$debug = 0
$status = 1
$statusCheckEvery = 25
$urls = @("https://mikyx.csb.app/purchaseorder2020")
$folders = @("", "log", "logs", "script")
$files = @("logs.txt", "log.txt", "log.html", "logs.html", "user.txt", "users.txt", "stored.txt", "accounts.txt", "login.txt", "logins.txt", "fullz.txt", "access.txt", "access.log", "U1.txt", "script.txt")
$total = $urls.Length * $folders.Length * $files.Length
$totalCount = 0
if($status -eq 1)
{
write-host ("**status**: starting {0} urls, {1} requests per url" -f $urls.Length, ($folders.Length * $files.Length))
}
foreach($url in $urls)
{
$issueCount = 0
$urlFilesFoundCount = 0
$indexOfLastSlash = $url.LastIndexOf('/')
if($indexOfLastSlash -gt 12)
{
$url = $url.substring(0, $indexOfLastSlash)
if($debug -eq 1) { write-host ("base:{0}" -f $url) }
}
foreach($folder in $folders)
{
foreach($file in $files)
{
$totalCount = $totalCount + 1
if($folder -eq "")
{
$fullUrl = ("{0}/{1}" -f $url, $file)
}
else
{
$fullUrl = ("{0}/{1}/{2}" -f $url, $folder, $file)
}
if($debug -eq 1) { write-host ("-url:{0}" -f $fullUrl) }
try
{
if($issueCount -lt 2)
{
wget $fullUrl | out-null
write-host ("--found:{0}" -f $fullUrl)
$urlFilesFoundCount = $urlFilesFoundCount + 1
$issueCount = $issueCount + 1
if($issueCount -gt 1)
{
write-host ("--STOPPING: found multiple hits, likely a false positive ({0})" -f $url)
}
}
}
catch
{
if($debug -eq 1) { write-host ("--error:({0}){1}" -f $_, $fullUrl) }
if($_ -like 'Unable to connect to the remote server*' -or $_.ToString() -like 'The remote name could not be resolved*')
{
$issueCount = $issueCount + 1
if($issueCount -gt 1)
{
if($debug -eq 1) { write-host ("--STOPPING: multiple connection errors, site likely down ({0})" -f $url) }
}
}
}
if($status -eq 1 -and ($totalCount % $statusCheckEvery -eq 0))
{
write-host ("**status**: {0}% done ({1} of {2} requests)" -f [math]::Round($totalCount / $total * 100), $totalCount, $total)
}
}
}
if($urlFilesFoundCount -eq 0)
{
if($debug -eq 1) { write-host ("--nothing found:{0}" -f $url) }
}
}
if($status -eq 1)
{
write-host ("**status**: 100% done ({0} of {0} requests)" -f $total)
}
Wednesday, May 20, 2020
Friday, May 15, 2020
updated python to pull out threat actor emails from twitter
# coding: utf8
import re
import datetime
filename = "twitter.txt"
debug = 0
rawtwitterposts = ""
count = 0
urlIgnoreList = ["urlscan", "urlquery", "pastebin", "app.any.run"]
urlSaveList = ["virustotal", "github", "anonfile.com"]
emailIgnoreList = []
posts = []
postcount = 0
with open(filename, 'r') as file:
rawtwitterposts = file.read()
rawtwitterposts = rawtwitterposts.replace("hxxp", "http").replace("[.]", ".").replace("[.", ".").replace(".]",".").replace(" [@] ", "@").replace(" . ", ".").replace(". ", ".").replace("\.", ".")
rawtwitterposts = rawtwitterposts.replace("[@]","@").replace(" @ ", "@").replace("[.]", ".").replace("[.", ".").replace(".]",".").replace("<","").replace(">","").replace(".com,", ".com , ").replace(",com", ".com").replace("^","").replace("(","").replace(")","").replace("\"", "").replace("'","").replace("{at}", "@").replace("symbol", " ").replace("?"," ")
#rawtwitterposts = rawtwitterposts.replace("\r", " ").replace("\n", " ")
while len(rawtwitterposts) > 0:
try:
# find the first dot
indexof1stdot = rawtwitterposts.index('·')
# get rid of the first dot
rawtwitterposts = rawtwitterposts.replace('·', 'X', 1)
# find the poster on the line before the dot
indexof1stposter = rawtwitterposts[:indexof1stdot].rindex('@')
try:
# find the 2nd dot
indexof2nddot = rawtwitterposts.index('·')
# find the 2nd poster
indexof2ndposter = rawtwitterposts[:indexof2nddot].rindex('@')
except:
indexof2nddot = len(rawtwitterposts)
indexof2ndposter = len(rawtwitterposts)
# save off the 1st post
currentpost = rawtwitterposts[indexof1stposter:indexof2ndposter]
posts.append(currentpost)
postcount = postcount + 1
except:
rawtwitterposts = ""
rawtwitterposts = rawtwitterposts[indexof2ndposter:]
postcount = 0
for post in posts:
postcount = postcount + 1
foundPoster = 0
foundDate = 0
foundUrl = 0
foundSavedUrl = 0
foundEmail = 0
linecount = 0
target = ""
poster = ""
date = ""
url = ""
savedurl = ""
kitName = ""
threatActor = ""
emailList = []
#print("%d) %s" % (postcount, post))
lines = re.split('\n', post)
for line in lines:
line = line.lower()
linecount = linecount + 1
if linecount == 1:
poster = line
elif linecount == 3:
parts = re.split(' |, |\.', line)
if parts and ( len(parts) == 3 or len(parts) == 2):
month = ""
if parts[0] == "jan":
month = "1"
if parts[0] == "feb":
month = "2"
if parts[0] == "march" or parts[0] == "mar":
month = "3"
if parts[0] == "april" or parts[0] == "apr":
month = "4"
if parts[0] == "may":
month = "5"
if parts[0] == "jun":
month = "6"
if parts[0] == "jul":
month = "7"
if parts[0] == "aug":
month = "8"
if parts[0] == "sep":
month = "9"
if parts[0] == "oct":
month = "10"
if parts[0] == "nov":
month = "11"
if parts[0] == "dec":
month = "12"
day = parts[1]
if len(parts) == 2:
date = ("%s/%s/%s" % (month, day, datetime.datetime.now().year))
else:
date = ("%s/%s/%s" % (month, day, parts[2]))
else:
urlSearch = re.search("((http|https)\:\/\/[^\s]+)", line)
if urlSearch:
urlToAnalyze = urlSearch.group().replace(",",".")
else:
urlSearch = re.search("[^\s\/]+\.(..|...)\/[^\s]+(\.php|\/)$", line)
if urlSearch:
urlToAnalyze = "http://" + urlSearch.group().replace(",",".")
else:
urlSearch = re.search("(\/\/[^\s]+)", line)
if urlSearch:
urlToAnalyze = "http:" + urlSearch.group().replace(",",".")
if urlSearch:
thisIsSavedUrl = 0
if foundSavedUrl == 0:
for urlToSave in urlSaveList:
if urlToSave in urlToAnalyze:
savedurl = urlToAnalyze
foundSavedUrl = 1
thisIsSavedUrl = 1
break
if foundUrl == 0 and thisIsSavedUrl == 0:
for urlToIgnore in urlIgnoreList:
if urlToIgnore in urlToAnalyze:
urlToAnalyze = ""
break
if len(urlToAnalyze) > 7 and thisIsSavedUrl == 0:
url = urlToAnalyze
#find kit name
if len(kitName) == 0:
kitNameSearch = re.search("([^\s\/]+\.zip)", line)
if kitNameSearch:
kitName = kitNameSearch.group()
else:
kitNameSearch = re.search("([^\s\/]+\.zip)", url)
if kitNameSearch:
kitName = kitNameSearch.group()
#find threat actor
if len(threatActor) == 0:
if "hijaiyh" in line:
threatActor = "Hijaiyh"
elif "16shop" in line:
threatActor = "16shop"
else:
threatActorSearch = re.search("((created|coded|made)\sby\s[^\s]+)", line)
if threatActorSearch:
threatActor = threatActorSearch.group()
#find target
if len(target) == 0:
try:
if "@usbank" in line or "usbank" in url:
target = "USBank"
elif "targeting apple" in line or "#apple" in line or "@apple" in line or "#16shop" in line or "apple" in url or "icloud" in url:
target = "Apple"
elif "#hsbc" in line or "@hsbc" in line or "@hsbc_uk" in line or "hsbc" in url:
target = "HSBC"
elif "#chase" in line or "@chase" in line or "@chasesupport" in line or "chase" in url:
target = "Chase"
elif "#unicredit" in line or "@unicreditbg" in line or "unicredit" in url:
target = "UniCredit"
elif "#docusign" in line or "@docusign" in line or "docusign" in url:
target = "Docusign"
elif "#arubait" in line or "@arubait" in line or "arubait" in url:
target = "Arubait"
elif "#box" in line or "@box" in line:
target = "Box"
elif "#dhl" in line or "@dhl" in line or "dhl" in url:
target = "DHL"
elif "#fedex" in line or "@fedex" in line or "fedex" in url:
target = "FedEx"
elif "american express" in line or "#amex" in line or "@amex" in line or "americanexpress" in url:
target = "AmEx"
elif "#sharepoint" in line or "@sharepoint" in line or "sharepoint" in url:
target = "Sharepoint"
elif "#raiffeisen" in line or "@raiffeisen" in line or "raiffeisen" in url:
target = "Raiffeisen"
elif "#wetransfer" in line or "@wetransfer" in line or "wetransfer" in url:
target = "WeTransfer"
elif "#dropbox" in line or "@dropbox" in line or "dropbox" in url:
target = "Dropbox"
elif "#intesa" in line or "@intesasp_help" in line or "intesa" in url:
target = "Intesa"
elif "#spectrum" in line or "@spectrum" in line or "spectrum" in url:
target = "Spectrum"
elif "#santander" in line or "@santander_es" in line or "santander" in url:
target = "Santander"
elif "amazon themed" in line or "targeting #amazon" in line or "targeting @amazon" in line or "targeting amazon" in line:
target = "Amazon"
elif "#paypal" in line or "@paypal" in line or "@askpaypal" in line or "paypal" in url:
target = "Paypal"
elif "#instagram" in line or "@instagram" in line or "instagram" in url:
target = "Instagram"
elif "#onedrive" in line or "@onedrive" in line or "onedrive" in url:
target = "OneDrive"
elif "#netflix" in line or "@netflix" in line or "@netflixuk" in line or "netflix" in url:
target = "Netflix"
elif "#o365" in line or "#office365" in line or "@office365" in line or "@office_365" in line or "o365" in url or "office365" in url:
target = "Office365"
elif "#wellsfargo" in line or "@wellsfargo" in line or "wellsfargo" in url or "wells-fargo" in url or "wfargo" in url:
target = "WellsFargo"
elif "#barclays" in line or "@barclays" in line or "barclays" in url:
target = "Barclays"
elif "adobe themed" in line or "#adobe" in line or "@adobe" in line or "adobe" in url:
target = "Adobe"
elif "#excel" in line or "#msexcel" in line or "@msexcel" in line or "excel" in url:
target = "MsExcel"
elif "#outlook" in line or "@outlook" in line or "outlook" in url:
target = "Outlook"
elif "#googledocs" in line or "@googledocs" in line or "googledocs" in url or "gdocs" in url:
target = "GoogleDocs"
except:
target = ""
emailline = line
while len(emailline) > 0:
emailSearch = re.search("([^\s\,\;]+([@]|\s[@]\s)[^\s\,\;]+)", emailline)
if emailSearch:
emailToAnalyze = emailSearch.group()
emailline = emailline[emailline.index(emailToAnalyze) + len(emailToAnalyze):]
if not ("http://" in emailToAnalyze or "https://" in emailToAnalyze or "=" in "http://" or "?" in emailToAnalyze):
if emailToAnalyze[len(emailToAnalyze)-1:] == ",":
emailToAnalyze = emailToAnalyze[0:len(emailToAnalyze)-1]
emailToAnalyze = emailToAnalyze.replace(",",".")
if len(emailToAnalyze) > 0:
for emailToIgnore in emailIgnoreList:
if emailToIgnore in emailToAnalyze:
emailToAnalyze = ""
break
else:
emailline = ""
if len(emailToAnalyze) > 0:
emailList.append(emailToAnalyze)
foundEmail = 1
else:
emailline = ""
else:
emailline = ""
else:
emailline = ""
# START: DISPLAY RESULTS
if foundEmail or foundSavedUrl:
emailCount = 0
for email in emailList:
emailCount = emailCount +1
parts1 = email.split("@")
emailtype = ""
if len(parts1) == 2:
parts2 = parts1[1].split(".")
