OSINT and active reconaissance built into a web application
doxbox is a web application for OSINT and active reconaissance. It leverages various security tools and library APIs in order to conduct info-gathering and threat modeling. Built on top of Flask, it is perfect for self-hosting an instance during auditing.
doxbox currently utilizes Python 2.7.x due to various dependency clashes and depreciation.
Docker:
$ docker build -t doxbox .
$ docker run -d -p 5000:5000 doxbox
Manual:
$ git clone https://github.com/ex0dus-0x/doxbox && cd doxbox
$ # Initialize virtualenv if you wish
$ pip install -r requirements.txt
$ python run.py
Open config.py. Here, you will see all the environmental variables that the application utilizes. Three important fields you MUST be aware of if you plan to deploy to the web.
GOOGLEMAPS_API_KEY = "YOUR_API_KEY_HERE"
SECRET_KEY = 'SECRET_KEY_HERE'
GOOGLEMAPS_API_KEY denotes the Google Maps API Key. This is essential for the GeoIP module. You can obtain it here and change the variable accordingly.
SECRET_KEY is the private key utilized by WTForm's CSRF protection feature. If deployed, change it to your liking.
Comprehensive info-gathering database for target(s). Using this data, the tester will be able to effectively understand their target, which is a critical point in the attacker's kill chain.
- Secure database support, with delete and export (as
.csv) options
Collects geolocation information on public IP addresses, in order to gather data on physical location during the reconaissance stage of the killchain.
- Google Maps for accurate GeoIP visualization
- API endpoint support
Collections DNS information in the form of metadata, whether it be an address from a WHOIS lookup, or nameservers.
Send a pull request if you feel that anything should be changed, removed, optimized, etc. Issues are also great for reporting bugs.