My last post was about PowerMeta, which launches Google & Bing search queries to download files from a target domain and performs EXIF analysis on them. This method gives us an insight into the different “actors” on the domain. However, if you want more information about the domain, check out DataSploit.
What is DataSploit?
DataSploit is an open source tool coded in Python to perform various OSINT techniques on a target, aggregate all the raw data, and present it in multiple formats. Open Source Intelligence (OSINT) is a term used to refer to the data collected from publicly available sources to be used in an intelligence context. This tool helps you collect all this information such as server’s leaked username and passwords, administrators address, email ID, phone number, credentials, interests, friends, preferences, legacy machines, unnecessary ports information, technologies in use from multiple sources. Very basically, it performs the following types of OSINT: domain, e-mail, IP and username. It also “purifies” the information that we get from these sources.
Functions of DataSploit:
- Performs OSINT on a domain/email/username/phone and find out information from different sources.
- Correlates and collaborate the results. Show them in a consolidated manner.
- Tries to find out credentials, API-keys, tokens, subdomains, domain history, legacy portals, etc. related to the target.
- Use specific script/launch automated OSINT for consolidated data.
- Performs Active Scans on collected data.
- Works in passive mode.
- Generates HTML, JSON reports along with text files.
- Customized for penetration testers, product security personnel or cyber investigators.
When it comes to domain OSINT, DataSploit gets information from whois data, DNS records, domain IP history, subdomains, web sites such as PunkSpider, Wikileaks, ZoomEye, Shodan, Censys, GitHub, links from various forums, HackerTarget Pagelinks, tools such as Wappalyzer, paste searches, email harvestor and passive SSL scan if supported. For e-mail OSINT, it gets data by performing basic e-mail checks, social networking profiles, username enumeration, location data, uploaded documents such as slides, Scribd uploads, related websites and HaveIBeenPwned entries. To get this massive amount of data, it depends on sites such as Shodan, Bing, GitHub, BuiltWith, Censys.io, Facebook, Google Custom Search Engine, Flickr, Instagram, IPInfoDB, JigSaw, LinkedIn, Twitter, Zoomeye, Clearbit, VirusTotal, hashes, Emailhunter, jsonwhois, FullContact, Mailboxlayer. So, it needs your APIs for all of these services otherwise the related functionality will not work. Also keep in mind the monthly, daily limits from all of these sources as they might be limited.
This tool needs Python, MongoDb and Django. With these installed, you checkout the GIT repository and run:
pip install –r requirements.txt
My initial post about this advanced XSS detection and exploitation suite was almost an year ago! Three days ago, an update – XSStrike 3.1.2 was released. This is a post that documents these changes. What is XSStrike? XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator,