• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2018
  • March
  • 21
  • ODIN – Automating Penetration Testing Tasks

ODIN – Automating Penetration Testing Tasks

March 21, 2018July 27, 2019 Comments Off on ODIN – Automating Penetration Testing Tasks
how to use odin tool ODIN - Automating Penetration Testing Tasks odin commands odin pentest odin scanner

ODIN [ Observe, Detect, and Investigate Networks ] is a Python tool for automating intelligence gathering, testing and reporting.

ODIN is still in active development. ODIN is designed to be run on Linux. About 90% of it will absolutely work on Windows or MacOS with Python 3 and a copy of urlcrazy, but `extract`, used for pulling metadata from non-PDF files, is exclusive to Linux. You’ll be fine using an OS without access to `extract`, but you’ll see some warnings and get less information.

ODIN aims to automate many of the common recon tasks carried out by penetration testers. Such as:

  • Harvesting email addresses and employee names for a company.
  • Linking employees and companies to social media profiles.
  • Checking to see if discovered accounts have been a part of any public security breaches or appeared in any pastes.
  • Collecting data on domains and IP addresses from Shodan, Censys, DNS records, and whois/RDAP.
  • Discovering subdomains, their related IP addresses, and looking for CDNs that might allow for domain fronting.
  • Hunting Office files and PDFs under a domain, downloading them, and extracting metadata.
  • Linking key words, like a company name or domain, to AWS via S3 buckets and account aliases.
  • More to come in the future…

 

Installing ODIN

ODIN requires Python 3. Using pipenv for managing the required libraries is the best option to avoid Python installations getting mixed-up.

  1. Run pip3 install --user pipenv or python3 -m pip install --user pipenv.
  2. Run git clone https://github.com/chrismaddalena/ODIN.git.
  3. Run cd ODIN && pipenv install.
  4. Run pipenv shell to get started using ODIN.

Note: On MacOS you may get an error about pew not being in your PATH after installing pipenv and attempting to install ODIN. To fix it, follow these steps in order:

  • Uninstall virtualenv, pipenv, and pew.
  • Install virtualenv
  • Install pew
  • Install pipenv

 

Setup API Keys

  1. Review the keys.config.sample file to fill-in your API keys and create a keys.config file.
  2. cd into the /setup directory and run setup_check.py to make sure your keys.config file is in order.
  3. Install awscli and run aws configure.

 

The APIs and Services

ODIN uses several APIs to gather information. Some of these require an API key, but most of the APIs are free. That is to say, you can get a free key and then pay for more requests/day. Shodan is a good example of this. You may prefer to not use APIs at all for one reason or another. You can still use ODIN, but a few of the APIs are just really fantastic and you should consider using them, specifically Censys and Shodan.

 

Whois and RDAP

Both of these services are used to collect data on domains and IP addresses. This includes attaching domains to IP addresses, identifying the network CIDRs for these addresses, and pulling information about the owners.

No API key is needed.

 

Robtex

The Robtex free REST API is used to collect domain names tied to IP addresses. This information is displayed alongside the RDAP information for IP addresses, so you can see what else is hosted at that IP address.

No API key is needed.

 

Shodan

Shodan is used to search for domains and lookup hosts (IP addresses). This pulls in information like open ports, banners, hostnames, and location data. Shodan also flags hosts for well known vulnerabilities like Heartbleed. This data is recorded as well, if it exists, but does tend to be outdated (or just wrong) a lot of the time.

Sign-up for an account to get your API key: shodan.io

 

Censys

Censys is very much like Shodan, except less information about open ports/services is available. However, Censys provides a way to search for certificates tied to a domain. This can be a lot of data, but you may find new hosts, like those tied to an employee’s email address and used for a VPS in the cloud.

Sign-up for an account to get your API key: censys.io

 

URLVoid

URLVoid offers reputation data for domains, including Alexa and Google rankings, domain age, and location data. It also keeps track of domains that have been flagged for malicious activity by various entities (e.g. Fortinet, Avira).

This may be the most “skippable” of the APIs, but some of the data can be useful and worthwhile. It’s included for those occasions.

Sign-up for an account to get your API key: urlvoid.com/api

 

Twitter

If you setup a Twitter app for ODIN, the tokens can be used with Tweepy to collect account data (e.g. real name, location, follower count, and user description) from Twitter profiles ODIN has linked to the target organization.

In the future, this may be used to collect analytics from Twitter to help you find very active users or get a profile of them.

Become a Twitter developer by going to dev.twitter.com and then create an app on apps.twitter.com.

