fix(sources): replace clearbit_enrich and tines_breach with seon_email and flare_leaksdb

sources/clearbit_enrich.json

@@ -1,33 +0,0 @@
-{
-    "name": "clearbit_enrich",
-    "category": "enrichment",
-    "endpoint": "https://person.clearbit.com/v2/people/find?email={target}",
-    "method": "GET",
-    "requires_auth": true,
-    "selectors": {
-        "full_name": "$.name.fullName"
-    },
-    "rate_limit": 1.0,
-    "headers": {
-        "Authorization": "Bearer {CLEARBIT_API_KEY}"
-    },
-    "api_key_slots": [
-        "{CLEARBIT_API_KEY}"
-    ],
-    "input_type": "email",
-    "output_type": [
-        "username",
-        "domain"
-    ],
-    "normalization_map": {
-        "fullName": "full_name"
-    },
-    "tags": [
-        "passive"
-    ],
-    "health_check_url": "https://person.clearbit.com",
-    "expected_status": 200,
-    "reliability_score": 4,
-    "backup_endpoints": [],
-    "confidence": 0.85
-}

sources/flare_leaksdb.json

@@ -0,0 +1,38 @@
+{
+    "name": "flare_leaksdb",
+    "category": "breaches",
+    "endpoint": "https://api.flare.io/leaksdb/v2/credentials/email/{target}",
+    "method": "GET",
+    "requires_auth": true,
+    "selectors": {
+        "items": "$.items"
+    },
+    "rate_limit": 1.0,
+    "headers": {
+        "Authorization": "Bearer {FLARE_API_KEY}"
+    },
+    "api_key_slots": [
+        "{FLARE_API_KEY}"
+    ],
+    "input_type": "email",
+    "output_type": [
+        "email",
+        "username"
+    ],
+    "normalization_map": {
+        "email": "email_address",
+        "username": "username",
+        "password": "plaintext_password",
+        "hash": "password_hash",
+        "source": "breach_name"
+    },
+    "tags": [
+        "passive",
+        "stealth"
+    ],
+    "health_check_url": "https://api.flare.io",
+    "expected_status": 200,
+    "reliability_score": 4,
+    "backup_endpoints": [],
+    "confidence": 0.85
+}

sources/helpers/config_handler.py

@@ -79,7 +79,7 @@ SERVICE_REGISTRY: Dict[str, Dict] = {
     "CENSYS_AUTH_BASE64":       {"display": "Censys",                    "public": False},
     "CIRCL_AUTH_BASE64":        {"display": "CIRCL.lu PDNS",             "public": False},
     "CIT0DAY_API_KEY":          {"display": "Cit0day",                   "public": False},
-    "CLEARBIT_API_KEY":         {"display": "Clearbit Enrich",           "public": False},
+    "SEON_API_KEY":             {"display": "SEON Email Intelligence",   "public": False},
     "CRIMINALIP_API_KEY":       {"display": "CriminalIP",                "public": False},
     "DEHASHED_AUTH_BASE64":     {"display": "Dehashed",                  "public": False},
     "DNSDB_API_KEY":            {"display": "DNSDB Passive DNS",         "public": False},
@@ -127,7 +127,7 @@ SERVICE_REGISTRY: Dict[str, Dict] = {
     "SPYONWEB_API_KEY":         {"display": "SpyOnWeb",                  "public": False},
     "SPYSE_API_KEY":            {"display": "Spyse",                     "public": False},
     "TC_API_KEY":               {"display": "ThreatConnect",             "public": False},
-    "TINES_API_KEY":            {"display": "Tines Breach",              "public": False},
+    "FLARE_API_KEY":            {"display": "Flare LeaksDB",              "public": False},
     "TP_API_KEY":               {"display": "ThreatPortal",              "public": False},
     "TWITTER_BEARER_TOKEN":     {"display": "Twitter / X API v2",        "public": False},
     "URLVOID_API_KEY":          {"display": "URLVoid",                   "public": False},

sources/seon_email.json

@@ -0,0 +1,41 @@
+{
+    "name": "seon_email",
+    "category": "enrichment",
+    "endpoint": "https://api.seon.io/SeonRestService/email-api/v3",
+    "method": "POST",
+    "requires_auth": true,
+    "selectors": {
+        "data": "$.data"
+    },
+    "rate_limit": 1.0,
+    "headers": {
+        "X-API-KEY": "{SEON_API_KEY}",
+        "Content-Type": "application/json"
+    },
+    "payload_template": {
+        "email": "{target}"
+    },
+    "api_key_slots": [
+        "{SEON_API_KEY}"
+    ],
+    "input_type": "email",
+    "output_type": [
+        "email",
+        "domain",
+        "username"
+    ],
+    "normalization_map": {
+        "email": "email_address",
+        "domain": "domain",
+        "full_name": "full_name",
+        "phone_number": "phone"
+    },
+    "tags": [
+        "passive"
+    ],
+    "health_check_url": "https://api.seon.io",
+    "expected_status": 200,
+    "reliability_score": 4,
+    "backup_endpoints": [],
+    "confidence": 0.85
+}

sources/tines_breach.json

@@ -1,30 +0,0 @@
-{
-    "name": "tines_breach",
-    "category": "breaches",
-    "endpoint": "https://api.tines.com/breaches/{target}",
-    "method": "GET",
-    "requires_auth": true,
-    "selectors": {
-        "breaches": "$.breaches"
-    },
-    "rate_limit": 1.0,
-    "headers": {
-        "Authorization": "Bearer {TINES_API_KEY}"
-    },
-    "api_key_slots": [
-        "{TINES_API_KEY}"
-    ],
-    "input_type": "email",
-    "output_type": [
-        "email"
-    ],
-    "normalization_map": {},
-    "tags": [
-        "passive"
-    ],
-    "health_check_url": "https://api.tines.com",
-    "expected_status": 200,
-    "reliability_score": 3,
-    "backup_endpoints": [],
-    "confidence": 0.7
-}