diff --git a/__init__.py b/__init__.py new file mode 100644 index 0000000..66fa7cc --- /dev/null +++ b/__init__.py @@ -0,0 +1,191 @@ +from datetime import datetime, timedelta +from enum import unique +import requests, socket, json, validators, whois, hashlib, random +from flask import Flask, request, session, render_template, redirect +from flask_sqlalchemy import SQLAlchemy + +app = Flask(__name__) +app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///tinyl.db" +db = SQLAlchemy(app) + +class Links(db.Model): + id = db.Column(db.Integer, primary_key=True) + link = db.Column(db.String(500), nullable=False) + uhash = db.Column(db.String(50), nullable=False) + shortu = db.Column(db.String(20), nullable=False, unique=True) + + + +class Report(db.Model): + id = db.Column(db.Integer, primary_key=True) + link = db.Column(db.String(500), nullable=False) + reason = db.Column(db.String(700), nullable=False) + + +@app.route("/",methods=["GET"]) +def redir(path): + if len(path) == 7 and path.isalnum(): + check = db.session.query(Links).filter_by(shortu=path).first() + googleData = { + "client": { + "clientId": "yourcompanyname", + "clientVersion": "1.5.2" + }, + "threatInfo": { + "threatTypes": ["MALWARE", "SOCIAL_ENGINEERING"], + "platformTypes": ["WINDOWS"], + "threatEntryTypes": ["URL"], + "threatEntries": [ + {"url": str(check.link)} + ] + } + } + + r = json.loads(requests.post("https://safebrowsing.googleapis.com/v4/threatMatches:find?key=AIzaSyA-PgdUPyqMLxmJ1B7aolYV4i9CkPvujGw", json=googleData).text) + if r == {}: + pass + elif r["matches"][0]["threatType"] == "SOCIAL_ENGINEERING": + return "This link has been blocked for abuse" + return redirect(str(check.link)) + +@app.route("/", methods=["GET","POST"]) +def hello(): + if request.method == "GET": + return render_template("index.html") + if request.method == "POST" and "url" in request.form: + url = str(request.form["url"]) + if validators.url(url): + uhash = hashlib.md5(str.encode(url)).hexdigest() + try: + check = db.session.query(Report).filter_by(uhash=uhash) + return "found" + except Exception as e: + print("Exception occured: " + str(e)) + + record = Links(link=url,uhash=uhash,shortu="nullz") ## mentioned twice so i can capture the ID and use it to generate short url before adding to db + db.session.add(record) + db.session.commit() + shortu = hashlib.md5(str.encode(str(record.id))).hexdigest()[0:7] + update = db.session.query(Links).filter_by(shortu="nullz").first() + update.shortu = shortu + db.session.commit() + return "Successfully shortened your URL: https://tinyl.uk/"+shortu + else: + return "Invalid URL" + + + + + + +@app.route("/check", methods=["GET","POST"]) +def check(): + resp = '

' + if request.method == "GET": + return render_template("check.html") + + if request.method== "POST" and "url" in request.form: + url = str(request.form["url"]) + + ## INPUT VALIDATION ## + if validators.url(url): + try: + if "https://" in url.lower(): + domain = url.lower().replace("https://","").split("/")[0] + if "http://" in url.lower(): + domain = url.lower().replace("http://","").split("/")[0] + except Exception as e: + print("Erorr occured: " + str(e)) + return redirect("/error1") + pass + else: + return render_template("check.html",second=resp+"Invalid URL

") + + ## domain active check ## + try: + print(domain) + domainip = socket.gethostbyname(domain) + except Exception as e: + print(str(e)) + return render_template("check.html",second=resp+ " The provided domain does not resolve correctly") + ## db check ## + try: + check = db.session.query(Report).filter_by(link=url) + for row in check: + return render_template("check.html",second=resp+ row.reason + " was found in the databases") + pass + except Exception as e: + print("Exception occured on DB lookup: " + str(e)) + pass + + ## GOOGLE SAFEBRBROWSING CHECK ## + googleData = { + "client": { + "clientId": "yourcompanyname", + "clientVersion": "1.5.2" + }, + "threatInfo": { + "threatTypes": ["MALWARE", "SOCIAL_ENGINEERING"], + "platformTypes": ["WINDOWS"], + "threatEntryTypes": ["URL"], + "threatEntries": [ + {"url": url} + ] + } + } + + r = json.loads(requests.post("https://safebrowsing.googleapis.com/v4/threatMatches:find?key=AIzaSyA-PgdUPyqMLxmJ1B7aolYV4i9CkPvujGw", json=googleData).text) + if r == {}: + pass + elif r["matches"][0]["threatType"] == "SOCIAL_ENGINEERING": + print("Adding to database") + try: + record = Report(link=str(url),reason="This url was previously listed in the google safebrowsing database for phishing") + db.session.add(record) + db.session.commit() + app.logger.info(record.id) + return render_template("check.html",second=resp+"This URL was listed in google saferbrowsing database for phishng") + except Exception as e: + print("error with db" + str(e)) + return "Error db" + else: + return "Error 2" + + ## DNS CHECK AND DOMAIN REP CHECK ## + domainWhois = whois.whois(domain) + domainInfo = whois.whois(domain).creation_date + past = datetime.now() - timedelta(days=7) + if str(type(domainInfo)) == "": + past = 1 + date = 1 + print("The domain creation date was not found") + elif str(type(domainInfo)) == "": + date = domainInfo[0] + else: + date = domainInfo + if past < date: + record = Report(link=str(url),reason="This url was recently purchased and may contain malicious content, be wary when continuing.") + db.session.add(record) + db.session.commit() + app.logger.info(record.id) + return render_template("check.html",second=resp+"This url was recently purchased and may contain malicious content, be wary when continuing.") + else: + pass + + ## URL PHISHING SIMILARITY ## + + + return render_template("check.html",second=resp+"This URL has been checked and is clean so far, you should still take caution if you are unsure submit a manual request.") + + + + + + +if __name__ == "__main__": + app.run() + + + + + diff --git a/check.html b/check.html new file mode 100644 index 0000000..f098aa9 --- /dev/null +++ b/check.html @@ -0,0 +1,97 @@ + + + + + + +
+

Enter the URL you wish to check

+ {{second | safe}} +
+ +
+ +
+
+
+ +
+
+
+

About this service

+
+

Welcome to tinyl.uk, our free to use service which allows users to shorten up to 3 links each day and check unlimited URLs with our safety checker tool.
The service offered works as such:
Provide a valid url to shorten.
You will then be redirected to a page with your new shortened link which you can distribute

We offer custom solutions such as custom paths/extensions however this is only included in the premium package.

Link tracking is also a feature which we offer as part of our free plan allowing anyone to track the traffic flow through their tinyl link. +

+
+
+
+

Want to go a step further with your business/marketing?

+ +

Our premium package includes the following features

+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Free + + Premium +
+ Shorten 3 Links Per Day + + Shorten Up To 50 Links Per Day +
+ X + + Real Time Analytics Provided For Each Shortened Link In Your Dashboard +
+ X + + Re-Route Destination URL +
+ X + + Social Media Integration +
+ X + + API Access +
+

For enquiries contact us on enquiries@tinyl.uk

+ +
+
+ \ No newline at end of file diff --git a/index.html b/index.html new file mode 100644 index 0000000..17d3e53 --- /dev/null +++ b/index.html @@ -0,0 +1,96 @@ + + + + + + +
+

Paste your long URL here

+
+ +
+ +
+
+
+ +
+
+
+

About this service

+
+

Welcome to tinyl.uk, our free to use service which allows users to shorten up to 3 links each day and check unlimited URLs with our safety checker tool.
The service offered works as such:
Provide a valid url to shorten.
You will then be redirected to a page with your new shortened link which you can distribute

We offer custom solutions such as custom paths/extensions however this is only included in the premium package.

Link tracking is also a feature which we offer as part of our free plan allowing anyone to track the traffic flow through their tinyl link. +

+
+
+
+

Want to go a step further with your business/marketing?

+ +

Our premium package includes the following features

+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Free + + Premium +
+ Shorten 3 Links Per Day + + Shorten Up To 50 Links Per Day +
+ X + + Real Time Analytics Provided For Each Shortened Link In Your Dashboard +
+ X + + Re-Route Destination URL +
+ X + + Social Media Integration +
+ X + + API Access +
+

For enquiries contact us on enquiries@tinyl.uk

+ +
+
+ \ No newline at end of file