Skip to content
scanning steam profiles to identify bot/malicious accounts
Python Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
gae
.gitattributes
.gitignore
README.md
database_setup.py
requirements.txt
steam_scanner.py

README.md

steam_scanner

python2/3 compatible

demo

wtfender.com/steam-scanner

setup

register for api keys

# set environment variables
export MYSQL_USER="user"
export MYSQL_PASS="password"
export MYSQL_HOST="host"
export MYSQL_DB="database_name"
export MYSQL_CERT="ssl_cert"
export MYSQL_KEY="ssl_key"
export MYSQL_CA="ssl_ca"
export STEAM_API_KEY="api_key"
export GOOGLE_API_KEY="api_key"

# clone project
git clone https://github.com/WTFender/steam_scanner.git && cd steam_scanner

# install requirements
pip install -r requirements.txt

# setup database
python database_setup.py
> Database tables created.

scan

# run one scan
python steam_scanner.py
> 2019-04-06 14:31:42.309805: Scanned 1 profiles with 2 links containing 2 threats.

{
    "...snip...": 1,
    "links": [
        {
            "is_threat": 1,
            "threatType": "MALWARE",
            "url": "https://testsafebrowsing.appspot.com/s/malware.html"
        },
        {
            "is_threat": 1,
            "threatType": "SOCIAL_ENGINEERING",
            "url": "https://testsafebrowsing.appspot.com/s/phishing.html"
        }
    ],
    "personaname": "Mr. Cringer Pants",
    "...snip...": 1
}

# run more scans
while true; do python steam_scanner.py && sleep 120s; done
> 2019-04-06 15:12:54.184112: Scanned 51 profiles with 5 links containing 0 threats.
> 2019-04-06 15:13:19.837920: Scanned 58 profiles with 1 links containing 0 threats.
> 2019-04-06 15:13:41.044895: Scanned 65 profiles with 3 links containing 0 threats.

# be mindful of steam's api limitations
# 1 scan = 1 api call  
# 1 api call = 100 profile scans max
# 100,000 api call limit per day

investigate

SELECT count(url) AS bad_links, threatType 
FROM links
WHERE is_threat=1
GROUP BY threatType;

+----------+--------------------+
| bad_links | threatType        |
+----------+--------------------+
|        1 | MALWARE            |
|        1 | SOCIAL_ENGINEERING |
|        2 | UNWANTED_SOFTWARE  |
+----------+--------------------+

visualize

graph mysql via grafana

scale

deploy on google app engine

# clone from source
git clone https://github.com/WTFender/steam_scanner.git && cd steam_scanner/gae/steam_scanner

# update secrets
nano secrets.yaml

# deploy on gae
gcloud projects create "project_name"
gcloud app deploy --project="project_name"

# enable scan job (100 profiles per minute)
gcloud app deploy cron.yaml --project="project_name"

# scan specific steamID
curl https://wtfender.com/api/scan/76561198130753269 | python -m json.tool

[
    {
        "personaname": "Mr. Cringer Pants",
        "profilestate": 1,
        "profileurl": "https://steamcommunity.com/id/cringerpants/",
        "...snip...": 1
    }
]
You can’t perform that action at this time.