mirror of https://github.com/01-edu/public.git
CON-3040 feat(osint-master) remake the passive project subject
This commit is contained in:
parent
bf0e6e8876
commit
94dc18d7c7
|
@ -0,0 +1,164 @@
|
||||||
|
## OSINTMaster
|
||||||
|
|
||||||
|
<center>
|
||||||
|
<img src="./resources/osint-meme.png?raw=true" style = "width: 673px !important; height: 439px !important;"/>
|
||||||
|
</center>
|
||||||
|
|
||||||
|
### Introduction:
|
||||||
|
Open-source intelligence (OSINT) is a key component of cybersecurity, providing valuable insights into potential vulnerabilities and security risks. This project involves creating a tool that performs comprehensive passive reconnaissance using publicly available data.
|
||||||
|
|
||||||
|
### Objective:
|
||||||
|
The goal is to build a multi-functions tool capable of retrieving detailed information based on user inputs such as `Full names`, `IP addresses`, `usernames`, and `domains`. This project will enhance your skills in data analysis, ethical considerations, and the use of various cybersecurity tools and APIs.
|
||||||
|
|
||||||
|
By completing this project, You will:
|
||||||
|
- Develop an understanding of OSINT techniques and their applications.
|
||||||
|
- Gain practical experience in programming, API integration, and data handling.
|
||||||
|
- Learn to identify and mitigate security risks, including subdomain takeovers.
|
||||||
|
- Understand the ethical and legal implications of cybersecurity practices.
|
||||||
|
|
||||||
|
### Resources
|
||||||
|
Some useful resources:
|
||||||
|
[Open-source intelligence](https://en.wikipedia.org/wiki/Open-source_intelligence)
|
||||||
|
[Doxing](https://en.wikipedia.org/wiki/Doxing)
|
||||||
|
[Kali Tools - Recon](https://en.kali.tools/all/?category=recon)
|
||||||
|
[OSINT Tools on GitHub](https://github.com/topics/osint-tools)
|
||||||
|
|
||||||
|
Before asking help, ask yourself if you have really thought about all the possibilities.
|
||||||
|
|
||||||
|
### Role play
|
||||||
|
To enhance the learning experience and assess your knowledge, a role play question session will be included as part of this project.
|
||||||
|
This section will involve answering a series of questions in a simulated real-world scenario where you assume the role of a Cyber Security Expert explaining how to protect information from OSINT techniques to a team or stakeholder.
|
||||||
|
|
||||||
|
The goal of the role play question session is to:
|
||||||
|
|
||||||
|
- Assess your understanding of OSINT risks and mitigation strategies.
|
||||||
|
- Test your ability to communicate effectively and explain security measures related to this project.
|
||||||
|
- Challenge you to think critically about the importance of information security and consider alternative approaches.
|
||||||
|
- Explain what subdomain takeovers are.
|
||||||
|
|
||||||
|
Prepare for a role play question session in the audit.
|
||||||
|
|
||||||
|
### Project Requirements
|
||||||
|
#### Input Handling:
|
||||||
|
The tool should accept the following inputs: `Full Name`, `IP Address`, `Username`, and `Domain`.
|
||||||
|
|
||||||
|
#### Information Retrieval:
|
||||||
|
- Full Name:
|
||||||
|
Parse the input to extract "First Name" and "Last Name".
|
||||||
|
Look up associated information such as phone numbers, addresses, and social media profiles using directory APIs or web scraping.
|
||||||
|
|
||||||
|
- IP Address:
|
||||||
|
Retrieve geolocation data, ISP details, and check for any historical data associated with the IP (e.g., from abuse databases).
|
||||||
|
|
||||||
|
- Username:
|
||||||
|
Check for the presence of the username on at least five known social networks and public repositories.
|
||||||
|
Retrieve public profile information, such as profile bio, activity status, and follower count.
|
||||||
|
|
||||||
|
- Domain and Subdomain Enumeration:
|
||||||
|
Enumerate subdomains and gather information including IP addresses, SSL certificate details, and potential vulnerabilities.
|
||||||
|
Identify potential subdomain takeover risks by analyzing DNS records and associated resources.
|
||||||
|
|
||||||
|
#### Subdomain Takeover Detection:
|
||||||
|
Detect and report any subdomains pointing to potentially unclaimed or deprecated resources, indicating a risk of takeover.
|
||||||
|
|
||||||
|
#### Output Management:
|
||||||
|
Store the results in a well-organized file format.
|
||||||
|
|
||||||
|
### Usage Examples
|
||||||
|
|
||||||
|
#### Command Line Interface:
|
||||||
|
```sh
|
||||||
|
$> osintmaster --help
|
||||||
|
|
||||||
|
Welcome to osintmaster multi-function Tool
|
||||||
|
|
||||||
|
OPTIONS:
|
||||||
|
-n "Full Name" Search information by full name
|
||||||
|
-i "IP Address" Search information by IP address
|
||||||
|
-u "Username" Search information by username
|
||||||
|
-d "Domain" Enumerate subdomains and check for takeover risks
|
||||||
|
-o "FileName" File name to save output
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Example Outputs:
|
||||||
|
```sh
|
||||||
|
$> osintmaster -n "FNAME LNAME" -o result1.txt
|
||||||
|
First name: FNAME
|
||||||
|
Last name: LNAME
|
||||||
|
Phone Number: +1234567890
|
||||||
|
Address: Address123, CITY, COUNTRY-CODE
|
||||||
|
LinkedIn: linkedin.com/in/XX.XX
|
||||||
|
Facebook: facebook.com/XX.XX
|
||||||
|
Data Saved in result1.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
#### IP Address:
|
||||||
|
```sh
|
||||||
|
$> osintmaster -i 8.8.8.8 -o result2.txt
|
||||||
|
ISP: Google LLC
|
||||||
|
City: Mountain View
|
||||||
|
Country: COUNTRY
|
||||||
|
ASN: 15169
|
||||||
|
Known Issues: No reported abuse
|
||||||
|
Data Saved in result2.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Username:
|
||||||
|
```sh
|
||||||
|
$> osintmaster -u "@username" -o result3.txt
|
||||||
|
Facebook: Found
|
||||||
|
Twitter: Found
|
||||||
|
LinkedIn: Found
|
||||||
|
Instagram: Not Found
|
||||||
|
GitHub: Found
|
||||||
|
Recent Activity: Active on GitHub, last post 1 days ago
|
||||||
|
Data Saved in result3.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Domain and Subdomain Enumeration:
|
||||||
|
```sh
|
||||||
|
$> osintmaster -d "example.com" -o result4.txt
|
||||||
|
Main Domain: example.com
|
||||||
|
|
||||||
|
Subdomains found: 3
|
||||||
|
- www.example.com (IP: 123.123.123.123)
|
||||||
|
SSL Certificate: Valid until 2030-03-01
|
||||||
|
- mail.example.com (IP: 123.123.123.123)
|
||||||
|
SSL Certificate: Valid until 2030-03-01
|
||||||
|
- test.example.com (IP: 123.123.123.123)
|
||||||
|
SSL Certificate: Not found
|
||||||
|
|
||||||
|
Potential Subdomain Takeover Risks:
|
||||||
|
- Subdomain: test.example.com
|
||||||
|
CNAME record points to a non-existent AWS S3 bucket
|
||||||
|
Recommended Action: Remove or update the DNS record to prevent potential misuse
|
||||||
|
|
||||||
|
Data saved in result4.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
### Bonus
|
||||||
|
If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
|
||||||
|
|
||||||
|
- User Interface: Develop a graphical user interface (GUI) for better user accessibility.
|
||||||
|
- PDF Generation: Add a feature to generate your OSINT result as PDF files.
|
||||||
|
|
||||||
|
Challenge yourself!
|
||||||
|
|
||||||
|
### Documentation
|
||||||
|
Create a `README.md` file that provides comprehensive documentation for your tool (prerequisites, setup, configuration, usage, ...). This file must be submitted as part of the solution for the project.
|
||||||
|
|
||||||
|
### Ethical and Legal Considerations
|
||||||
|
- Get Permission: Always obtain explicit permission before gathering information.
|
||||||
|
- Respect Privacy: Collect only necessary data and store it securely.
|
||||||
|
- Follow Laws: Adhere to relevant laws such as GDPR and CFAA.
|
||||||
|
- Report Responsibly: Privately notify affected parties of any vulnerabilities.
|
||||||
|
- Educational Use Only: Use this tool and techniques solely for learning and improving security.
|
||||||
|
|
||||||
|
> ⚠️ Disclaimer: This project is for educational purposes only. Ensure all activities comply with legal and ethical standards. The institution is not responsible for misuse of the techniques and tools demonstrated.
|
||||||
|
|
||||||
|
### Submission and audit
|
||||||
|
Upon completing this project, you should submit the following:
|
||||||
|
|
||||||
|
- Your documentation in the `README.md` file.
|
||||||
|
- The Source code of your tool.
|
||||||
|
- Any required files to run your tool.
|
Binary file not shown.
After Width: | Height: | Size: 244 KiB |
|
@ -1,78 +0,0 @@
|
||||||
# Passive
|
|
||||||
|
|
||||||
### Introduction
|
|
||||||
|
|
||||||
Information gathering is one of the most important steps during a pentest, it can be considered the longest step.
|
|
||||||
|
|
||||||
### Objective
|
|
||||||
|
|
||||||
The goal of this project is for you to become more comfortable with open source investigative methods
|
|
||||||
|
|
||||||
### Advice
|
|
||||||
|
|
||||||
Before asking help, ask yourself if you have really thought about all the possibilities.
|
|
||||||
https://en.kali.tools/all/?category=recon
|
|
||||||
https://github.com/topics/osint-tools
|
|
||||||
https://en.wikipedia.org/wiki/Open-source_intelligence
|
|
||||||
https://en.wikipedia.org/wiki/Doxing
|
|
||||||
|
|
||||||
### Guidelines
|
|
||||||
|
|
||||||
You are going here to create your first passive recognition tool, you have the choice of language, however your program will have to recognize the information entered (FULL NAME, IP, @login).
|
|
||||||
|
|
||||||
For the case of the full name, it will have to recognize the entry: "Last name" and "First name", and then look in the directories for the telephone number and the address.
|
|
||||||
|
|
||||||
If it is the IP address, your tool should display at least the city and the name of the internet service provider.
|
|
||||||
|
|
||||||
If it is a username, your tool will have to check if this username is used in at least 5 known social networks.
|
|
||||||
|
|
||||||
The result should be stored in a result.txt file (result2.txt if the file already exists)
|
|
||||||
|
|
||||||
### Bonus
|
|
||||||
|
|
||||||
You can add more API features
|
|
||||||
|
|
||||||
### Usage
|
|
||||||
|
|
||||||
```
|
|
||||||
$> passive --help
|
|
||||||
|
|
||||||
Welcome to passive v1.0.0
|
|
||||||
|
|
||||||
OPTIONS:
|
|
||||||
-fn Search with full-name
|
|
||||||
-ip Search with ip address
|
|
||||||
-u Search with username
|
|
||||||
|
|
||||||
$> passive -fn "Jean Dupont"
|
|
||||||
First name: Jean
|
|
||||||
Last name: Dupont
|
|
||||||
Address: 7 rue du Progrès
|
|
||||||
75016 Paris
|
|
||||||
Number: +33601010101
|
|
||||||
Saved in result.txt
|
|
||||||
|
|
||||||
$> passive -ip 127.0.0.1
|
|
||||||
ISP: FSociety, S.A.
|
|
||||||
City Lat/Lon: (13.731) / (-1.1373)
|
|
||||||
Saved in result2.txt
|
|
||||||
|
|
||||||
$> passive -u "@user01"
|
|
||||||
Facebook : yes
|
|
||||||
Twitter : yes
|
|
||||||
Linkedin : yes
|
|
||||||
Instagram : no
|
|
||||||
Skype : yes
|
|
||||||
Saved in result3.txt
|
|
||||||
```
|
|
||||||
|
|
||||||
### Submission and audit
|
|
||||||
|
|
||||||
Files that must be inside your repository:
|
|
||||||
|
|
||||||
- Your program source code.
|
|
||||||
- A README.md file, which clearly explains how to use the program.
|
|
||||||
|
|
||||||
Don’t hesitate to double-check the names of your folders and files to ensure they are correct!
|
|
||||||
|
|
||||||
> ⚠️ These methods and tools are for educational purposes only, so that you have a better understanding of how to protect against similar vulnerabilities. You must ensure that you do not attempt any exploit-type activity without the explicit permission of the owner of the machine, system or application. Failure to obtain permission risks breaking the law.
|
|
|
@ -1,39 +0,0 @@
|
||||||
#### General
|
|
||||||
|
|
||||||
###### Is the student able to explain clearly the used investigative methods?
|
|
||||||
|
|
||||||
###### Is the student able to explain clearly what OSINT means?
|
|
||||||
|
|
||||||
###### Is the student able to explain clearly how his program works?
|
|
||||||
|
|
||||||
##### Check the Repo content
|
|
||||||
|
|
||||||
Files that must be inside your repository:
|
|
||||||
|
|
||||||
- Your program source code.
|
|
||||||
|
|
||||||
- A README.md file, which clearly explains how to use the program.
|
|
||||||
|
|
||||||
###### Are the required files present?
|
|
||||||
|
|
||||||
##### Ask the student to present his program to you by doing 3 tests
|
|
||||||
|
|
||||||
###### Is the information entered as an argument a full name, an IP address, and a username?
|
|
||||||
|
|
||||||
##### Try flag "-fn" with the following command `passive -fn "Jean Dupont"`
|
|
||||||
|
|
||||||
###### Does the program display the address, and the telephone number for the full name entered?
|
|
||||||
|
|
||||||
##### Try flag "-ip" with the following command `passive -ip 127.0.0.1`
|
|
||||||
|
|
||||||
###### Does the program display the ISP, and position for the entered IP address?
|
|
||||||
|
|
||||||
##### Try flag "-u" with the following command `passive -u "@user01"`
|
|
||||||
|
|
||||||
###### Does the program check if the user entered is present in is present in at least 5 social networks?
|
|
||||||
|
|
||||||
###### Does the program retrieve this information from a public source?
|
|
||||||
|
|
||||||
###### Does the program save the result of each command in a result.txt file?
|
|
||||||
|
|
||||||
###### If the result.txt file already exists is a new file created?
|
|
Loading…
Reference in New Issue