An OSINT Framework to perform various recon techniques, aggregate all the raw data, and give data in multiple formats.
Overview
- Performs automated OSINT on a domain / email / username / phone and find out relevant information from different sources.
- Useful for Pen-testers, Cyber Investigators, Product companies, defensive security professionals, etc.
- Correlates and collaborate the results, show them in a consolidated manner.
- Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. related to the target.
- Available as single consolidating tool as well as standalone scripts.
- Performs Active Scans on collected data.
- Generates HTML, JSON reports along with text files.
Why DataSploit???
Irrespective of whether you are attacking a target or defending one, you need to have a clear picture of the threat landscape before you get in. This is where DataSploit comes into the picture. Utilizing various Open Source Intelligence (OSINT) tools and techniques that we have found to be effective, DataSploit brings them all into one place, correlates the raw data captured and gives the user, all the relevant information about the domain / email / phone number / person, etc. It allows you to collect relevant information about a target which can expand your attack/defence surface very quickly. Sometimes it might even pluck the low hanging fruits for you without even touching the target and give you quick wins. Of course, a user can pick a single small job (which do not correlates obviously), or can pick up the parent search which will launch a bunch of queries, call other required scripts recursively, correlate the data and give you all juicy information in one go.
Tool Background
Created using our beloved Python, DataSploit simply requires the bare minimum data (such as domain name, email ID, person name, etc.) before it goes out on a mining spree. Once the data is collected, firstly the noise is removed, after which data is correlated and after multiple iterations it is stored locally in a database which could be easily visualised on the UI provided. The sources that have been integrated are all hand picked and are known to be providing reliable information. We have used them previously during different offensive as well as defensive engagements and found them helpful.
Setup
Worried about setup? Well, there are two major requirements here:
- Setting up the db, django, libraries, etc. We will soon have a script which will automate this for you, so can just go ahead and shoot the OSINT job.
- Feeding specific API keys for few specific sources. We are going to have a knowledge base where step by step instructions to generate these API keys will be documented. Sweet deal?
Roadmap
Apart from this, in order to make it more useful in daily life of a pen-tester, we are working to make the tool as an extension of the other tools that pen-testers commonly use such as Burp Suite, Maltego etc. so that you can feel at home during the usage.
dataSploit as a Framework
dataSploit is now available as a framework and can be used in 2 ways, either as a library such that it can be incorporated into other projects or as a standalone tool. Given below are the methods to install and use dataSploit in the mentioned 2 ways.
1. Library
dataSploit is now available on the pypi repository for easy installation using pip. If you’re a developer looking for a way to leverage the capabilities of dataSploit in your own projects, this method is probably the way to go for you. To use dataSploit as a library to incorporate in your own projects, please follow the below instructions to set it up.
# pip install datasploit
This command does all the work for you. It even installs the dependencies for dataSploit in your python environment. Once dataSploit is installed successfully, you need to edit the config file to add your own API keys. Simply run the below command to open up the config file in a vi editor. The below command is the gateway to edit the config file.
# datasploit_config
Now dataSploit is ready and can be used in any python project as a library. Following is a sample code:
>>> import datasploit
>>> data = datasploit.username.username_gitscrape.main("username")
>>> datasploit.username.username_gitscrape.output(data)
[+] Found 1 repos for username
1. Username/TestData (3 commits)
0913e1678e94456487c4c67288714511cbf2f9db
0f67ed38c0cd2e87f508724b9744932db3e8c6ac
b22997c0a4eb09a2b177ace811e55bea3b006df8
>>> from datasploit.emails import email_basic_checks
>>> data = email_basic_checks.main("info@google.com")
>>> print data
{u'free': False, u'domain': u'google.com', u'disposable': False, u'format_valid': True, u'did_you_mean': u'', u'catch_all': None, u'score': 0.8, u'role': True, u'user': u'info', u'smtp_check': True, u'email': u'info@google.com', u'mx_found': True}
>>> email_basic_checks.output(data)
Is it a free Email Address?: No
Email ID Exist?: Yes
Can this domain recieve emails?: Yes
Is it a Disposable email?: No
2. Standalone Tool
If you’re looking to use dataSploit quickly for scavenging information, you can simply run it as a standalone tool. Follow the below commands to set it up.
# git clone https://github.com/datasploit/datasploit /etc/datasploit
# cd /etc/datasploit/
# pip install -r requirements.txt
# mv config_sample.py config.py
# vi config.py
The steps mentioned above are all that is required to get dataSploit up and running. Once done, following is the sample usage of different modules or dataSploit as a whole.
# python datasploit.py test.com
____/ /____ _ / /_ ____ _ _____ ____ / /____ (_)/ /_
/ __ // __ `// __// __ `// ___// __ \ / // __ \ / // __/
/ /_/ // /_/ // /_ / /_/ /(__ )/ /_/ // // /_/ // // /_
\__,_/ \__,_/ \__/ \__,_//____// .___//_/ \____//_/ \__/
/_/
Open Source Assistant for #OSINT
Website: www.datasploit.info
User Input: test.com
Looks like a DOMAIN, running domainOsint...
---> Trying luck with PunkSpider
[-] No Vulnerabilities found on PunkSpider
---> Harvesting Email Addresses:.
sales@test.com
john.test@test.com
recipient@test.com
alice@test.com
someone@test.com
anonymous@test.com
sample@test.com
...
# python emails/email_basic_checks.py info@google.com
---> Basic Email Check(s)..
Is it a free Email Address?: No
Email ID Exist?: Yes
Can this domain recieve emails?: Yes
Is it a Disposable email?: No
# python username/username_gitscrape.py username
[+] Scraping Git for Repos and Commits
[+] Found 1 repos for username username
1. KunalAggarwal/TestData (3 commits)
0913e1678e94456487c4c67288714511cbf2f9db
0f67ed38c0cd2e87f508724b9744932db3e8c6ac
b22997c0a4eb09a2b177ace811e55bea3b006df8
That’s it. dataSploit is now setup and ready to go. Both methods of installation provide flexibilty to all types of users to leverage the modules of dataSploit as needed.
Usage
Datasploit allows you to perform OSINT on a domain_name, email_id, username and phoneNumber. In order to launch any script, lets first understand the nomenclature of these scripts:
- All the scripts meant to perform osint on domain starts with the keyword ‘domain_’. Eg. domain_subdomains, domain_whois, etc. In similar manner, scripts for osint on email_id starts with ’email_’, eg. email_fullcontact.
- Scripts with an underscore are standalone scripts and collects data of one specific kind.
- Scripts without an underscore are the ones used for automated collection of data using standalone scripts. Eg. domainOsint.py
In order to run any script, pass the respective argument. For example, domainOsint and domain_subdomains.py will expect a domain name to be passed.
python domainOsint.py -d example.com
python domain_subdomains.py example.com
While, domainOsint will call all other domain_* scripts and list down data as well as dump the same in mongoDb, domain_subdomains and other such scripts will just list down data specific to their function.
domainOsint.py generates a JSON and an HTML report in reports folder as following hirarchy (example files are based on abcd.com domain)
../datasploit/reports
