OSINT Swiss Army Knife
Clone or download
Pull request Compare This branch is 4 commits ahead, 92 commits behind develop.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
config
.gitignore
.travis.yml
CONTRIBUTING.md
LICENSE
README.md
appveyor.yml
build.sh
gOSINT.go
git.go
pgp.go
pwnd.go
shodan.go
sourceSearch.go
telegram.go
utils.go

README.md

gOSINT Build Status Build status GitHub stars GitHub forks Twitter Go Report Card Codacy Badge

OSINT framework in Go

Take a look at the develop branch for more updates.

Introduction

gOSINT is a multiplatform OSINT Swiss army knife in Golang. If you want, feel free to contribute and/or leave a feedback!

Like my project? Please consider donation :)

Paypal Badge BTC Badge Monero Badge Ethereum Badge

What gOSINT can do

  • Find mails from git repository
  • Find Dumps for mail address
  • Search for mail address linked to domain/mail address in PGP keyring
  • Search for mail address in source code
  • Retrieve Telegram Public Groups History
  • Retrieve info about hosts via shodan scan

Building on Linux

You can use the building script, just clone the directory and execute it

git clone https://github.com/Nhoya/gOSINT
./build.sh

The package will be installed in /usr/local/bin

You can then call gOSINT from command line

$ gOSINT --help

Manual Building on Linux

Dependecies

Before building gOSINT manually you need to solve the dependencies:

go get "github.com/deckarep/golang-set"
go get "github.com/nhoya/goPwned"
go get "github.com/jessevdk/go-flags"
go get "gopkg.in/src-d/go-git.v4"
go get "github.com/jaytaylor/html2text"
go get "gopkg.in/ns3777k/go-shodan.v2/shodan"

git clone https://github.com/Nhoya/gOSINT && cd gOSINT && go build

Binaries for Windows

Check the AppVeyor Build page for builds

Modules

Currently gOSINT has different modules:

  • git support for mail retriving (using github API, bitbucket API or RAW clone and search)
  • Search for mails in PGP Server
  • https://haveibeenpwned.com/ search for mail in databreach
  • Retrieve Telegram Public Group Messages
  • Search for mail address in source
  • https://shodan.io search
  • Social Media search
  • Search Engine search

Usage

Usage:
  gOSINT [OPTIONS]

Application Options:
  -m, --module=[pgp|pwnd|git|plainSearch|telegram|shodan] Specify module
  -v, --version                                           Print version
      --url=                                              Specify target URL
      --gitAPI=[github|bitbucket]                         Specify git website API to use (for git module,optional)
  -c, --clone                                             Enable clone function for plainSearch module (need to specify repo URL)
      --mail=                                             Specify mail target (for pgp and pwnd module)
      --grace=                                            Specify telegram messages grace period (default: 15)
  -g, --tgroup=                                           Specify Telegram group/channel name
  -s, --tgstart=                                          Specify first message to scrape
  -e, --tgend=                                            Specify last message to scrape
      --dumpfile                                          Create and resume messages from dumpfile
      --ask-confirmation                                  Ask confirmation before adding mail to set (for plainSearch module)
  -p, --path=                                             Specify target path (for plainSearch module)
  -t, --target=                                           Specify shodan target host
      --newscan                                           Ask shodan for a new scan (-1 Scan credit)
      --honeypot                                          Check Honeypot probability
  -f, --full                                              Make deep search using linked modules

Help Options:
  -h, --help                                              Show this help message

Configuration file

The configuration file is in $HOME/.config/gOSINT.conf

If some API Keys are missing insert it there

PGP module Demo

asciicast

Pwnd module Demo

asciicast

Telegram Crawler Demo

asciicast

Shodan module Demo

asciicast

Examples

Currently gOSINT supports the following actions:

gOSINT -m git --url=[RepoURL] --gitAPI [github|bitbucket] (optional)

retrieve mail from git commits

gOSINT -m git --url [RepoURL] --gitAPI [github|bitbucket] (optional) -f

pass the result to pgp search and pwnd module

gOSINT -m pwnd --mail [targetMail]

search for breaches where targetMail is preset

gOSINT -m pgp --mail [targetMail]

search for others mail in PGP Server

gOSINT -m pgp --mail [targetMail] -f

pass the result to haveibeenpwn module

gOSINT -m sourceSerch --path [targetDirectory]

search for mails in source code (recursively)

gOSINT -m sourceSearh --path [targetDirectory] --ask-confirmation

ask confirmation before adding mail to search results

gOSINT -m sourceSearch --path [targetDirectory] -f

pass the result to pgp search and haveibeenpwnd modules

gOSINT -m sourceSearch --clone --url [targetRepository]

clone and search mail in repository source

gOSINT -m sourceSearch --clone --url [targetRepository] -f

pass the resoult to pgp search and haveibeenpwnd modules

gOSINT -m sourceSearch --clone --url [targetRepository] --ask-confirmation

ask confirmation before adding mail to search results

gOSINT -m telegram --tgroup | -g [PublicGroupName]

retrieve message history for telegram public group

gOSINT -m telegram --tgroup | -g [PublicGroupName] --dumpfile

the output will be stored in a file, if the file is already populated it will resume from the last ID

gOSINT -m telegram --tgroup | -g [PublicGroupName] --dumpfile -s [masageID] -e [messageID]

Set start and end messages for scraping

gOSINT -m shodan -t [HOST IP]

Get Shodan services report for Host

gOSINT -m shodan -t [HOST IP] --honeypot

Start Shodan service report for host and honeypot probability

gOSINT -m shodan -t [HOST IP] --newscan

Send request for new shodan scan (1 scan credit will be removed)