From 77210d0220e79f7dba0790215d267dd7ce629afa Mon Sep 17 00:00:00 2001 From: ktx Date: Mon, 27 Nov 2017 22:05:54 +0100 Subject: [PATCH 1/7] Added Dockerfile and Docker README --- Dockerfile | 11 ++++++++ README.md | 82 +++++++++++++++++++----------------------------------- 2 files changed, 40 insertions(+), 53 deletions(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..5158e83f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,11 @@ +FROM python:2.7-slim + +WORKDIR /root +RUN apt-get update && apt-get install -y git +RUN git clone https://github.com/DataSploit/datasploit.git datasploit + +WORKDIR datasploit +RUN pip install -r requirements.txt +CMD python datasploit_config.py +ENTRYPOINT ["python", "datasploit.py"] +CMD ["--help"] \ No newline at end of file diff --git a/README.md b/README.md index a58fb051..100ff8ee 100644 --- a/README.md +++ b/README.md @@ -1,64 +1,40 @@ -[![ToolsWatch Best Tools](https://www.toolswatch.org/badges/toptools/2016.svg)](http://www.toolswatch.org/2017/02/2016-top-security-tools-as-voted-by-toolswatch-org-readers/) +# Datasploit -[![Arsenal-2017-EU](https://rawgit.com/toolswatch/badges/master/arsenal/2017.svg)](http://www.toolswatch.org/2017/09/black-hat-arsenal-europe-2017-lineup/) - EUROPE +## Source -[![Arsenal-2017-US](https://rawgit.com/toolswatch/badges/master/arsenal/2017.svg)](http://www.toolswatch.org/2017/06/the-black-hat-arsenal-usa-2017-phenomenal-line-up-announced/) - USA +https://github.com/DataSploit/datasploit -[![Arsenal-2017-ASIA](https://rawgit.com/toolswatch/badges/master/arsenal/2017.svg)](http://www.toolswatch.org/2017/02/the-black-hat-arsenal-asia-2017-great-line-up/) - ASIA +## Usage -[![Arsenal-2016-EU](https://www.toolswatch.org/badges/arsenal/2016.svg)](http://www.toolswatch.org/2016/09/the-black-hat-arsenal-europe-2016-line-up/) - EUROPE - -[![Arsenal-2016-US](https://www.toolswatch.org/badges/arsenal/2016.svg)](http://www.toolswatch.org/2016/06/the-black-hat-arsenal-usa-2016-remarkable-line-up/) - USA - -[![DEFCON 25 ReconVillage](https://img.shields.io/badge/DEFCON%2025-Recon%20Village-red.svg)](http://reconvillage.org/) [![DEFCON 24 Demolabs](https://img.shields.io/badge/DEFCON%2024-Demo%20Labs-red.svg)](https://www.defcon.org/html/defcon-24/dc-24-demolabs.html) - -[![Join Datasploit Slack](https://img.shields.io/badge/slack-open-e01563.svg)](http://datasploit.slack.com "Join our Slack community") - -[![Follow Datasploit on Twitter](https://img.shields.io/twitter/follow/datasploit.svg?style=social&label=Follow%20%40datasploit)](https://twitter.com/intent/user?screen_name=datasploit "Follow Datasploit on Twitter") - -# Overview of the tool: -* Performs OSINT on a domain / email / username / phone and find out information from different sources. -* Correlate and collaborate the results, show them in a consolidated manner. -* Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. related to the target. -* Use specific script / launch automated OSINT for consolidated data. -* Performs Active Scans on collected data. -* Generates HTML, JSON reports along with text files. - -## Basic Usage: +```bash +cd datasploit/ +docker build -t datasploit . +docker run -it datasploit:latest -i ``` - ____/ /____ _ / /_ ____ _ _____ ____ / /____ (_)/ /_ - / __ // __ `// __// __ `// ___// __ \ / // __ \ / // __/ - / /_/ // /_/ // /_ / /_/ /(__ )/ /_/ // // /_/ // // /_ - \__,_/ \__,_/ \__/ \__,_//____// .