CON-3040 feat(osint-master) remake the passive project subject

2024-08-03 15:13:10 +03:00 · 2024-08-03 15:13:10 +03:00 · 94dc18d7c7
parent bf0e6e8876
commit 94dc18d7c7
5 changed files with 164 additions and 117 deletions
--- a/subjects/cybersecurity/osint-master/README.md
+++ b/subjects/cybersecurity/osint-master/README.md
@ -0,0 +1,164 @@
+## OSINTMaster
+
+<center>
+<img src="./resources/osint-meme.png?raw=true" style = "width: 673px !important; height: 439px !important;"/>
+</center>
+
+### Introduction:
+Open-source intelligence (OSINT) is a key component of cybersecurity, providing valuable insights into potential vulnerabilities and security risks. This project involves creating a tool that performs comprehensive passive reconnaissance using publicly available data.
+
+### Objective:
+The goal is to build a multi-functions tool capable of retrieving detailed information based on user inputs such as `Full names`, `IP addresses`, `usernames`, and `domains`. This project will enhance your skills in data analysis, ethical considerations, and the use of various cybersecurity tools and APIs.
+
+By completing this project, You will:
+- Develop an understanding of OSINT techniques and their applications.
+- Gain practical experience in programming, API integration, and data handling.
+- Learn to identify and mitigate security risks, including subdomain takeovers.
+- Understand the ethical and legal implications of cybersecurity practices.
+
+### Resources
+Some useful resources:
+[Open-source intelligence](https://en.wikipedia.org/wiki/Open-source_intelligence)
+[Doxing](https://en.wikipedia.org/wiki/Doxing)
+[Kali Tools - Recon](https://en.kali.tools/all/?category=recon)
+[OSINT Tools on GitHub](https://github.com/topics/osint-tools)
+
+Before asking help, ask yourself if you have really thought about all the possibilities.
+
+### Role play
+To enhance the learning experience and assess your knowledge, a role play question session will be included as part of this project.
+This section will involve answering a series of questions in a simulated real-world scenario where you assume the role of a Cyber Security Expert explaining how to protect information from OSINT techniques to a team or stakeholder.
+
+The goal of the role play question session is to:
+
+- Assess your understanding of OSINT risks and mitigation strategies.
+- Test your ability to communicate effectively and explain security measures related to this project.
+- Challenge you to think critically about the importance of information security and consider alternative approaches.
+- Explain what subdomain takeovers are.
+
+Prepare for a role play question session in the audit.
+
+### Project Requirements
+#### Input Handling:
+The tool should accept the following inputs: `Full Name`, `IP Address`, `Username`, and `Domain`.
+
+#### Information Retrieval:
+- Full Name:
+Parse the input to extract "First Name" and "Last Name".
+Look up associated information such as phone numbers, addresses, and social media profiles using directory APIs or web scraping.
+
+- IP Address:
+Retrieve geolocation data, ISP details, and check for any historical data associated with the IP (e.g., from abuse databases).
+
+- Username:
+Check for the presence of the username on at least five known social networks and public repositories.
+Retrieve public profile information, such as profile bio, activity status, and follower count.
+
+- Domain and Subdomain Enumeration:
+Enumerate subdomains and gather information including IP addresses, SSL certificate details, and potential vulnerabilities.
+Identify potential subdomain takeover risks by analyzing DNS records and associated resources.
+
+#### Subdomain Takeover Detection:
+Detect and report any subdomains pointing to potentially unclaimed or deprecated resources, indicating a risk of takeover.
+
+#### Output Management:
+Store the results in a well-organized file format.
+
+### Usage Examples
+
+#### Command Line Interface:
+```sh
+$> osintmaster --help
+
+Welcome to osintmaster multi-function Tool
+
+OPTIONS:
+    -n  "Full Name"        Search information by full name
+    -i  "IP Address"       Search information by IP address
+    -u  "Username"         Search information by username
+    -d  "Domain"           Enumerate subdomains and check for takeover risks
+    -o  "FileName"         File name to save output
+```
+
+#### Example Outputs:
+```sh
+$> osintmaster -n "FNAME LNAME" -o result1.txt
+First name: FNAME
+Last name: LNAME
+Phone Number: +1234567890
+Address: Address123, CITY, COUNTRY-CODE
+LinkedIn: linkedin.com/in/XX.XX
+Facebook: facebook.com/XX.XX
+Data Saved in result1.txt
+```
+
+#### IP Address:
+```sh
+$> osintmaster -i 8.8.8.8 -o result2.txt
+ISP: Google LLC
+City: Mountain View
+Country: COUNTRY
+ASN: 15169
+Known Issues: No reported abuse
+Data Saved in result2.txt
+```
+
+#### Username:
+```sh
+$> osintmaster -u "@username" -o result3.txt
+Facebook: Found
+Twitter: Found
+LinkedIn: Found
+Instagram: Not Found
+GitHub: Found
+Recent Activity: Active on GitHub, last post 1 days ago
+Data Saved in result3.txt
+```
+
+#### Domain and Subdomain Enumeration:
+```sh
+$> osintmaster -d "example.com" -o result4.txt
+Main Domain: example.com
+
+Subdomains found: 3
+  - www.example.com (IP: 123.123.123.123)
+    SSL Certificate: Valid until 2030-03-01
+  - mail.example.com (IP: 123.123.123.123)
+    SSL Certificate: Valid until 2030-03-01
+  - test.example.com (IP: 123.123.123.123)
+    SSL Certificate: Not found
+
+Potential Subdomain Takeover Risks:
+  - Subdomain: test.example.com
+    CNAME record points to a non-existent AWS S3 bucket
+    Recommended Action: Remove or update the DNS record to prevent potential misuse
+
+Data saved in result4.txt
+```
+
+### Bonus
+If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
+
+- User Interface: Develop a graphical user interface (GUI) for better user accessibility.
+- PDF Generation: Add a feature to generate your OSINT result as PDF files.
+
+Challenge yourself!
+
+### Documentation
+Create a `README.md` file that provides comprehensive documentation for your tool (prerequisites, setup, configuration, usage, ...). This file must be submitted as part of the solution for the project.
+
+### Ethical and Legal Considerations
+- Get Permission: Always obtain explicit permission before gathering information.
+- Respect Privacy: Collect only necessary data and store it securely.
+- Follow Laws: Adhere to relevant laws such as GDPR and CFAA.
+- Report Responsibly: Privately notify affected parties of any vulnerabilities.
+- Educational Use Only: Use this tool and techniques solely for learning and improving security.
+
+> ⚠️ Disclaimer: This project is for educational purposes only. Ensure all activities comply with legal and ethical standards. The institution is not responsible for misuse of the techniques and tools demonstrated.
+
+### Submission and audit
+Upon completing this project, you should submit the following:
+
+- Your documentation in the `README.md` file.
+- The Source code of your tool.
+- Any required files to run your tool.
--- a/subjects/cybersecurity/osint-master/audit/README.md
+++ b/subjects/cybersecurity/osint-master/audit/README.md
--- a/subjects/cybersecurity/osint-master/resources/osint-meme.png
+++ b/subjects/cybersecurity/osint-master/resources/osint-meme.png
--- a/subjects/cybersecurity/passive/README.md
+++ b/subjects/cybersecurity/passive/README.md
@ -1,78 +0,0 @@
-# Passive
-
-### Introduction
-
-Information gathering is one of the most important steps during a pentest, it can be considered the longest step.
-
-### Objective
-
-The goal of this project is for you to become more comfortable with open source investigative methods
-
-### Advice
-
-Before asking help, ask yourself if you have really thought about all the possibilities.  
-https://en.kali.tools/all/?category=recon  
-https://github.com/topics/osint-tools  
-https://en.wikipedia.org/wiki/Open-source_intelligence  
-https://en.wikipedia.org/wiki/Doxing
-
-### Guidelines
-
-You are going here to create your first passive recognition tool, you have the choice of language, however your program will have to recognize the information entered (FULL NAME, IP, @login).
-
-For the case of the full name, it will have to recognize the entry: "Last name" and "First name", and then look in the directories for the telephone number and the address.
-
-If it is the IP address, your tool should display at least the city and the name of the internet service provider.
-
-If it is a username, your tool will have to check if this username is used in at least 5 known social networks.
-
-The result should be stored in a result.txt file (result2.txt if the file already exists)
-
-### Bonus
-
-You can add more API features
-
-### Usage
-
-```
-$> passive --help
-
-Welcome to passive v1.0.0
-
-OPTIONS:
-    -fn         Search with full-name
-    -ip         Search with ip address
-    -u          Search with username
-
-$> passive -fn "Jean Dupont"
-First name: Jean
-Last name: Dupont
-Address: 7 rue du Progrès
-75016 Paris
-Number: +33601010101
-Saved in result.txt
-
-$> passive -ip 127.0.0.1
-ISP: FSociety, S.A.
-City Lat/Lon:	(13.731) / (-1.1373)
-Saved in result2.txt
-
-$> passive -u "@user01"
-Facebook : yes
-Twitter : yes
-Linkedin : yes
-Instagram : no
-Skype : yes
-Saved in result3.txt
-```
-
-### Submission and audit
-
-Files that must be inside your repository:
-
- Your program source code.
- A README.md file, which clearly explains how to use the program.
-
-Don’t hesitate to double-check the names of your folders and files to ensure they are correct!
-
-> ⚠️ These methods and tools are for educational purposes only, so that you have a better understanding of how to protect against similar vulnerabilities. You must ensure that you do not attempt any exploit-type activity without the explicit permission of the owner of the machine, system or application. Failure to obtain permission risks breaking the law.
--- a/subjects/cybersecurity/passive/audit/README.md
+++ b/subjects/cybersecurity/passive/audit/README.md
@ -1,39 +0,0 @@
-#### General
-
-###### Is the student able to explain clearly the used investigative methods?
-
-###### Is the student able to explain clearly what OSINT means?
-
-###### Is the student able to explain clearly how his program works?
-
-##### Check the Repo content
-
-Files that must be inside your repository:
-
- Your program source code.
-
- A README.md file, which clearly explains how to use the program.
-
-###### Are the required files present?
-
-##### Ask the student to present his program to you by doing 3 tests
-
-###### Is the information entered as an argument a full name, an IP address, and a username?
-
-##### Try flag "-fn" with the following command `passive -fn "Jean Dupont"`
-
-###### Does the program display the address, and the telephone number for the full name entered?
-
-##### Try flag "-ip" with the following command `passive -ip 127.0.0.1`
-
-###### Does the program display the ISP, and position for the entered IP address?
-
-##### Try flag "-u" with the following command `passive -u "@user01"`
-
-###### Does the program check if the user entered is present in is present in at least 5 social networks?
-
-###### Does the program retrieve this information from a public source?
-
-###### Does the program save the result of each command in a result.txt file?
-
-###### If the result.txt file already exists is a new file created?