diff --git a/build_sources.py b/build_sources.py index 97c28ae..7c93776 100644 --- a/build_sources.py +++ b/build_sources.py @@ -913,14 +913,17 @@ AUTHENTICATED_PREMIUM_SOURCES += [ tags=["passive", "stealth"], health_check_url="https://api.breachaware.com", reliability_score=3, is_volatile=True), - _auth("tines_breach", "breaches", - "https://api.tines.com/breaches/{target}", "GET", - {"breaches": "$.breaches"}, - headers={"Authorization": "Bearer {TINES_API_KEY}"}, - api_key_slots=["{TINES_API_KEY}"], - input_type="email", output_type=["email"], - tags=["passive"], - health_check_url="https://api.tines.com", reliability_score=3), + _auth("flare_leaksdb", "breaches", + "https://api.flare.io/leaksdb/v2/credentials/email/{target}", "GET", + {"items": "$.items"}, + headers={"Authorization": "Bearer {FLARE_API_KEY}"}, + api_key_slots=["{FLARE_API_KEY}"], + input_type="email", output_type=["email", "username"], + normalization_map={"email": "email_address", "username": "username", + "password": "plaintext_password", "hash": "password_hash", + "source": "breach_name"}, + tags=["passive", "stealth"], + health_check_url="https://api.flare.io", reliability_score=4), _base("leak_lookup", "breaches", "https://leak-lookup.com/api/search", "POST", @@ -1042,15 +1045,17 @@ AUTHENTICATED_PREMIUM_SOURCES += [ # ── Enrichment ──────────────────────────────────────────────────────────── - _auth("clearbit_enrich", "enrichment", - "https://person.clearbit.com/v2/people/find?email={target}", "GET", - {"full_name": "$.name.fullName"}, - headers={"Authorization": "Bearer {CLEARBIT_API_KEY}"}, - api_key_slots=["{CLEARBIT_API_KEY}"], - input_type="email", output_type=["username", "domain"], - normalization_map={"fullName": "full_name"}, + _auth("seon_email", "enrichment", + "https://api.seon.io/SeonRestService/email-api/v3", "POST", + {"data": "$.data"}, + headers={"X-API-KEY": "{SEON_API_KEY}", "Content-Type": "application/json"}, + api_key_slots=["{SEON_API_KEY}"], + input_type="email", output_type=["email", "domain", "username"], + payload_template={"email": "{target}"}, + normalization_map={"email": "email_address", "domain": "domain", + "full_name": "full_name", "phone_number": "phone"}, tags=["passive"], - health_check_url="https://person.clearbit.com", reliability_score=4), + health_check_url="https://api.seon.io", reliability_score=4), _auth("fullcontact", "enrichment", "https://api.fullcontact.com/v3/person.enrich", "POST", diff --git a/sources/clearbit_enrich.json b/sources/clearbit_enrich.json deleted file mode 100644 index 04f6699..0000000 --- a/sources/clearbit_enrich.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "name": "clearbit_enrich", - "category": "enrichment", - "endpoint": "https://person.clearbit.com/v2/people/find?email={target}", - "method": "GET", - "requires_auth": true, - "selectors": { - "full_name": "$.name.fullName" - }, - "rate_limit": 1.0, - "headers": { - "Authorization": "Bearer {CLEARBIT_API_KEY}" - }, - "api_key_slots": [ - "{CLEARBIT_API_KEY}" - ], - "input_type": "email", - "output_type": [ - "username", - "domain" - ], - "normalization_map": { - "fullName": "full_name" - }, - "tags": [ - "passive" - ], - "health_check_url": "https://person.clearbit.com", - "expected_status": 200, - "reliability_score": 4, - "backup_endpoints": [], - "confidence": 0.85 -} \ No newline at end of file diff --git a/sources/flare_leaksdb.json b/sources/flare_leaksdb.json new file mode 100644 index 0000000..f3ecc2d --- /dev/null +++ b/sources/flare_leaksdb.json @@ -0,0 +1,38 @@ +{ + "name": "flare_leaksdb", + "category": "breaches", + "endpoint": "https://api.flare.io/leaksdb/v2/credentials/email/{target}", + "method": "GET", + "requires_auth": true, + "selectors": { + "items": "$.items" + }, + "rate_limit": 