Added filedownload module

Author: TheTechromancer

bbot/core/helpers/web.py

@@ -272,6 +272,7 @@ async def download(self, url, **kwargs):
             url (str): The URL of the file to download.
             filename (str, optional): The filename to save the downloaded file as.
                 If not provided, will generate based on URL.
+            max_size (str or int): Maximum filesize as a string ("5MB") or integer in bytes.
             cache_hrs (float, optional): The number of hours to cache the downloaded file.
                 A negative value disables caching. Defaults to -1.
             method (str, optional): The HTTP method to use for the request, defaults to 'GET'.
@@ -285,7 +286,12 @@ async def download(self, url, **kwargs):
         """
         success = False
         filename = kwargs.pop("filename", self.parent_helper.cache_filename(url))
+        max_size = kwargs.pop("max_size", None)
+        if max_size is not None:
+            max_size = self.parent_helper.human_to_bytes(max_size)
         cache_hrs = float(kwargs.pop("cache_hrs", -1))
+        total_size = 0
+        chunk_size = 8192
         log.debug(f"Downloading file from {url} with cache_hrs={cache_hrs}")
         if cache_hrs > 0 and self.parent_helper.is_cached(url):
             log.debug(f"{url} is cached at {self.parent_helper.cache_filename(url)}")
@@ -302,7 +308,15 @@ async def download(self, url, **kwargs):
                     if status_code != 0:
                         response.raise_for_status()
                         with open(filename, "wb") as f:
-                            async for chunk in response.aiter_bytes(chunk_size=8192):
+                            agen = response.aiter_bytes(chunk_size=chunk_size)
+                            async for chunk in agen:
+                                if max_size is not None and total_size + chunk_size > max_size:
+                                    log.verbose(
+                                        f"Filesize of {url} exceeds {self.parent_helper.bytes_to_human(max_size)}, file will be truncated"
+                                    )
+                                    agen.aclose()
+                                    break
+                                total_size += chunk_size
                                 f.write(chunk)
                         success = True
             except httpx.HTTPError as e:

bbot/modules/filedownload.py

@@ -0,0 +1,107 @@
+from pathlib import Path
+
+from bbot.modules.base import BaseModule
+
+
+class filedownload(BaseModule):
+    """
+    Watch for common filetypes and download them
+    """
+
+    watched_events = ["URL_UNVERIFIED"]
+    produced_events = []
+    flags = ["active", "safe"]
+    meta = {"description": "Download common filetypes such as PDF, DOCX, PPTX, etc."}
+    options = {
+        "extensions": [
+            "bak",  #  Backup File
+            "bash",  #  Bash Script or Configuration
+            "bashrc",  #  Bash Script or Configuration
+            "conf",  #  Configuration File
+            "cfg",  #  Configuration File
+            "cr2",  #  Canon RAW Image
+            "crt",  #  Certificate File
+            "crw",  #  Canon RAW Image (Older Format)
+            "csv",  #  Comma Separated Values File
+            "db",  #  SQLite Database File
+            "sqlite",  #  SQLite Database File
+            "doc",  #  Microsoft Word Document (Old Format)
+            "docx",  #  Microsoft Word Document
+            "ica",  #  Citrix Independent Computing Architecture File
+            "indd",  #  Adobe InDesign Document
+            "ini",  #  Initialization File
+            "jar",  #  Java Archive
+            "jpg",  #  JPEG Image
+            "jpeg",  #  JPEG Image
+            "js",  #  JavaScript File
+            "json",  #  JavaScript Object Notation File
+            "key",  #  Private Key File
+            "pub",  #  Public Key File
+            "log",  #  Log File
+            "md",  #  Markdown File
+            "markdown",  #  Markdown File
+            "odg",  #  OpenDocument Graphics (LibreOffice, OpenOffice)
+            "odp",  #  OpenDocument Presentation (LibreOffice, OpenOffice)
+            "ods",  #  OpenDocument Spreadsheet (LibreOffice, OpenOffice)
+            "odt",  #  OpenDocument Text (LibreOffice, OpenOffice)
+            "pdf",  #  Adobe Portable Document Format
+            "pem",  #  Privacy Enhanced Mail (SSL certificate)
+            "png",  #  Portable Network Graphics Image
+            "pps",  #  Microsoft PowerPoint Slideshow (Old Format)
+            "ppsx",  #  Microsoft PowerPoint Slideshow
+            "ppt",  #  Microsoft PowerPoint Presentation (Old Format)
+            "pptx",  #  Microsoft PowerPoint Presentation
+            "ps1",  #  PowerShell Script
+            "raw",  #  Raw Image File Format
+            "rdp",  #  Remote Desktop Protocol File
+            "sh",  #  Shell Script
+            "sql",  #  SQL Database Dump
+            "svg",  #  Scalable Vector Graphics
+            "svgz",  #  Compressed SVG
+            "swp",  #  Swap File (temporary file, often Vim)
+            "sxw",  #  OpenOffice.org Writer document
+            "tar",  #  Tar Archive
+            "tar.gz",  # Gzip-Compressed Tar Archive
+            "zip",  #  Zip Archive
+            "txt",  #  Plain Text Document
+            "vbs",  #  Visual Basic Script
+            "wpd",  #  WordPerfect Document
+            "xls",  #  Microsoft Excel Spreadsheet (Old Format)
+            "xlsx",  #  Microsoft Excel Spreadsheet
+            "xml",  #  eXtensible Markup Language File
+            "yml",  #  YAML Ain't Markup Language
+            "yaml",  #  YAML Ain't Markup Language
+        ],
+        "max_filesize": "10MB",
+    }
+    options_desc = {
+        "extensions": "File extensions to download",
+        "max_filesize": "Cancel download if filesize is greater than this size",
+    }
+
+    scope_distance_modifier = 1
+
+    async def setup(self):
+        self.extensions = list(set([e.lower().strip(".") for e in self.options.get("extensions", [])]))
+        self.max_filesize = self.options.get("max_filesize", "10MB")
+        self.download_dir = self.scan.home / "filedownload"
+        self.helpers.mkdir(self.download_dir)
+        self.files_downloaded = 0
+        return True
+
+    async def handle_event(self, event):
+        url_lower = event.data.lower()
+        if any(url_lower.endswith(f".{e}") for e in self.extensions):
+            timestamp = self.helpers.make_date(event.timestamp)
+            filepath = Path(event.parsed.path)
+            filename_stem = self.helpers.tagify(filepath.stem)
+            filename = f"{timestamp}_{filename_stem}{filepath.suffix}"
+            file_destination = self.download_dir / filename
+            base_url = f"{event.parsed.scheme}://{event.parsed.netloc}"
+            self.info(f'Found "{filepath.name}" at "{base_url}", downloading to {file_destination}')
+            await self.helpers.download(event.data, filename=file_destination, max_size=self.max_filesize)
+            self.files_downloaded += 1
+
+    async def report(self):
+        if self.files_downloaded > 0:
+            self.success(f"Downloaded {self.files_downloaded:,} file(s) to {self.download_dir}")

bbot/test/test_step_2/module_tests/test_module_filedownload.py

@@ -0,0 +1,18 @@
+from .base import ModuleTestBase
+
+
+class TestFileDownload(ModuleTestBase):
+    targets = ["http://127.0.0.1:8888/"]
+    modules_overrides = ["filedownload", "httpx", "excavate"]
+
+    async def setup_after_prep(self, module_test):
+        module_test.set_expect_requests(dict(uri="/"), dict(response_data='<a href="/Test_File.txt"/>'))
+        module_test.set_expect_requests(dict(uri="/Test_File.txt"), dict(response_data="juicy stuff"))
+
+    def check(self, module_test, events):
+        download_dir = module_test.scan.home / "filedownload"
+        files = list(download_dir.glob("*_test-file.txt"))
+        assert len(files) == 1, f"No file found at {download_dir}"
+        file = files[0]
+        assert file.is_file(), f"File not found at {file}"
+        assert open(file).read() == "juicy stuff", f"File at {file} does not contain the correct content"