-
Notifications
You must be signed in to change notification settings - Fork 66
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
12 changed files
with
349 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| # -*- coding: utf-8 -*- | ||
| from .regexanalyzer import RegexAnalyzer | ||
|
|
||
|
|
||
| class AWSSecretKeyAnalyzer(RegexAnalyzer): | ||
| """ | ||
| Analyzer to match AWS Secret Key via regex | ||
| Keys are 40 character alphanumeric with a few symbols /+= | ||
| """ | ||
| name = "AWSSecretKeyAnalyzer" | ||
|
|
||
| def __init__(self, actions): | ||
| regex = r"\b[A-Za-z0-9/+=]{40}\b" | ||
| super().__init__(actions, regex) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| from .regexanalyzer import RegexAnalyzer | ||
|
|
||
|
|
||
| class MailChimpApiKeyAnalyzer(RegexAnalyzer): | ||
|
|
||
| def __init__(self, actions): | ||
| regex = r"[0-9a-f]{32}-us[0-9]{12}" | ||
| super().__init__(actions, regex) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # -*- coding: utf-8 -*- | ||
| from .regexanalyzer import RegexAnalyzer | ||
|
|
||
|
|
||
| class MegaLinkAnalyzer(RegexAnalyzer): | ||
| """ | ||
| Analyzer to match mega links via regex | ||
| """ | ||
| name = "MegaLinkAnalyzer" | ||
|
|
||
| def __init__(self, actions): | ||
| regex = r"\b(https?:\/\/)?mega\.nz\/#F![\w-]{8}(![\w-]{22}(![\w-]{8})?)?\b" | ||
| super().__init__(actions, regex) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # -*- coding: utf-8 -*- | ||
| from .regexanalyzer import RegexAnalyzer | ||
|
|
||
|
|
||
| class SlackTokenAnalyzer(RegexAnalyzer): | ||
| """ | ||
| Analyzer to match the content of a paste via regular expressions that look like slack tokens | ||
| """ | ||
| name = "SlackTokenAnalyzer" | ||
|
|
||
| def __init__(self, actions): | ||
| """ | ||
| Analyzer which matches a slack token | ||
| :param actions: A single action or a list of actions to be executed on every paste | ||
| """ | ||
| regex = r'(xox[pboa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})' | ||
| super().__init__(actions, regex) | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| from .regexanalyzer import RegexAnalyzer | ||
|
|
||
|
|
||
| class StripeApiKeyAnalyzer(RegexAnalyzer): | ||
|
|
||
| def __init__(self, actions): | ||
| regex = r'(?:r|s)k_(live|test)_[0-9a-zA-Z]{24}' | ||
| super().__init__(actions, regex) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| # -*- coding: utf-8 -*- | ||
| import unittest | ||
| from unittest import mock | ||
|
|
||
| from pastepwn.analyzers.awssecretkeyanalyzer import AWSSecretKeyAnalyzer | ||
|
|
||
|
|
||
| class TestAWSSecretKeyAnalyzer(unittest.TestCase): | ||
| def setUp(self): | ||
| self.analyzer = AWSSecretKeyAnalyzer(None) | ||
| self.paste = mock.Mock() | ||
|
|
||
| def test_match_positive(self): | ||
| """Test if positives are recognized""" | ||
| # obtained by pastebin search | ||
| self.paste.body = "HrNMIhjZDnvkH5YGJpwjq0Flmj8H+dvURedLRjsO" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # obtained by pastebin search | ||
| self.paste.body = "ZGBMmoyRxdhMObx0EuANS9FiS2kG5FwDVLH2XY7y" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # obtained by pastebin search | ||
| self.paste.body = "kYKQ24NoNtmga55G7OVeY/kPAZ7xONl6FfmuXArc" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # obtained by pastebin search | ||
| self.paste.body = "9cf95dacd226dcf43da376cdb6cbba7035218921" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| self.paste.body = "my super cool hash is 9cf95dacd226dcf43da376cdb6cbba7035218921 and here's some more text" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| self.paste.body = "AWS Secret Access Key [None]: HrNMIhjZDnvkH5YGJpwjq0Flmj8H+dvURedLRjsO" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # Newline-separated valid hashes | ||
| self.paste.body = "ZGBMmoyRxdhMObx0EuANS9FiS2kG5FwDVLH2XY7y\nHrNMIhjZDnvkH5YGJpwjq0Flmj8H+dvURedLRjsO" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| def test_match_negative(self): | ||
| """Test if negatives are not recognized""" | ||
| self.paste.body = "" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| self.paste.body = None | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| # Invalid character '-' | ||
| self.paste.body = "9cf95dacd226dcf43da376cdb6cbb-7035218921" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| # MD5 Hash | ||
| self.paste.body = "9e107d9d372bb6826bd81d3542a419d6" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| # Invalid length | ||
| self.paste.body = "ZGBMmoyRxdhMObx0EuANS9FiS2kG5FwDVLH2XY7y1" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
| self.paste.body = "ZGBMmoyRxdhMObx0EuANS9FiS2kG5FwDVLH2XY7" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
|
|
||
| if __name__ == '__main__': | ||
| unittest.main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| import unittest | ||
| from unittest import mock | ||
|
|
||
| from pastepwn.analyzers.mailchimpapikeyanalyzer import MailChimpApiKeyAnalyzer | ||
|
|
||
|
|
||
| class TestMailChimpApiKeyAnalyzer(unittest.TestCase): | ||
|
|
||
| def setUp(self): | ||
| self.analyzer = MailChimpApiKeyAnalyzer(None) | ||
| self.paste = mock.Mock() | ||
|
|
||
| def test_match_positive(self): | ||
| """Test if positives are recognized""" | ||
| self.paste.body = "87b6ac876aca87c687a6c87a6ca876c8-us000000000000" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
| self.paste.body = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-us000000000000" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
| self.paste.body = "12312312312312312312312312312312-us000000000000" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
| self.paste.body = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-us345646456456" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| def test_match_negative(self): | ||
| """Test if negatives are not recognized""" | ||
| self.paste.body = "" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
| self.paste.body = None | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
| self.paste.body = "asdasdasdasdasdasdasdasdasdasdas-us000000000000" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
| self.paste.body = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-it000000000000" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
| self.paste.body = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-usasdasdasdasd" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
|
|
||
| if __name__ == '__main__': | ||
| unittest.main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| # -*- coding: utf-8 -*- | ||
| import unittest | ||
| from unittest import mock | ||
|
|
||
| from pastepwn.analyzers.megalinkanalyzer import MegaLinkAnalyzer | ||
|
|
||
|
|
||
| class TestMegaLinkAnalyzer(unittest.TestCase): | ||
| def setUp(self): | ||
| self.analyzer = MegaLinkAnalyzer(None) | ||
| self.paste = mock.Mock() | ||
|
|
||
| def test_match_positive(self): | ||
| """Test if positives are recognized""" | ||
| # working mega link (short version) | ||
| self.paste.body = "https://mega.nz/#F!XTQVEAZZ" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # working mega link (medium version) | ||
| self.paste.body = "https://mega.nz/#F!XTQVEAZZ!eqxlOvTxJKnvAkYvjC0O8g" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # working mega link (long version) | ||
| self.paste.body = "https://mega.nz/#F!PB8SSawR!SUokSlF2Zy8CR004DNFfNw!LQtniCoa" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # without https header | ||
| self.paste.body = "mega.nz/#F!XTQVEAZZ!eqxlOvTxJKnvAkYvjC0O8g" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # http header | ||
| self.paste.body = "http://mega.nz/#F!XTQVEAZZ!eqxlOvTxJKnvAkYvjC0O8g" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # in a sentence | ||
| self.paste.body = "check out this file:https://mega.nz/#F!PB8SSawR!SUokSlF2Zy8CR004DNFfNw!LQtniCoa" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| def test_match_negative(self): | ||
| """Test if negatives are not recognized""" | ||
| self.paste.body = "" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| self.paste.body = None | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| # Invalid segment length | ||
| self.paste.body = "https://mega.nz/#F!XTQVEAZZ1!eqxlOvTxJKnvAkYvjC0O8g" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
|
|
||
| if __name__ == '__main__': | ||
| unittest.main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| # -*- coding: utf-8 -*- | ||
| import unittest | ||
| from unittest import mock | ||
|
|
||
| from pastepwn.analyzers.slacktokenanalyzer import SlackTokenAnalyzer | ||
|
|
||
|
|
||
| class TestSlackTokenAnalyzer(unittest.TestCase): | ||
| def setUp(self): | ||
| self.analyzer = SlackTokenAnalyzer(None) | ||
| self.paste = mock.Mock() | ||
|
|
||
| def test_match_positive(self): | ||
| """Test if positives are recognized""" | ||
| # slack key dump | ||
| self.paste.body = "xoxb-999999999999-999999999999-999999999999-9999999999999999999999999999999a" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # slack key dump | ||
| self.paste.body = "xoxb-999999999999-999999999999-999999999999-99999999999999999999999999999999" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # slack key dump | ||
| self.paste.body = "xoxp-999999999999-999999999999-999999999999-99999999999999999999999999999999" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # slack key dump | ||
| self.paste.body = "xoxa-999999999999-999999999999-999999999999-99999999999999999999999999999999" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # sentance segment slack key | ||
| self.paste.body = "my token is: xoxo-999999999999-999999999999-999999999999-99999999999999abc999999999999999" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| def test_match_negative(self): | ||
| """Test if negatives are not recognized""" | ||
| self.paste.body = "" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| self.paste.body = 'my bike isn\'t a number' | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| # Invalid length | ||
| self.paste.body = "xoxa-999999999999-999999999999-99999999999-99999999999999999999999999999999" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| # Upper-case | ||
| self.paste.body = "my token is: xoxo-999999999999-999999999999-999999999999-99999999999999Abc999999999999999" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
| # too short and Upper-case | ||
| self.paste.body = "my token is: xoxo-999999999999-999999999999-99999999999-99999999999999Abc999999999999999" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
|
|
||
| if __name__ == '__main__': | ||
| unittest.main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| # -*- coding: utf-8 -*- | ||
| import unittest | ||
| from unittest import mock | ||
|
|
||
| from pastepwn.analyzers.stripeapikeyanalyzer import StripeApiKeyAnalyzer | ||
|
|
||
|
|
||
| class TestStripeApiKeyAnalyzer(unittest.TestCase): | ||
|
|
||
| def setUp(self): | ||
| self.analyzer = StripeApiKeyAnalyzer(None) | ||
| self.paste = mock.Mock() | ||
|
|
||
| def test_match_positive(self): | ||
| """Test if positives are recognized""" | ||
| # steam key dump | ||
| self.paste.body = "sk_test_4fsrdffsdf345345dfgfg34i" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # steam key dump | ||
| self.paste.body = "rk_test_4fsrdffsdf345345dfgfg34i" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # steam key dump | ||
| self.paste.body = "sk_live_4fsrdffsdf345345dfgfg34i" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # steam key dump | ||
| self.paste.body = "rk_live_4fsrdffsdf345345dfgfg34i" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| # steam key dump | ||
| self.paste.body = "sk_test_YUTGF76uyh876Tyg87T786Tu" | ||
| self.assertTrue(self.analyzer.match(self.paste)) | ||
|
|
||
| def test_match_negative(self): | ||
| """Test if negatives are not recognized""" | ||
| self.paste.body = "" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| self.paste.body = None | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| # Invalid length | ||
| self.paste.body = "sk_test_YUTGF76uyh876" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| # Invalid first letter | ||
| self.paste.body = "pk_test_YUTGF76uyh876Tyg87T786Tu" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
| # Invalid state | ||
| self.paste.body = "sk_staging_YUTGF76uyh876Tyg87T786Tu" | ||
| self.assertFalse(self.analyzer.match(self.paste)) | ||
|
|
||
|
|
||
| if __name__ == '__main__': | ||
| unittest.main() |
Oops, something went wrong.