changedetection.io-osint-processor 0.0.1__py3-none-any.whl

changedetectionio_osint/steps/traceroute.py

@@ -0,0 +1,127 @@
+"""
+Traceroute Step
+Performs traceroute and displays last N hops to target
+"""
+
+import asyncio
+# SOCKS5 proxy support: Traceroute uses ICMP/UDP, incompatible with SOCKS5
+supports_socks5 = False
+import socket
+import struct
+from loguru import logger
+
+# Configuration: Number of last hops to display
+TRACEROUTE_LAST_HOPS = 3
+
+# Maximum TTL to try
+MAX_TTL = 30
+
+
+async def scan_traceroute(ip_address, dns_resolver, last_n_hops=TRACEROUTE_LAST_HOPS, watch_uuid=None, update_signal=None):
+    """
+    Perform traceroute and return last N hops
+
+    Args:
+        ip_address: Target IP address
+        dns_resolver: DNS resolver for reverse lookups
+        last_n_hops: Number of last hops to return (default: 3)
+        watch_uuid: Optional watch UUID for status updates
+        update_signal: Optional blinker signal for status updates
+
+    Returns:
+        list: List of last N hops with hop number, IP, and hostname
+    """
+    if update_signal and watch_uuid:
+        update_signal.send(watch_uuid=watch_uuid, status="Trace")
+
+    def run_traceroute():
+        """Perform traceroute using ICMP (requires raw sockets) or UDP fallback"""
+        import subprocess
+        import re
+
+        try:
+            # Use system traceroute command (works without root for UDP)
+            # -n: no DNS resolution (we'll do it ourselves)
+            # -m: max hops
+            # -w: timeout per hop
+            # -q: queries per hop
+            result = subprocess.run(
+                ['traceroute', '-n', '-m', str(MAX_TTL), '-w', '1', '-q', '1', ip_address],
+                capture_output=True,
+                text=True,
+                timeout=15
+            )
+
+            if result.returncode != 0:
+                logger.warning(f"Traceroute command failed: {result.stderr}")
+                return []
+
+            # Parse traceroute output
+            hops = []
+            lines = result.stdout.strip().split('\n')
+
+            for line in lines[1:]:  # Skip header line
+                # Parse line like: " 1  192.168.1.1  1.234 ms"
+                match = re.search(r'^\s*(\d+)\s+([\d\.]+|[\da-f:]+)\s+', line)
+                if match:
+                    hop_num = int(match.group(1))
+                    hop_ip = match.group(2)
+
+                    # Skip if it's a timeout (* * *)
+                    if '*' in line and hop_ip not in line:
+                        continue
+
+                    # Reverse DNS lookup for this hop
+                    try:
+                        import dns.reversename
+                        rev_name = dns.reversename.from_address(hop_ip)
+                        answers = dns_resolver.resolve(rev_name, 'PTR')
+                        hostname = str(answers[0])
+                    except:
+                        hostname = ""
+
+                    hops.append({
+                        'hop': hop_num,
+                        'ip': hop_ip,
+                        'hostname': hostname
+                    })
+
+            # Return only last N hops
+            if hops:
+                return hops[-last_n_hops:]
+            return []
+
+        except subprocess.TimeoutExpired:
+            logger.warning("Traceroute timed out")
+            return []
+        except FileNotFoundError:
+            logger.warning("traceroute command not found, skipping traceroute")
+            return []
+        except Exception as e:
+            logger.error(f"Traceroute failed: {e}")
+            return []
+
+    try:
+        return await asyncio.to_thread(run_traceroute)
+    except Exception as e:
+        logger.error(f"Traceroute scan failed: {e}")
+        return []
+
+
+def format_traceroute_results(hops):
+    """Format traceroute results for output"""
+    lines = []
+    lines.append(f"=== Traceroute (Last {TRACEROUTE_LAST_HOPS} Hops) ===")
+
+    if hops:
+        for hop in hops:
+            if hop['hostname']:
+                lines.append(f"  {hop['hop']:2d}. {hop['ip']:15s} ({hop['hostname']})")
+            else:
+                lines.append(f"  {hop['hop']:2d}. {hop['ip']:15s}")
+    else:
+        lines.append("Traceroute data not available")
+        lines.append("(requires traceroute command or may be blocked by firewall)")
+
+    lines.append("")
+    return '\n'.join(lines)

changedetectionio_osint/steps/whois_lookup.py

@@ -0,0 +1,125 @@
+"""
+WHOIS Lookup Step
+Performs WHOIS queries using python-whois library
+"""
+
+import asyncio
+# SOCKS5 proxy support: python-whois library doesn't support SOCKS5 (TODO: implement raw WHOIS over SOCKS5)
+supports_socks5 = False
+from datetime import datetime, timezone
+from loguru import logger
+
+
+async def scan_whois(hostname, watch_uuid=None, update_signal=None):
+    """
+    Perform WHOIS lookup on hostname
+
+    Args:
+        hostname: Target hostname
+        watch_uuid: Optional watch UUID for status updates
+        update_signal: Optional blinker signal for status updates
+
+    Returns:
+        whois.WhoisEntry or None: WHOIS data
+    """
+    if update_signal and watch_uuid:
+        update_signal.send(watch_uuid=watch_uuid, status="WHOIS")
+
+    try:
+        import whois
+        return await asyncio.to_thread(whois.whois, hostname)
+    except Exception as e:
+        logger.error(f"WHOIS lookup failed: {e}")
+        return None
+
+
+def format_whois_results(whois_data, expire_warning_days=3):
+    """Format WHOIS results for output
+
+    Args:
+        whois_data: WHOIS data object
+        expire_warning_days: Number of days before expiration to show warning (default: 3)
+    """
+    lines = []
+    lines.append("=== WHOIS Information ===")
+
+    if whois_data:
+        field_map = {
+            'domain_name': 'Domain Name',
+            'registrar': 'Registrar',
+            'whois_server': 'WHOIS Server',
+            'creation_date': 'Creation Date',
+            'expiration_date': 'Expiration Date',
+            'updated_date': 'Updated Date',
+            'name_servers': 'Name Servers',
+            'status': 'Status',
+            'dnssec': 'DNSSEC',
+            'org': 'Organization',
+            'country': 'Country',
+        }
+
+        expiration_date = None
+        for key, label in field_map.items():
+            value = getattr(whois_data, key, None)
+            if value:
+                if isinstance(value, list):
+                    # Take first item for dates, show all for name servers
+                    if key in ['creation_date', 'expiration_date', 'updated_date']:
+                        value = value[0] if value else None
+                        if value:
+                            lines.append(f"{label}: {value}")
+                            # Track expiration date for countdown calculation
+                            if key == 'expiration_date':
+                                expiration_date = value
+                    else:
+                        lines.append(f"{label}:")
+                        for item in value[:10]:  # Limit to 10 items
+                            lines.append(f"  - {item}")
+                else:
+                    lines.append(f"{label}: {value}")
+                    # Track expiration date for countdown calculation
+                    if key == 'expiration_date':
+                        expiration_date = value
+
+        # Add expiration countdown if within configured warning days
+        if expiration_date and expire_warning_days > 0:
+            try:
+                # Ensure expiration_date is a datetime object
+                if not isinstance(expiration_date, datetime):
+                    date_str = str(expiration_date)
+                    # Try multiple parsing strategies
+                    try:
+                        # Try ISO format with Z replacement
+                        expiration_date = datetime.fromisoformat(date_str.replace('Z', '+00:00'))
+                    except (ValueError, AttributeError):
+                        # Try parsing without timezone
+                        from dateutil import parser
+                        expiration_date = parser.parse(date_str)
+
+                # Make timezone-aware if needed
+                if expiration_date.tzinfo is None:
+                    expiration_date = expiration_date.replace(tzinfo=timezone.utc)
+                # Convert to UTC if it's in a different timezone
+                elif expiration_date.tzinfo != timezone.utc:
+                    expiration_date = expiration_date.astimezone(timezone.utc)
+
+                now = datetime.now(timezone.utc)
+                days_to_expire = (expiration_date - now).days
+
+                if days_to_expire <= expire_warning_days and days_to_expire >= 0:
+                    if days_to_expire == 0:
+                        lines.append("⚠️  WARNING: Domain expires TODAY!")
+                    elif days_to_expire == 1:
+                        lines.append("⚠️  WARNING: Domain expires in 1 day")
+                    else:
+                        lines.append(f"⚠️  WARNING: Domain expires in {days_to_expire} days")
+                elif days_to_expire < 0:
+                    lines.append("⚠️  WARNING: Domain has EXPIRED!")
+            except Exception as e:
+                logger.error(f"Could not parse expiration date for countdown: {e}")
+                lines.append(f"⚠️  ERROR: Could not parse expiration date format: {e}")
+    else:
+        lines.append("No WHOIS data available")
+
+    lines.append("")
+    return '\n'.join(lines)

