chg: [faup] replace and remove faup

Author: Terrtia

bin/lib/crawlers.py

@@ -47,6 +47,7 @@
 from lib.objects import HHHashs
 from lib.objects.Items import Item
 from lib import Tag
+from lib import psl_faup
 
 config_loader = ConfigLoader()
 r_db = config_loader.get_db_conn("Kvrocks_DB")
@@ -60,8 +61,6 @@
 D_SCREENSHOT = config_loader.get_config_boolean('Crawler', 'default_screenshot')
 config_loader = None
 
-faup = Faup()
-
 # logger_crawler = logging.getLogger('crawlers.log')
 
 # # # # # # # #
@@ -185,18 +184,11 @@ def is_valid_onion_domain(domain):
     # return False
 
 def is_valid_domain(domain):
-    faup.decode(domain)
-    url_unpack = faup.get()
-    unpack_domain = url_unpack['domain'].lower()
+    unpack_domain = psl_faup.get_domain(domain)
     return domain == unpack_domain
 
-def get_faup():
-    return faup
-
 def unpack_url(url):
-    f = get_faup()
-    f.decode(url)
-    url_decoded = f.get()
+    url_decoded = psl_faup.unparse_url(url)
     port = url_decoded['port']
     if not port:
         if url_decoded['scheme'] == 'http':
@@ -274,9 +266,7 @@ def extract_favicon_from_html(html, url):
     #   - <meta name="msapplication-config" content="/icons/browserconfig.xml">
 
     # Root Favicon
-    f = get_faup()
-    f.decode(url)
-    url_decoded = f.get()
+    url_decoded = psl_faup.unparse_url(url)
     root_domain = f"{url_decoded['scheme']}://{url_decoded['domain']}"
     default_icon = f'{root_domain}/favicon.ico'
     favicons_urls.add(default_icon)
@@ -503,9 +493,7 @@ def extract_hhhash(har, domain, date):
             if entrie.get('response').get('status') == 200:  # != 301:
                 # print(url, entrie.get('response').get('status'))
 
-                f = get_faup()
-                f.decode(url)
-                domain_url = f.get().get('domain')
+                domain_url = psl_faup.get_domain(url)
                 if domain_url == domain:
 
                     headers = entrie.get('response').get('headers')

bin/lib/psl_faup.py

@@ -0,0 +1,218 @@
+#!/usr/bin/env python3
+# -*-coding:UTF-8 -*
+
+import idna
+import ipaddress
+import socket
+
+from publicsuffixlist import PublicSuffixList
+from urllib.parse import urlparse, urlunparse
+
+def _ensure_bytes(binary):
+    if isinstance(binary, bytes):
+        return binary
+    else:
+        return binary.encode('utf-8')
+
+
+def _ensure_str(string):
+    if isinstance(string, str):
+        return string
+    else:
+        return string.decode('utf-8')
+
+
+class UrlNotDecoded(Exception):
+    pass
+
+
+# https://github.com/MISP/PyMISP/blob/main/pymisp/tools/_psl_faup.py
+class PSLFaup:
+    """
+    Fake Faup Python Library using PSL for Windows support
+    """
+
+    def __init__(self):
+        self.decoded = False
+        self.psl = PublicSuffixList()
+        self._url = None
+        self._retval = {}
+        self.ip_as_host = ''
+
+    def _clear(self):
+        self.decoded = False
+        self._url = None
+        self._retval = {}
+        self.ip_as_host = ''
+
+    def decode(self, url):
+        """
+        This function creates a dict of all the url fields.
+        :param url: The URL to normalize
+        """
+        self._clear()
+        if isinstance(url, bytes) and b'//' not in url[:10]:
+            url = b'//' + url
+        elif '//' not in url[:10]:
+            url = '//' + url
+        self._url = urlparse(url)
+
+        if self._url is None:
+            raise UrlNotDecoded("Unable to parse URL")
+
+        self.ip_as_host = ''
+        if self._url.hostname is None:
+            raise UrlNotDecoded("Unable to parse URL")
+        hostname = _ensure_str(self._url.hostname)
+        try:
+            ipv4_bytes = socket.inet_aton(hostname)
+            ipv4 = ipaddress.IPv4Address(ipv4_bytes)
+            self.ip_as_host = ipv4.compressed
+        except (OSError, ValueError):
+            try:
+                addr, _, _ = hostname.partition('%')
+                ipv6 = ipaddress.IPv6Address(addr)
+                self.ip_as_host = ipv6.compressed
+            except ValueError:
+                pass
+
+        self.decoded = True
+        self._retval = {}
+
+    @property
+    def url(self):
+        if not self.decoded or not self._url:
+            raise UrlNotDecoded("You must call pslfaup.decode() first")
+
+        if host := self.get_host():
+            netloc = host + ('' if self.get_port() is None else f':{self.get_port()}')
+            return _ensure_bytes(
+                urlunparse(
+                    (self.get_scheme(), netloc, self.get_resource_path(),
+                     '', self.get_query_string(), self.get_fragment(),)
+                )
+            )
+        return None
+
+    def get_credential(self):
+        if not self.decoded or not self._url:
+            raise UrlNotDecoded("You must call pslfaup.decode() first")
+
+        if self._url.username and self._url.password:
+            return _ensure_str(self._url.username) + ':' + _ensure_str(self._url.password)
+        if self._url.username:
+            return _ensure_str(self._url.username)
+        return None
+
+    def get_scheme(self):
+        """
+        Get the scheme of the url given in the decode function
+        :returns: The URL scheme
+        """
+        if not self.decoded or not self._url:
+            raise UrlNotDecoded("You must call pslfaup.decode() first")
+        return _ensure_str(self._url.scheme if self._url.scheme else '')
+
+    def get_host(self):
+        if not self.decoded or not self._url:
+            raise UrlNotDecoded("You must call pslfaup.decode() first")
+
+        if self._url.hostname is None:
+            return None
+        elif self._url.hostname.isascii():
+            return _ensure_str(self._url.hostname)
+        else:
+            return _ensure_str(idna.encode(self._url.hostname, uts46=True))
+
+    def get_domain(self):
+        if not self.decoded or not self._url:
+            raise UrlNotDecoded("You must call pslfaup.decode() first")
+
+        if self.get_host() is not None and not self.ip_as_host:
+            return self.psl.privatesuffix(self.get_host())
+        return None
+
+    def get_domain_without_tld(self):
+        if not self.decoded or not self._url:
+            raise UrlNotDecoded("You must call pslfaup.decode() first")
+
+        if self.get_tld() is not None and not self.ip_as_host:
+            if domain := self.get_domain():
+                return domain.rsplit(self.get_tld(), 1)[0].rstrip('.')
+        return None
+
+    def get_subdomain(self):
+        if not self.decoded or not self._url:
+            raise UrlNotDecoded("You must call pslfaup.decode() first")
+
+        if self.get_host() is not None and not self.ip_as_host:
+            domain = self.get_domain()
+            host = self.get_host()
+            if domain and host and domain in host:
+                return host.rsplit(domain, 1)[0].rstrip('.') or None
+        return None
+
+    def get_tld(self):
+        if not self.decoded or not self._url:
+            raise UrlNotDecoded("You must call pslfaup.decode() first")
+
+        if self.get_host() is not None and not self.ip_as_host:
+            return self.psl.publicsuffix(self.get_host())
+        return None
+
+    def get_port(self):
+        if not self.decoded or not self._url:
+            raise UrlNotDecoded("You must call pslfaup.decode() first")
+        return self._url.port
+
+    def get_resource_path(self):
+        if not self.decoded or not self._url:
+            raise UrlNotDecoded("You must call pslfaup.decode() first")
+
+        return _ensure_str(self._url.path)
+
+    def get_query_string(self):
+        if not self.decoded or not self._url:
+            raise UrlNotDecoded("You must call pslfaup.decode() first")
+
+        return _ensure_str(self._url.query)
+
+    def get_fragment(self):
+        if not self.decoded or not self._url:
+            raise UrlNotDecoded("You must call pslfaup.decode() first")
+
+        return _ensure_str(self._url.fragment)
+
+    def get(self):
+        self._retval["scheme"] = self.get_scheme()
+        self._retval["tld"] = self.get_tld()
+        self._retval["domain"] = self.get_domain()
+        # self._retval["domain_without_tld"] = self.get_domain_without_tld()
+        self._retval["subdomain"] = self.get_subdomain()
+        self._retval["host"] = self.get_host()
+        self._retval["port"] = self.get_port()
+        self._retval["resource_path"] = self.get_resource_path()
+        self._retval["query_string"] = self.get_query_string()
+        self._retval["fragment"] = self.get_fragment()
+        self._retval["url"] = self.url
+        return self._retval
+
+
+def get_domain(url):
+    f = PSLFaup()
+    f.decode(url)
+    return f.get_domain()
+
+def get_url(url):
+    f = PSLFaup()
+    f.decode(url)
+    return f.url
+
+def unparse_url(url):
+    f = PSLFaup()
+    f.decode(url)
+    return f.get()
+
+
+if __name__ == '__main__':
+    print(unparse_url('Example.COM'))

