search

i3visio / osrframework

OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.
GNU Affero General Public License v3.0
916 stars 244 forks source link

mailfy.py gives 403 client error during step 3 haveibeenpwned #324

Closed meetpandya4715 closed 4 years ago

meetpandya4715 commented 5 years ago

I am trying to run my own e-mail id through mailfy.py. step 1 and 2 completes successfully, but at step 3 i get an error this is the error message I get

2019-03-24 18:59:29.325066  Step 3. Verifying if the provided emails have  been leaked somewhere?

    Press <Ctrl + C> to stop...

    [*] Bypassing Cloudflare Restriction...
2019-03-24 18:59:30,528 [__init__.py] - ERROR:
    'https://haveibeenpwned.com/api/v2/breachedaccount/test@example.com' returned an error. Could not collect tokens.

Traceback (most recent call last):
  File "/usr/local/bin/mailfy.py", line 10, in <module>
    sys.exit(main())
  File "/usr/local/lib/python2.7/dist-packages/osrframework/mailfy.py", line 572, in main
    leaks = hibp.checkIfEmailWasHacked(query)
  File "/usr/local/lib/python2.7/dist-packages/osrframework/thirdparties/haveibeenpwned_com/hibp.py", line 55, in checkIfEmailWasHacked
    cookies, user_agent = cfscrape.get_tokens('https://haveibeenpwned.com/api/v2/breachedaccount/test@example.com', user_agent=ua)
  File "/root/.local/lib/python2.7/site-packages/cfscrape/__init__.py", line 182, in get_tokens
    resp.raise_for_status()
  File "/usr/lib/python2.7/dist-packages/requests/models.py", line 940, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://haveibeenpwned.com/api/v2/breachedaccount/test@example.com
Garcicasti commented 4 years ago

Same here. I believe the reason for the error is that the haveibeenpwned.com API version that OSRFramework uses has been discontinued. If you go to the link shown at the end of the error message, we can see so: https://haveibeenpwned.com/api/v2/breachedaccount/test@example.com "This version of the API has been discontinued, please use V3: https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/"

i3visio commented 4 years ago

Closed as HIBP API was removed since it seems that it became a paid service which needs an API key. Let us know if this changes in the near future to reopen the issue. In 0.20.x+, an alternative was added.