SlideShare a Scribd company logo

Datasploit - An Open Source Intelligence Tool

Download as PPTX, PDF
Shubham Mittal
Shubham Mittal

This presentation was used for explaining Datasploit to osint enthusiasts in Blackhat Arsenal 2016 and Defcon 24 Demolabs.

Technology
1 of 14
http://datasploit.info | @datasploit
Overview of Tool? • Performs Automated OSINT (Reconnaissance) on Domain / Email / Username. • Fetches information from multiple sources. • Works in passive mode, i.e. not a single packet is sent to the target. • Customized for Pen-testers / Product Security Guys / Cyber Investigators. • Available as command line as well as GUI.
How it works Python Client Mongo Db Django Celery RabbitMQ
Components • Python: all the logic. • MongoDB: Storing all files in json dicts. • Django: Web UI • Celery: Handles tasks thrown from UI, sends results back to UI. • RabbitMQ: Used by Celery for message queuing.
Sources Email: Work History Social profiles Location Information Slides Scribd Documents Related Websites HaveIBeenPwned Enumerated Usernames  Domain: WhoIS DNS Records PunkSpider Wappalyzer Github Email Harvestor  Domain IP History Pagelinks Wikileaks Subdomains Links from Forums Passive SSL Scan ZoomEye Shodan Censys Username: Git Details Check username on various sites. Profile Pics –Output saved in $username directory Frequent Hashtags Interaction on Twitter.
Documentation • http://www.datasploit.info • http://datasploit.readthedocs.io/en/latest/ • https://upgoingstar.github.io/datasploit/
How it works? • Download from git (git clone or dowload) git clone https://github.com/upgoingstar/datasploit.git • pip install –r requirements.txt (includes django and celery • Instal MongoDb and RabbitMQ • Config.py holds API keys • domain_xyz.py – running stand alone scriptss. • domainOsint / emailOsint – automated OSINT
Twitter: @datasploit https://twitter.com/datasploit
Facebook: /datasploit https://www.facebook.co m/datasploit/
Roadmap • Reverse image search • Intelligence on co-relating and validating a profile • Porting all modules to web UI. • Use graphical and visualization templates on UI. • Modules on Phone Number / IP Address / facebook api / git info extract / etc. • Design pluggable APIs structure. • Alerting based on a periodic regular OSINT scan. • Harvest file > Extract metadata > Map vulnerabilities. • OSINT Tutorials.
How to Contribute • Test the tool (we have very bad dev skills, so you know ;)) • Write a module. Or Suggest a module. (we love feedbacks). • Use / Promote / Write about the tool. • Write OSINT blogs / tool walkthrough(s) / etc. • Report issues at https://github.com/upgoingstar/datasploit/issues • Send message via twitter to @datasploit
Contributors. • Shubham Mittal (@upgoingstar) • Nutan Kumar Panda (@nutankumarpanda) • Susdhanshu (@sudhanshu_c) • Kunal (@KunalAggarwal92)
Thanks View on GitHub Download .zip Download .tar.gz Follow @datasploit for OSINT news and latest updates.

Recommended

DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017 DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017
Shubham Mittal
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
Sudhanshu Chauhan
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
Jerod Brennen
 
Rv defcon25 osint tactics on source code intelligence - simon roses
Rv defcon25 osint tactics on source code intelligence - simon rosesRv defcon25 osint tactics on source code intelligence - simon roses
Rv defcon25 osint tactics on source code intelligence - simon roses
reconvillage
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistry
n|u - The Open Security Community
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 

Recommended

DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017 DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017
Shubham Mittal
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
Sudhanshu Chauhan
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
Jerod Brennen
 
Rv defcon25 osint tactics on source code intelligence - simon roses
Rv defcon25 osint tactics on source code intelligence - simon rosesRv defcon25 osint tactics on source code intelligence - simon roses
Rv defcon25 osint tactics on source code intelligence - simon roses
reconvillage
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistry
n|u - The Open Security Community
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet.
Shubham Mittal
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
Nutan Kumar Panda
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
Philippe Lin
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
Tom Eston
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
Chris Gates
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
RedHunt Labs
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
Christian Martorella
 
Osint
OsintOsint
Osint
Kamal Rathaur
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
Olakanmi Oluwole
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
Megan DeBlois
 
Maltego
MaltegoMaltego
Maltego
penetration Tester
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligence
balakumaran779
 
Hacker tool talk: maltego
Hacker tool talk: maltegoHacker tool talk: maltego
Hacker tool talk: maltego
Chris Hammond-Thrasher
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plug
Kamal Rathaur
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015
Mats Björe
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
Jesse Ratcliffe, OSCP
 
Social Media Data Collection & Analysis
Social Media Data Collection & AnalysisSocial Media Data Collection & Analysis
Social Media Data Collection & Analysis
Scott Sanders
 
Reproducibility and automation of machine learning process
Reproducibility and automation of machine learning processReproducibility and automation of machine learning process
Reproducibility and automation of machine learning process
Denis Dus
 

More Related Content

What's hot

DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet.
Shubham Mittal
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
Nutan Kumar Panda
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
Philippe Lin
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
Tom Eston
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
Chris Gates
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
RedHunt Labs
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
Christian Martorella
 
Osint
OsintOsint
Osint
Kamal Rathaur
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
Olakanmi Oluwole
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
Megan DeBlois
 
Maltego
MaltegoMaltego
Maltego
penetration Tester
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligence
balakumaran779
 
Hacker tool talk: maltego
Hacker tool talk: maltegoHacker tool talk: maltego
Hacker tool talk: maltego
Chris Hammond-Thrasher
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plug
Kamal Rathaur
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015
Mats Björe
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
Jesse Ratcliffe, OSCP
 

What's hot (20)

DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet.
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
Osint
OsintOsint
Osint
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
 
Maltego
MaltegoMaltego
Maltego
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligence
 
Hacker tool talk: maltego
Hacker tool talk: maltegoHacker tool talk: maltego
Hacker tool talk: maltego
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plug
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 

Similar to Datasploit - An Open Source Intelligence Tool

Social Media Data Collection & Analysis
Social Media Data Collection & AnalysisSocial Media Data Collection & Analysis
Social Media Data Collection & Analysis
Scott Sanders
 
Reproducibility and automation of machine learning process
Reproducibility and automation of machine learning processReproducibility and automation of machine learning process
Reproducibility and automation of machine learning process
Denis Dus
 
Idea to Appstore with Titanium Mobile
Idea to Appstore with Titanium MobileIdea to Appstore with Titanium Mobile
Idea to Appstore with Titanium MobileChristian Sulllivan
 
Getting started with titanium
Getting started with titaniumGetting started with titanium
Getting started with titanium
Naga Harish M
 
Adventures in cross platform ConnectJS / TiConnect 2014
Adventures in cross platform ConnectJS / TiConnect 2014Adventures in cross platform ConnectJS / TiConnect 2014
Adventures in cross platform ConnectJS / TiConnect 2014
Jason Kneen
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
jasonhaddix
 
The iOS technical interview: get your dream job as an iOS developer
The iOS technical interview: get your dream job as an iOS developerThe iOS technical interview: get your dream job as an iOS developer
The iOS technical interview: get your dream job as an iOS developer
Juan C Catalan
 
Bots & spiders
Bots & spidersBots & spiders
Bots & spiders
Maté Ongenaert
 
Getting started with Appcelerator Titanium
Getting started with Appcelerator TitaniumGetting started with Appcelerator Titanium
Getting started with Appcelerator Titanium
Techday7
 
Blue Teaming On A Budget
Blue Teaming On A BudgetBlue Teaming On A Budget
Blue Teaming On A Budget
KevinRiley83
 
The Final Frontier
The Final FrontierThe Final Frontier
The Final Frontier
jClarity
 
Appcelerator Titanium Intro
Appcelerator Titanium IntroAppcelerator Titanium Intro
Appcelerator Titanium IntroNicholas Jansma
 
Bot. You said bot? Let build bot then! - Laurent Ellerbach
Bot. You said bot? Let build bot then! - Laurent EllerbachBot. You said bot? Let build bot then! - Laurent Ellerbach
Bot. You said bot? Let build bot then! - Laurent Ellerbach
ITCamp
 
ITCamp 2017 - Laurent Ellerbach - Bot. You said bot? Let's build a bot then...
ITCamp 2017 - Laurent Ellerbach - Bot. You said bot? Let's build a bot then...ITCamp 2017 - Laurent Ellerbach - Bot. You said bot? Let's build a bot then...
ITCamp 2017 - Laurent Ellerbach - Bot. You said bot? Let's build a bot then...
ITCamp
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
Subhransu Behera
 
TypeScript . the JavaScript developer best friend!
TypeScript . the JavaScript developer best friend!TypeScript . the JavaScript developer best friend!
TypeScript . the JavaScript developer best friend!
Alessandro Giorgetti
 
Putting together a web app
Putting together a web appPutting together a web app
Putting together a web app
Ryan Lou
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
Antonio Peric-Mazar
 
[Pinto] Is my SharePoint Development team properly enlighted?
[Pinto] Is my SharePoint Development team properly enlighted?[Pinto] Is my SharePoint Development team properly enlighted?
[Pinto] Is my SharePoint Development team properly enlighted?
European Collaboration Summit
 

Similar to Datasploit - An Open Source Intelligence Tool (20)

Social Media Data Collection & Analysis
Social Media Data Collection & AnalysisSocial Media Data Collection & Analysis
Social Media Data Collection & Analysis
 
Reproducibility and automation of machine learning process
Reproducibility and automation of machine learning processReproducibility and automation of machine learning process
Reproducibility and automation of machine learning process
 
Idea to Appstore with Titanium Mobile
Idea to Appstore with Titanium MobileIdea to Appstore with Titanium Mobile
Idea to Appstore with Titanium Mobile
 
Getting started with titanium
Getting started with titaniumGetting started with titanium
Getting started with titanium
 
