Pastebin.com has been around quite a while yet it still stands as one of the most popular exfiltration platforms for data breaches and leaks. There is also a lot of other miscellaneous junk on Pastebin from developers, writers and other people who mess around with the service. The good stuff, the passwords, user names and PII that we as Security Professionals are looking for to alert our stakeholders; is gone in a short amount of time. This means that you need to programmatically search and retain relevant data.

The easiest way to do this with no programing is to use Pastebin’s own https://pastebin.com/alerts.php or a competitive external project like https://www.andrewmohawk.com/pasteLert/. The downside of these is that this relies on an email alert when new items are found. That may not be fast enough or does not scale to enterprise type workflows.

So, I wrote up a scraper using Python and the Pastebin Pro API. I call it Pybin. https://github.com/nayra42/pybin

This program is written in Python 3 and is intended to be ran on a Linux system as a Daemon. It scans the latest public pastes every second and saves the unique key. The unique key is kept in a list so that it is not scraped or searched against again. I leveraged log rotate to keep the keys list from filling up. If the contents of the paste match the regex filter then the key, match and time are saved to another flat file. I then used log collector to send that file to my SIEM for instant alerting and monitoring.