Merge pull request #1 from khast3x/dev

Added Features, Updated doc

README.md

@@ -19,7 +19,18 @@
 *  :fire: Get target domain name open ports
 * :rainbow: Delicious colors
 
+#### Demos
 
+######  :unlock: Out of the box
+
+![1](/doc/h8mail1.gif)
+
+###### :rocket: With API services
+
+![2](/doc/h8mail1.gif)
+
+###### :minidisc: With the BreachedCompilation torrent
+![3](/doc/h8mail3.gif)
 
 ####  APIs
 
@@ -62,7 +73,7 @@ docker run -ti h8mail -h
 ```bash
 > python h8mail.py --help
 usage: h8mail.py [-h] -t TARGET_EMAILS [-c CONFIG_FILE] [-o OUTPUT_FILE]
-                 [-bc BC_PATH] [-v]
+                 [-bc BC_PATH] [-v] [-l] [-k CLI_APIKEYS]
 
 Email information and password finding tool
 
@@ -76,14 +87,16 @@ optional arguments:
   -o OUTPUT_FILE, --output OUTPUT_FILE
                         File to write output
   -bc BC_PATH, --breachcomp BC_PATH
-                        Path to the Breach Compilation Torrent.
+                        Path to the breachcompilation Torrent.
                         https://ghostbin.com/paste/2cbdn
   -v, --verbose         Show debug information
-
+  -l, --local           Run local actions only
+  -k CLI_APIKEYS, --apikey CLI_APIKEYS
+                        Pass config options. Format is "K:V,K:V"
 
 ```
 
-## :tangerine: Examples
+## :tangerine: Usage examples
 
 ###### Query for a single target
 
@@ -96,14 +109,16 @@ python h8mail.py -t target@example.com
 python h8mail.py -t targets.txt -c config.ini -o pwned_targets.csv
 ```
 
-###### Query a list of targets against local copy of the Breach Compilation
+###### Query a list of targets against local copy of the Breach Compilation, pass API keys for [Snusbase](https://snusbase.com/) from the command line
 ```bash
-python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/
+python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ -k "snusbase_url:$snusbase_url,snusbase_token:$snusbase_token"
 ```
 
-## :camera: Screenshot
+###### Query without making API calls against local copy of the Breach Compilation
+```bash
+python h8mail.py -t targets.txt -bc ../Downloads/BreachCompilation/ --local
+```
 
-![sc](https://i.imgur.com/i5o0RPP.png)
 
 
 ## :tangerine: Notes

classes.py

@@ -21,12 +21,9 @@ def __init__(self, email):
 		self.rev_ports = []
 		self.related_emails = []
 		self.hunterio_mails = []
-		self.services = {"hibp": [], "weleakinfo": []}  # todo snusbase services + print
-		try:
-			self.ip = socket.gethostbyname(self.hostname)
-		except Exception as ex:
-			ui.debug("Could not fetch host IP address", self.hostname, ex)
-			self.ip = ""
+		self.services = {"hibp": [], "weleakinfo": [], "snusbase": []}
+		self.ip = ""
+
 
 	def make_request(self, url, cf=False, meth="GET", timeout=30, redirs=True, data=None, params=None):
 		if cf is False:
@@ -50,6 +47,10 @@ def make_request(self, url, cf=False, meth="GET", timeout=30, redirs=True, data=
 		return response
 
 	def get_shodan(self, api_key):
+		try:
+			self.ip = socket.gethostbyname(self.hostname)
+		except Exception as ex:
+			ui.debug("Could not fetch host IP address", self.hostname, ex)
 
 		if len(api_key) == 0:
 			ui.debug(self.email, "Setting default Shodan API KEY")
@@ -144,6 +145,10 @@ def get_snusbase(self, api_url, api_key):
 				if result["hash"]:
 					ui.debug(self.email, ": hash found")
 					self.snusbase_hash_salt.update({result["hash"]: result["salt"]})
+				if result["tablenr"]:
+					if result["tablenr"] not in self.services["snusbase"]:
+						self.services["snusbase"].append(result["tablenr"])
+
 
 		except Exception as ex:
 			ui.warning(ui.yellow, "Snusbase error:", self.email, ex)

h8mail.py

@@ -45,11 +45,20 @@ def get_emails_from_file(targets_file):
 		ui.fatal("Problems occurred while trying to get emails from file", ex)
 
 
-def get_config_from_file(config_file):
+def get_config_from_file(user_args):
 	try:
+		config_file = user_args.config_file
 		config = configparser.ConfigParser()
 		config.read(config_file)
 		ui.debug(ui.check, "Correctly read config file")
+
+		if user_args.cli_apikeys:
+			user_cli_keys = user_args.cli_apikeys.split(",")
+			for user_key in user_cli_keys:
+				if user_key:
+					config.set("DEFAULT", user_key.split(":", maxsplit=1)[0], user_key.split(":", maxsplit=1)[1])
+					ui.debug("Added", user_key.split(":", maxsplit=1)[0], config.get('DEFAULT', option=user_key.split(":")[0]))
+
 		return config
 	except Exception as ex:
 		ui.fatal("Problems occurred while trying to get configuration file", ex)
@@ -59,11 +68,11 @@ def save_results_csv(dest_csv, target_obj_list):
 	with open(dest_csv, 'w', newline='') as csvfile:
 		writer = csv.writer(csvfile)
 
-		writer.writerow(["email", "breached", "num services", "services", "ip", "ports", "rev_dns", "related_emails", "snusbase_passwords", "snusbase_hash/salt", "breachcompilation_passwords"])
+		writer.writerow(["email", "breached", "num services", "hibp_services", "weleakinfo_services","snusbase_services", "ip", "ports", "rev_dns", "related_emails", "snusbase_passwords", "snusbase_hash/salt", "breachcompilation_passwords"])
 		print("* Writing to CSV\n")
 		for target in target_obj_list:
 			try:
-				writer.writerow([target.email, target.pwnd, len(target.services["hibp"]), target.services["hibp"], target.ip, target.rev_ports, target.rev_dns, target.related_emails, target.snusbase_passw, target.snusbase_hash_salt, target.breachcomp_passw])
+				writer.writerow([target.email, target.pwnd, len(target.services["hibp"]), target.services["hibp"], target.services["weleakinfo"],target.services["snusbase"],target.ip, target.rev_ports, target.rev_dns, target.related_emails, target.snusbase_passw, target.snusbase_hash_salt, target.breachcomp_passw])
 			except Exception as ex:
 				ui.warning("Error writing to csv", ex)
 
@@ -77,11 +86,15 @@ def print_results(target_objs):
 			ui.info("Breaches found", ui.darkred, "HIBP:", ui.teal, len(target.services["hibp"]))
 			if target.services["weleakinfo"]:
 				ui.info("Breaches found", ui.darkred, "WeLeakInfo:", ui.teal, len(target.services["weleakinfo"]))
+			if target.services["snusbase"]:
+				ui.info("Breaches found", ui.darkred, "Snusbase:", ui.teal, len(target.services["weleakinfo"]))
 			if target.breachcomp_passw:
 				ui.info("Breaches found", ui.darkred, "breachcompilation:", ui.teal, len(target.breachcomp_passw))
 
-			#  todo add Snusbase count of services
-			ui.debug("Breaches/Dumps:", ui.lightgray, target.services["hibp"])
+			ui.debug("Breaches/Dumps HIBP:", ui.lightgray, target.services["hibp"])
+			ui.debug("Breaches/Dumps WeLeakInfo:", ui.lightgray, target.services["weleakinfo"])
+			ui.debug("Breaches/Dumps Snusbase:", ui.lightgray, target.services["snusbase"])
+
 		else:
 			ui.info_2("not breached", ui.cross)
 
@@ -170,7 +183,7 @@ def breachcomp_check(targets, breachcomp_path):
 
 def main(user_args):
 	targets = []
-	api_keys = get_config_from_file(user_args.config_file)
+	api_keys = get_config_from_file(user_args)
 	ui.info_section("\n", ui.darkteal, "Targets")
 	user_stdin_target = fetch_emails(args.target_emails)
 
@@ -183,7 +196,10 @@ def main(user_args):
 		ui.warning("No targets found")
 
 # Launch
-	breached_targets = target_factory(targets, api_keys)
+	if not user_args.run_local:
+		breached_targets = target_factory(targets, api_keys)
+	elif user_args.run_local:
+		breached_targets = [Target(t) for t in targets]
 	if user_args.bc_path:
 		breached_targets = breachcomp_check(breached_targets, user_args.bc_path)
 	print_results(breached_targets)
@@ -204,6 +220,9 @@ def main(user_args):
 
 	parser.add_argument("-v", "--verbose", dest="verbosity", help="Show debug information", action="store_true",
 						default=False)
+	parser.add_argument("-l", "--local", dest="run_local", help="Run local actions only", action="store_true", default=False)
+	parser.add_argument("-k", "--apikey", dest="cli_apikeys", help="Pass config options. Format is \"K:V,K:V\"")
+
 
 	args = parser.parse_args()
 	ui.setup(verbose=args.verbosity)  # Show debug messages if -v True