 

Cymon

eSentire’s Cymon is used to check domains and IP addresses to see if the target appears in any of Cymon’s collected threat intelligence feeds. This is used for reputation checks, but also used in combination with urlcrazy to check similar, registered domains to see if the domain or the domain’s A-record IP addresses have been reported.

Note that appearing in a threat feed doesn’t mean something is wrong or that Cymon has bad data. A domain may have been used for phishing, been detected and seized, and is now dormant with the old malicious A records. Then you have things like cloud service IPs that change hands often. Events like that can lead to a domain or IP being used for malicious activities one day and safe the next. Always investigate these findings before crying wolf to your client.

Sign-up for an account to get your API key: cymon.io

 

HaveIBeenPwned

Email addresses are checked against HIBP to determine if any email addresses for the organization have been mentioned in any pastes or been involved in any security breaches.

No API key is needed.

 

DNS Dumpster

DNS Dumpster is a cool project you can find at dnsdumpster.com. Subdomain information is collected from DNS Dumpster, including a neat domain map image!

No API key is needed.

 

NetCraft

ODIN will check NetCraft for domain history and known subdomains. This does require a web driver for Selenium. If you download a driver and provide the path to it in your keys.config file (Yes, this isn’t really a key, but so be it), NetCraft searches will be kicked off automatically when you perform domain OSINT.

The Chrome web driver is recommended, but the Firefox/Gecko driver should work just fine, too.

Chrome Web Driver Gecko Driver

 

EmailHunter

Meant for marketing folks to find leads and contacts at a company, this service offers free API keys for harvesting their contact information organizaed by company/domain. Hunter will return names, email addresses, phone numbers, Twitter handles, LinkedIn profile links, and job titles.

Sign-up for an account to get your API key: hunter.io

 

Full Contact

Full Contact support is implemented only for their Company API at the moment, but support for the People API may come in the future. For now, this is used to build a company profile based on a target domain, such as the client’s primary domain used for email and their website. Full Contact catalogues everything from website info and company logo(s) to website blurbs and social media profiles.

It’s likely Full Contact will get some things wrong, such as number of employees. In my experience, the data is usually not too far off the mark, but the profile is only meant to act as a snapshot to get you started.

Sign-up for an account to get your API key: app.fullcontact.com

 

AWS

Yes, Amazon Web Services. ODIN will perform recon against AWS to find things like S3 buckets and accounts names and aliases. Account names are strings of numbers, so you will need some idea of what you’re looking for there. Aliases, however, can be anything, like a company name, and those can be validated as existing or not.

By default, ODIN uses the client (-c) name and domain (-d) for searches. ODIN will search for the name with spaces stripped out, the domain with the TLD, and the domain without the TLD. Then ODIN will add some common suffices and prefixes, like “downloads-” or “-apps” to these keywords.

Optional wordlists can be provided for additional keywords and ‘fixes. Keywords can be anything, really. Consider assembling a list of related words, alternate client names, etc.

An Amazon and awscli are required.

 

Digital Ocean

ODIN will search for Digital Ocean Spaces just like it searches for S3 buckets. Spaces follows the same standards as S3, so it is simple to verify existing Spaces.

No API key is needed.

 

Automating Penetration Testing Tasks: ODIN Download

Post navigation

Free Course – Ethical Hacking with Hardware Gadgets
Security Onion – Linux Distro for Intrusion Detection, Network Security Monitoring, and Log Management

Related Articles

CVE-2023-28326: Critical Vulnerability in Apache OpenMeetings

CVE-2023-28326: Critical Vulnerability in Apache OpenMeetings

- Hack Tools
March 28, 2023
Decider - A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework

Decider – A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework

- Hack Tools
March 28, 2023
Android app from China exploited 0-day CVE-2023-20963 flaw

Android app from China exploited 0-day CVE-2023-20963 flaw

- Hack Tools
March 28, 2023
hacker gadgets
hacker phone covers

Recent Posts

CVE-2023-28326: Critical Vulnerability in Apache OpenMeetings

CVE-2023-28326: Critical Vulnerability in Apache OpenMeetings

March 28, 2023
Decider - A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework

Decider – A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework

March 28, 2023
Android app from China exploited 0-day CVE-2023-20963 flaw

Android app from China exploited 0-day CVE-2023-20963 flaw

March 28, 2023
Geogramint: OSINT Geolocalization tool for Telegram

Geogramint: OSINT Geolocalization tool for Telegram

March 28, 2023
Polaris: open source policy engine for Kubernetes

Polaris: open source policy engine for Kubernetes

March 27, 2023
ThunderCloud - Cloud Exploit Framework

ThunderCloud – Cloud Exploit Framework

March 27, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW