From 8d87c37174e7cac9bddcdb51954ea0643bab6b1f Mon Sep 17 00:00:00 2001 From: jinxufang Date: Wed, 26 Dec 2018 22:28:17 +0800 Subject: [PATCH 1/6] add telegram output module --- outputs/telegram_output.py | 21 +++++++++++++++++++++ settings.json.sample | 8 ++++++++ 2 files changed, 29 insertions(+) create mode 100644 outputs/telegram_output.py diff --git a/outputs/telegram_output.py b/outputs/telegram_output.py new file mode 100644 index 0000000..bc54a64 --- /dev/null +++ b/outputs/telegram_output.py @@ -0,0 +1,21 @@ +from telegram.ext import Updater + +from common import parse_config + +config = parse_config() + + +class TelegramOutput(): + def __init__(self): + self.token = config['outputs']['telegram_output']['token'] + self.chat_id = config['outputs']['telegram_output']['chat_id'] + self.updater = Updater(token=self.token, + request_kwargs={"proxy_url": config['outputs']['telegram_output']['proxy_url']}) + + def store_paste(self, paste_data): + csv_line = '{0},{1},{2},{3},{4}'.format(paste_data['@timestamp'], + paste_data['pasteid'], + paste_data['YaraRule'], + paste_data['scrape_url'], + paste_data['pastesite']) + self.updater.bot.send_message(chat_id=self.chat_id, text=csv_line) diff --git a/settings.json.sample b/settings.json.sample index f006a2e..5b7c08c 100644 --- a/settings.json.sample +++ b/settings.json.sample @@ -55,6 +55,14 @@ } }, "outputs": { + "telegram_output": { + "enabled": true, + "token": "xxx", + "chat_id": "", + "proxy_url": "", + "module": "outputs.telegram_output", + "classname": "TelegramOutput" + }, "elastic_output": { "enabled": true, "module": "outputs.elastic_output", From 0afba2c69df38236c13b19a600c40c245d7cbd10 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 27 Dec 2018 12:37:54 +0000 Subject: [PATCH 2/6] the latest version of @data_leak --- outputs/telegram_output.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/outputs/telegram_output.py b/outputs/telegram_output.py index bc54a64..4a50270 100644 --- a/outputs/telegram_output.py +++ b/outputs/telegram_output.py @@ -1,7 +1,9 @@ from telegram.ext import Updater from common import parse_config +import logging +logger = logging.getLogger('pastehunter') config = parse_config() @@ -13,9 +15,11 @@ def __init__(self): request_kwargs={"proxy_url": config['outputs']['telegram_output']['proxy_url']}) def store_paste(self, paste_data): - csv_line = '{0},{1},{2},{3},{4}'.format(paste_data['@timestamp'], - paste_data['pasteid'], - paste_data['YaraRule'], - paste_data['scrape_url'], - paste_data['pastesite']) - self.updater.bot.send_message(chat_id=self.chat_id, text=csv_line) + if paste_data['pastesite']=='pastebin.com': + url = paste_data['full_url'] + else: + url = paste_data['scrape_url'] + send_data = "From {0}: Matched Rule: {1}, See : {2}".format(paste_data['pastesite'], str(paste_data['YaraRule']), url) + + self.updater.bot.send_message(chat_id=self.chat_id, text=send_data) + logger.debug("send a message %s"%send_data) From cb53cf5ca748ec3465d69a230f9c706d104beabc Mon Sep 17 00:00:00 2001 From: jinxufang Date: Sun, 29 Sep 2019 01:32:34 +0000 Subject: [PATCH 3/6] merge head --- requirements.txt | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 8ed65b5..97d15ab 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,15 @@ requests>=2.20.0 elasticsearch>=5.0.0,<6.0.0 splunk-sdk -yara-python \ No newline at end of file +yara-python +asn1crypto==0.24.0 +certifi==2018.11.29 +cffi==1.11.5 +chardet==3.0.4 +cryptography==2.4.2 +future==0.17.1 +idna==2.6 +pycparser==2.19 +python-telegram-bot==11.1.0 +six==1.12.0 +urllib3==1.22 From 45bc83a065debcb67fcbc2cfdd4bce9cd038c96f Mon Sep 17 00:00:00 2001 From: jinxufang Date: Wed, 26 Dec 2018 23:35:12 +0800 Subject: [PATCH 4/6] update readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 84d0e7d..bdc33c5 100644 --- a/README.md +++ b/README.md @@ -21,5 +21,6 @@ Pastehunter supports several output modules: - Dump to JSON file. - Dump to CSV file. - Send to syslog. + - Send to telegram channel. For examples of data discovered using pastehunter check out my posts https://techanarchy.net/blog/hunting-pastebin-with-pastehunter and https://techanarchy.net/blog/pastehunter-the-results From 644cd42350085577a389b03260ae2f361c792b67 Mon Sep 17 00:00:00 2001 From: jinxufang Date: Sat, 12 Oct 2019 06:04:52 +0000 Subject: [PATCH 5/6] update requirements.py --- requirements.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements.txt b/requirements.txt index 97d15ab..e7d52e8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,15 +1,15 @@ -requests>=2.20.0 -elasticsearch>=5.0.0,<6.0.0 -splunk-sdk -yara-python asn1crypto==0.24.0 certifi==2018.11.29 cffi==1.11.5 chardet==3.0.4 cryptography==2.4.2 +elasticsearch==5.5.3 future==0.17.1 idna==2.6 pycparser==2.19 python-telegram-bot==11.1.0 +requests==2.22.0 six==1.12.0 +splunk-sdk==1.6.9 urllib3==1.22 +yara-python==3.10.0 From 7cec668ef322d0fd848a6d58f3434a13c1a15da0 Mon Sep 17 00:00:00 2001 From: jinxufang Date: Sat, 12 Oct 2019 06:17:16 +0000 Subject: [PATCH 6/6] fix requiremensts.txt --- requirements.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements.txt b/requirements.txt index e7d52e8..3d57308 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,15 +1,15 @@ +requests>=2.20.0 asn1crypto==0.24.0 certifi==2018.11.29 cffi==1.11.5 chardet==3.0.4 cryptography==2.4.2 -elasticsearch==5.5.3 +elasticsearch>=5.0.0,<6.0.0 future==0.17.1 idna==2.6 pycparser==2.19 python-telegram-bot==11.1.0 -requests==2.22.0 six==1.12.0 -splunk-sdk==1.6.9 +splunk-sdk urllib3==1.22 -yara-python==3.10.0 +yara-python