Adventures in cross platform ConnectJS / TiConnect 2014
Adventures in cross platform ConnectJS / TiConnect 2014Adventures in cross platform ConnectJS / TiConnect 2014
Adventures in cross platform ConnectJS / TiConnect 2014
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
 
The iOS technical interview: get your dream job as an iOS developer
The iOS technical interview: get your dream job as an iOS developerThe iOS technical interview: get your dream job as an iOS developer
The iOS technical interview: get your dream job as an iOS developer
 
Bots & spiders
Bots & spidersBots & spiders
Bots & spiders
 
Getting started with Appcelerator Titanium
Getting started with Appcelerator TitaniumGetting started with Appcelerator Titanium
Getting started with Appcelerator Titanium
 
Intro to appcelerator
Intro to appceleratorIntro to appcelerator
Intro to appcelerator
 
Blue Teaming On A Budget
Blue Teaming On A BudgetBlue Teaming On A Budget
Blue Teaming On A Budget
 
The Final Frontier
The Final FrontierThe Final Frontier
The Final Frontier
 
Appcelerator Titanium Intro
Appcelerator Titanium IntroAppcelerator Titanium Intro
Appcelerator Titanium Intro
 
Bot. You said bot? Let build bot then! - Laurent Ellerbach
Bot. You said bot? Let build bot then! - Laurent EllerbachBot. You said bot? Let build bot then! - Laurent Ellerbach
Bot. You said bot? Let build bot then! - Laurent Ellerbach
 
ITCamp 2017 - Laurent Ellerbach - Bot. You said bot? Let's build a bot then...
ITCamp 2017 - Laurent Ellerbach - Bot. You said bot? Let's build a bot then...ITCamp 2017 - Laurent Ellerbach - Bot. You said bot? Let's build a bot then...
ITCamp 2017 - Laurent Ellerbach - Bot. You said bot? Let's build a bot then...
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
 
TypeScript . the JavaScript developer best friend!
TypeScript . the JavaScript developer best friend!TypeScript . the JavaScript developer best friend!
TypeScript . the JavaScript developer best friend!
 
Putting together a web app
Putting together a web appPutting together a web app
Putting together a web app
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
 
[Pinto] Is my SharePoint Development team properly enlighted?
[Pinto] Is my SharePoint Development team properly enlighted?[Pinto] Is my SharePoint Development team properly enlighted?
[Pinto] Is my SharePoint Development team properly enlighted?
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 

Datasploit - An Open Source Intelligence Tool

  • 2. Overview of Tool? • Performs Automated OSINT (Reconnaissance) on Domain / Email / Username. • Fetches information from multiple sources. • Works in passive mode, i.e. not a single packet is sent to the target. • Customized for Pen-testers / Product Security Guys / Cyber Investigators. • Available as command line as well as GUI.
  • 3. How it works Python Client Mongo Db Django Celery RabbitMQ
  • 4.
  • 5. Components • Python: all the logic. • MongoDB: Storing all files in json dicts. • Django: Web UI • Celery: Handles tasks thrown from UI, sends results back to UI. • RabbitMQ: Used by Celery for message queuing.
  • 6. Sources Email: Work History Social profiles Location Information Slides Scribd Documents Related Websites HaveIBeenPwned Enumerated Usernames  Domain: WhoIS DNS Records PunkSpider Wappalyzer Github Email Harvestor  Domain IP History Pagelinks Wikileaks Subdomains Links from Forums Passive SSL Scan ZoomEye Shodan Censys Username: Git Details Check username on various sites. Profile Pics –Output saved in $username directory Frequent Hashtags Interaction on Twitter.
  • 8. How it works? • Download from git (git clone or dowload) git clone https://github.com/upgoingstar/datasploit.git • pip install –r requirements.txt (includes django and celery • Instal MongoDb and RabbitMQ • Config.py holds API keys • domain_xyz.py – running stand alone scriptss. • domainOsint / emailOsint – automated OSINT
  • 11. Roadmap • Reverse image search • Intelligence on co-relating and validating a profile • Porting all modules to web UI. • Use graphical and visualization templates on UI. • Modules on Phone Number / IP Address / facebook api / git info extract / etc. • Design pluggable APIs structure. • Alerting based on a periodic regular OSINT scan. • Harvest file > Extract metadata > Map vulnerabilities. • OSINT Tutorials.
  • 12. How to Contribute • Test the tool (we have very bad dev skills, so you know ;)) • Write a module. Or Suggest a module. (we love feedbacks). • Use / Promote / Write about the tool. • Write OSINT blogs / tool walkthrough(s) / etc. • Report issues at https://github.com/upgoingstar/datasploit/issues • Send message via twitter to @datasploit
  • 13. Contributors. • Shubham Mittal (@upgoingstar) • Nutan Kumar Panda (@nutankumarpanda) • Susdhanshu (@sudhanshu_c) • Kunal (@KunalAggarwal92)
  • 14. Thanks View on GitHub Download .zip Download .tar.gz Follow @datasploit for OSINT news and latest updates.