Differences

This shows you the differences between two versions of the page.

--- api [2023/11/23 13:52]
kaduuwikiadmin
+++ api [2025/03/26 08:50] (current)
kaduuwikiadmin [API Script to find and extracts accounts in leaks]
@@ Line 12: / Line 12: @@
 ===== API Documentation =====
-Please find the API documentation here {{ ::kaduu-2.2-swagger_3_.zip |}}. The{{ :kaduu-2.0.pdf | old documentation has}} some more details about authentication and filters.
+Please find two API documentations here:
+  * {{ ::kaduu-2.2-swagger-fixed.zip |}}
+  * The{{ :kaduu-2.0.pdf | PDF documentation has}} some more details about authentication and filters.
 Please note that Kaduu SaaS API is based on a REST/HTTPS protocol with JSON format. All endpoints except the
@@ Line 53: / Line 55: @@
-===== API Script =====
+===== API Script to extract leaks and save it to a CSV =====
-The customer has various options in Kaduu for accessing the query data:
+{{ ::query_leaks.zip |The Leak Center Query Tool}} is a Python script that interacts with the Leak Center API to fetch and process leaked data. It supports authentication using credentials provided interactively or through an optional auth.txt file, which must be formatted as username,password. The script queries for a target domain, which can be supplied interactively or via an input.txt file. Optionally, a date range can be specified through a DateRange.txt file or interactively; if skipped, no date filter is applied. The script normalizes different date formats, such as yyyy.mm.dd, yy.mm.dd, or yyyy-mm-dd, into a format compatible with the backend.
-•	Via dashboard: data can be displayed and then exported (CSV, XML, DOCX etc)
-•	Via webhook
-•	Via REST API
-•	Via alerting (email)
-The REST API allows you great flexibility in automation and integration into your existing processes and applications. You can use the API according to the official documentation https://wiki.kaduu.ch/doku/lib/exe/fetch.php?media=kaduu-2.0.pdf. In this document we illustrate how the API can be used with a customizable Python script which could assist you with few business use cases:
-  * White labeled alerts: You use Kaduu to regularly provide end customers or specific people with email alerts on certain topics (e.g. leaked data). To do this, you want to use an email with your design, company name and structure and also send this via your infrastructure.
-  * Ticketing System Integration: You want to integrate Kaduu into your existing environment and create tickets or incidents automatically in Splunk, Jira, Slack or similar systems.
-  * Automated Output Parsing: You want to store all results for certain search queries daily in an easy-to-process format (CSV, XLS, etc.) locally in a folder of your choice for analysis and further processing.
-  * Reduce Workload in Alerting: You want to save time when using Kaduu's email alerts: Instead of logging into the system for email alerts and researching the cause of the alerts, you want to receive the specific raw data of the alerts via email.
-**How to use the script?**
-Run the script either by giving the input in the terminal or operate it with an input file. Type "csv" as an option and then if your input file is in the same directory, type yourinputfile.csv. Please make sure you type the correct name of the input file. Before running the input file, put your username and password in the first two rows and adjust the different columns. For example enter one or multiple domains belonging to the same client under asset_name without the subdomain.
-**Using the input file (example_input.csv)**
-The script can operate with an input file. Here is the syntax for the different fields:
-**What are the API Endpoints integrated into the script?**
-We didn’t integrate all API endpoints available, but just a few relevant ones from control.leak.center:
-  * 'domain': "https://app.leak.center/svc-saas/domain/search", https://wiki.kaduu.ch/doku/doku.php?id=domain_database_search
-  * 'accounts': "https://app.leak.center/svc-saas/account/search", (account is just an extraction of leaks, we therefore recommend using leaks as it contains more data)
-  * 'leaks': "https://app.leak.center/svc-saas/leak/search", https://wiki.kaduu.ch/doku/doku.php?id=leak_search
-  * 'certificates': "https://app.leak.center/svc-saas/certificate/search", https://wiki.kaduu.ch/doku/doku.php?id=certificate_monitoring
-  * 'botnets': "https://app.leak.center/svc-saas/bot/record/search", https://wiki.kaduu.ch/doku/doku.php?id=bot_search
-  * 'ransomware': "https://app.leak.center/svc-saas/ransomware/search", https://wiki.kaduu.ch/doku/doku.php?id=ransomware_site_monitoring
-  * 'cc': https://app.leak.center/svc-saas/cc/search, https://wiki.kaduu.ch/doku/doku.php?id=credit_card_search
-**How to use the script for daily alerting?**
-Alert Option “1” Use the Script for a daily Job. The script will ignore the date range, but fetch the current day and execute the query for the current day only. If alerting is set to 0: It will use the date range.
-You can customize the HTML Email in the Python code here:
-**If you want to run the script in Crontab:**
-•	Locate Your Python Script: Ensure your script (V1.py) is executable and located in a suitable directory. You might also want to make sure that the script has the appropriate permissions to execute. You can make it executable using the command: bash  chmod +x /path/to/V1.py
-•	Find the Path to Your Python Interpreter: You need to know the path to the Python interpreter that will run your script. You can find this with: bash  which python (Or if your script is written for Python 3 specifically: bash  which python3; This command will return a path like /usr/bin/python3)
-•	Edit Your Crontab: Open your crontab for editing by running: bash  crontab -e (This will open the crontab file in your default text editor)
-•	Add a Cron Job: In the crontab file, add a line that specifies when the script should run and what command should be executed. The general format is: * * * * command to execute. For daily execution, you might use something like: 0 0 * * * /usr/bin/python3 /path/to/V1.py (This means the script V1.py will run at midnight every day. The five asterisks represent minute (0-59), hour (0-23), day of the month (1-31), month (1-12), and day of the week (0-7, where both 0 and 7 mean Sunday), respectively)
-•	Save and Exit: Save the crontab file and exit the editor. Your cron job is now scheduled. The cron daemon will automatically pick up the new job.
-•	Check the Crontab List: To make sure your cron job is listed, you can view your current cron jobs with: crontab -l
-•	Logging: If you want to log the output of your script, you can modify the cron job line like this: 0 0 * * * /usr/bin/python3 /path/to/V1.py >> /path/to/logfile.log 2>&1 (This command will append the output of your script to logfile.log and include both standard output and standard error)
-•	Environment Issues: If your script depends on environment variables or a specific environment setup, you might need to either export the necessary variables directly in the crontab or run a shell script from cron that sets up the environment before running your Python script.
-•	Remember to replace /path/to/V1.py with the actual path to your Python script and /usr/bin/python3 with the path to the Python interpreter on your system.
+The script processes paginated responses from the API and writes the results to a CSV file, Leaks.csv, with structured headers including id, createdAt, content, fileName, and more.
+===== API Script to find and extracts accounts in leaks =====
+This script is designed to help users search through data leaks for specific information like email addresses and passwords. It automates the process of logging into the Leak Center's API service, where the leaks are stored. Once logged in, the script uses search criteria specified by the user (such as particular tags that might relate to the type of information they're interested in, e.g., "accounts") to find relevant data within the leaks. Please check the readme inside the script for more details. {{ :leakapi_v2.zip |Download the file here.}}

My DokuWiki

User Tools

Site Tools

Differences

Page Tools