integrating dehashed

khast3x · Jan 3, 2020 · 8c3673e · 8c3673e
1 parent d9038a7
commit 8c3673e
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 10 deletions.
diff --git a/h8mail/utils/classes.py b/h8mail/utils/classes.py
@@ -66,7 +66,7 @@ def not_exists(self, pattern):
         return True
 
     def make_request(
-        self, url, meth="GET", timeout=20, redirs=True, data=None, params=None, verify=True
+        self, url, meth="GET", timeout=20, redirs=True, data=None, params=None, verify=True, auth=None
     ):
         try:
             response = requests.request(
@@ -78,6 +78,7 @@ def make_request(
                 data=data,
                 params=params,
                 verify=verify,
+                auth=auth,
             )
             # response = requests.request(url="http://127.0.0.1:8000", headers=self.headers, method=meth, timeout=timeout, allow_redirects=redirs, data=data, params=params)
             if self.debug:
@@ -653,11 +654,32 @@ def get_weleakinfo_pub(self, api_key):
                 "WeLeakInfo error with {target} (public)".format(target=self.target)
             )
             print(ex)
-    def get_dehashed(self, api_keys):
+    def get_dehashed(self, api_email, api_key, user_query):
         try:
-            url = "https://dehashed.com/search"
+            if user_query == "hash":
+                user_query == "hashed_password"
+            if user_query == "ip":
+                user_query == "ip_address"
+            url = "https://dehashed.com/search?query="
+            search_query = user_query + ":" + "\"" + self.target + "\""
             self.headers.update({'Accept': 'application/json'})
-            print("toto")
+            req = self.make_request(url + search_query, meth="GET", timeout=30, auth=(api_email, api_key))
+            if req.status_code == 200:
+                response = req.json()
+                for result in response["entries"]:
+                    # Maybe instead first check len of content - does it break if None?
+                    if "username" in result and result["username"] is not None:
+                        self.data.append(("DEHASHED_USERNAME", result["username"]))
+                    if "email" in result and self.not_exists(result["email"]) and result["email"] is not None:
+                        self.data.append(("DEHASHED_RELATED", result["email"].strip()))
+                    if "password" in result and result["password"] is not None:
+                        self.data.append(("DEHASHED_PASSWORD", result["password"]))
+                        self.pwned += 1
+                    if "hashed_password" in result and result["hashed_password"] is not None:
+                        self.data.append(("DEHASHED_HASH", result["hashed_password"]))
+                        self.pwned += 1
+                    if "obtained_from" in result and self.not_exists(result["obtained_from"]):
+                        self.data.append(("DEHASHED_SOURCE", result["obtained_from"]))
             self.headers.popitem()
         except Exception as ex:
             c.bad_news(

diff --git a/h8mail/utils/gen_config.py b/h8mail/utils/gen_config.py
@@ -18,7 +18,8 @@ def gen_config_file():
 ;leak-lookup_pub = 1bf94ff907f68d511de9a610a6ff9263
 ;leak-lookup_priv = 
 ;emailrep = 
-;dehashed = 
+;dehashed_email = 
+;dehashed_key =
 """
         dest_config.write(config)
         c.good_news(

diff --git a/h8mail/utils/helpers.py b/h8mail/utils/helpers.py
@@ -51,20 +51,20 @@ def print_banner(b_type="intro"):
 	"""
         # print(c.bold, c.fg.pink, banner, c.reset)
         banner_tab = banner.splitlines()
-        code = 32
+        code = 33
         keep = True
         for b in banner_tab:
             clr = "\u001b[38;5;" + str(code) + "m "
             print(c.bold + clr + b + c.reset)
             if keep:
-                code += 35
+                code += 36
                 keep = False
             else:
                 keep = True
     elif "warn" in b_type:
         print(
             c.fg.pink,
-            "\th8mail is free & open-source. Please report scammers.\n\n",
+            "\t  Check out the new wiki!\n\t  http://bit.ly/37xaQVh\n\n",
             c.reset,
         )
     elif "version" in b_type:

diff --git a/h8mail/utils/print_results.py b/h8mail/utils/print_results.py
@@ -51,4 +51,6 @@ def print_results(results, hide=False):
                     c.print_result(t.target, t.data[i][1], t.data[i][0])
                 if "SCYLLA" in t.data[i][0]:
                     c.print_result(t.target, t.data[i][1], t.data[i][0])
+                if "DEHASHED" in t.data[i][0]:
+                    c.print_result(t.target, t.data[i][1], t.data[i][0])
 
diff --git a/h8mail/utils/run.py b/h8mail/utils/run.py
@@ -90,8 +90,11 @@ def target_factory(targets, user_args):
                 current_target.get_weleakinfo_pub(api_keys["weleakinfo_pub"])
             if "weleakinfo_priv" in api_keys:
                 current_target.get_weleakinfo_priv(api_keys["weleakinfo_priv"], query)
-            if "dehashed" in api_keys:
-                current_target.get_weleakinfo_priv(api_keys["weleakinfo_priv"], query)
+            if "dehashed_key" in api_keys:
+                if "dehashed_email" in api_keys:
+                    current_target.get_dehashed(api_keys["dehashed_email"], api_keys["dehashed_key"], query)
+                else:
+                    c.bad_news("Missing Dehashed email")
             # Chasing
             if user_args.chase_limit and counter < init_targets_len:
                 user_args_force_email = user_args