Friday, July 1, 2011

Monitoring Pastebin Leaks

Yesterday I got some time and I wrote a quick script that continuously monitors pastebin.com, looking for interesting keywords.

The script is called pastebin.py and accepts a file containing regular expressions, one per line.


It also permits to reload the regular expressions without stopping it by receiving a SIGHUP and to dump to the screen the  pastes we have  already found with SIGUSR1.


This is a sample output:

./pastebin.py ./file.txt
[!] My PID is: 9475
[!] Loading regular expressions



Dumping stored matches:
[!] Found Match.  http://pastebin.com/raw.php?i=XXXXXXXX :  @aol\.com [33 times] || @yahoo\.com [42 times] || @gmail\.com [729 times] || @hotmail\.com [355 times] || [\w\-][\w\-\.]+@[\w\-][\w\-\.]+[a-zA-Z]{1,4} [5344 times] || @comcast\.net [1 times] || ;
[!] Found Match.  http://pastebin.com/raw.php?i=XXXXXXXX :  @comcast\.net [1 times] || @hotmail\.com [4 times] || @gmail\.com [11 times] || @yahoo\.com [12 times] || [\w\-][\w\-\.]+@[\w\-][\w\-\.]+[a-zA-Z]{1,4} [37 times] || ;
[!] Found Match.  http://pastebin.com/raw.php?i=XXXXXXXX :  [\w\-][\w\-\.]+@[\w\-][\w\-\.]+[a-zA-Z]{1,4} [1 times] || INSERT INTO [1 times] || union.+select.+from [7 times] || ;
[!] Found Match.  http://pastebin.com/raw.php?i=XXXXXXXXX :  @yahoo\.com [2 times] || -- phpMyAdmin SQL Dump [1 times] || @gmail\.com [2 times] || [\w\-][\w\-\.]+@[\w\-][\w\-\.]+[a-zA-Z]{1,4}
 [6 times] || INSERT INTO [1 times] || CREATE TABLE [1 times] || ;
[!] Found Match.  http://pastebin.com/raw.php?i=XXXXXXXXX :  -----BEGIN RSA PRIVATE KEY----- [1 times] || ;
End of dump


Update: a maintained and improved version of this script can be found in Monitoring pastebin.com within your SIEM by Xavier Mertens. It is written in Perl, but I think you can survive the headache :p

Update: It seems that pastebin.com has changed the HTML layout and the regular expressions in the script need to be changed. Since the script is not maintained, you have to make the changes on your own.

No comments:

Post a Comment