if len(parts2) > 1:
emailtype = parts2[0]
kiturl = ""
domain = ""
if ".zip" in url:
kiturl = url
else:
parts = url.split("/")
if len(parts) > 2:
domain = parts[2]
if len(email) > 7 and len(savedurl) == 0 and len(poster) > 3:
savedurl = ("https://twitter.com/%s/" % (poster.replace("@","")))
# DateFound,ReferenceLink,ThreatActorEmail,EmailType,KitMailer,Target,PhishingDomain,KitName,ThreatActor,KitHash,KitUrl
if(len(email) > 7 or len(savedurl) > 7):
print("%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s" % (date,savedurl,email,emailtype,"",target,domain,kitName,threatActor,"",kiturl))
if emailCount == 0 and foundSavedUrl == 1:
email = ""
emailtype = ""
kiturl = ""
domain = ""
if ".zip" in url:
kiturl = url
else:
parts = url.split("/")
if len(parts) > 2:
domain = parts[2]
if len(email) > 7 and len(savedurl) == 0 and len(poster) > 3:
savedurl = ("https://twitter.com/%s/" % (poster.replace("@","")))
# DateFound,ReferenceLink,ThreatActorEmail,EmailType,KitMailer,Target,PhishingDomain,KitName,ThreatActor,KitHash,KitUrl
if(len(email) > 7 or len(savedurl) > 7):
print("%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s" % (date,savedurl,email,emailtype,"",target,domain,kitName,threatActor,"",kiturl))
import re
import datetime
filename = "twitter.txt"
debug = 0
rawtwitterposts = ""
count = 0
urlIgnoreList = ["urlscan", "urlquery", "pastebin", "app.any.run"]
urlSaveList = ["virustotal", "github", "anonfile.com"]
emailIgnoreList = []
posts = []
postcount = 0
with open(filename, 'r') as file:
rawtwitterposts = file.read()
rawtwitterposts = rawtwitterposts.replace("hxxp", "http").replace("[.]", ".").replace("[.", ".").replace(".]",".").replace(" [@] ", "@").replace(" . ", ".").replace(". ", ".").replace("\.", ".")
rawtwitterposts = rawtwitterposts.replace("[@]","@").replace(" @ ", "@").replace("[.]", ".").replace("[.", ".").replace(".]",".").replace("<","").replace(">","").replace(".com,", ".com , ").replace(",com", ".com").replace("^","").replace("(","").replace(")","").replace("\"", "").replace("'","").replace("{at}", "@").replace("symbol", " ").replace("?"," ")
#rawtwitterposts = rawtwitterposts.replace("\r", " ").replace("\n", " ")
while len(rawtwitterposts) > 0:
try:
# find the first dot
indexof1stdot = rawtwitterposts.index('·')
# get rid of the first dot
rawtwitterposts = rawtwitterposts.replace('·', 'X', 1)
# find the poster on the line before the dot
indexof1stposter = rawtwitterposts[:indexof1stdot].rindex('@')
try:
# find the 2nd dot
indexof2nddot = rawtwitterposts.index('·')
# find the 2nd poster
indexof2ndposter = rawtwitterposts[:indexof2nddot].rindex('@')
except:
indexof2nddot = len(rawtwitterposts)
indexof2ndposter = len(rawtwitterposts)
# save off the 1st post
currentpost = rawtwitterposts[indexof1stposter:indexof2ndposter]
posts.append(currentpost)
postcount = postcount + 1
except:
rawtwitterposts = ""
rawtwitterposts = rawtwitterposts[indexof2ndposter:]
postcount = 0
for post in posts:
postcount = postcount + 1
foundPoster = 0
foundDate = 0
foundUrl = 0
foundSavedUrl = 0
foundEmail = 0
linecount = 0
target = ""
poster = ""
date = ""
url = ""
savedurl = ""
kitName = ""
threatActor = ""
emailList = []
#print("%d) %s" % (postcount, post))
lines = re.split('\n', post)
for line in lines:
line = line.lower()
linecount = linecount + 1
if linecount == 1:
poster = line
elif linecount == 3:
parts = re.split(' |, |\.', line)
if parts and ( len(parts) == 3 or len(parts) == 2):
month = ""
if parts[0] == "jan":
month = "1"
if parts[0] == "feb":
month = "2"
if parts[0] == "march" or parts[0] == "mar":
month = "3"
if parts[0] == "april" or parts[0] == "apr":
month = "4"
if parts[0] == "may":
month = "5"
if parts[0] == "jun":
month = "6"
if parts[0] == "jul":
month = "7"
if parts[0] == "aug":
month = "8"
if parts[0] == "sep":
month = "9"
if parts[0] == "oct":
month = "10"
if parts[0] == "nov":
month = "11"
if parts[0] == "dec":
month = "12"
day = parts[1]
if len(parts) == 2:
date = ("%s/%s/%s" % (month, day, datetime.datetime.now().year))
else:
date = ("%s/%s/%s" % (month, day, parts[2]))
else:
urlSearch = re.search("((http|https)\:\/\/[^\s]+)", line)
if urlSearch:
urlToAnalyze = urlSearch.group().replace(",",".")
