username/derp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add jwt, mac, abuseipdb, virustotal, and emailcheck plugins

Browse Source 
v2.0.0 sprint 1 -- five standalone plugins requiring no core changes:

- jwt: decode JWT header/payload, flag alg=none/expired/nbf issues
- mac: IEEE OUI vendor lookup, random MAC generation, OUI download
- abuseipdb: IP reputation check + abuse reporting (admin) via API
- virustotal: hash/IP/domain/URL lookup via VT APIv3, 4/min rate limit
- emailcheck: SMTP RCPT TO verification via MX + SOCKS proxy (admin)

Also adds update_oui() to update-data.sh and documents all five
plugins in USAGE.md and CHEATSHEET.md.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
user
2026-02-16 21:04:43 +01:00
parent 75c6ab1e62
commit eb37fef730
8 changed files with 980 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
docs/CHEATSHEET.md
View File

@@ -250,12 +250,33 @@ Categories: sqli, xss, ssti, lfi, cmdi, xxe
!cve search apache rce # Search CVE descriptions
!cve update # Download NVD feed (slow)
!cve stats # Show index size
!mac AA:BB:CC:DD:EE:FF # MAC OUI vendor lookup
!mac random # Generate random MAC
!mac update # Download IEEE OUI database
```
## Security Intelligence (API)
```
!abuse 8.8.8.8 # AbuseIPDB reputation check
!abuse 8.8.8.8 1.1.1.1 # Batch check (max 5)
!abuse 8.8.8.8 report 14 Spam # Report IP (admin)
!vt <hash> # VirusTotal file hash lookup
!vt 8.8.8.8 # VirusTotal IP lookup
!vt example.com # VirusTotal domain lookup
!vt https://evil.com # VirusTotal URL lookup
!jwt eyJhbG... # Decode JWT token
!emailcheck user@example.com # SMTP verification (admin)
```
API keys: set `ABUSEIPDB_API_KEY` / `VIRUSTOTAL_API_KEY` env vars or
configure in `config/derp.toml` under `[abuseipdb]` / `[virustotal]`.
VT rate limit: 4 req/min. Email check: max 5, admin only.
### Data Setup
```bash
./scripts/update-data.sh # Update tor + iprep
./scripts/update-data.sh # Update tor + iprep + oui
MAXMIND_LICENSE_KEY=xxx ./scripts/update-data.sh # + GeoLite2
```