-
Notifications
You must be signed in to change notification settings - Fork 65
Expand file tree
/
Copy pathemploleaks.py
More file actions
executable file
·3556 lines (3104 loc) · 164 KB
/
Copy pathemploleaks.py
File metadata and controls
executable file
·3556 lines (3104 loc) · 164 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/usr/bin/env python3
import cmd2
import sqlite3
import getpass
import hashlib
import os
import configparser
import json
import io
import argparse
import logging
import clickhouse_driver
import logging.handlers
import time
from datetime import datetime, timezone
from tld import get_tld, get_fld
from tld.utils import update_tld_names
import tldextract
from utils.logging_format import log
from cmd2 import style, Fg
from colorama import Style, Fore
from prettytable import PrettyTable
from tabulate import tabulate
#from plugins.twitter import TwitterModule
from plugins.github import GithubModule
from plugins.linkedin import LinkedinModule
from plugins.hibp import HaveIBeenPwnedModule
from utils.ai_classifier import classify_roles
from utils.leak_parser import parse_file, iter_leak_files
from utils.email_lookup import lookup_email_sync, get_available_platforms, DEFAULT_PLATFORMS
# Configurar logging para clickhouse_driver
clickhouse_logger = logging.getLogger('clickhouse_driver')
clickhouse_logger.setLevel(logging.WARNING) # Cambiar de DEBUG a WARNING
# Configurar logging para urllib3 (usado por requests)
urllib3_logger = logging.getLogger('urllib3')
urllib3_logger.setLevel(logging.WARNING)
# Configurar logging para git
git_logger = logging.getLogger('git')
git_logger.setLevel(logging.WARNING)
# Configurar rutas base
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
DB_DIR = os.path.join(BASE_DIR, 'data')
LOGS_DIR = os.path.join(BASE_DIR, 'logs')
CONFIG_DIR = os.path.join(BASE_DIR, 'config')
# Crear directorios necesarios si no existen
os.makedirs(DB_DIR, exist_ok=True)
os.makedirs(LOGS_DIR, exist_ok=True)
os.makedirs(CONFIG_DIR, exist_ok=True)
def dir_path(string):
if os.path.isdir(string):
return string
log.critical(f'{string} is not a valid directory')
parser_connect = cmd2.Cmd2ArgumentParser()
parser_connect.add_argument('--user',
required=True,
help="the database's user")
parser_connect.add_argument('--passwd',
required=True,
help='the folder of the leak')
parser_connect.add_argument('--dbname',
required=True,
help="the database's name")
parser_connect.add_argument('--host',
default="localhost",
help="the database's host")
parser_connect.add_argument('--port',
default="5432",
help="the database's port")
parser_connect_leaks = cmd2.Cmd2ArgumentParser(description="Connect to the ClickHouse leaks database for credential searches.")
parser_connect_leaks.add_argument('--user', default=None,
help="ClickHouse user (default: from config or 'default')")
parser_connect_leaks.add_argument('--passwd', default=None,
help="ClickHouse password (default: from config or empty)")
parser_connect_leaks.add_argument('--dbname', default=None,
help="ClickHouse database name (default: from config or 'credentials_db')")
parser_connect_leaks.add_argument('--host', default=None,
help="ClickHouse host (default: from config or 'localhost')")
parser_connect_leaks.add_argument('--port', default=None,
help="ClickHouse port (default: from config or '9000')")
parser_connect_leaks.add_argument('--secure',
action='store_true',
help="use secure connection (TLS)")
parser_connect_leaks.add_argument('--save', action='store_true',
help="save connection settings to config")
create_db_parser = cmd2.Cmd2ArgumentParser(description="Create and initialize a ClickHouse database for storing leaked credentials.")
create_db_parser.add_argument('--user', required=True, help='ClickHouse database user')
create_db_parser.add_argument('--passwd', required=True, help='ClickHouse database password')
create_db_parser.add_argument('--dbname', required=True, help='Name of the ClickHouse database to create')
create_db_parser.add_argument('--host', default='localhost', help='ClickHouse server host')
create_db_parser.add_argument('--port', default='9000', help='ClickHouse server port')
create_db_parser.add_argument('--secure', action='store_true', help='Use secure connection (TLS)')
create_db_parser.add_argument('--import-data', help='Optional: Path to a directory containing credential files to import (format: email:password:url)')
parser_use = cmd2.Cmd2ArgumentParser(description="Load a plugin module (linkedin, github, hibp).")
parser_use.add_argument('--plugin', choices=['github', 'linkedin', 'hibp'],
help='Plugin to activate: linkedin (employee scraping), github (secrets scanning), hibp (breach lookup)')
parser_show = cmd2.Cmd2ArgumentParser(description="Show available options and their current values for the active plugin.")
parser_show.add_argument('options', help='Type "options" to display plugin settings')
parser_find_breaches = cmd2.Cmd2ArgumentParser(description="Search for breaches in all company emails using HaveIBeenPwned API. Requires HIBP plugin active.")
parser_addcompany = cmd2.Cmd2ArgumentParser(description="Add a new company to the local database.")
parser_addcompany.add_argument('--name', required=True, help='Name of the company to add')
parser_selectcompany = cmd2.Cmd2ArgumentParser(description="Select a company to work with from the local database.")
parser_selectcompany.add_argument('--name', required=True, help='Name of the company to select')
parser_listcompanies = cmd2.Cmd2ArgumentParser(description="List all companies in the local database.")
parser_findpasswords = cmd2.Cmd2ArgumentParser(description="Search for leaked credentials in ClickHouse and ProxyNova COMB using emails/usernames from the local database.")
parser_findpasswords.add_argument('mode', choices=['find_all', 'only_usernames', 'only_emails'],
help='Search mode: find_all (search everything), only_usernames (search by usernames only), only_emails (search by emails only)')
parser_findpasswords.add_argument('--email', type=str, help='Search for a specific email address (results not saved to local DB)')
parser_findpasswords.add_argument('--no-proxynova', action='store_true', help='Skip ProxyNova COMB API search')
parser_findpasswords.add_argument('--no-clickhouse', action='store_true', help='Skip ClickHouse search (use only ProxyNova)')
parser_print = cmd2.Cmd2ArgumentParser(description="Display or export collected data for the selected company.")
parser_print.add_argument('--data', choices=['emails', 'passwords', 'breaches', 'gits', 'phones', 'twitters', 'websites', 'all', 'secrets', 'domains', 'subdomains'],
help='Type of data to display')
parser_print.add_argument('--export', action='store_true', help='Export data to CSV file')
parser_print.add_argument('--html', action='store_true', help='Generate interactive HTML report (only with --data all)')
parser_print.add_argument('--ai', action='store_true', help='Use AI to group employees by department in HTML report')
parser_set_ai = cmd2.Cmd2ArgumentParser(description="Configure the AI provider for role classification and report grouping.")
parser_set_ai.add_argument('--endpoint', default='http://localhost:11434/v1',
help='OpenAI-compatible API endpoint (default: Ollama local)')
parser_set_ai.add_argument('--key', default='ollama',
help='API key (default: "ollama" for local Ollama)')
parser_set_ai.add_argument('--model', default='llama3',
help='Model name (e.g. gpt-4o-mini, llama3, mistral)')
parser_classify = cmd2.Cmd2ArgumentParser(description="Classify employees into departments using AI based on their job titles.")
parser_classify.add_argument('--force', action='store_true',
help='Re-classify even if departments are already assigned')
parser_lookup = cmd2.Cmd2ArgumentParser(description="Check if employee emails are registered on social media platforms using Holehe (~120 platforms, does not alert the target).")
parser_lookup.add_argument('--include-potential', action='store_true',
help='Also check potential (generated) emails, not just confirmed ones')
parser_lookup.add_argument('--email', type=str, default=None,
help='Lookup a single specific email address')
parser_lookup.add_argument('--all', action='store_true',
help='Check all 120+ platforms instead of configured subset')
parser_lookup.add_argument('--list-platforms', action='store_true',
help='Show all available platform names and exit')
autosave_options = cmd2.Cmd2ArgumentParser(description="Enable or disable automatic saving/loading of plugin configurations.")
autosave_options.add_argument('--enable', action="store_true", default=False, help='Enable the feature')
autosave_options.add_argument('--disable', action="store_true", default=False, help='Disable the feature')
parser_deletecompany = cmd2.Cmd2ArgumentParser(description="Delete a company and all its associated data from the local database.")
parser_deletecompany.add_argument('--name', required=True, help='Name of the company to delete')
parser_run_find = cmd2.Cmd2ArgumentParser()
parser_run_find.add_argument('company_name', help='LinkedIn company name')
parser_run_find.add_argument('company_domain', help='Company email domain')
parser_run_find.add_argument('--email-format', help='Optional email format for potential emails (e.g. {n}.{s} for first initial + last name)')
parser_import_leaks = cmd2.Cmd2ArgumentParser(description="Import credential leak files into ClickHouse. Supports txt, csv, dat, zip, gz formats with AI-powered format detection. Files are tracked by SHA-256 so repeat runs skip already-imported content.")
parser_import_leaks.add_argument('directory', nargs='?', default=None,
help='Directory with leak files (default: leaks_data/)')
parser_import_leaks.add_argument('--no-ai', action='store_true',
help='Skip AI format detection for unknown files')
parser_import_leaks.add_argument('--force', action='store_true',
help='Re-parse files even if their SHA-256 is already in imported_files (default: skip)')
parser_add_domain = cmd2.Cmd2ArgumentParser(description="Associate a domain with the selected company for infrastructure discovery.")
parser_add_domain.add_argument('domain', help='Domain name to add (e.g. faradaysec.com)')
parser_discover = cmd2.Cmd2ArgumentParser(description="Run infrastructure discovery (subdomain enumeration + DNS resolution) against all company domains using crt.sh and HackerTarget.")
parser_lookup_profiles = cmd2.Cmd2ArgumentParser(description="Search for social media profiles of employees using Maigret, based on manually assigned usernames.")
parser_lookup_profiles.add_argument('--employee', type=str, default=None,
help='Lookup a specific employee by name')
class GroupConcat:
def __init__(self):
self.values = set()
def step(self, value):
if value is not None:
self.values.add(value)
def finalize(self):
return ','.join(sorted(self.values))
class EmploLeaksCLI(cmd2.Cmd):
"""EmploLeaks CLI"""
emojis = {
'cross': "\U0000274c",
"check": "\U00002714",
"arrow_up": "\U00002b06",
"page": "\U0001f4c4",
"laptop": "\U0001f4bb",
'profile': "👤",
'email': "📧",
'website': "🌐",
'twitter': "🐦",
'phone': "📱",
'github': "💻",
'success': "✅",
'error': "❌",
'warning': "⚠️",
'info': "ℹ️",
'search': "🔍",
'link': "🔗",
'plus': "➕",
'arrow': "➡️",
'sparkles': "✨"
}
def preloop(self) -> None:
"""Print banner before starting the CLI"""
banner = """
_ _ _
___ _ __ ___ _ __ | | ___ | | ___ __ _| | _____
/ _ \\ '_ ` _ \\| '_ \\| |/ _ \\| |/ _ \\/ _` | |/ / __|
| __/ | | | | | |_) | | (_) | | __/ (_| | <\\__ \\
\\___|_| |_| |_| .__/|_|\\___/|_|\\___|\\__,_|_|\\_\\___/
|_|
"""
self.poutput(style(banner, fg=Fg['WHITE']))
self.poutput(style('\nWelcome to EmploLeaks CLI. Type help or ? to list commands.\n', fg=Fg['WHITE']))
super().preloop()
def __init__(self, connector_db=None, *args, **kwargs):
super().__init__(*args, allow_cli_args=False, **kwargs)
# Disable unused cmd2 commands
self.hidden_commands.extend([
'set', # Disable set command
'macro', # Disable macro command
'run_pyscript', # Disable run_pyscript command
'run_script', # Disable run_script command
'edit', # Disable edit command
'alias', # Disable alias command
'shortcuts', # Disable shortcuts command
'shell' # Disable shell command
])
self.conn = None # PostgreSQL connection for leaks database
self.leaks_conn = None # ClickHouse connection for leaks database
self.local_conn = None # SQLite connection for local data
self.company_id = None
self.company_name = ''
self.plugin_name = ''
self.plugin_instance = None
self.configfilepath = os.path.join(CONFIG_DIR, 'tokens.ini')
self.autoload = os.path.isfile(self.configfilepath)
self.autosave = self.autoload
self.ai_endpoint = 'http://localhost:11434/v1'
self.ai_key = 'ollama'
self.ai_model = 'llama3'
self.ch_host = 'localhost'
self.ch_port = '9000'
self.ch_user = 'default'
self.ch_passwd = ''
self.ch_dbname = 'credentials_db'
self._load_global_config()
# Emojis para la interfaz
self.emojis = {
'profile': "👤",
'email': "📧",
'website': "🌐",
'twitter': "🐦",
'phone': "📱",
'github': "💻",
'success': "✅",
'error': "❌",
'warning': "⚠️",
'info': "ℹ️",
'search': "🔍",
'link': "🔗",
'check': "✔️",
'plus': "➕",
'arrow': "➡️",
'sparkles': "✨"
}
# Initialize SQLite database if it doesn't exist
db_path = os.path.join(DB_DIR, 'emploleaks.db')
self.local_conn = sqlite3.connect(db_path)
self.local_conn.row_factory = sqlite3.Row
self._init_local_db()
def _init_local_db(self):
"""Initialize the local SQLite database with required tables."""
cur = self.local_conn.cursor()
# Crear tabla de compañías si no existe
cur.execute("""
CREATE TABLE IF NOT EXISTS companies (
company_id INTEGER PRIMARY KEY AUTOINCREMENT,
company_name TEXT UNIQUE NOT NULL
)
""")
# Crear tabla de empleados si no existe
cur.execute("""
CREATE TABLE IF NOT EXISTS employees (
employee_id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT NOT NULL,
title TEXT,
profile_photo_url TEXT,
company_id INTEGER,
FOREIGN KEY (company_id) REFERENCES companies (company_id)
)
""")
# Migrate: add profile_photo_url if missing (existing DBs)
try:
cur.execute("ALTER TABLE employees ADD COLUMN profile_photo_url TEXT")
self.local_conn.commit()
except sqlite3.OperationalError:
pass
# Crear tabla de emails si no existe
cur.execute("""
CREATE TABLE IF NOT EXISTS emails (
email_id INTEGER PRIMARY KEY AUTOINCREMENT,
email TEXT NOT NULL,
employee_id INTEGER,
FOREIGN KEY (employee_id) REFERENCES employees (employee_id)
)
""")
# Crear tabla de emails potenciales si no existe
cur.execute("""
CREATE TABLE IF NOT EXISTS potential_emails (
email_id INTEGER PRIMARY KEY AUTOINCREMENT,
email TEXT NOT NULL,
employee_id INTEGER,
FOREIGN KEY (employee_id) REFERENCES employees (employee_id)
)
""")
# Crear tabla de contraseñas si no existe
cur.execute("""
CREATE TABLE IF NOT EXISTS passwords (
password_id INTEGER PRIMARY KEY AUTOINCREMENT,
password TEXT NOT NULL,
email_id INTEGER,
breach_context TEXT,
FOREIGN KEY (email_id) REFERENCES emails (email_id),
FOREIGN KEY (email_id) REFERENCES potential_emails (email_id),
UNIQUE(password, email_id, breach_context)
)
""")
cur.execute("""
CREATE TABLE IF NOT EXISTS username_passwords (
password_id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT NOT NULL,
password TEXT NOT NULL,
breach_context TEXT,
company_id INTEGER,
FOREIGN KEY (company_id) REFERENCES companies (company_id),
UNIQUE(username, password, breach_context, company_id)
)
""")
# Crear tabla de brechas si no existe
cur.execute("""
CREATE TABLE IF NOT EXISTS breaches (
breach_id INTEGER PRIMARY KEY AUTOINCREMENT,
breach_name TEXT NOT NULL,
breach_date TEXT,
breach_description TEXT,
breach_domain TEXT,
breach_data_classes TEXT,
breach_is_verified BOOLEAN,
breach_is_fabricated BOOLEAN,
breach_is_sensitive BOOLEAN,
