This repository was archived by the owner on Apr 22, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathwatch.py
More file actions
executable file
·84 lines (69 loc) · 2.75 KB
/
watch.py
File metadata and controls
executable file
·84 lines (69 loc) · 2.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/usr/bin/env python
import ConfigParser
import datetime
import urllib, json
import sqlite3
import sys
from email.mime.text import MIMEText
from subprocess import Popen, PIPE
config = ConfigParser.RawConfigParser()
cfgfile = sys.argv[1]
config.read(cfgfile)
dir = config.get('Global', 'dir')
apikey = config.get('Global', 'apikey')
fromaddr = config.get('Global', 'fromaddr')
domain = sys.argv[2]
mailto = sys.argv[3]
#Create directories if they dont exist
if not os.path.exists(dir+'/dbs'):
os.makedirs(dir+'/dbs')
if not os.path.exists(dir+'/logs'):
os.makedirs(dir+'/logs')
#connect to DB - create one if it does not exist
conn = sqlite3.connect(dir+'/dbs/cmddb-'+domain+'.db')
c = conn.cursor()
# Create table if not exists
c.execute('''CREATE TABLE if not exists creds
(username text, password text, userbase text, dump_date text)''')
conn.commit()
#reset the variables
msgstring=""
newcounter=0
counter=0
#retrieve the dumps from Ryans dump service
url="https://checkmydump.miscreantpunchers.net/api/domain/"+domain+"?key="+apikey
response = urllib.urlopen(url)
data = json.loads(response.read())
#go through the results(rows) and work out what is new
try:
for row in data['rows']:
#try to find if we have seen this entry before
try:
c.execute("SELECT * FROM creds where username=? and password=? and userbase=? and dump_date=?", (row['username'], row['password'], row['source'], row['date']))
conn.commit()
counter+=1
#if we didnt find this entry in the database, enter it and build a string for the email notification
if len(c.fetchall()) == 0:
c.execute("INSERT into creds (username, password, userbase, dump_date) VALUES (?,?,?,?)", (row['username'], row['password'], row['source'], row['date']))
conn.commit()
newstring = "DUMP DATE:"+row['date']+", USERBASE: "+row['source']+", USER: "+row['username']+", PASSWORD: "+row['password']+"\r\n"
msgstring += newstring
newcounter+=1
except:
continue
except:
error=1
#email the new results
if newcounter > 0:
msg = MIMEText("Check OSINT machine /checkmydump/logs for raw output \r\n"+msgstring)
msg["From"] = fromaddr
msg["To"] = mailto
msg["Subject"] = "CMD New Credentials for "+domain
p = Popen(["/usr/sbin/sendmail", "-t", "-oi"], stdin=PIPE)
p.communicate(msg.as_string())
with open(dir+"/logs/cmd-"+domain+".log", "a+") as logfile:
logfile.write(msg.as_string())
with open(dir+"/logs/cmd-"+domain+".log", "a+") as logfile:
logfile.write(str(datetime.datetime.now().strftime("%Y-%m-%d %H:%M"))+" CheckMyDump - "+str(counter)+" entries found for "+domain+", "+str(newcounter)+" new\n\r")
#print(str(datetime.datetime.now().strftime("%Y-%m-%d %H:%M"))+" CheckMyDump - "+str(counter)+" entries found for "+domain+", "+str(newcounter)+" new")
conn.close()