bin/modules/Credential.py

@@ -28,15 +28,14 @@
 ##################################
 import os
 import sys
-import time
-from pyfaup.faup import Faup
 
 sys.path.append(os.environ['AIL_BIN'])
 ##################################
 # Import Project packages
 ##################################
 from modules.abstract_module import AbstractModule
 from lib import ConfigLoader
+from lib import psl_faup
 
 
 class Credential(AbstractModule):
@@ -57,8 +56,6 @@ class Credential(AbstractModule):
     def __init__(self):
         super(Credential, self).__init__()
 
-        self.faup = Faup()
-
         self.regex_web = r"((?:https?:\/\/)[\.-_0-9a-zA-Z]+\.[0-9a-zA-Z]+)"
         self.regex_cred = r"[a-zA-Z0-9\\._-]+@[a-zA-Z0-9\\.-]+\.[a-zA-Z]{2,6}[\\rn :\_\-]{1,10}[a-zA-Z0-9\_\-]+"
         self.regex_site_for_stats = r"@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}:"
@@ -118,13 +115,7 @@ def compute(self, message):
                         creds_sites[site_domain] = 1
 
                 for url in all_sites:
-                    self.faup.decode(url)
-                    domain = self.faup.get()['domain']
-                    # # TODO: # FIXME: remove me, check faup versionb
-                    try:
-                        domain = domain.decode()
-                    except:
-                        pass
+                    domain = psl_faup.get_domain(url)
                     if domain in creds_sites.keys():
                         creds_sites[domain] += 1
                     else:

bin/modules/LibInjection.py

@@ -15,8 +15,6 @@
 import sys
 import pylibinjection
 
-from datetime import datetime
-from pyfaup.faup import Faup
 from urllib.parse import unquote
 
 
@@ -25,22 +23,20 @@
 # Import Project packages
 ##################################
 from modules.abstract_module import AbstractModule
+from lib import psl_faup
 
 class LibInjection(AbstractModule):
     """docstring for LibInjection module."""
 
     def __init__(self):
         super(LibInjection, self).__init__()
 
-        self.faup = Faup()
-
         self.logger.info(f"Module: {self.module_name} Launched")
 
     def compute(self, message):
         url = message
 
-        self.faup.decode(url)
-        url_parsed = self.faup.get()
+        url_parsed = psl_faup.unparse_url(url)
         # # TODO: # FIXME: remove me
         try:
             resource_path = url_parsed['resource_path'].encode()

bin/modules/Mail.py

@@ -19,8 +19,6 @@
 import dns.resolver
 import dns.exception
 
-# from pyfaup.faup import Faup
-
 sys.path.append(os.environ['AIL_BIN'])
 ##################################
 # Import Project packages        #
@@ -44,8 +42,6 @@ def __init__(self, queue=True):
 
         self.dns_server = config_loader.get_config_str('Mail', 'dns')
 
-        # self.faup = Faup()
-
         # Numbers of Mails needed to Tags
         self.mail_threshold = 10
 

bin/modules/Onion.py

@@ -25,6 +25,7 @@
 from lib.ConfigLoader import ConfigLoader
 from lib.objects.Domains import Domain
 from lib import crawlers
+from lib import psl_faup
 
 class Onion(AbstractModule):
     """docstring for Onion module."""
@@ -39,8 +40,6 @@ def __init__(self, queue=True):
         # regex timeout
         self.regex_timeout = config_loader.get_config_int("Onion", "max_execution_time")
 
-        self.faup = crawlers.get_faup()
-
         # activate_crawler = p.config.get("Crawler", "activate_crawler")
         self.har = config_loader.get_config_boolean('Crawler', 'default_har')
         self.screenshot = config_loader.get_config_boolean('Crawler', 'default_screenshot')
@@ -86,8 +85,7 @@ def compute(self, message):
             print(url)
 
             # TODO Crawl subdomain
-            url_unpack = crawlers.unpack_url(url)
-            domain = url_unpack['domain']
+            domain = psl_faup.get_domain(url)
             if crawlers.is_valid_onion_domain(domain):
                 domains.append(domain)
                 onion_urls.append(url)