Similar to the good old dumpmon on Twitter it would be lovely to have a Twitter action which sends found pastes to twitter.

To add a bit more context:

To solve this issue there needs to be a new action added in the actions directory. The action must follow the example of the other actions in this directory. Don't forget to add the action to the action package file.

The most simple example for such an action is the GenericAction which executes a passed function.

Tests are not necessary but highly appreciated. If there are questions, don't hesitate to contact me.

A regex analyzer which matches on credit card data

Currently each action itself needs to implement the templating. This should be moved to a paste class. Best would be to put it into some kind of abstract base class.

I don't think that this issue is suitable for hacktoberfest. If you feel different, you can create pull requests for it. But I can't promise to merge them, because I have very exact conceptions about how this should work.

Maybe it would be helpful to add words to a blacklist to specify the wordanalyzer better

There should be a new analyzer to find pastes which contain email/password pairs.

To solve this issue there needs to be a new analyzer added in the analyzers directory. The analyzer must follow the example of the other analyzers in this directory. Don't forget to add the analyzer to the analyzer package file.

The most simple example for such an analyzer is the AlwaysTrueAnalyzer which always returns True.

This analyzer should match email/password pairs. Check out this example paste. Best would be to subclass the regex analyzer.

Tests are not necessary but highly appreciated. If there are questions, don't hesitate to contact me.

Since the Pastebin API only allows for one IP to be entered there should be an pastepwn API which allows for searching through pastes or getting statistics. Also it would be great if the application can be controlled via the API (e.g. adding new analyzers on the fly).

The request class should be made a singleton in order to be able to set proxy settings only once.

This must be done before merging #33

Additionally to that a subclass "PastebinURLAnalyzer" would be great to match pastebin urls inside pastes.

When the scraping_handler.scrapers list is empty and the start method (see below) is being called, a new instance of PastebinScraper should be initialized and added via self.add_scraper(PastebinScraper) in line 97.

There needs to be some way to store an identifyer for a certain analyzer to know why a paste was matched.

Match on -----BEGIN PRIVATE KEY-----

If the paste's body is Error, we cannot find this paste., it means that the paste was already deleted, before we could download it.

In that case we should not store, nor process it!

If there are IPv4 and v6 available, the user should be able to force use one of them.

There are no tests yet. The code could have several bugs which are not found due to missing tests.

Would be nice to be able to send alerts to MISP.

As just done for the analyzers the actions should import the local files (from .basicAction import BasicAction) to prevent issues regarding import loops/conflicts.

Users might want to execute an action when the application crashes. Add proper support for an exception handler.

There should be a new analyzer to find pastes which contain a database dump.

To solve this issue there needs to be a new analyzer added in the analyzers directory. The analyzer must follow the example of the other analyzers in this directory. Don't forget to add the analyzer to the analyzer package file.

The most simple example for such an analyzer is the AlwaysTrueAnalyzer which always returns True.

This analyzer should match different kinds of database dumps. There are different formats for database dumps. It's up to you how many of those you want to implement. On haveibeenpwned.com there is a nice explanation on database dumps in pastes which should serve as a source for ideas.

Tests are not necessary but highly appreciated. If there are questions, don't hesitate to contact me.

Users might not want to calculate their password hashes beforehand and thus might want to be able to use a wrapper (analyzer) around various hash analyzers. They initialize that wrapper with their password in the clear. The wrapper generates the hashes on the fly and checks each paste against those hashes.

I am not sure if that's a good idea but I'll leave this here for now.

There should be a way to analyze for IBANs.

The analyzer should inherit from the BasicAnalyzer or RegexAnalyzer class and should implement a method match which returns True if the paste.body contains a IBAN.

The constructor of the IBANAnalyzer should contain a parameter validate=False which can be set in order to validate the found IBAN.

Description
Some pastes fetched from pastebin lack the paste's body - it will only contain the following text: File is not ready for scraping yet. Try again in 1 minute.

If this happens, the paste must be added back to the scraping queue and be scraped again.

There should be a possibility to send emails on certain pastes.

Automatic tests and deployment are very nice

• Testing
• PyPi module build
• New GitHub Releases

Currently it's not possible to run this framework behind a proxy

There needs to be another thread handling the triggered actions from the analyzers

There should be an API method to request the scraping of a specific paste

The API should be able to return a specific amount of pastes from within a specific time frame.

Example Call:
/pastes/findByDate

Parameters:

• from_time
• to_time

The action should know why/by what it was triggered

Send pastes to Slack channels

Match on database connection strings such as mongodb://ip

Switch on/off PastePwn

Matching pastes with Yara rules could be interesting.

https://techanarchy.net/2017/09/hunting-pastebin-with-pastehunter/

There is no license on the code yet

There are users which would like to perform an action when pastepwn is fully initialized and running. There should be a way to register a handler for that.

Check if an error is thrown if a duplicate paste ID is inserted into the db (and catch it otherwise or refactor code to be an upsert).

Currently there is no (working) docker image available. The goal is to have a docker image + a docker-compose file which automatically starts a mongodb & pastepwn or a mysql & pastepwn or sqlite & pastepwn.

For that we need to read environment variables.

Implement an action which sends matched pastes to syslog.

Add a Hash Analyzer which matches certain password hashes. Can inherit from RegexAnalyzer

I'm not sure whether this idea is compatible with your current idea of how this tool should be used, but it strikes me as odd that the RegexAnalyzers simply report whether or not a match was found, rather than returning all the data they were able to match.

For the PastebinURLAnalyzer I just made a pull request for, for example, I imagine it might be useful if you could feed it a number of pastes, and it could create some sort of dictionary which mapped the paste it had found a match on with a list of all URLs it was able to find.

That way, I could say "check out these 200 pastes and show me all the emails, pastebin urls, and bcrypt password hashes you find."

Just an idea, of course. Would probably require a bit of a redesign of the way the analyzers are used, but would require minimal changes to the actual analyzers.

There should be a new analyzer to find pastes which contain phone numbers.

To solve this issue there needs to be a new analyzer added in the analyzers directory. The analyzer must follow the example of the other analyzers in this directory. Don't forget to add the analyzer to the analyzer package file.

The most simple example for such an analyzer is the AlwaysTrueAnalyzer which always returns True.

This analyzer should match phone numbers in the international format. Best would be to subclass the regex analyzer and create a regex to detect phone numbers. Make sure to also detect whitespace separated country codes with \s*. Also please check if the country codes and lengths are valid for a phone number.

Tests are not necessary but highly appreciated. If there are questions, don't hesitate to contact me.

It's important to quickly analyze the pastes. Currently each paste is being processed in a single thread. It would be important to implement a thread pool which limits the amount of concurrent execution.

See https://www.metachris.com/2016/04/python-threadpool/

If the specified database does not exist yet, create it for the user.

That seems to have several issues with SQLI... let's see.

so that pastepwn can be installed via pip

1. There are missing imports in the requirements.txt

2. Currently when using pastepwn a user needs to download ALL the db connector packages (mongo & mysql currently). Depending on the amount of db connectors which at some point will be supported by pastepwn, it might be stupid to have them all in the same package.

Possible solution(s):

1. try-except the error and return an error message. This is not elegant but allows everything to be bundeled in one package.
2. move the database connectors to a different package. That way it's way cleaner but users need to install multiple packages.

This is currently not possible but should be.