breach_is_retired BOOLEAN,
breach_is_spam_list BOOLEAN,
breach_logo_path TEXT,
breach_email TEXT,
email_id INTEGER,
FOREIGN KEY (email_id) REFERENCES emails (email_id)
)
""")
# Crear tabla de GitHub si no existe
cur.execute("""
CREATE TABLE IF NOT EXISTS githubs (
github_id INTEGER PRIMARY KEY AUTOINCREMENT,
github_url TEXT NOT NULL,
employee_id INTEGER,
FOREIGN KEY (employee_id) REFERENCES employees (employee_id)
)
""")
# Crear tabla de Twitter si no existe
cur.execute("""
CREATE TABLE IF NOT EXISTS twitters (
twitter_id INTEGER PRIMARY KEY AUTOINCREMENT,
twitter_url TEXT NOT NULL,
employee_id INTEGER,
FOREIGN KEY (employee_id) REFERENCES employees (employee_id)
)
""")
# Crear tabla de teléfonos si no existe
cur.execute("""
CREATE TABLE IF NOT EXISTS phones (
phone_id INTEGER PRIMARY KEY AUTOINCREMENT,
phone_number TEXT NOT NULL,
employee_id INTEGER,
FOREIGN KEY (employee_id) REFERENCES employees (employee_id)
)
""")
# Crear tabla de sitios web si no existe
cur.execute("""
CREATE TABLE IF NOT EXISTS websites (
website_id INTEGER PRIMARY KEY AUTOINCREMENT,
website_url TEXT NOT NULL,
employee_id INTEGER,
FOREIGN KEY (employee_id) REFERENCES employees (employee_id)
)
""")
# Crear tabla de secretos si no existe
cur.execute("""
CREATE TABLE IF NOT EXISTS secrets_repos (
secret_id INTEGER PRIMARY KEY AUTOINCREMENT,
repo_url TEXT NOT NULL,
secret_type TEXT NOT NULL,
secret_value TEXT NOT NULL,
file_path TEXT,
commit_hash TEXT,
commit_date TEXT,
found_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
employee_id INTEGER,
company_id INTEGER,
FOREIGN KEY (employee_id) REFERENCES employees (employee_id),
FOREIGN KEY (company_id) REFERENCES companies (company_id)
)
""")
cur.execute("""
CREATE TABLE IF NOT EXISTS social_profiles (
profile_id INTEGER PRIMARY KEY AUTOINCREMENT,
platform TEXT NOT NULL,
url TEXT,
exists_flag BOOLEAN DEFAULT 1,
email_recovery TEXT,
phone_recovery TEXT,
email_id INTEGER,
employee_id INTEGER,
FOREIGN KEY (email_id) REFERENCES emails (email_id),
FOREIGN KEY (employee_id) REFERENCES employees (employee_id)
)
""")
cur.execute("""
CREATE TABLE IF NOT EXISTS domains (
domain_id INTEGER PRIMARY KEY AUTOINCREMENT,
domain TEXT NOT NULL,
company_id INTEGER,
FOREIGN KEY (company_id) REFERENCES companies(company_id),
UNIQUE(domain, company_id)
)
""")
cur.execute("""
CREATE TABLE IF NOT EXISTS subdomains (
subdomain_id INTEGER PRIMARY KEY AUTOINCREMENT,
subdomain TEXT NOT NULL,
domain_id INTEGER,
source TEXT,
ip_address TEXT,
first_seen TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (domain_id) REFERENCES domains(domain_id),
UNIQUE(subdomain, domain_id)
)
""")
cur.execute("""
CREATE TABLE IF NOT EXISTS usernames (
username_id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT NOT NULL,
employee_id INTEGER,
source TEXT DEFAULT 'manual',
FOREIGN KEY (employee_id) REFERENCES employees(employee_id),
UNIQUE(username, employee_id)
)
""")
cur.execute("""
CREATE TABLE IF NOT EXISTS imported_files (
file_id INTEGER PRIMARY KEY AUTOINCREMENT,
file_hash TEXT NOT NULL UNIQUE,
file_path TEXT NOT NULL,
file_size INTEGER,
rows_inserted INTEGER,
imported_at TEXT
)
""")
cur.execute("CREATE UNIQUE INDEX IF NOT EXISTS idx_passwords_unique ON passwords(password, email_id, breach_context)")
cur.execute("CREATE UNIQUE INDEX IF NOT EXISTS idx_username_passwords_unique ON username_passwords(username, password, breach_context, company_id)")
try:
cur.execute("ALTER TABLE companies ADD COLUMN company_logo_url TEXT")
except sqlite3.OperationalError:
pass
for col, default in [('triage_status', "'pending'"), ('department', 'NULL'), ('excluded', '0')]:
for table in ['passwords', 'username_passwords', 'secrets_repos', 'employees']:
if col == 'department' and table not in ('employees',):
continue
if col == 'excluded' and table != 'employees':
continue
if col == 'triage_status' and table == 'employees':
continue
try:
cur.execute(f"ALTER TABLE {table} ADD COLUMN {col} TEXT DEFAULT {default}")
except sqlite3.OperationalError:
pass
# url column for credentials (separated from breach_context, which is the source label).
for table in ('passwords', 'username_passwords'):
try:
cur.execute(f"ALTER TABLE {table} ADD COLUMN url TEXT")
except sqlite3.OperationalError:
pass
# One-time backfill: existing rows store the URL inside breach_context
# (e.g. "accounts.spotify.com"). Move domain-shaped values to `url` and
# replace breach_context with the source label "clickhouse-leaks".
# OR IGNORE: a row with the new (user, pass, 'clickhouse-leaks', company) key
# may already exist from a later import — skip the migration of the duplicate
# rather than abort startup.
for table in ('passwords', 'username_passwords'):
try:
cur.execute(f"""
UPDATE OR IGNORE {table}
SET url = breach_context,
breach_context = 'clickhouse-leaks'
WHERE url IS NULL
AND breach_context IS NOT NULL
AND breach_context != 'proxynova-comb'
AND breach_context LIKE '%.%'
""")
except (sqlite3.OperationalError, sqlite3.IntegrityError):
pass
self.local_conn.commit()
self.local_conn.commit()
cur.close()
def _load_global_config(self):
"""Load global settings (AI, etc.) from config file on startup."""