changedetectionio_osint/steps/whois_scan.py

@@ -0,0 +1,123 @@
+"""
+WHOIS Lookup Step
+"""
+
+import asyncio
+from datetime import datetime, timezone
+from loguru import logger
+from .base import ScanStep
+from .registry import register_step
+
+
+@register_step
+class WHOISScanStep(ScanStep):
+    """WHOIS domain registration information"""
+
+    name = "WHOIS Information"
+    order = 20
+
+    async def scan(self, context: dict):
+        """Perform WHOIS lookup"""
+        hostname = context['hostname']
+        watch_uuid = context.get('watch_uuid')
+        update_signal = context.get('update_signal')
+
+        if update_signal and watch_uuid:
+            update_signal.send(watch_uuid=watch_uuid, status="WHOIS")
+
+        try:
+            import whois
+            return await asyncio.to_thread(whois.whois, hostname)
+        except Exception as e:
+            logger.error(f"WHOIS lookup failed: {e}")
+            return None
+
+    def format_results(self, whois_data, expire_warning_days=3):
+        """Format WHOIS results
+
+        Args:
+            whois_data: WHOIS data object
+            expire_warning_days: Number of days before expiration to show warning (default: 3)
+        """
+        lines = []
+        lines.append("=== WHOIS Information ===")
+
+        if whois_data and not isinstance(whois_data, Exception):
+            field_map = {
+                'domain_name': 'Domain Name',
+                'registrar': 'Registrar',
+                'whois_server': 'WHOIS Server',
+                'creation_date': 'Creation Date',
+                'expiration_date': 'Expiration Date',
+                'updated_date': 'Updated Date',
+                'name_servers': 'Name Servers',
+                'status': 'Status',
+                'dnssec': 'DNSSEC',
+                'org': 'Organization',
+                'country': 'Country',
+            }
+
+            expiration_date = None
+            for key, label in field_map.items():
+                value = getattr(whois_data, key, None)
+                if value:
+                    if isinstance(value, list):
+                        if key in ['creation_date', 'expiration_date', 'updated_date']:
+                            value = value[0] if value else None
+                            if value:
+                                lines.append(f"{label}: {value}")
+                                # Track expiration date for countdown calculation
+                                if key == 'expiration_date':
+                                    expiration_date = value
+                        else:
+                            lines.append(f"{label}:")
+                            for item in value[:10]:
+                                lines.append(f"  - {item}")
+                    else:
+                        lines.append(f"{label}: {value}")
+                        # Track expiration date for countdown calculation
+                        if key == 'expiration_date':
+                            expiration_date = value
+
+            # Add expiration countdown if within configured warning days
+            if expiration_date and expire_warning_days > 0:
+                try:
+                    # Ensure expiration_date is a datetime object
+                    if not isinstance(expiration_date, datetime):
+                        date_str = str(expiration_date)
+                        # Try multiple parsing strategies
+                        try:
+                            # Try ISO format with Z replacement
+                            expiration_date = datetime.fromisoformat(date_str.replace('Z', '+00:00'))
+                        except (ValueError, AttributeError):
+                            # Try parsing without timezone
+                            from dateutil import parser
+                            expiration_date = parser.parse(date_str)
+
+                    # Make timezone-aware if needed
+                    if expiration_date.tzinfo is None:
+                        expiration_date = expiration_date.replace(tzinfo=timezone.utc)
+                    # Convert to UTC if it's in a different timezone
+                    elif expiration_date.tzinfo != timezone.utc:
+                        expiration_date = expiration_date.astimezone(timezone.utc)
+
+                    now = datetime.now(timezone.utc)
+                    days_to_expire = (expiration_date - now).days
+
+                    if days_to_expire <= expire_warning_days and days_to_expire >= 0:
+                        if days_to_expire == 0:
+                            lines.append("⚠️  WARNING: Domain expires TODAY!")
+                        elif days_to_expire == 1:
+                            lines.append("⚠️  WARNING: Domain expires in 1 day")
+                        else:
+                            lines.append(f"⚠️  WARNING: Domain expires in {days_to_expire} days")
+                    elif days_to_expire < 0:
+                        lines.append("⚠️  WARNING: Domain has EXPIRED!")
+                except Exception as e:
+                    logger.error(f"Could not parse expiration date for countdown: {e}")
+                    lines.append(f"⚠️  ERROR: Could not parse expiration date format: {e}")
+        else:
+            lines.append("No WHOIS data available")
+
+        lines.append("")
+        return '\n'.join(lines)