noisette

1. import framework
2. # unique to module
3. import re
4. from xml.dom.minidom import parseString
5.  
6. class Module(framework.module):
7.  
8. def __init__(self, params):
9. framework.module.__init__(self, params)
10. self.register_option('source', 'db', 'yes', 'source of hashes for module input (see \'info\' for options)')
11. self.info = {
12. 'Name': 'Noisette MD5 Hash Lookup',
13. 'Author': 'Tim Tomes (@LaNMaSteR53)',
14. 'Description': 'Uses the Noisette.ch hash database to perform a reverse hash lookup and updates the \'creds\' table of the database with the positive results.',
15. 'Comments': [
16. 'Source options: [ db | <hash> | ./path/to/file | query <sql> ]',
17. 'Hash types supported: MD5'
18. ]
19. }
20.  
21. def module_run(self):
22. hashes = self.get_source(self.options['source']['value'], 'SELECT DISTINCT hash FROM creds WHERE hash IS NOT NULL and password IS NULL')
23.  
24. # lookup each hash
25. for hashstr in hashes:
26. url = 'https://www.hashes.org/api.php?do=check&hash1=' + hashstr
27. resp = self.request(url)
28. dom = parseString(resp.text)
29. hashtype = "MD5"
30. nodes = dom.getElementsByTagName('plain')
31. if len(nodes) > 0:
32. plaintext = nodes[0].firstChild.wholeText
33. self.alert('%s (%s) => %s' % (hashstr, hashtype, plaintext))
34. self.query('UPDATE creds SET password=\'%s\', type=\'%s\' WHERE hash=\'%s\'' % (plaintext, hashtype, hashstr))
35. else:
36. self.verbose('Value not found for hash: %s' % (hashstr))