Passive recon / OSINT automation script:
- Runs passive recon tools specified in config file given a TLD
- Extracts email addresses, IP addresses, and DNS names from tool output using regex
- Queries various OSINT sites specified in config file for TLD and saves result to specified format (default pdf)
- Runs additional recon tools and website queries on IPs and DNS names found from initial TLD analysis
- All identified domains, emails, ip addresses, dns names, and tool run history / output stored in sqlite database
- Aggressive mode can be enabled for running non-passive tests on discovered hosts (e.g. screenshot and spider a website)
By default, the application runs in interactive mode allowing the user to select a project name / output directory as well as add multiple TLDs for analysis before executing scripted tasks. Optionally, a single domain can be specified as a command line parameter to immediately create a new project and execute the scripted tasks against that domain upon launch.
All scan parameters are pulled from config files so multiple configurations can be developed and specified with the -c flag. An example config file (default.example) is included and will be copied into the default path (default.cfg) upon initial launch.
Please feel free to submit PR for bugfixes or additional tools/sites/regex for default config file - any feedback, input, or improvement is greatly appreciated!
Script tested on Kali Linux as well as OSX and should function on UNIX-based systems with required dependencies.
Python Module Dependencies:
- pyPdf (installed on Kali Linux by default)
apt-get install python-elixir
- cutycapt (installed on Kali Linux by default)
Dependencies in default tool config file:
- webshag (installed by default on Kali 1.x but not 2.x)
apt-get install webshag
- Email domain filter currently only excludes emails not matching the active domain during TLD phase
- HTML index page to summarize all output
- Scrape cutycapt output for targets & emails (convert to text first?)
Matthew C. Jones, CPA, CISA, OSCP
IS Audits & Consulting, LLC - http://www.isaudits.com/
TJS Deemer Dana LLP - http://www.tjsdd.com/
Concept based upon functionality observed in the OSINT portion of the Kali Discover script by leebaird: https://github.com/leebaird/discover/
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.