Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label OSINT Tools. Show all posts
Showing posts with label OSINT Tools. Show all posts

Friday, February 23, 2024

RepoReaper - An Automated Tool Crafted To Meticulously Scan And Identify Exposed .Git Repositories Within Specified Domains And Their Subdomains


RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomains. By processing a user-provided text file with domain names, RepoReaper systematically checks each for publicly accessible .git files. This enables rapid assessment and protection against information leaks, making RepoReaper an essential resource for security teams and web developers.

Features
  • Automated scanning of domains and subdomains for exposed .git repositories.
  • Streamlines the detection of sensitive data exposures.
  • User-friendly command-line interface.
  • Ideal for security audits and Bug Bounty.

Installation

Clone the repository and install the required dependencies:

git clone https://github.com/YourUsername/RepoReaper.git
cd RepoReaper
pip install -r requirements.txt
chmod +x RepoReaper.py

Usage

RepoReaper is executed from the command line and will prompt for the path to a file containing a list of domains or subdomains to be scanned.

To start RepoReaper, simply run:

./RepoReaper.py
or
python3 RepoReaper.py

Upon execution, RepoReaper will ask for the path to the file containing the domains or subdomains: Enter the path of the file containing domains

Provide the path to your text file when prompted. The file should contain one domain or subdomain per line, like so:

example.com
subdomain.example.com
anotherdomain.com

RepoReaper will then proceed to scan the provided domains or subdomains for exposed .git repositories and report its findings. 


Disclaimer

This tool is intended for educational purposes and security research only. The user assumes all responsibility for any damages or misuse resulting from its use.


Share:

Tuesday, February 20, 2024

SwaggerSpy - Automated OSINT On SwaggerHub


SwaggerSpy is a tool designed for automated Open Source Intelligence (OSINT) on SwaggerHub. This project aims to streamline the process of gathering intelligence from APIs documented on SwaggerHub, providing valuable insights for security researchers, developers, and IT professionals.


What is Swagger?

Swagger is an open-source framework that allows developers to design, build, document, and consume RESTful web services. It simplifies API development by providing a standard way to describe REST APIs using a JSON or YAML format. Swagger enables developers to create interactive documentation for their APIs, making it easier for both developers and non-developers to understand and use the API.


About SwaggerHub

SwaggerHub is a collaborative platform for designing, building, and managing APIs using the Swagger framework. It offers a centralized repository for API documentation, version control, and collaboration among team members. SwaggerHub simplifies the API development lifecycle by providing a unified platform for API design and testing.


Why OSINT on SwaggerHub?

Performing OSINT on SwaggerHub is crucial because developers, in their pursuit of efficient API documentation and sharing, may inadvertently expose sensitive information. Here are key reasons why OSINT on SwaggerHub is valuable:

  1. Developer Oversights: Developers might unintentionally include secrets, credentials, or sensitive information in API documentation on SwaggerHub. These oversights can lead to security vulnerabilities and unauthorized access if not identified and addressed promptly.

  2. Security Best Practices: OSINT on SwaggerHub helps enforce security best practices. Identifying and rectifying potential security issues early in the development lifecycle is essential to ensure the confidentiality and integrity of APIs.

  3. Preventing Data Leaks: By systematically scanning SwaggerHub for sensitive information, organizations can proactively prevent data leaks. This is especially crucial in today's interconnected digital landscape where APIs play a vital role in data exchange between services.

  4. Risk Mitigation: Understanding that developers might forget to remove or obfuscate sensitive details in API documentation underscores the importance of continuous OSINT on SwaggerHub. This proactive approach mitigates the risk of unintentional exposure of critical information.

  5. Compliance and Privacy: Many industries have stringent compliance requirements regarding the protection of sensitive data. OSINT on SwaggerHub ensures that APIs adhere to these regulations, promoting a culture of compliance and safeguarding user privacy.

  6. Educational Opportunities: Identifying oversights in SwaggerHub documentation provides educational opportunities for developers. It encourages a security-conscious mindset, fostering a culture of awareness and responsible information handling.

By recognizing that developers can inadvertently expose secrets, OSINT on SwaggerHub becomes an integral part of the overall security strategy, safeguarding against potential threats and promoting a secure API ecosystem.


How SwaggerSpy Works

SwaggerSpy obtains information from SwaggerHub and utilizes regular expressions to inspect API documentation for sensitive information, such as secrets and credentials.


Getting Started

To use SwaggerSpy, follow these steps:

  1. Installation: Clone the SwaggerSpy repository and install the required dependencies.
git clone https://github.com/UndeadSec/SwaggerSpy.git
cd SwaggerSpy
pip install -r requirements.txt
  1. Usage: Run SwaggerSpy with the target search terms (more accurate with domains).
python swaggerspy.py searchterm
  1. Results: SwaggerSpy will generate a report containing OSINT findings, including information about the API, endpoints, and secrets.

Disclaimer

SwaggerSpy is intended for educational and research purposes only. Users are responsible for ensuring that their use of this tool complies with applicable laws and regulations.


Contribution

Contributions to SwaggerSpy are welcome! Feel free to submit issues, feature requests, or pull requests to help improve this tool.


About the Author

SwaggerSpy is developed and maintained by Alisson Moretto (UndeadSec)

I'm a passionate cyber threat intelligence pro who loves sharing insights and crafting cybersecurity tools.


TODO

Regular Expressions Enhancement
  • [ ] Review and improve existing regular expressions.
  • [ ] Ensure that regular expressions adhere to best practices.
  • [ ] Check for any potential optimizations in the regex patterns.
  • [ ] Test regular expressions with various input scenarios for accuracy.
  • [ ] Document any complex or non-trivial regex patterns for better understanding.
  • [ ] Explore opportunities to modularize or break down complex patterns.
  • [ ] Verify the regular expressions against the latest specifications or requirements.
  • [ ] Update documentation to reflect any changes made to the regular expressions.

License

SwaggerSpy is licensed under the MIT License. See the LICENSE file for details.


Thanks

Special thanks to @Liodeus for providing project inspiration through swaggerHole.


Share:

Sunday, February 18, 2024

EmploLeaks - An OSINT Tool That Helps Detect Members Of A Company With Leaked Credentials

 

This is a tool designed for Open Source Intelligence (OSINT) purposes, which helps to gather information about employees of a company.

How it Works

The tool starts by searching through LinkedIn to obtain a list of employees of the company. Then, it looks for their social network profiles to find their personal email addresses. Finally, it uses those email addresses to search through a custom COMB database to retrieve leaked passwords. You an easily add yours and connect to through the tool.

Installation

To use this tool, you'll need to have Python 3.10 installed on your machine. Clone this repository to your local machine and install the required dependencies using pip in the cli folder:

cd cli
pip install -r requirements.txt

OSX

We know that there is a problem when installing the tool due to the psycopg2 binary. If you run into this problem, you can solve it running:

cd cli
python3 -m pip install psycopg2-binary`

Basic Usage

To use the tool, simply run the following command:

python3 cli/emploleaks.py

If everything went well during the installation, you will be able to start using EmploLeaks:

___________              .__         .__                 __
\_ _____/ _____ ______ | | ____ | | ____ _____ | | __ ______
| __)_ / \____ \| | / _ \| | _/ __ \__ \ | |/ / / ___/
| \ Y Y \ |_> > |_( <_> ) |_\ ___/ / __ \| < \___ \
/_______ /__|_| / __/|____/\____/|____/\___ >____ /__|_ \/____ >
\/ \/|__| \/ \/ \/ \/

OSINT tool ðŸ•Âµ to chain multiple apis
emploleaks>

Right now, the tool supports two functionalities:

  • Linkedin, for searching all employees from a company and get their personal emails.
    • A GitLab extension, which is capable of finding personal code repositories from the employees.
  • If defined and connected, when the tool is gathering employees profiles, a search to a COMB database will be made in order to retrieve leaked passwords.