if not os.path.isfile(self.configfilepath):
return
config = configparser.RawConfigParser()
config.read(self.configfilepath)
if config.has_section('ai'):
self.ai_endpoint = config.get('ai', 'endpoint', fallback=self.ai_endpoint)
self.ai_key = config.get('ai', 'key', fallback=self.ai_key)
self.ai_model = config.get('ai', 'model', fallback=self.ai_model)
log.debug(f"AI config loaded: model={self.ai_model}")
if config.has_section('clickhouse'):
self.ch_host = config.get('clickhouse', 'host', fallback='localhost')
self.ch_port = config.get('clickhouse', 'port', fallback='9000')
self.ch_user = config.get('clickhouse', 'user', fallback='default')
self.ch_passwd = config.get('clickhouse', 'passwd', fallback='')
self.ch_dbname = config.get('clickhouse', 'dbname', fallback='credentials_db')
self._auto_connect_clickhouse()
def _save_config_section(self, section, values):
"""Save a section of key-value pairs to the config file."""
config = configparser.RawConfigParser()
config.read(self.configfilepath)
if not config.has_section(section):
config.add_section(section)
for k, v in values.items():
config.set(section, k, v)
os.makedirs(CONFIG_DIR, exist_ok=True)
with open(self.configfilepath, 'w') as f:
config.write(f)
def _auto_connect_clickhouse(self):
"""Try to connect to ClickHouse using saved config. Fails silently."""
try:
self.leaks_conn = clickhouse_driver.Client(
host=self.ch_host,
port=int(self.ch_port),
user=self.ch_user,
password=self.ch_passwd,
)
self.leaks_conn.execute('SELECT 1')
self._ensure_credentials_db()
log.debug(f"ClickHouse auto-connected to {self.ch_host}:{self.ch_port}")
except Exception:
self.leaks_conn = None
def _ensure_credentials_db(self):
"""Create the credentials database and table if they don't exist."""
if not self.leaks_conn:
return
try:
self.leaks_conn.execute(f'CREATE DATABASE IF NOT EXISTS {self.ch_dbname}')
self.leaks_conn.execute(f'''
CREATE TABLE IF NOT EXISTS {self.ch_dbname}.credentials (
mail_username String,
mail_domain String,
mail_tld String,
password String,
uri_subdomain String,
uri_domain String,
uri_tld String
) ENGINE = ReplacingMergeTree()
ORDER BY (mail_username, mail_domain, mail_tld, password, uri_subdomain, uri_domain, uri_tld)
SETTINGS index_granularity = 8192
''')
self.leaks_conn.disconnect()
self.leaks_conn = clickhouse_driver.Client(
host=self.ch_host,
port=int(self.ch_port),
database=self.ch_dbname,
user=self.ch_user,
password=self.ch_passwd,
)
except Exception as e:
log.debug(f"ClickHouse DB init: {e}")
def __del__(self):
"""Cleanup database connections on object destruction"""
if self.local_conn:
self.local_conn.close()
if self.conn:
self.conn.close()
if self.leaks_conn:
self.leaks_conn.disconnect()
def leakdb_connected(func):
def wrapper(*args, **kwargs):
if args[0].conn == None:
log.warning(f"[!] Database connection required for this operation. Use '{Style.BRIGHT}{Fore.WHITE}connect_leaks{Style.RESET_ALL}' command to connect to the leaks database")
return
return func(*args, **kwargs)
return wrapper
def leaksdb_connected(func):
def wrapper(*args, **kwargs):
if args[0].leaks_conn == None:
log.warning(f"Firstly connect to the leaks database with '{Style.BRIGHT}{Fore.WHITE}connect_leaks{Style.RESET_ALL}' command")
return
func(*args)
return wrapper
def plugin_activated(func):
def wrapper(*args, **kwargs):
if args[0].plugin_name == '':
log.warning(f"You need to select a plugin with the '{Style.BRIGHT}{Fore.WHITE}use{Style.RESET_ALL}' command")
return
func(*args)
return wrapper
def company_selected(func):
def wrapper(*args, **kwargs):
if args[0].company_name == '' and args[0].company_id == None:
log.warning(f"You need to select a company with the '{Style.BRIGHT}{Fore.WHITE}select_company{Style.RESET_ALL}' command")
return
func(*args)
return wrapper
def _generate_html_report(self, filename, use_ai=False):
"""Generate a modular dashboard HTML report with tabs for each data category."""
cur = self.local_conn.cursor()
esc = self._html_escape
cur.execute("""
SELECT e.employee_id, e.name, e.title, e.profile_photo_url, e.department
FROM employees e WHERE e.company_id = ? ORDER BY e.name
""", (self.company_id,))
employees = cur.fetchall()
if not employees:
log.info("No employees found for this company.")
cur.close()
return
has_departments = any(emp['department'] for emp in employees)
if use_ai and not has_departments:
if self.ai_endpoint and self.ai_key and self.ai_model:
log.info("No departments found. Running AI classification...")
titles = [emp['title'] for emp in employees if emp['title']]
role_to_dept = classify_roles(titles, self.ai_endpoint, self.ai_key, self.ai_model) or {}
if role_to_dept:
for emp in employees:
if emp['title']:
dept = role_to_dept.get(emp['title'], 'Other')
cur.execute("UPDATE employees SET department = ? WHERE employee_id = ?",
(dept, emp['employee_id']))
self.local_conn.commit()
cur.execute("""
SELECT e.employee_id, e.name, e.title, e.profile_photo_url, e.department
FROM employees e WHERE e.company_id = ? ORDER BY e.name
""", (self.company_id,))
employees = cur.fetchall()
has_departments = True
else:
log.warning("AI not configured. Use 'set_ai' or 'classify' command first.")
