ".format(
                     num=total, target=self.target
                 )
             )
             for d in data:
                 for field, k in d["fields"].items():
-                    if "user" in field and k is not None:
+                    if "name" in field and k is not None:
                         self.data.append(("SCYLLA_USERNAME", k))
                         self.pwned += 1
                     elif (
@@ -435,7 +439,7 @@ def get_scylla(self, user_query="email"):
                         self.data.append(("SCYLLA_SOURCE", k))
                         self.pwned += 1
         except Exception as ex:
-            c.bad_news("scylla.sh error: " + self.target)
+            c.bad_news("scylla.so error: " + self.target)
             print(ex)
 
     def get_hunterio_public(self):
@@ -821,3 +825,61 @@ def get_dehashed(self, api_email, api_key, user_query):
         except Exception as ex:
             c.bad_news(f"Dehashed error with {self.target}")
             print(ex)
+    
+    def get_breachdirectory(self, user, passw, user_query):
+        # Todo: implement password source search when email has answer
+        c.info_news("[" + self.target + "]>[breachdirectory.tk]")
+        if user_query not in ["email", "username", "password", "domain"]:
+            c.bad_news("Breachdirectory does not support this option")
+            exit(1)
+        mode = "pastes"
+        url = "https://breachdirectory.tk/api/index?username={user}&password={passw}&func={mode}&term={target}".format(user=user, passw=passw, mode=mode, target=self.target)
+        try:
+            req = self.make_request(
+                    url, timeout=60
+                )
+            if req.status_code == 200:
+                    response = req.json()
+                    if response["data"] is not None:
+                        for result in response["data"]:
+                            if "email" in result and "email" not in user_query:
+                                self.data.append(("BREACHDR_EMAIL", result["email"]))
+                            if "password" in result:
+                                self.data.append(("BREACHDR_PASS", result["password"]))
+                            if "hash" in result:
+                                self.data.append(("BREACHDR_HASH", result["hash"]))
+                            if "source" in result:
+                                self.data.append(("BREACHDR_SOURCE", result["source"]))
+                                self.pwned += 1
+                    # Follow up with an aggregated leak sources query
+                    url_src = "https://breachdirectory.tk/api/index?username={user}&password={passw}&func={mode}&term={target}".format(user=user, passw=passw, mode="sources", target=self.target)
+                    req = self.make_request(
+                        url_src, timeout=60
+                    )
+                    if req.status_code == 200:
+                        response = req.json()
+                        if response["sources"] is not None:
+                            for result in response["sources"]:
+                                self.data.append(("BREACHDR_EXTSRC", result))
+                    ## If using the 'auto' mode instead of pastes
+                    #     c.good_news(
+                    #         "Found {num} entries for {target} using breachdirectory.tk".format(
+                    #             num=str(response["found"]), target=self.target
+                    #         )
+                    #     )
+
+                    # for result in response["result"]:
+                    #     if result["has_password"] is True:
+                    #         self.data.append(("BREACHDR_PASS", result["password"]))
+                    #         self.data.append(("BREACHDR_MD5", result["md5"]))
+                    #         if result["sources"] == "Unverified":
+                    #             source = result["sources"]
+                    #         elif len(result["sources"]) > 1:
+                    #             source = ", ".join(result["sources"])
+                    #         else:
+                    #             source = result["sources"][0]
+                    #         self.data.append(("BREACHDR_SOURCE", source))
+                    #         self.pwned += 1
+        except Exception as ex:
+            c.bad_news(f"Breachdirectory error with {self.target}")
+            print(ex)

h8mail/utils/gen_config.py

@@ -22,6 +22,8 @@ def gen_config_file():
 ;dehashed_key =
 ;intelx_key =
 ;intelx_maxfile = 10
+;breachdirectory_user = 
+;breachdirectory_pass =
 """
         dest_config.write(config)
         c.good_news(

h8mail/utils/helpers.py

@@ -70,8 +70,8 @@ def print_banner(b_type="intro"):
     elif "version" in b_type:
         print(
             "\t",
-            c.fg.pink,
-            "Version " + __version__ + ' - "ROCKSMASSON.4" ',
+            c.fg.cyan,
+            "Version " + __version__ + ' - "ROCKSMASSON.5" ',
             c.reset,
         )
 