1.0, + "headers": { + "Authorization": "Bearer {FLARE_API_KEY}" + }, + "api_key_slots": [ + "{FLARE_API_KEY}" + ], + "input_type": "email", + "output_type": [ + "email", + "username" + ], + "normalization_map": { + "email": "email_address", + "username": "username", + "password": "plaintext_password", + "hash": "password_hash", + "source": "breach_name" + }, + "tags": [ + "passive", + "stealth" + ], + "health_check_url": "https://api.flare.io", + "expected_status": 200, + "reliability_score": 4, + "backup_endpoints": [], + "confidence": 0.85 +} \ No newline at end of file diff --git a/sources/helpers/config_handler.py b/sources/helpers/config_handler.py index b7c883e..0f1b48c 100644 --- a/sources/helpers/config_handler.py +++ b/sources/helpers/config_handler.py @@ -79,7 +79,7 @@ SERVICE_REGISTRY: Dict[str, Dict] = { "CENSYS_AUTH_BASE64": {"display": "Censys", "public": False}, "CIRCL_AUTH_BASE64": {"display": "CIRCL.lu PDNS", "public": False}, "CIT0DAY_API_KEY": {"display": "Cit0day", "public": False}, - "CLEARBIT_API_KEY": {"display": "Clearbit Enrich", "public": False}, + "SEON_API_KEY": {"display": "SEON Email Intelligence", "public": False}, "CRIMINALIP_API_KEY": {"display": "CriminalIP", "public": False}, "DEHASHED_AUTH_BASE64": {"display": "Dehashed", "public": False}, "DNSDB_API_KEY": {"display": "DNSDB Passive DNS", "public": False}, @@ -127,7 +127,7 @@ SERVICE_REGISTRY: Dict[str, Dict] = { "SPYONWEB_API_KEY": {"display": "SpyOnWeb", "public": False}, "SPYSE_API_KEY": {"display": "Spyse", "public": False}, "TC_API_KEY": {"display": "ThreatConnect", "public": False}, - "TINES_API_KEY": {"display": "Tines Breach", "public": False}, + "FLARE_API_KEY": {"display": "Flare LeaksDB", "public": False}, "TP_API_KEY": {"display": "ThreatPortal", "public": False}, "TWITTER_BEARER_TOKEN": {"display": "Twitter / X API v2", "public": False}, "URLVOID_API_KEY": {"display": "URLVoid", "public": False}, diff --git a/sources/seon_email.json b/sources/seon_email.json new file mode 100644 index 0000000..a9960cf --- /dev/null +++ b/sources/seon_email.json @@ -0,0 +1,41 @@ +{ + "name": "seon_email", + "category": "enrichment", + "endpoint": "https://api.seon.io/SeonRestService/email-api/v3", + "method": "POST", + "requires_auth": true, + "selectors": { + "data": "$.data" + }, + "rate_limit": 1.0, + "headers": { + "X-API-KEY": "{SEON_API_KEY}", + "Content-Type": "application/json" + }, + "payload_template": { + "email": "{target}" + }, + "api_key_slots": [ + "{SEON_API_KEY}" + ], + "input_type": "email", + "output_type": [ + "email", + "domain", + "username" + ], + "normalization_map": { + "email": "email_address", + "domain": "domain", + "full_name": "full_name", + "phone_number": "phone" + }, + "tags": [ + "passive" + ], + "health_check_url": "https://api.seon.io", + "expected_status": 200, + "reliability_score": 4, + "backup_endpoints": [], + "confidence": 0.85 +} \ No newline at end of file diff --git a/sources/tines_breach.json b/sources/tines_breach.json deleted file mode 100644 index 0e5cf30..0000000 --- a/sources/tines_breach.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "tines_breach", - "category": "breaches", - "endpoint": "https://api.tines.com/breaches/{target}", - "method": "GET", - "requires_auth": true, - "selectors": { - "breaches": "$.breaches" - }, - "rate_limit": 1.0, - "headers": { - "Authorization": "Bearer {TINES_API_KEY}" - }, - "api_key_slots": [ - "{TINES_API_KEY}" - ], - "input_type": "email", - "output_type": [ - "email" - ], - "normalization_map": {}, - "tags": [ - "passive" - ], - "health_check_url": "https://api.tines.com", - "expected_status": 200, - "reliability_score": 3, - "backup_endpoints": [], - "confidence": 0.7 -} \ No newline at end of file