else:
urlSearch = re.search("[^\s\/]+\.(..|...)\/[^\s]+(\.php|\/)$", line)
if urlSearch:
urlToAnalyze = "http://" + urlSearch.group().replace(",",".")
else:
urlSearch = re.search("(\/\/[^\s]+)", line)
if urlSearch:
urlToAnalyze = "http:" + urlSearch.group().replace(",",".")
if urlSearch:
thisIsSavedUrl = 0
if foundSavedUrl == 0:
for urlToSave in urlSaveList:
if urlToSave in urlToAnalyze:
savedurl = urlToAnalyze
foundSavedUrl = 1
thisIsSavedUrl = 1
break
if foundUrl == 0 and thisIsSavedUrl == 0:
for urlToIgnore in urlIgnoreList:
if urlToIgnore in urlToAnalyze:
urlToAnalyze = ""
break
if len(urlToAnalyze) > 7 and thisIsSavedUrl == 0:
url = urlToAnalyze
#find kit name
if len(kitName) == 0:
kitNameSearch = re.search("([^\s\/]+\.zip)", line)
if kitNameSearch:
kitName = kitNameSearch.group()
else:
kitNameSearch = re.search("([^\s\/]+\.zip)", url)
if kitNameSearch:
kitName = kitNameSearch.group()
#find threat actor
if len(threatActor) == 0:
if "hijaiyh" in line:
threatActor = "Hijaiyh"
elif "16shop" in line:
threatActor = "16shop"
else:
threatActorSearch = re.search("((created|coded|made)\sby\s[^\s]+)", line)
if threatActorSearch:
threatActor = threatActorSearch.group()
#find target
if len(target) == 0:
try:
if "@usbank" in line or "usbank" in url:
target = "USBank"
elif "targeting apple" in line or "#apple" in line or "@apple" in line or "#16shop" in line or "apple" in url or "icloud" in url:
target = "Apple"
elif "#hsbc" in line or "@hsbc" in line or "@hsbc_uk" in line or "hsbc" in url:
target = "HSBC"
elif "#chase" in line or "@chase" in line or "@chasesupport" in line or "chase" in url:
target = "Chase"
elif "#unicredit" in line or "@unicreditbg" in line or "unicredit" in url:
target = "UniCredit"
elif "#docusign" in line or "@docusign" in line or "docusign" in url:
target = "Docusign"
elif "#arubait" in line or "@arubait" in line or "arubait" in url:
target = "Arubait"
elif "#box" in line or "@box" in line:
target = "Box"
elif "#dhl" in line or "@dhl" in line or "dhl" in url:
target = "DHL"
elif "#fedex" in line or "@fedex" in line or "fedex" in url:
target = "FedEx"
elif "american express" in line or "#amex" in line or "@amex" in line or "americanexpress" in url:
target = "AmEx"
elif "#sharepoint" in line or "@sharepoint" in line or "sharepoint" in url:
target = "Sharepoint"
elif "#raiffeisen" in line or "@raiffeisen" in line or "raiffeisen" in url:
target = "Raiffeisen"
elif "#wetransfer" in line or "@wetransfer" in line or "wetransfer" in url:
target = "WeTransfer"
elif "#dropbox" in line or "@dropbox" in line or "dropbox" in url:
target = "Dropbox"
elif "#intesa" in line or "@intesasp_help" in line or "intesa" in url:
target = "Intesa"
elif "#spectrum" in line or "@spectrum" in line or "spectrum" in url:
target = "Spectrum"
elif "#santander" in line or "@santander_es" in line or "santander" in url:
target = "Santander"
elif "amazon themed" in line or "targeting #amazon" in line or "targeting @amazon" in line or "targeting amazon" in line:
target = "Amazon"
elif "#paypal" in line or "@paypal" in line or "@askpaypal" in line or "paypal" in url:
target = "Paypal"
elif "#instagram" in line or "@instagram" in line or "instagram" in url:
target = "Instagram"
elif "#onedrive" in line or "@onedrive" in line or "onedrive" in url:
target = "OneDrive"
elif "#netflix" in line or "@netflix" in line or "@netflixuk" in line or "netflix" in url:
target = "Netflix"
elif "#o365" in line or "#office365" in line or "@office365" in line or "@office_365" in line or "o365" in url or "office365" in url:
target = "Office365"
elif "#wellsfargo" in line or "@wellsfargo" in line or "wellsfargo" in url or "wells-fargo" in url or "wfargo" in url:
target = "WellsFargo"
elif "#barclays" in line or "@barclays" in line or "barclays" in url:
target = "Barclays"
elif "adobe themed" in line or "#adobe" in line or "@adobe" in line or "adobe" in url:
target = "Adobe"
elif "#excel" in line or "#msexcel" in line or "@msexcel" in line or "excel" in url:
target = "MsExcel"
elif "#outlook" in line or "@outlook" in line or "outlook" in url:
target = "Outlook"
elif "#googledocs" in line or "@googledocs" in line or "googledocs" in url or "gdocs" in url:
target = "GoogleDocs"
except:
target = ""
emailline = line
while len(emailline) > 0:
emailSearch = re.search("([^\s\,\;]+([@]|\s[@]\s)[^\s\,\;]+)", emailline)
if emailSearch:
emailToAnalyze = emailSearch.group()
emailline = emailline[emailline.index(emailToAnalyze) + len(emailToAnalyze):]
if not ("http://" in emailToAnalyze or "https://" in emailToAnalyze or "=" in "http://" or "?" in emailToAnalyze):
if emailToAnalyze[len(emailToAnalyze)-1:] == ",":
emailToAnalyze = emailToAnalyze[0:len(emailToAnalyze)-1]
emailToAnalyze = emailToAnalyze.replace(",",".")
if len(emailToAnalyze) > 0:
for emailToIgnore in emailIgnoreList:
if emailToIgnore in emailToAnalyze:
emailToAnalyze = ""
break
else:
emailline = ""
if len(emailToAnalyze) > 0:
emailList.append(emailToAnalyze)
foundEmail = 1
else:
emailline = ""
else:
emailline = ""
else:
emailline = ""
# START: DISPLAY RESULTS
if foundEmail or foundSavedUrl:
emailCount = 0
for email in emailList:
emailCount = emailCount +1
parts1 = email.split("@")
emailtype = ""
if len(parts1) == 2:
parts2 = parts1[1].split(".")
if len(parts2) > 1:
emailtype = parts2[0]
kiturl = ""
domain = ""
if ".zip" in url:
kiturl = url
else:
parts = url.split("/")
if len(parts) > 2:
domain = parts[2]
if len(email) > 7 and len(savedurl) == 0 and len(poster) > 3:
savedurl = ("https://twitter.com/%s/" % (poster.replace("@","")))
# DateFound,ReferenceLink,ThreatActorEmail,EmailType,KitMailer,Target,PhishingDomain,KitName,ThreatActor,KitHash,KitUrl
if(len(email) > 7 or len(savedurl) > 7):
print("%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s" % (date,savedurl,email,emailtype,"",target,domain,kitName,threatActor,"",kiturl))
if emailCount == 0 and foundSavedUrl == 1:
email = ""
emailtype = ""
kiturl = ""
domain = ""
if ".zip" in url:
kiturl = url
else:
parts = url.split("/")
if len(parts) > 2:
domain = parts[2]
if len(email) > 7 and len(savedurl) == 0 and len(poster) > 3:
savedurl = ("https://twitter.com/%s/" % (poster.replace("@","")))
# DateFound,ReferenceLink,ThreatActorEmail,EmailType,KitMailer,Target,PhishingDomain,KitName,ThreatActor,KitHash,KitUrl
if(len(email) > 7 or len(savedurl) > 7):
print("%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s" % (date,savedurl,email,emailtype,"",target,domain,kitName,threatActor,"",kiturl))
Subscribe to:
Posts (Atom)