Retrieving Linkedin Profiles

First, you must set the plugin to use, which in this case is linkedin. After, you should set your authentication tokens and the run the impersonate process:

emploleaks> use --plugin linkedin
emploleaks(linkedin)> setopt JSESSIONID
JSESSIONID:
[+] Updating value successfull
emploleaks(linkedin)> setopt li-at
li-at:
[+] Updating value successfull
emploleaks(linkedin)> show options
Module options:

Name Current Setting Required Description
---------- ----------------------------------- ---------- -----------------------------------
hide yes no hide the JSESSIONID field
JSESSIONID ************************** no active cookie session in browser #1
li-at AQEDAQ74B0YEUS-_AAABilIFFBsAAAGKdhG no active cookie session in browser #1
YG00AxGP34jz1bRrgAcxkXm9RPNeYIAXz3M
cycrQm5FB6lJ-Tezn8GGAsnl_GRpEANRdPI
lWTRJJGF9vbv5yZHKOeze_WCHoOpe4ylvET
kyCyfN58SNNH
emploleaks(linkedin)> run i mpersonate
[+] Using cookies from the browser
Setting for first time JSESSIONID
Setting for first time li_at

li_at and JSESSIONID are the authentication cookies of your LinkedIn session on the browser. You can use the Web Developer Tools to get it, just sign-in normally at LinkedIn and press right click and Inspect, those cookies will be in the Storage tab.

Now that the module is configured, you can run it and start gathering information from the company:

Get Linkedin accounts + Leaked Passwords

We created a custom workflow, where with the information retrieved by Linkedin, we try to match employees' personal emails to potential leaked passwords. In this case, you can connect to a database (in our case we have a custom indexed COMB database) using the connect command, as it is shown below:

emploleaks(linkedin)> connect --user myuser --passwd mypass123 --dbname mydbname --host 1.2.3.4
[+] Connecting to the Leak Database...
[*] version: PostgreSQL 12.15

Once it's connected, you can run the workflow. With all the users gathered, the tool will try to search in the database if a leaked credential is affecting someone:

As a conclusion, the tool will generate a console output with the following information:
  • A list of employees of the company (obtained from LinkedIn)
  • The social network profiles associated with each employee (obtained from email address)
  • A list of leaked passwords associated with each email address.

How to build the indexed COMB database

An imortant aspect of this project is the use of the indexed COMB database, to build your version you need to download the torrent first. Be careful, because the files and the indexed version downloaded requires, at least, 400 GB of disk space available.

Once the torrent has been completelly downloaded you will get a file folder as following:

â”ω”€Ã¢”€ count_total.sh
â”ω”€Ã¢”€ data
│ â”ω”€Ã¢”€ 0
│ â”ω”€Ã¢”€ 1
│ │ â”ω”€Ã¢”€ 0
│ │ â”ω”€Ã¢”€ 1
│ │ â”ω”€Ã¢”€ 2
│ │ â”ω”€Ã¢”€ 3
│ │ â”ω”€Ã¢”€ 4
│ │ â”ω”€Ã¢&€ 5
│ │ â”ω”€Ã¢”€ 6
│ │ â”ω”€Ã¢”€ 7
│ │ â”ω”€Ã¢”€ 8
│ │ â”ω”€Ã¢”€ 9
│ │ â”ω”€Ã¢”€ a
│ │ â”ω”€Ã¢”€ b
│ │ â”ω”€Ã¢”€ c
│ │ â”ω”€Ã¢”€ d
│ │ â”ω”€Ã¢”€ e
│ │ â”ω”€Ã¢”€ f
│ │ â”ω”€Ã¢”€ g
│ │ â”ω”€Ã¢”€ h
│ │ â”ω”€Ã¢”€ i
│ │ â”ω”€Ã¢”€ j
│ │ â”ω”€Ã¢”€ k
│ │ â”ω”€Ã¢”€ l
│ │ â”ω”€Ã¢”€ m
│ │ â”ω €Ã¢”€ n
│ │ â”ω”€Ã¢”€ o
│ │ â”ω”€Ã¢”€ p
│ │ â”ω”€Ã¢”€ q
│ │ â”ω”€Ã¢”€ r
│ │ â”ω”€Ã¢”€ s
│ │ â”ω”€Ã¢”€ symbols
│ │ â”ω”€Ã¢”€ t

At this point, you could import all those files with the command create_db:

The importer takes a lot of time for that reason we recommend to run it with patience.

Next Steps

We are integrating other public sites and applications that may offer about a leaked credential. We may not be able to see the plaintext password, but it will give an insight if the user has any compromised credential:

  • Integration with Have I Been Pwned?
  • Integration with Firefox Monitor
  • Integration with Leak Check
  • Integration with BreachAlarm

Also, we will be focusing on gathering even more information from public sources of every employee. Do you have any idea in mind? Don't hesitate to reach us:

Or you con DM at @pastacls or @gaaabifranco on Twitter.




Share:

Wednesday, February 9, 2022

Gotanda - Browser Web Extension For OSINT


Gotanda is OSINT(Open Source Intelligence) Web Extension for Firefox/Chrome.

This Web Extension could search OSINT information from some IOC in web page.(IP,Domain,URL,SNS...etc)

This Repository partly the studying and JavaScript practice.

Download link below.


Usage

Right click highlighted IOC strings, It will show contextmenus.(Or right clicking any link. )

When You want to search using some engine, You choose one of list.


Search Engine List
Name URL Category
Domain Tools https://whois.domaintools.com/ whois Lookup
Security Trails https://securitytrails.com/ whois lookup
whoisds https://whoisds.com/ whois lookup
ThreatCrowd https://www.threatcrowd.org/ Domain, IPv4
AbuseIPDB https://www.abuseipdb.com/ IPv4
HackerTarget https://hackertarget.com/ IPv4
Censys https://censys.io/ IP, Domain
Shodan https://shodan.io/ IP, Domain
FOFA https://fofa.so/ IP, Domain
VirusTotal https://virustotal.com/ IP, Domain, URL,Hash
GreyNoise https://viz.greynoise.io/ IPv4
IPAlyzer https://ipalyzer.com/ IPv4
Tor Relay Search https://metrics.torproject.org/ IP,Domain
Domain Watch https://domainwat.ch/ Domain, Email,whois lookup
crt.sh https://crt.sh/ SSL-certificate
SecurityHeaders https://securityheaders.com/ URL, Domain
DNSlytics https://dnslytics.com/ IPv4,IPv6,ASN
URLscan https://urlscan.io/ URL
Ultratools https://www.ultratools.com/ IPv6
Wayback Machine https://web.archive.org URL
aguse https://www.aguse.jp/ URL
check-host https://check-host.net/ URL
CIRCL https://cve.circl.lu/ CVE
FortiGuard https://fortiguard.com/ CVE
Sploitus https://sploitus.com/ CVE
Vulmon https://vulmon.com/ CVE
CXSecurity https://cxsecurity.com/ CVE
Vulncode-DB https://www.vulncode-db.com/ CVE
Malshare https://malshare.com/ MD5 Hash
ThreatCrowd https://www.threatcrowd.org/ IP,Domain
Hybrid Analysis https://www.hybrid-analysis.com/ hash
Twitter https://twitter.com/ SNS, w/TimeLine
Qiita https://qiita.com SNS
GitHub https://github.com SNS
Facebook https://www.facebook.com/ SNS, w/TimeLine
Instagram https://www.instagram.com/ SNS
LinkedIn https://linkedin.com/ SNS
Pinterest https://www.pinterest.jp SNS
reddit https://www.reddit.com/ SNS

About Twitter and FaceBook could search timeline with any words.


Misc

This extension is optimized for the Japanese environment.




Share:

Thursday, January 19, 2017

Get detailed information about a Twitter user activity - Tinfoleak v2.0



Are you interested in OSINT tools? Tinfoleak is the best OSINT tool for Twitter, and is open-source!
The new version includes a lot of new and improved features:
  • Search by coordinates
  • Geolocated users
  • Tagged users
  • User conversations
  • Identification in other social networks
  • More powerful and flexible search filter
  • More detailed information on existing features
  • … and many more information to generate intelligence!

Screenshots









Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition