Moved several module methods into mixins and utility modules.

Author: lanmaster53

recon/core/module.py

@@ -1,18 +1,11 @@
-import hashlib
-import hmac
 import html.parser
 import http.cookiejar
 import io
 import os
 import re
-import socket
 import sqlite3
-import struct
 import sys
 import textwrap
-import time
-import urllib.parse
-import webbrowser
 import yaml
 # framework libs
 from recon.core import framework
@@ -117,29 +110,6 @@ def cidr_to_list(self, string):
         import ipaddress
         return [str(ip) for ip in ipaddress.ip_network(string)]
 
-    def parse_name(self, name):
-        elements = [self.html_unescape(x) for x in name.strip().split()]
-        # remove prefixes and suffixes
-        names = []
-        for i in range(0,len(elements)):
-            # preserve initials
-            if re.search(r'^\w\.$', elements[i]):
-                elements[i] = elements[i][:-1]
-            # remove unecessary prefixes and suffixes
-            elif re.search(r'(?:\.|^the$|^jr$|^sr$|^I{2,3}$)', elements[i], re.IGNORECASE):
-                continue
-            names.append(elements[i])
-        # make sense of the remaining elements
-        if len(names) > 3:
-            names[2:] = [' '.join(names[2:])]
-        # clean up any remaining garbage characters
-        names = [re.sub(r"[,']", '', x) for x in names]
-        # set values and return names
-        fname = names[0] if len(names) >= 1 else None
-        mname = names[1] if len(names) >= 3 else None
-        lname = names[-1] if len(names) >= 2 else None
-        return fname, mname, lname
-
     def hosts_to_domains(self, hosts, exclusions=[]):
         domains = []
         for host in hosts:
@@ -184,244 +154,6 @@ def _get_source(self, params, query=None):
             raise framework.FrameworkException('Source contains no input.')
         return sources
 
-    #==================================================
-    # 3RD PARTY API METHODS
-    #==================================================
-
-    def get_explicit_oauth_token(self, resource, scope, authorize_url, access_url):
-        token_name = resource+'_token'
-        token = self.get_key(token_name)
-        if token:
-            return token
-        client_id = self.get_key(resource+'_api')
-        client_secret = self.get_key(resource+'_secret')
-        port = 31337
-        redirect_uri = f"http://localhost:{port}"
-        payload = {'response_type': 'code', 'client_id': client_id, 'scope': scope, 'state': self.get_random_str(40), 'redirect_uri': redirect_uri}
-        authorize_url = f"{authorize_url}?{urllib.parse.urlencode(payload)}"
-        w = webbrowser.get()
-        w.open(authorize_url)
-        # open a socket to receive the access token callback
-        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        sock.bind(('127.0.0.1', port))
-        sock.listen(1)
-        conn, addr = sock.accept()
-        data = conn.recv(1024)
-        conn.sendall('HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n<html><head><title>Recon-ng</title></head><body>Response received. Return to Recon-ng.</body></html>')
-        conn.close()
-        # process the received data
-        if 'error_description' in data:
-            self.error(urllib.parse.unquote_plus(re.search(r'error_description=([^\s&]*)', data).group(1)))
-            return None
-        authorization_code = re.search(r'code=([^\s&]*)', data).group(1)
-        payload = {'grant_type': 'authorization_code', 'code': authorization_code, 'redirect_uri': redirect_uri, 'client_id': client_id, 'client_secret': client_secret}
-        resp = self.request('POST', access_url, data=payload)
-        if 'error' in resp.json():
-            self.error(resp.json()['error_description'])
-            return None
-        access_token = resp.json()['access_token']
-        self.add_key(token_name, access_token)
-        return access_token
-
-    def get_twitter_oauth_token(self):
-        token_name = 'twitter_token'
-        token = self.get_key(token_name)
-        if token:
-            return token
-        twitter_key = self.get_key('twitter_api')
-        twitter_secret = self.get_key('twitter_secret')
-        url = 'https://api.twitter.com/oauth2/token'
-        auth = (twitter_key, twitter_secret)
-        headers = {'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8'}
-        payload = {'grant_type': 'client_credentials'}
-        resp = self.request('POST', url, auth=auth, headers=headers, data=payload)
-        if 'errors' in resp.json():
-            raise framework.FrameworkException(f"{resp.json()['errors'][0]['message']}, {resp.json()['errors'][0]['label']}")
-        access_token = resp.json()['access_token']
-        self.add_key(token_name, access_token)
-        return access_token
-
-    def build_pwnedlist_payload(self, payload, method, key, secret):
-        timestamp = int(time.time())
-        payload['ts'] = timestamp
-        payload['key'] = key
-        msg = f"{key}{timestamp}{method}{secret}"
-        encoding = sys.getdefaultencoding()
-        hm = hmac.new(bytes(secret, encoding), bytes(msg, encoding), hashlib.sha1)
-        payload['hmac'] = hm.hexdigest()
-        return payload
-
-    def get_pwnedlist_leak(self, leak_id):
-        # check if the leak has already been retrieved
-        leak = self.query('SELECT * FROM leaks WHERE leak_id=?', (leak_id,))
-        if leak:
-            leak = dict(zip([x[0] for x in self.get_columns('leaks')], leak[0]))
-            del leak['module']
-            return leak
-        # set up the API call
-        key = self.get_key('pwnedlist_api')
-        secret = self.get_key('pwnedlist_secret')
-        url = 'https://api.pwnedlist.com/api/1/leaks/info'
-        base_payload = {'leakId': leak_id}
-        payload = self.build_pwnedlist_payload(base_payload, 'leaks.info', key, secret)
-        # make the request
-        resp = self.request('GET', url, params=payload)
-        if resp.status_code != 200:
-            self.error(f"Error retrieving leak data.{os.linesep}{resp.text}")
-            return
-        leak = resp.json()['leaks'][0]
-        # normalize the leak for storage
-        normalized_leak = {}
-        for item in leak:
-            value = leak[item]
-            if type(value) == list:
-                value = ', '.join(value)
-            normalized_leak[item] = value
-        return normalized_leak
-
-    def search_twitter_api(self, payload, limit=False):
-        headers = {'Authorization': f"Bearer {self.get_twitter_oauth_token()}"}
-        url = 'https://api.twitter.com/1.1/search/tweets.json'
-        results = []
-        while True:
-            resp = self.request('GET', url, params=payload, headers=headers)
-            if limit:
-                # app auth rate limit for search/tweets is 450/15min
-                time.sleep(2)
-            jsonobj = resp.json()
-            for item in ['error', 'errors']:
-                if item in jsonobj:
-                    raise framework.FrameworkException(jsonobj[item])
-            results += jsonobj['statuses']
-            if 'next_results' in jsonobj['search_metadata']:
-                max_id = urllib.parse.parse_qs(jsonobj['search_metadata']['next_results'][1:])['max_id'][0]
-                payload['max_id'] = max_id
-                continue
-            break
-        return results
-
-    def search_shodan_api(self, query, limit=0):
-        api_key = self.get_key('shodan_api')
-        url = 'https://api.shodan.io/shodan/host/search'
-        payload = {'query': query, 'key': api_key}
-        results = []
-        cnt = 0
-        page = 1
-        self.verbose(f"Searching Shodan API for: {query}")
-        while True:
-            time.sleep(1)
-            resp = self.request('GET', url, params=payload)
-            if resp.json() == None:
-                raise framework.FrameworkException(f"Invalid JSON response.{os.linesep}{resp.text}")
-            if 'error' in resp.json():
-                raise framework.FrameworkException(resp.json()['error'])
-            if not resp.json()['matches']:
-                break
-            # add new results
-            results.extend(resp.json()['matches'])
-            # increment and check the limit
-            cnt += 1
-            if limit == cnt:
-                break
-            # next page
-            page += 1
-            payload['page'] = page
-        return results
-
-    def search_bing_api(self, query, limit=0):
-        url = 'https://api.cognitive.microsoft.com/bing/v7.0/search'
-        payload = {'q': query, 'count': 50, 'offset': 0, 'responseFilter': 'WebPages'}
-        headers = {'Ocp-Apim-Subscription-Key': self.get_key('bing_api')}
-        results = []
-        cnt = 0
-        self.verbose(f"Searching Bing API for: {query}")
-        while True:
-            resp = self.request('GET', url, params=payload, headers=headers)
-            if resp.json() == None:
-                raise framework.FrameworkException(f"Invalid JSON response.{os.linesep}{resp.text}")
-            #elif 'error' in resp.json():
-            elif resp.status_code == 401:
-                raise framework.FrameworkException(f"{resp.json()['statusCode']}: {resp.json()['message']}")
-            # add new results, or if there's no more, return what we have...
-            if 'webPages' in resp.json():
-                results.extend(resp.json()['webPages']['value'])
-            else:
-                return results
-            # increment and check the limit
-            cnt += 1
-            if limit == cnt:
-                break
-            # check for more pages
-            # https://msdn.microsoft.com/en-us/library/dn760787.aspx
-            if payload['offset'] > (resp.json()['webPages']['totalEstimatedMatches'] - payload['count']):
-                break
-            # set the payload for the next request
-            payload['offset'] += payload['count']
-        return results
-
-    def search_google_api(self, query, limit=0):
-        api_key = self.get_key('google_api')
-        cse_id = self.get_key('google_cse')
-        url = 'https://www.googleapis.com/customsearch/v1'
-        payload = {'alt': 'json', 'prettyPrint': 'false', 'key': api_key, 'cx': cse_id, 'q': query}
-        results = []
-        cnt = 0
-        self.verbose(f"Searching Google API for: {query}")
-        while True:
-            resp = self.request('GET', url, params=payload)
-            if resp.json() == None:
-                raise framework.FrameworkException(f"Invalid JSON response.{os.linesep}{resp.text}")
-            # add new results
-            if 'items' in resp.json():
-                results.extend(resp.json()['items'])
-            # increment and check the limit
-            cnt += 1
-            if limit == cnt:
-                break
-            # check for more pages
-            if not 'nextPage' in resp.json()['queries']:
-                break
-            payload['start'] = resp.json()['queries']['nextPage'][0]['startIndex']
-        return results
-
-    def search_github_api(self, query):
-        self.verbose(f"Searching Github for: {query}")
-        results = self.query_github_api(endpoint='/search/code', payload={'q': query})
-        # reduce the nested lists of search results and return
-        results = [result['items'] for result in results]
-        return [x for sublist in results for x in sublist]
-
-    def query_github_api(self, endpoint, payload={}, options={}):
-        opts = {'max_pages': None}
-        opts.update(options)
-        headers = {'Authorization': f"token {self.get_key('github_api')}"}
-        base_url = 'https://api.github.com'
-        url = base_url + endpoint
-        results = []
-        page = 1
-        while True:
-            # Github rate limit is 30 requests per minute
-            time.sleep(2) # 60s / 30r = 2s/r
-            payload['page'] = page
-            resp = self.request('GET', url, headers=headers, params=payload)
-            # check for errors
-            if resp.status_code != 200:
-                # skip 404s returned for no results
-                if resp.status_code != 404:
-                    self.error(f"Message from Github: {resp.json()['message']}")
-                break
-            # some APIs return lists, and others a single dictionary
-            method = 'extend'
-            if type(resp.json()) == dict:
-                method = 'append'
-            getattr(results, method)(resp.json())
-            # paginate
-            if 'link' in resp.headers and 'rel="next"' in resp.headers['link'] and (opts['max_pages'] is None or page < opts['max_pages']):
-                page += 1
-                continue
-            break
-        return results
-
     #==================================================
     # REQUEST METHODS
     #==================================================

recon/mixins/github.py

@@ -0,0 +1,42 @@
+import time
+
+
+class GithubMixin(object):
+
+    def query_github_api(self, endpoint, payload={}, options={}):
+        opts = {'max_pages': None}
+        opts.update(options)
+        headers = {'Authorization': f"token {self.get_key('github_api')}"}
+        base_url = 'https://api.github.com'
+        url = base_url + endpoint
+        results = []
+        page = 1
+        while True:
+            # Github rate limit is 30 requests per minute
+            time.sleep(2) # 60s / 30r = 2s/r
+            payload['page'] = page
+            resp = self.request('GET', url, headers=headers, params=payload)
+            # check for errors
+            if resp.status_code != 200:
+                # skip 404s returned for no results
+                if resp.status_code != 404:
+                    self.error(f"Message from Github: {resp.json()['message']}")
+                break
+            # some APIs return lists, and others a single dictionary
+            method = 'extend'
+            if type(resp.json()) == dict:
+                method = 'append'
+            getattr(results, method)(resp.json())
+            # paginate
+            if 'link' in resp.headers and 'rel="next"' in resp.headers['link'] and (opts['max_pages'] is None or page < opts['max_pages']):
+                page += 1
+                continue
+            break
+        return results
+
+    def search_github_api(self, query):
+        self.verbose(f"Searching Github for: {query}")
+        results = self.query_github_api(endpoint='/search/code', payload={'q': query})
+        # reduce the nested lists of search results and return
+        results = [result['items'] for result in results]
+        return [x for sublist in results for x in sublist]

recon/mixins/oauth.py

@@ -0,0 +1,41 @@
+import re
+import socket
+import urllib.parse
+import webbrowser
+
+class ExplicitOauthMixin(object):
+
+    def get_explicit_oauth_token(self, resource, scope, authorize_url, access_url):
+        token_name = resource+'_token'
+        token = self.get_key(token_name)
+        if token:
+            return token
+        client_id = self.get_key(resource+'_api')
+        client_secret = self.get_key(resource+'_secret')
+        port = 31337
+        redirect_uri = f"http://localhost:{port}"
+        payload = {'response_type': 'code', 'client_id': client_id, 'scope': scope, 'state': self.get_random_str(40), 'redirect_uri': redirect_uri}
+        authorize_url = f"{authorize_url}?{urllib.parse.urlencode(payload)}"
+        w = webbrowser.get()
+        w.open(authorize_url)
+        # open a socket to receive the access token callback
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.bind(('127.0.0.1', port))
+        sock.listen(1)
+        conn, addr = sock.accept()
+        data = conn.recv(1024)
+        conn.sendall('HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n<html><head><title>Recon-ng</title></head><body>Response received. Return to Recon-ng.</body></html>')
+        conn.close()
+        # process the received data
+        if 'error_description' in data:
+            self.error(urllib.parse.unquote_plus(re.search(r'error_description=([^\s&]*)', data).group(1)))
+            return None
+        authorization_code = re.search(r'code=([^\s&]*)', data).group(1)
+        payload = {'grant_type': 'authorization_code', 'code': authorization_code, 'redirect_uri': redirect_uri, 'client_id': client_id, 'client_secret': client_secret}
+        resp = self.request('POST', access_url, data=payload)
+        if 'error' in resp.json():
+            self.error(resp.json()['error_description'])
+            return None
+        access_token = resp.json()['access_token']
+        self.add_key(token_name, access_token)
+        return access_token