@@ -190,19 +190,19 @@ def check_latest_version():
         c.bad_news("Could not check for updates. Is Github blocking requests?")
 def check_scylla_online():
     """
-    Checks if scylla.sh is online
+    Checks if scylla.so is online
     """
     # Supress SSL Warning on UI
     # https://github.com/khast3x/h8mail/issues/64
     try:
         re = requests.head(
-            url="https://scylla.sh", verify=False, auth=requests.auth.HTTPBasicAuth("sammy", "BasicPassword!"), timeout=10,
+            url="https://scylla.so", verify=False, auth=requests.auth.HTTPBasicAuth("sammy", "BasicPassword!"), timeout=10,
         )
         if re.status_code == 200:
-            c.good_news("scylla.sh is up")
+            c.good_news("scylla.so is up")
             return True
         else:
-            c.info_news("scylla.sh is down, skipping")
+            c.info_news("scylla.so is down, skipping")
         return False
     except Exception:
-        c.info_news("scylla.sh is down, skipping")
+        c.info_news("scylla.so is down, skipping")

h8mail/utils/intelx.py

@@ -492,8 +492,8 @@ def search(self, term, maxresults=100, buckets=[], timeout=5, datefrom="", datet
 		done = False
 		search_id = self.INTEL_SEARCH(term, maxresults, buckets, timeout, datefrom, dateto, sort, media, terminate)
 		if(len(str(search_id)) <= 3):
-			 print(f"[!] intelx.INTEL_SEARCH() Received {self.get_error(search_id)}")
-			 sys.exit()
+			print(f"[!] intelx.INTEL_SEARCH() Received {self.get_error(search_id)}")
+			sys.exit()
 		while done == False:
 			time.sleep(1) # lets give the backend a chance to aggregate our data
 			r = self.query_results(search_id, maxresults)
@@ -515,8 +515,8 @@ def phonebooksearch(self, term, maxresults=1000, buckets=[], timeout=5, datefrom
 		done = False
 		search_id = self.PHONEBOOK_SEARCH(term, maxresults, buckets, timeout, datefrom, dateto, sort, media, terminate, target)
 		if(len(str(search_id)) <= 3):
-			 print(f"[!] intelx.PHONEBOOK_SEARCH() Received {self.get_error(search_id)}")
-			 sys.exit()
+			print(f"[!] intelx.PHONEBOOK_SEARCH() Received {self.get_error(search_id)}")
+			sys.exit()
 		while done == False:
 			time.sleep(1) # lets give the backend a chance to aggregate our data
 			r = self.query_pb_results(search_id, maxresults)

h8mail/utils/intelx_helpers.py

@@ -19,11 +19,17 @@ def intelx_getsearch(target, intelx, maxfile):
             creds=cap["paths"]["/intelligent/search"]["Credit"]
         )
     )
+    available_buckets = []
+    desired_buckets=["leaks.public", "leaks.private", "pastes", "darknet"],
+    for b in cap["buckets"]:
+        if any(b in d for d in desired_buckets):
+            available_buckets.append(b)
+    c.info_news("[" + target + "]>[intelx.io] Available buckets for h8mail:")
+    print(available_buckets)
     c.info_news("[" + target + "]>[intelx.io] Search in progress (max results : "+ str(maxfile) + ")")
     search = intelx.search(
         target,
-        buckets=["leaks.public", "leaks.private", "pastes", "darknet.tor"],
-        # buckets=[],
+        buckets=available_buckets,
         maxresults=maxfile,
         media=24,
     )

h8mail/utils/print_json.py

@@ -0,0 +1,34 @@
+# -*- coding: utf-8 -*-
+from .colors import colors as c
+import json
+
+def generate_source_arrays(pwned_data):
+    data_array = []
+    no_src = 0 # To check for data with no explicit source
+    temp_array = []
+    for i in range(len(pwned_data)):
+        if len(pwned_data[i]) == 2:
+            temp_array.append(pwned_data[i][0] + ":" + pwned_data[i][1])
+            no_src += 1
+            if "SOURCE" in pwned_data[i][0]:
+                data_array.append(temp_array)
+                temp_array = []
+                no_src = 0
+    if no_src > 0:
+        data_array.append(temp_array)
+    return data_array
+
+
+
+def save_results_json(dest_json, target_obj_list):
+    data = {}
+    data['targets'] = []
+    for t in target_obj_list:
+        current_target = {}
+        current_target["target"] = t.target
+        current_target["pwn_num"] = t.pwned
+        current_target["data"] = generate_source_arrays(t.data)
+        data['targets'].append(current_target)
+    
+    with open(dest_json, 'w') as outfile:
+        json.dump(data, outfile)

h8mail/utils/print_results.py

@@ -55,4 +55,6 @@ def print_results(results, hide=False):
                     c.print_result(t.target, t.data[i][1], t.data[i][0])
                 if "INTELX" in t.data[i][0]:
                     c.print_result(t.target, t.data[i][1], t.data[i][0])
+                if "BREACHDR" in t.data[i][0]:
+                    c.print_result(t.target, t.data[i][1], t.data[i][0])