def get_dept(emp):
return emp['department'] or ''
emp_data = []
all_breaches = []
all_email_creds = []
all_secrets = []
for emp in employees:
eid = emp['employee_id']
name = emp['name'] or ''
title = emp['title'] or ''
photo = emp['profile_photo_url'] or ''
dept = get_dept(emp)
cur.execute("SELECT email FROM emails WHERE employee_id = ?", (eid,))
confirmed = [r['email'] for r in cur.fetchall()]
cur.execute("SELECT email FROM potential_emails WHERE employee_id = ?", (eid,))
potential = [r['email'] for r in cur.fetchall()]
cur.execute("SELECT phone_number FROM phones WHERE employee_id = ?", (eid,))
phones = [r['phone_number'] for r in cur.fetchall()]
cur.execute("SELECT website_url FROM websites WHERE employee_id = ?", (eid,))
websites = [r['website_url'] for r in cur.fetchall()]
cur.execute("SELECT github_url FROM githubs WHERE employee_id = ?", (eid,))
githubs = [r['github_url'] for r in cur.fetchall()]
cur.execute("SELECT twitter_url FROM twitters WHERE employee_id = ?", (eid,))
twitters = [r['twitter_url'] for r in cur.fetchall()]
cur.execute("""
SELECT b.breach_name, b.breach_date, em.email FROM breaches b
INNER JOIN emails em ON b.email_id = em.email_id
WHERE em.employee_id = ?
""", (eid,))
for r in cur.fetchall():
all_breaches.append({'name': name, 'email': r['email'], 'breach': r['breach_name'], 'date': r['breach_date'] or '—'})
cur.execute("""
SELECT p.password, p.breach_context, em.email FROM passwords p
INNER JOIN emails em ON p.email_id = em.email_id WHERE em.employee_id = ?
""", (eid,))
for r in cur.fetchall():
all_email_creds.append({'name': name, 'identifier': r['email'], 'password': r['password'], 'context': r['breach_context'] or '', 'type': 'confirmed'})
cur.execute("""
SELECT p.password, p.breach_context, pe.email FROM passwords p
INNER JOIN potential_emails pe ON p.email_id = pe.email_id WHERE pe.employee_id = ?
""", (eid,))
for r in cur.fetchall():
all_email_creds.append({'name': name, 'identifier': r['email'], 'password': r['password'], 'context': r['breach_context'] or '', 'type': 'potential'})
cur.execute("SELECT secret_type, secret_value, repo_url, file_path FROM secrets_repos WHERE employee_id = ?", (eid,))
for r in cur.fetchall():
all_secrets.append({'name': name, 'type': r['secret_type'], 'value': r['secret_value'] or '', 'repo': r['repo_url'] or '', 'file': r['file_path'] or ''})
emp_data.append({
'name': name, 'title': title, 'photo': photo, 'dept': dept,
'confirmed': confirmed, 'potential': potential, 'phones': phones,
'websites': websites, 'githubs': githubs, 'twitters': twitters,
'has_breaches': bool(all_breaches and any(b['name'] == name for b in all_breaches)),
'has_passwords': bool(all_email_creds and any(c['name'] == name for c in all_email_creds)),
'has_secrets': bool(all_secrets and any(s['name'] == name for s in all_secrets)),
})
cur.execute("""
SELECT username, password, breach_context
FROM username_passwords WHERE company_id = ?
""", (self.company_id,))
username_creds = [{'username': r['username'], 'password': r['password'], 'context': r['breach_context'] or ''} for r in cur.fetchall()]
total_emp = len(emp_data)
total_emails = sum(1 for e in emp_data if e['confirmed'] or e['potential'])
total_breaches = len(all_breaches)
total_email_creds = len(all_email_creds)
total_user_creds = len(username_creds)
total_secrets = len(all_secrets)
unique_breach_names = len(set(b['breach'] for b in all_breaches))
dept_set = sorted(set(e['dept'] for e in emp_data if e['dept']))
# --- Tab 1: Overview ---
findings_html = ''
if all_email_creds or username_creds:
findings_html += f'''<div class="finding finding-critical">
<div class="finding-icon">!</div>
<div><div class="finding-title">{total_email_creds + total_user_creds} leaked credentials found</div>
<div class="finding-desc">{total_email_creds} matched by email, {total_user_creds} matched by username across ClickHouse leak database.</div></div></div>'''
if all_secrets:
findings_html += f'''<div class="finding finding-high">
<div class="finding-icon">!</div>
<div><div class="finding-title">{total_secrets} secrets exposed in repositories</div>
<div class="finding-desc">Secrets found via gitleaks scan in employee GitHub/GitLab repositories.</div></div></div>'''
if all_breaches:
findings_html += f'''<div class="finding finding-medium">
<div class="finding-icon">i</div>
<div><div class="finding-title">{total_breaches} breach records across {unique_breach_names} known breaches</div>
<div class="finding-desc">Employee emails found in public data breaches via HaveIBeenPwned.</div></div></div>'''
if not findings_html:
findings_html = '<p class="empty-state">No critical findings yet. Run find_passwords, find_breaches, or find_secrets to populate this section.</p>'
overview_tab = f'''<div class="tab-pane active" id="tab-overview">
<div class="metrics-grid">
<div class="metric-card"><div class="metric-value">{total_emp}</div><div class="metric-label">Employees</div></div>
<div class="metric-card"><div class="metric-value">{total_emails}</div><div class="metric-label">With Emails</div></div>
<div class="metric-card accent-red"><div class="metric-value">{total_breaches}</div><div class="metric-label">Breach Records</div></div>
