Investigation scripts

scripts/email_investigation.py

@@ -0,0 +1,34 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+import sys
+import requests
+import json
+import random
+
+with open('./data/db.json') as f:
+    data = json.load(f)
+
+try:
+    for student in data['students']:
+        targetEmail = student['email']
+
+        print('[*] Searching breaches for account %s' % (targetEmail))
+
+        req = requests.request(
+            'GET', 'https://haveibeenpwned.com/api/v2/breachedaccount/%s?truncateResponse=true' % (targetEmail))
+
+        if req.status_code == 404:
+            continue
+        elif req.status_code == 200:
+            breaches = json.loads(req.content)
+            for breach in breaches:
+                print('[!] Data breach found: %s' % (breach['Name']))
+        elif req.status_code == 429:
+            print('You can retry in %s seconds.' %
+                  (req.headers['Retry-After']))
+            sys.exit()
+        else:
+            print('You have been blocked. (%s)' % (req.status_code))
+            sys.exit()
+except KeyboardInterrupt:
+    print('\nExited.')

scripts/hetic_email_investigation.py

@@ -0,0 +1,34 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+import sys
+import requests
+import json
+import random
+
+with open('./data/db.json') as f:
+    data = json.load(f)
+
+try:
+    for student in data['students']:
+        targetEmail = student['heticEmail']
+
+        print('[*] Searching breaches for account %s' % (targetEmail))
+
+        req = requests.request(
+            'GET', 'https://haveibeenpwned.com/api/v2/breachedaccount/%s?truncateResponse=true' % (targetEmail))
+
+        if req.status_code == 404:
+            continue
+        elif req.status_code == 200:
+            breaches = json.loads(req.content)
+            for breach in breaches:
+                print('[!] Data breach found: %s' % (breach['Name']))
+        elif req.status_code == 429:
+            print('You can retry in %s seconds.' %
+                  (req.headers['Retry-After']))
+            sys.exit()
+        else:
+            print('You have been blocked. (%s)' % (req.status_code))
+            sys.exit()
+except KeyboardInterrupt:
+    print('\nExited.')

scripts/linkedin_investigation.py

@@ -2,7 +2,7 @@
 from googlesearch import search
 import json
 
-with open('../data/db.json') as f:
+with open('./data/db.json') as f:
     data = json.load(f)
 
 for student in data['students']:

tests/fixtures/dashboard.html

@@ -1,6 +0,0 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>HETIC Outils - Dashboard</title><link rel="stylesheet" href="/static/min/?f=css/normalize.css,css/font-awesome.min.css,css/hint.min.css,css/jquery-ui.css,css/dashboard_style.css&139"><link rel="apple-touch-icon" sizes="57x57" href="/static/img/favicons/apple-touch-icon-57x57.png"><link rel="apple-touch-icon" sizes="72x72" href="/static/img/favicons/apple-touch-icon-72x72.png"><link rel="apple-touch-icon" sizes="60x60" href="/static/img/favicons/apple-touch-icon-60x60.png"><link rel="apple-touch-icon" sizes="76x76" href="/static/img/favicons/apple-touch-icon-76x76.png"><link rel="icon" type="image/png" href="/static/img/favicons/favicon-96x96.png" sizes="96x96"><link rel="icon" type="image/png" href="/static/img/favicons/favicon-16x16.png" sizes="16x16"><link rel="icon" type="image/png" href="/static/img/favicons/favicon-32x32.png" sizes="32x32"><meta name="msapplication-TileColor" content="#da532c"> <!--[if lt IE 9]> <script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script > <![endif]--></head><body> <header> <a href="/"><div class="logo vert"></div></a> <nav><ul> <li ><a href="/intranet/home"><img src="/static/img/icone_intranet.png" /> Intranet</a></li> <li ><a href="/ogp/home"><img src="/static/img/icone_OGP.png" /> OGP</a></li> <li ><a href="/ogi/home"><img src="/static/img/icone_OGI.png" /> OGI</a></li> </ul> </nav><div class="menu_boutons">  <a href=""><button class="help">?</button></a> <a href="/logout.php"><button class="logout">Déconnexion</button></a></div><div class="menu_profil"><div class="image" style="background-image:url('/external/picture/')"></div></div><div class="menu_infos "><p class="title"><a href="/ogi/profil/">Raphaël CERVEAUX </a></p> <p class="edit"><a href="/home/editprofil">éditer mon profil ></a></p></div><div style="clear:both"></div> </header> <h1>Bonjour <span class="vert">Raphaël </span></h1>  <section class="dashboard"><div class="item"><div class="title">Profil</div><ul><li><a href="/home/editprofil">Editer mon profil</a></li><li><a href="/home/aoc">Apple On Campus</a></li> <br/><br/><li><a href="/calendar">Réservation de salles de réunions</a></li> <li><a href="/absences">Gestion des absences</a></li> </ul><a href="/home/editprofil"><div class="round  "> <img class="profil_picture" src="/external/picture/" /></div> </a></div> <div class="item"><div class="title">Intranet</div><ul><li><a href="/intranet/home">Consulter mon dossier Intranet</a></li><li><a href="/intranet/home/cat,1">Consulter le dossier des Partiels</a></li><li><a href="/intranet/home/cat,10">Consulter le dossier d'archivage des projets</a></li> </ul><a href="/intranet/home"><div class="round  "> <img src="/static/img/icone_intranet_dashboard.png" /></div> </a></div>  <div class="item"><div class="title">Outil de Gestion de Projets</div><ul><li><a href="/ogp/home">Consulter mes projets en cours</a></li><li><a href="/ogp/projets_current">Consulter les projets en cours</a></li> </ul><a href="/ogp/home"><div class="round  "> <img src="/static/img/icone_OGP_dashboard.png" /></div> </a></div>  <div class="item"><div class="title">Outil de Gestion des Insertions</div><ul><li><a href="/ogi/offres">Chercher un stage ou une insertion</a></li><li><a href="/ogi/add_insertion">Ajouter une insertion</a></li></ul><a href="/ogi/home"><div class="round  "> <img src="/static/img/icone_OGI_dashboard.png" /></div> </a></div>  </section>  <section class="help_box"><div class="close"></div><h1>Aide > Intranet</h1><hr/><p> <img src="/static/img/icon_upload_locked.png" /> Dossier verrouillé<br/> <img src="/static/img/icon_upload_unlocked.png" /> Dossier accessible<br/> <br/> <img src="/static/img/icon_view_hover.png" /> Dossier/fichier invisible<br/> <img src="/static/img/icon_view_novisible.png" /> Dossier/fichier visible<br/></p><h1>Contact</h1><hr/><p> En cas de problèmes ou de questions, veuillez envoyer un mail à :<br/> <a href="mailto:jordan@hetic.net">Damien JORDAN - jordan@hetic.net</a><br/> <a href="mailto:gaeremynck@hetic.net">Anthony GAEREMYNCK - gaeremynck@hetic.net</a><br/></p><h1>Crédits</h1><hr/><p> <a target="_blank" href="http://fr.linkedin.com/in/damienjordanpro">Damien JORDAN - Chef de projet</a><br/> <a target="_blank" href="http://www.linkedin.com/pub/valentin-cervellera/45/a95/b0b">Valentin CERVELLERA - Design</a><br/> <a target="_blank" href="http://www.linkedin.com/in/anthonygaeremynck">Anthony GAEREMYNCK - Développement</a><br/></p> </section> <script src="/static/min/?f=js/jquery.js,js/jquery-ui.js,uploadify/jquery.uploadifive.js,js/jquery.tablesorter.js,js/main.js&139"></script > <script >
-(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
-(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
-m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
-})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-53714325-2', 'auto');
-ga('send', 'pageview'); </script ></body></html>

tests/fixtures/login.html

@@ -1,6 +0,0 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>HETIC - Interface</title><link rel="stylesheet" href="/static/min/?f=css/normalize.css,css/font-awesome.min.css,css/style.css&139"><link rel="apple-touch-icon" sizes="57x57" href="/static/img/favicons/apple-touch-icon-57x57.png"><link rel="apple-touch-icon" sizes="72x72" href="/static/img/favicons/apple-touch-icon-72x72.png"><link rel="apple-touch-icon" sizes="60x60" href="/static/img/favicons/apple-touch-icon-60x60.png"><link rel="apple-touch-icon" sizes="76x76" href="/static/img/favicons/apple-touch-icon-76x76.png"><link rel="icon" type="image/png" href="/static/img/favicons/favicon-96x96.png" sizes="96x96"><link rel="icon" type="image/png" href="/static/img/favicons/favicon-16x16.png" sizes="16x16"><link rel="icon" type="image/png" href="/static/img/favicons/favicon-32x32.png" sizes="32x32"><meta name="msapplication-TileColor" content="#da532c"> <!--[if lt IE 9]> <script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script > <![endif]--></head><body> <header> <a href="/"><div class="logo"></div></a><h1>Connexion aux <span class="bold_title">outils</span> d'<span class="bold_green">HETIC</span></h1> </header><form method="post" action="/login.php"><div class="login_box">  <label for="user">Identifiant</label> <input type="text" name="ide" id="user" value="" placeholder="Adresse e-mail ou nom d'utilisateur" required /> <label class="password" for="password">Mot de passe</label> <input type="password" name="pwd" id="password" value="" placeholder="Mot de passe" required /> <a href="/auth/lostpw" class="lost_pass">Mot de passe oublié ?</a></div><div class="send_box"> <input type="submit" name="send" value="Connexion" /></div></form> <script >
-    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
-    (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
-    m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
-    })(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-53714325-2', 'auto');
-    ga('send', 'pageview'); </script ></body></html>