___//_/ \____//_/ \__/ - /_/ - - Open Source Assistant for #OSINT - website: www.datasploit.info - -Usage: domainOsint.py [options] - -Options: - -h, --help show this help message and exit - -d DOMAIN, --domain=DOMAIN Domain name against which automated Osint - is to be performed. - -``` +## Help -# Required Setup: -* Python 2.7 (because bunch of dependencies do not support Python 3.0) -* Bunch of python libraries (use requirements.txt) +```bash +usage: datasploit.py [-h] -i TARGET [-a] [-q] [-o OUTPUT] + ____/ /____ _ / /_ ____ _ _____ ____ / /____ (_)/ /_ + / __ // __ `// __// __ `// ___// __ \ / // __ \ / // __/ +/ /_/ // /_/ // /_ / /_/ /(__ )/ /_/ // // /_/ // // /_ +\__,_/ \__,_/ \__/ \__,_//____// .___//_/ \____//_/ \__/ + /_/ -## Detailed Tool Documentation: -> [https://datasploit.github.io/datasploit/](https://datasploit.github.io/datasploit/) + Open Source Assistant for #OSINT + www.datasploit.info -### Lead Developers -* Shubham Mittal - https://github.com/upgoingstar -* Sudhanshu Chauhan - https://github.com/sudhanshuc -* Kunal Aggarwal - https://github.com/KunalAggarwal +optional arguments: + -h, --help show this help message and exit + -i TARGET, --input TARGET + Provide Input + -a, --active Run Active Scan attacks + -q, --quiet Run scans in automated manner accepting default + answers + -o OUTPUT, --output OUTPUT + Provide Destination Directory -### Social Media -* [Official Website](https://datasploit.github.io/datasploit/) -* [Twitter](https://twitter.com/datasploit) -* [Facebook](https://facebook.com/datasploit) + Connect at Social Media: @datasploit +``` \ No newline at end of file From 6083a52aeb337e363dfea1b8ba0bee0edb2dc380 Mon Sep 17 00:00:00 2001 From: ktx Date: Mon, 27 Nov 2017 22:08:28 +0100 Subject: [PATCH 2/7] Rename README.md to Dockerfile_README.md --- README.md => Dockerfile_README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename README.md => Dockerfile_README.md (99%) diff --git a/README.md b/Dockerfile_README.md similarity index 99% rename from README.md rename to Dockerfile_README.md index 100ff8ee..47a1dc5c 100644 --- a/README.md +++ b/Dockerfile_README.md @@ -37,4 +37,4 @@ optional arguments: Provide Destination Directory Connect at Social Media: @datasploit -``` \ No newline at end of file +``` From f5b0c5619b25d8bc754bd91592f2d58eb9933ab3 Mon Sep 17 00:00:00 2001 From: ktx Date: Mon, 27 Nov 2017 22:10:21 +0100 Subject: [PATCH 3/7] Restored all README Dockerfile documentation is in Dockerfile_README.md. --- README.md | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 00000000..a58fb051 --- /dev/null +++ b/README.md @@ -0,0 +1,64 @@ +[![ToolsWatch Best Tools](https://www.toolswatch.org/badges/toptools/2016.svg)](http://www.toolswatch.org/2017/02/2016-top-security-tools-as-voted-by-toolswatch-org-readers/) + +[![Arsenal-2017-EU](https://rawgit.com/toolswatch/badges/master/arsenal/2017.svg)](http://www.toolswatch.org/2017/09/black-hat-arsenal-europe-2017-lineup/) - EUROPE + +[![Arsenal-2017-US](https://rawgit.com/toolswatch/badges/master/arsenal/2017.svg)](http://www.toolswatch.org/2017/06/the-black-hat-arsenal-usa-2017-phenomenal-line-up-announced/) - USA + +[![Arsenal-2017-ASIA](https://rawgit.com/toolswatch/badges/master/arsenal/2017.svg)](http://www.toolswatch.org/2017/02/the-black-hat-arsenal-asia-2017-great-line-up/) - ASIA + +[![Arsenal-2016-EU](https://www.toolswatch.org/badges/arsenal/2016.svg)](http://www.toolswatch.org/2016/09/the-black-hat-arsenal-europe-2016-line-up/) - EUROPE + +[![Arsenal-2016-US](https://www.toolswatch.org/badges/arsenal/2016.svg)](http://www.toolswatch.org/2016/06/the-black-hat-arsenal-usa-2016-remarkable-line-up/) - USA + +[![DEFCON 25 ReconVillage](https://img.shields.io/badge/DEFCON%2025-Recon%20Village-red.svg)](http://reconvillage.org/) [![DEFCON 24 Demolabs](https://img.shields.io/badge/DEFCON%2024-Demo%20Labs-red.svg)](https://www.defcon.org/html/defcon-24/dc-24-demolabs.html) + +[![Join Datasploit Slack](https://img.shields.io/badge/slack-open-e01563.svg)](http://datasploit.slack.com "Join our Slack community") + +[![Follow Datasploit on Twitter](https://img.shields.io/twitter/follow/datasploit.svg?style=social&label=Follow%20%40datasploit)](https://twitter.com/intent/user?screen_name=datasploit "Follow Datasploit on Twitter") + +# Overview of the tool: +* Performs OSINT on a domain / email / username / phone and find out information from different sources. +* Correlate and collaborate the results, show them in a consolidated manner. +* Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. related to the target. +* Use specific script / launch automated OSINT for consolidated data. +* Performs Active Scans on collected data. +* Generates HTML, JSON reports along with text files. + +## Basic Usage: +``` + + ____/ /____ _ / /_ ____ _ _____ ____ / /____ (_)/ /_ + / __ // __ `// __// __ `// ___// __ \ / // __ \ / // __/ + / /_/ // /_/ // /_ / /_/ /(__ )/ /_/ // // /_/ // // /_ + \__,_/ \__,_/ \__/ \__,_//____// .___//_/ \____//_/ \__/ + /_/ + + Open Source Assistant for #OSINT + website: www.datasploit.info + +Usage: domainOsint.py [options] + +Options: + -h, --help show this help message and exit + -d DOMAIN, --domain=DOMAIN Domain name against which automated Osint + is to be performed. + +``` + +# Required Setup: +* Python 2.7 (because bunch of dependencies do not support Python 3.0) +* Bunch of python libraries (use requirements.txt) + + +## Detailed Tool Documentation: +> [https://datasploit.github.io/datasploit/](https://datasploit.github.io/datasploit/) + +### Lead Developers +* Shubham Mittal - https://github.com/upgoingstar +* Sudhanshu Chauhan - https://github.com/sudhanshuc +* Kunal Aggarwal - https://github.com/KunalAggarwal + +### Social Media +* [Official Website](https://datasploit.github.io/datasploit/) +* [Twitter](https://twitter.com/datasploit) +* [Facebook](https://facebook.com/datasploit) From 76d4aa10e34d8fcb5f430acd2afb6fb91fdd8465 Mon Sep 17 00:00:00 2001 From: tmc Date: Wed, 29 Nov 2017 16:37:35 +0100 Subject: [PATCH 4/7] Added config.py COPY. Dockerfiles REQUIRES presence of a config.py to build. --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 5158e83f..f7739ef0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,7 @@ RUN apt-get update && apt-get install -y git RUN git clone https://github.com/DataSploit/datasploit.git datasploit WORKDIR datasploit +COPY config.py . RUN pip install -r requirements.txt CMD python datasploit_config.py ENTRYPOINT ["python", "datasploit.py"] From 9a30c9139b0ac97d0e91b981f658e2eab19bf205 Mon Sep 17 00:00:00 2001 From: tmc Date: Wed, 29 Nov 2017 17:11:09 +0100 Subject: [PATCH 5/7] Added config.py COPY. Dockerfiles REQUIRES presence of a config.py to build. --- Dockerfile_README.md | 1 + emails/email_snusbase.py | 73 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 emails/email_snusbase.py diff --git a/Dockerfile_README.md b/Dockerfile_README.md index 47a1dc5c..dbbce9f7 100644 --- a/Dockerfile_README.md +++ b/Dockerfile_README.md @@ -8,6 +8,7 @@ https://github.com/DataSploit/datasploit ```bash cd datasploit/ +touch config.py docker build -t datasploit . docker run -it datasploit:latest -i ``` diff --git a/emails/email_snusbase.py b/emails/email_snusbase.py new file mode 100644 index 00000000..9e123737 --- /dev/null +++ b/emails/email_snusbase.py @@ -0,0 +1,73 @@ +#!/usr/bin/env python + +import base +import config as cfg +import requests +import json +from termcolor import colored +import sys + +# Control whether the module is enabled or not +ENABLED = True +class style: + BOLD = '\033[1m' + END = '\033[0m' + + +def banner(): + print colored('\n---> Checking snusbase database leak\n', "blue") + pass + +def snusbaseemailsearch(email): + + url = cfg.snusbase_secret_url + payload = {"type": "email", "term": email} + headers = { + 'Authorization': cfg.snusbase_token, + } + response = requests.request("POST", url, data=payload, headers=headers) + return response.content + +def main(email): + # Use the email variable to do some stuff and return the data + if cfg.snusbase_secret_url != "" and cfg.snusbase_token != "": + return json.loads(snusbaseemailsearch(email)) + else: + return [False, "INVALID_API"] + print email + return [] + + +def output(data, email=""): + if data["result"]: + for res in data["result"]: + print colored("---------------------", "yellow") + # Colour result if password is present + if res["password"]: + print colored("email: %s", "green") % res["email"] + print colored("password: %s", "green") % res["password"] + else: + print "email: %s" % res["email"] + print "password: %s" % res["password"] + # Print only if present + if res["username"]: + print "username: %s" % res["username"] + if res["hash"]: + print "hash: %s" % res["hash"] + print "salt: %s" % res["salt"] + print colored("\nFound %s results\n", "blue") % data["result_size"] + + else: + print "\n--- No data found in snusbase ---\n" + return + + +if __name__ == "__main__": + try: + email = sys.argv[1] + banner() + result = main(email) + output(result, email) + except Exception as e: + print e + print "Please provide an email as argument" From ecfce08c7baa6c036ee7ecc64c27d405eda65730 Mon Sep 17 00:00:00 2001 From: tmc Date: Wed, 29 Nov 2017 17:16:40 +0100 Subject: [PATCH 6/7] Added snusbase lookup email module --- emails/email_snusbase.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/emails/email_snusbase.py b/emails/email_snusbase.py index 9e123737..93ee6000 100644 --- a/emails/email_snusbase.py +++ b/emails/email_snusbase.py @@ -1,5 +1,10 @@ #!/usr/bin/env python +### Uses the snusbase.com API to query service for leaked accounts based on the email address +### API: snusbase.com +### Make sure your secret API url and token are saved in the config.py file +### Maintained by @khast3x + import base import config as cfg import requests From fb2e4f5c02a1b453799629403a1bd5020f10ab3f Mon Sep 17 00:00:00 2001 From: tmc Date: Wed, 29 Nov 2017 17:18:45 +0100 Subject: [PATCH 7/7] Added snusbase config parameters in config_sample --- config_sample.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config_sample.py b/config_sample.py index 621e3857..9e5ddf56 100755 --- a/config_sample.py +++ b/config_sample.py @@ -24,6 +24,8 @@ pwnedlist_api="" pwnedlist_iv="" pwnedlist_secret="" +snusbase_secret_url="" +snusbase_token="" spyonweb_access_token = "" twitter_consumer_key="" twitter_consumer_secret=""