<div class="metric-card accent-orange"><div class="metric-value">{total_email_creds + total_user_creds}</div><div class="metric-label">Leaked Credentials</div></div>
<div class="metric-card accent-purple"><div class="metric-value">{total_secrets}</div><div class="metric-label">Secrets Found</div></div>
{'<div class="metric-card accent-cyan"><div class="metric-value">' + str(len(dept_set)) + '</div><div class="metric-label">Departments</div></div>' if dept_set else ''}
</div>
<div class="panel">
<h2 class="panel-title">Key Findings</h2>
<div class="findings-list">{findings_html}</div>
</div>
</div>'''
# --- Tab 2: Profiling ---
cards_by_dept = {}
for e in emp_data:
dept_key = e['dept'] or '_ungrouped'
photo_html = f'<img src="{esc(e["photo"])}" alt="{esc(e["name"])}" />' if e['photo'] else '<div class="no-photo"><svg viewBox="0 0 24 24" width="28" height="28" fill="none" stroke="#484f58" stroke-width="1.5"><circle cx="12" cy="8" r="4"/><path d="M4 20c0-4 4-7 8-7s8 3 8 7"/></svg></div>'
contact_items = ''
for em in e['confirmed']:
contact_items += f'<li class="contact-email"><span class="contact-label">Email</span><span class="contact-value confirmed">{esc(em)}</span></li>'
for em in e['potential']:
contact_items += f'<li class="contact-email"><span class="contact-label">Potential</span><span class="contact-value potential">{esc(em)}</span></li>'
for ph in e['phones']:
contact_items += f'<li><span class="contact-label">Phone</span><span class="contact-value">{esc(ph)}</span></li>'
for w in e['websites']:
contact_items += f'<li><span class="contact-label">Web</span><a href="{esc(w)}" target="_blank" class="contact-value link">{esc(w)}</a></li>'
for g in e['githubs']:
contact_items += f'<li><span class="contact-label">GitHub</span><a href="{esc(g)}" target="_blank" class="contact-value link github-link">{esc(g)}</a></li>'
for t in e['twitters']:
contact_items += f'<li><span class="contact-label">Twitter</span><a href="{esc(t)}" target="_blank" class="contact-value link">{esc(t)}</a></li>'
indicators = ''
if e['has_breaches']:
indicators += '<span class="indicator ind-breach" title="Breached">B</span>'
if e['has_passwords']:
indicators += '<span class="indicator ind-cred" title="Leaked credentials">C</span>'
if e['has_secrets']:
indicators += '<span class="indicator ind-secret" title="Secrets in repos">S</span>'
card = f'''<div class="profile-card" data-name="{esc(e['name'].lower())}" data-role="{esc(e['title'].lower())}" data-dept="{esc(e['dept'].lower())}">
<div class="profile-header">
<div class="profile-photo">{photo_html}</div>
<div class="profile-info">
<h3>{esc(e['name'])}</h3>
<p class="profile-role">{esc(e['title'])}</p>
{f'<span class="dept-tag">{esc(e["dept"])}</span>' if e['dept'] else ''}
</div>
<div class="profile-indicators">{indicators}</div>
</div>
{'<ul class="contact-list">' + contact_items + '</ul>' if contact_items else '<p class="empty-state small">No contact information found.</p>'}
</div>'''
cards_by_dept.setdefault(dept_key, []).append(card)
if has_departments:
sorted_depts = sorted(d for d in cards_by_dept if d != '_ungrouped')
if '_ungrouped' in cards_by_dept:
sorted_depts.append('_ungrouped')
dept_buttons = '<button class="dept-filter active" data-dept="all">All</button>'
for d in sorted_depts:
label = d if d != '_ungrouped' else 'Uncategorized'
dept_buttons += f'<button class="dept-filter" data-dept="{esc(d.lower())}">{esc(label)} ({len(cards_by_dept[d])})</button>'
dept_filter_bar = f'<div class="dept-filter-bar">{dept_buttons}</div>'
profiling_grid = ''
for d in sorted_depts:
label = d if d != '_ungrouped' else 'Uncategorized'
profiling_grid += f'<div class="dept-group" data-dept-group="{esc(d.lower())}"><h3 class="dept-group-title">{esc(label)}<span class="badge">{len(cards_by_dept[d])}</span></h3><div class="profiles-grid">{"".join(cards_by_dept[d])}</div></div>'
else:
dept_filter_bar = ''
all_cards = []
for cards in cards_by_dept.values():
all_cards.extend(cards)
profiling_grid = f'<div class="profiles-grid">{"".join(all_cards)}</div>'
profiling_tab = f'''<div class="tab-pane" id="tab-profiling">
<div class="tab-toolbar">
<input type="text" class="search-input" id="profiling-search" placeholder="Search by name, role or department..." />
{dept_filter_bar}
</div>
<div id="profiling-content">{profiling_grid}</div>
</div>'''
# --- Tab 3: Breaches ---
if all_breaches:
breach_rows = ''
for b in sorted(all_breaches, key=lambda x: x['breach']):
breach_rows += f'<tr><td>{esc(b["name"])}</td><td class="mono">{esc(b["email"])}</td><td>{esc(b["breach"])}</td><td>{esc(b["date"])}</td></tr>'
breaches_table = f'''<div class="panel"><h2 class="panel-title">Breach Records <span class="badge">{total_breaches}</span></h2>
<div class="table-toolbar"><input type="text" class="search-input" id="breach-search" placeholder="Filter breaches..." /></div>
<div class="table-wrap"><table class="data-table" id="breach-table">
<thead><tr><th>Employee</th><th>Email</th><th>Breach</th><th>Date</th></tr></thead>
<tbody>{breach_rows}</tbody></table></div></div>'''
else:
breaches_table = '<div class="panel"><p class="empty-state">No breach records found. Use the HIBP plugin with find_breaches to check employee emails.</p></div>'
breaches_tab = f'<div class="tab-pane" id="tab-breaches">{breaches_table}</div>'
# --- Tab 4: Credentials ---
if all_email_creds:
cred_rows = ''
for c in all_email_creds:
type_class = 'confirmed' if c['type'] == 'confirmed' else 'potential'
cred_rows += f'<tr><td>{esc(c["name"])}</td><td class="mono {type_class}">{esc(c["identifier"])}</td><td class="mono pwd">{esc(c["password"])}</td><td class="ctx">{esc(c["context"])}</td></tr>'
email_creds_html = f'''<div class="panel"><h2 class="panel-title">Credentials by Email <span class="badge">{total_email_creds}</span></h2>
<div class="table-toolbar"><input type="text" class="search-input" id="cred-email-search" placeholder="Filter by email, employee..." /></div>
<div class="table-wrap"><table class="data-table" id="cred-email-table">
<thead><tr><th>Employee</th><th>Email</th><th>Password</th><th>Leak Source</th></tr></thead>
<tbody>{cred_rows}</tbody></table></div></div>'''
else:
email_creds_html = '<div class="panel"><p class="empty-state">No email-based credentials found. Use find_passwords only_emails or find_all.</p></div>'
if username_creds:
user_rows = ''
for c in username_creds:
user_rows += f'<tr><td class="mono">{esc(c["username"])}</td><td class="mono pwd">{esc(c["password"])}</td><td class="ctx">{esc(c["context"])}</td></tr>'
user_creds_html = f'''<div class="panel"><h2 class="panel-title">Credentials by Username <span class="badge">{total_user_creds}</span></h2>
<p class="panel-desc">Found by searching usernames (without domain) across the ClickHouse leak database. May include false positives for common usernames.</p>
<div class="table-toolbar"><input type="text" class="search-input" id="cred-user-search" placeholder="Filter by username..." /></div>
<div class="table-wrap"><table class="data-table" id="cred-user-table">
<thead><tr><th>Username</th><th>Password</th><th>Leak Source</th></tr></thead>
<tbody>{user_rows}</tbody></table></div></div>'''
else:
user_creds_html = '<div class="panel"><p class="empty-state">No username-based credentials found. Use find_passwords only_usernames or find_all.</p></div>'
credentials_tab = f'<div class="tab-pane" id="tab-credentials">{email_creds_html}{user_creds_html}</div>'
# --- Tab 5: Secrets ---
if all_secrets:
secret_rows = ''
for s in all_secrets:
truncated = s['value'][:60] + '...' if len(s['value']) > 60 else s['value']
repo_name = s['repo'].split('/')[-1] if '/' in s['repo'] else s['repo']
secret_rows += f'<tr><td>{esc(s["name"])}</td><td><span class="secret-type">{esc(s["type"])}</span></td><td class="mono pwd">{esc(truncated)}</td><td><a href="{esc(s["repo"])}" target="_blank" class="link">{esc(repo_name)}</a></td><td class="mono ctx">{esc(s["file"])}</td></tr>'
secrets_html = f'''<div class="panel"><h2 class="panel-title">Exposed Secrets <span class="badge">{total_secrets}</span></h2>
<div class="table-toolbar"><input type="text" class="search-input" id="secrets-search" placeholder="Filter secrets..." /></div>
<div class="table-wrap"><table class="data-table" id="secrets-table">
<thead><tr><th>Employee</th><th>Type</th><th>Value</th><th>Repository</th><th>File</th></tr></thead>
<tbody>{secret_rows}</tbody></table></div></div>'''
else:
secrets_html = '<div class="panel"><p class="empty-state">No secrets found. Use the GitHub plugin with run find_secrets to scan employee repositories.</p></div>'
secrets_tab = f'<div class="tab-pane" id="tab-secrets">{secrets_html}</div>'
ai_subtitle = ' | Grouped by department' if has_departments else ''
html = f'''<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>EmploLeaks Report — {esc(self.company_name)}</title>
<style>
*{{margin:0;padding:0;box-sizing:border-box}}
body{{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,'Helvetica Neue',sans-serif;background:#0d1117;color:#c9d1d9;min-height:100vh}}
a{{color:#58a6ff;text-decoration:none}}a:hover{{text-decoration:underline}}
.mono{{font-family:'SF Mono',SFMono-Regular,Consolas,'Liberation Mono',Menlo,monospace;font-size:12px}}
/* Header */
.header{{background:linear-gradient(135deg,#161b22 0%,#1a1e2e 100%);padding:28px 40px;border-bottom:1px solid #30363d}}
.header h1{{font-size:26px;color:#f0f6fc;letter-spacing:-0.3px}}.header h1 span{{color:#f85149}}
.header .sub{{color:#8b949e;font-size:13px;margin-top:4px}}
/* Tab nav */
.tab-nav{{display:flex;gap:0;background:#161b22;border-bottom:2px solid #30363d;padding:0 40px;overflow-x:auto}}
.tab-btn{{padding:12px 20px;color:#8b949e;font-size:13px;font-weight:600;cursor:pointer;border:none;background:none;border-bottom:2px solid transparent;margin-bottom:-2px;transition:all .15s;white-space:nowrap;display:flex;align-items:center;gap:6px}}
.tab-btn:hover{{color:#c9d1d9}}.tab-btn.active{{color:#f0f6fc;border-bottom-color:#58a6ff}}
.tab-btn .cnt{{background:#30363d;color:#8b949e;padding:1px 7px;border-radius:10px;font-size:11px;font-weight:600}}
.tab-btn.active .cnt{{background:#1f6feb;color:#fff}}
/* Tab panes */
.tab-pane{{display:none;padding:24px 40px}}.tab-pane.active{{display:block}}