Skip to content

The Long List of Tasks

Jump to bottom
matamorphosis edited this page Jan 30, 2022 · 55 revisions
Clone this wiki locally

Summary of Terms

The term plugin, module, and task are somewhat interchangeable terms, below is an explanation of the slight differences

  • Plugin: This refers to a python object that extends the functionality of Scrummage, which almost always relates to a single third-party website/API. This terms is interchangeable with module, which is the term used in many other OSINT platforms.
  • Task: A task is a function within the plugin that produces results in the Scrummage platform. A plugin can have multiple tasks within it; however, most Scrummage plugins only have a single task.

Configuration File Security Note (config.json)

Typically secure coding practices would advise against storing secrets in a plaintext file, so why on earth would we go against that? In this case it is tricky because there really is no "secure way" to prevent an attacker from accessing secrets stored on a web server. The only secure way would be to not store them at all, but then users have to supply API keys as part of their usage, every time they create a session their secrets would be wiped which is problematic. Still don't agree? Consider the following alternatives:

  • Symmetric Encryption: This option sounds good initially as secrets are stored in ciphertext. But a decent attacker would be able to break the encryption one way or another, and the easiest way of going about it would be to look at the source code of the web application to identify which encryption algorithm it uses, and the keys needed to perform the action would have to be stored somewhere else, which would almost certainly be accessible by the attacker, so it is therefore not secure but would add a minimal level of complexity. Additionally, for developers to contribute to this platform, they would need to ensure their plugins handle secrets correctly, which causes additional work on their part and the platform team.
  • Environment Variables: This option is widely revered as a best "secure coding practice". But in reality it only adds a small layer of complexity that would only weed out script kiddies. Again any decent attacker with appropriate access would be able to dump a list of environment variables and steal secrets that way. Additionally, all process ids on the system, regardless of the user they are running as, can read the Environment variables.
  • Database: So why not store secrets in an encrypted database? Again this would only add a tiny layer of complexity as the program would need locally stored credentials to access the database anyway, which would either be in a plaintext file or environment variables. An attacker would just need to go into the database and dump the secrets.

So in conclusion, while we are missing out on some level of security by choosing to use a plaintext option (JSON), if an attacker is able to breach an account on your system that would allow them to access these secrets then you have a much bigger issue on your hands. Please take care to secure the account used to run the platform, keep the server it runs on up-to-date and patched too. Finally, ensure the secrets you use are unique, and we recommend obtaining API keys with specific use to this application that do not connect to any real online identities. For example, don't use your personal Twitter account to generate the API keys used by this tool. It is worth noting that only the owner of the config.json file, which is the user you use to install Scrummage, has read and write permissions to the config.json file, all other users on the system cannot even read this file.

Verifying Task Inputs

For any task requiring a level of configuration, whether that includes adding an API key, or specifying your location, has a requirement in place that prevents it being executed without first being configured. Please refer to the wiki page (Configuring Inputs and Outputs via the Web Application) to learn the details of configuring these without editing the config.json file. However, if you would like to verify whether or not your tasks have been configured to run, you can go to the page https://<YOURSCRUMMAGEIPORHOST>:5000/tasks/inputs/check to do so. You will be presented with a page that looks like the following screenshot:

Tasks and their APIs

Here all currently supported tasks are listed with their associated requirements: Note: All provided input is sanitised by the server-side code, please create an issue if you can find any way to bypass it :).

Some of the tasks below require API keys to function. For the tasks that require an API key, you must add the relevant details to the appropriate area in the config.json. As for the ones that don't, they can be run as soon as the application is set up.

Each task has been provided with a test query to verify the plugin is working. All test queries are case-sensitive or reference something you can use to test that will return results for your verification needs. While the provided test queries may appear random, they are queries that will generate a bounty of results.

Tasks are provided to allow users to search various corners of the web for a given query. Multiple queries can be provided when creating a task, simply use a comma to separate the values. Any files, such as the config.json file referred to in this document, that need to be edited, can be found in the "app/plugins/common/config" directory within the root Scrummage directory.

NOTE: The references to editing the config.json file is now optional, admin users can configure all tasks via the "Edit Inputs" function on the Settings page.

General Configuration

Some of the plugins use location to assist in providing more relevant results, please ensure you set this in the config.json file, under "general":

"general": {
  "location": "au"
}

Abuse IP Database

Abuse IP DB is a database of IP addresses that have been reported engaging in hacking attempts or other malicious behaviour. This plugin doesn't require an API key and works by performing a search against the abuseipdb.com site for a given domain name or IP address.

Ahmia Darkweb Search

Ahmia is a search engine for TOR .onion and I2P sites. This plugin doesn't require an API key and works by performing a search against the ahmia.fi site, supporting a search for both Tor and I2P searches on the provided query. This plugin will return .onion/I2P sites based on the query submitted.

Test query: test

Alienvault OTX

This plugin doesn't require an API key and works by performing a search against the otx.alienvault.com site for a given domain name or IP address and returns whois information and telemetry from VirusTotal.

Apple Store Search

This plugin doesn't require an API key and works by performing a search against the itunes.apple.com site for music and apps available in the Apple store.

Test query: jack johnson
Query type: Name of Music, Application

Blocklist Search

This plugin doesn't require an API key and works by performing a search against the blocklist.de site for a given IP address to determine whether it is blacklisted.

Botscout Search

This plugin doesn't require an API key and works by performing a search against the botscout.com site for a given IP address to determine whether it has been flagged as being part of a botnet.

Business Search

This is a compilation of 5 tasks, each with 2 different options. Four of the five tasks don't require any API keys, but one does (Business Tasks for the UK). They all work similarly by performing a search against a public database for Business Numbers, or Business Central Index Keys (CIK) for businesses in the USA, as well as Company Names. Searching for a company name, will return a list of business numbers where the name is similar to the search, searching for a Business Number/CIK will return a single company name result, if available.

In total there are 10 options:

Searching for Business Numbers will almost always provide details of a single result if the business number is valid. Searching for Business Names, or components of business names can potentially provide details of multiple businesses based on what is returned.

"ukbusiness": {
  "api_key": "KEY GOES HERE"
}

The format of the api_key field is the unencoded API key followed by a colon (:). The plugin will take care of the rest

Query type: Either a Business name or number, depending on the plugin selected.

Blockchain Search for Various Cryptocurrencies

This plugin doesn’t require an API key and contains 2 subtasks, 1 for searching blockchain addresses that returns transactions, and the other for searching transactions that return associated addresses. These tasks currently search for details for Bitcoin, Bitcoin Cash, and Ethereum cryptocurrencies. In addition, Monero is supported only for transaction searches as address searches are not available to the public. The Bitcoin Abuse Search requires an API key, please add the API key in the config.json file, under "bitcoinabuse":

"bitcoinabuse": {
  "api_key": "KEY GOES HERE"
}

Query type: Either an address or transaction hash depending on the plugin selected.

BSB Search

Note: Australian Bank Account BSBs only. This plugin doesn't require an API and works by performing a search for a BSB against a database, and returns the associated financial institution if valid.

Test Query: Any Australian BSB.

Built With Search

This plugin doesn't require an API and works by performing a search against builtwith.com for a given URL. A Builtwith search identifies technologies/web application stacks used to build a searched website.

Test Query: http://wordpress.com
Query type: URL.

Callername Search

This plugin doesn't require an API key and works by performing a search against the callername.com site for a given US phone number to get information for it.

Certificate Transparency - SSLMate

This plugin doesn’t require an API key and works by performing a search against the sslmate.com website. Please configure whether or not to search for subdomains in the config.json file under "sslmate":

"sslmate": {
  "search_subdomain": false
}

Test query: google.com
Query type: Domain.

Certificate Transparency - CRT.sh

This plugin doesn’t require an API key and works by performing a search against the crt.sh website:

Test query: google.com
Query type: Domain.

Craigslist Search

This plugin doesn’t require an API key and works by performing a search against the craigslist website. However, because Craigslist works based on a city location this will need to be prespecified in the configuration file.

"craigslist": {
  "city": "Sydney"
}

Test query: love

Cloud Storage Search

Cloud Storage Search is a search engine for files stored in publicly-available cloud storage. There is just one search which returns storage for AWS S3 Buckets and Azure Blob storage. Unfortunately GCP is not currently supported. This plugin doesn't require an API key and works by performing a search against the osint.sh site

Darksearch Tor Search

Darksearch is a search engine for TOR .onion sites. This plugin doesn't require an API key and works by performing a search against the darksearch.io site. This plugin will return .onion sites based on the query submitted.

Test query: test

DNS Reconnaissance Search

This plugin doesn't require an API key and works by obtaining DNS records for a provided domain, as well as lots of other information related to that domain.

Test query: google.com
Query type: Domain.

Doing Business Search

This plugin doesn't require an API key and works by obtaining data related to a given economy in terms of doing business in that country. Both a .json and .html file are returned which can be accessed via the returned result.

Test query: united-states
Query type: Name of Country.

Domain Fuzzer

This plugin doesn’t require an API key and works by attempting to resolve a provided list of domains. There are 4 different domain fuzzer tasks within this tool:

  • Domain Fuzzer - Punycode – This unique plugin works by calling a custom library called "Rotor.py" and uses it to generate every possible combination of the given domain’s body using strings with mixed alphabets. For example, if your domain contains the letter "a", it will iterate through the word using a huge array of characters from the above alphabets that look like an "a" in the place of that letter. More details on this:

    • a, а, à, á, â, ã, ä, å, ā, ă, ą - While the first 2 characters look the same, they have different Unicode values. Therefore a practical example of this is that you could have 2 domains that to the naked eye look like "facebook.com". However, one domain would have a different Unicode character that looks like an "a", which to anyone would make the domain look legitimate. While some of the other character examples are a lot more obvious, the program takes the liberty to check for them anyway. A practical example can be seen in the following screenshot:

    • After each combination has been generated this tool iterates through each one and attempts to resolve it to an IP address if it does a result is created for that domain.

    • The practical use case of this would be to identity domain spoofs which use domains either similar or identical to your domain to the naked eye.

    • FYI this can be a slow plugin depending on the length and the number of domains it attempts to resolve. Short domains such as google.com don’t take too long – around 1-2 minutes each. Furthermore, to maintain the stability of the program a limit of 15 characters is placed on the length of the domain body. An example of a domain body is the string "google" from the google.com domain. If your domain exceeds 15 characters you may attempt to add the necessary options to the Rotor.py library to allow larger domain bodies, but don't be surprised if it fails.

    • This plugin has 4 different options:

      • Latin Comprehensive: This option uses letters that look like English letters from the Greek and Cyrillic alphabets. In addition, there are a plethora of European Languages that use letters from the Latin alphabet with accents, umlauts, etc. The comprehensive option uses all letters that look similar to their English counterparts, even if they are less subtle. This also includes letters from the Vietnamese alphabet.
      • Latin Condensed: This option works the same way as Latin Comprehensive, with the exception of letters, where if a victim were to look at, they could easily determine the character was definitely different. This includes alphabetic characters that have very large accents, umlauts, etc. This also excludes all characters in the Vietnamese alphabet, unless those letters are included in other alphabets.
      • Asian: This option uses letters that look like English letters from the following alphabets (Please note that characters from Chinese and Japanese alphabets contain no characters that resemble English letters.):
        • Burmese
        • Khmer (Cambodian)
        • Hangul (Korean)
        • Lao
        • Thai
        • Vietnamese
        • Lisu
      • Middle Eastern: This option uses letters that look like English letters from the following alphabets (While Georgia and Ethiopia are not technically part of the middle east, their alphabets are included in this due to geographical relativity.):
        • Amharic (Ethiopian)
        • Arabic
        • Armenian
        • Georgian
        • Hebrew
      • North African: This option uses letters that look like English letters from the following alphabets:
        • Tifinagh
        • Vai
        • N'Ko
        • Osmanya
      • Native American: This option uses letters that look like English letters from the following alphabets:
        • Cherokee
        • Inuktitut

  • Domain Fuzzer - Regular Suffixes – This tool works by simply switching out the domain extension, or suffix, with other common extensions. Such as .com, .net, .gov. After this, the tool iterates through each generated domain and attempts to resolve it to an IP address, if it does a result is created for that domain.

  • Domain Fuzzer - Global Suffixes – This tool works by simply switching out the domain extension, or suffix, with the extension of every country. Such as .com.au, .co.nz, etc. After this, the tool iterates through each generated domain and attempts to resolve it to an IP address, if it does a result is created for that domain.

  • Domain Fuzzer - Expired Global Suffixes – This tool works by simply switching out the domain extension, or suffix, with the extension of countries that no longer exist due to renaming, dissolution, or amalgamation. These include the Soviet Union (.su), East Germany (.dd), Yugoslavia (.yu), and more. .su has been mentioned as a haven for hackers. Using these suffixes, the tool iterates through each generated domain and attempts to resolve it to an IP address, if it does a result is created for that domain.

  • Domain Fuzzer - All Suffixes – This tool works by simply switching out the domain extension, or suffix, with the extension of every country for each regular extension. Such as .com.au, .net.au, .gov.au, etc. After this, the tool iterates through each generated domain and attempts to resolve it to an IP address, if it does a result is created for that domain. FYI this is a slow plugin due to the number of domains it attempts to resolve.

Test query for any domain fuzzing plugin: google.com
Query type: Domain.

DuckDuckGo Search

This plugin doesn't require an API key and works by performing a search against the publicly available duckduckgo.com API. Duck Duck Go is a high-privacy search engine.

Test query: test

Ebay Search

This plugin requires an API key and works by performing an API search against the ebay.com website. Registration is free and easy. After obtaining the API key, please add it to the config.json file, under "ebay". This plugin can be used to search for any item sold on Ebay:

"ebay": {
  "access_key": "KEY GOES HERE"
}

Test query: computer

Email Reputation Search

This plugin requires and API key and works by performing an API search against the emailrep.io web application. Emailrep is a website used to advise whether an email address has been recorded as malicious. Registration is free and relatively easy. Once you have obtained the API key, add the relevant details to the config.json file, under "emailrep":

"emailrep": {
  "api_key": "API KEY GOES HERE"
}

Test query: <YOUR OWN EMAIL>
Query type: Email.

Email Verification Search

This plugin doesn't require an API key, and works by checking a queried email address against the verify-email.org, which verifies is an email is valid or not by connecting to the mail server.

Test query: <YOUR OWN EMAIL>
Query type: Email.

Filesec Search

This plugin doesn't require an API key, and works by searching the filesec.io site for legitimate file extensions used for malicious activity, for a given query.

Flickr Search

This plugin requires an API key and works by performing an API search against the flickr.com website. Flickr is a website used by photographers to share photos. Registration for this API is free and easy. After obtaining the API key and secret, add the details to the relevant fields in the config.json file, under "flickr":

"flickr": {
  "api_key": "KEY GOES HERE",
  "api_secret": "SECRET GOES HERE"
}

Queries can either be a Flickr username or a user's email address and if the search is successful, it will return any found profile(s).

Test query: tomquirkphoto
Query type: Username.

Fringeproject Search

This plugin doesn't require an API key, and works by searching for a given domain against the fringeproject.com site.

GitHub Search

This plugin requires an API key and works by performing an API search against the github.com website. Registration for this API is free and easy. After obtaining the token, add the details to the relevant fields in the config.json file, under "github":

"github": {
  "username": "USERNAME GOES HERE",
  "token": "TOKEN GOES HERE"
}

Google Play Store Search

This plugin doesn't require an API key and works by querying the play.google.com site. Google Play Store has apps that can be installed on Android devices.

Test query: whatsapp

Google Search

This plugin requires an API key and works by performing an API search against the google.com website. Registration is free and easy. After obtaining the API key and Custom Search Engine (CSE) details, please add it to the config.json file, under "google":

"google": {
  "cx": "CX GOES HERE",
  "application_name": "APP NAME GOES HERE",
  "application_version": "APP VERSION GOES HERE",
  "developer_key": "DEV KEY GOES HERE"
}

Test query: chrome

Gravatar Search

This plugin doesn't require an API key, and works by searching for a given email address against the gravatar.com site. By default all emails have a gravatar, so this plugin verifies the associated avatar and only creates a result if that avatar differs from the default avatar.

Greynoise IP Search

This plugin performs an API query against the greynoise website to determine whether or not IP addresses are malicious or not. There is currently a community API which doesn't require any authentication whatsoever; however, if you have an API key you would like to use add it to the config.json file, in the section under "greynoisesearch":

"greynoise": {
  "api_key": "API KEY GOES HERE"
}

*Test query: 8.8.8.8"
Query type: IP Address.

Have I Been Pwned Search

Note: This is the second version of this plugin which now required an API) When Scrummage was first developed, This plugin did not originally require any API keys, but unfortunately now does. It now works by performing an API search against the haveibeenpwned.com site. Have I Been Pwned shows users if they have been identified in public data breaches.

There are 4 kinds of search options represented by four options in the web application:

  • Email Search – Gets pastes affecting a given email address.
  • Breach Search – Use this to search for a public data breach. Test query: Adobe
  • Account Search – Use this to search for email addresses in data breaches. Test query: YOUR EMAIL
  • Password Search – Use this to see if your password has been found in any data breaches. Test query: password

Please configure the API key in the config.json file, under "haveibeenpwned".

"haveibeenpwned": {
  "api_key": "API KEY GOES HERE"
}

Hunter Search

This plugin requires an API key and works by performing an API search against the hunter.io website. Hunter allows you to find email addresses related to a provided domain. Registration is free and easy. After obtaining the API key, please add it to the config.json file, under "hunter":

"hunter": {
  "api_key": "API KEY GOES HERE"
}

Query type: Email.

Hybrid-Analysis Search

This plugin performs an API query against the hybrid-analysis website to determine whether or not a given domain is malicious or not. After obtaining the API key, please add it to the config.json file, under "hybridanalysis":

"hybridanalysis": {
  "api_key": "API KEY GOES HERE"
}

IP Stack Search

This plugin requires an API key and works by performing an API search against the ipstack.com website. IP Stack shows details related to a given IP, mainly location related. Registration is free and easy. After obtaining the API key, please add it to the config.json file, under "ipstack":

"ipstack": {
  "api_key": "API KEY GOES HERE"
}

Query type: IP Address.

Instagram Search

This plugin doesn't require an API key and works by performing a search against the instagram.com site. There are 4 kinds of search options represented by four options in the web application:

  • User Search – Use this to search for an Instagram user. Test query: [Your username]
  • Tag Search – Use this to search for an Instagram tag. Test query: cat
  • Post Search – Use this to search for a specific Instagram post.

Query type: Username.

IntelligenceX Search

This plugin requires an API key and works by performing an API search against the intelx.io site. IntelligenceX is an amazing data source for data leakage, it has documents such as pastes and code snippets. API registration is free but the free key has restricted access to the specific documents. However, this plugin will work no matter what your kind of key you have. After obtaining the API key, please add it to the config.json file, under "intelligencex":

"intelligencex": {
  "api_key": "KEY GOES HERE"
}

Test query: <YOUR EMAIL ADDRESS / DOMAIN NAME>
Query type: Email Address or Domain
API Info: https://github.com/IntelligenceX/SDK/blob/master/Intelligence%20X%20API.pdf

Keybase Search

This plugin doesn't require an API key, and works by searching for a name against the keybase.io site, returning a list of keybase identities.

Kik Search

Kik is an instant messaging app, but allows you to verify users online. This plugins doesn't require an API key and verifies users against the kik.me website. Please note that if you are searching for usernames in the Username Search plugin, that plugin will find Kik users as part of its search, so if you receive a log error about duplicate keys, that is because the result links have to be unique in the Scrummage database.

Query type: Username.

Koodous Search

This plugin doesn't require an API key, and works by searching for a mobile application name against the koodous.com site, returning a list of relevant applications.

Leak Lookup Search

This plugin requires an API key and works by performing an API search against the leak-lookup.com site. There are several tasks association with this plugin. The tasks are as follows:

  • Username search
  • IP address search
  • Email address search
  • Domain search
  • Hash search After obtaining the API key, please add it to the config.json file, under "leaklookup":
"leaklookup": {
  "api_key": "KEY GOES HERE"
}

LeakIX Search

This plugin doesn't require an API key, and works by searching the leakix.net site for data leakages for a given query.

Library Genesis Search

Library Genesis is a website where people can download textbooks and other publications. This plugin requires no API keys and works by performing a search against the site.

Test query: python

LOTS Search

This plugin doesn't require an API key, and works by searching the lots-project.com site for legitimate sites used for malicious activity, for a given query.

Malware Search

This plugin doesn't require an API key, and works by searching the abuse.ch site for malware related to a given query.

Naver Search

This plugin requires an API key and works by performing an API search against the Korean search engine naver.com. Registration is free, but if you don't speak Korean, install the google translate extension to help. After obtaining the API key and other details, please add it to the config.json file, under "naver":

"naver": {
  "client_id": "",
  "client_secret": ""
}

Test query: test

OK Search

This plugin requires an API key and works by performing a search against the ok.ru site. OK (or Odnoklassniki (Одноклассники in Russian)) is a Russian social media platform. This plugin provides the ability to search for users and groups based on their IDs. This plugin is fairly beta due to its usefulness, and in addition API registration is not the easiest. Once you have created an application and obtained your OAuth information, you need to request the "VALUABLE_ACCESS" scope, by sending an email to api-support@odnoklassniki.ru (How Pre-historic!). Once you have this you can obtain a valid access_token which can be used to run the plugin (You can still obtain one without this scope, but it won't work). Once you have a valid access_token, add it to the config.json file, along with your client details, under "ok".

"ok": {
  "application_id": "",
  "application_key": "",
  "application_secret": "",
  "access_token": "",
  "session_secret": ""
}

Test User query: 580348713132
Test Group query: 54234414579949
Query type: Username or Group Name.

Phishstats Search

This plugin doesn't require an API key, and works by performing a search against the phishstats.info site, which is a database for known phishing attacks against a company.

Test query: apple
Query type: Domain (Body only!).

Phone Search

This plugin doesn't require an API but does have a daily limit of requests. Unfortunately, there isn't an easy way to get around this without logging in and establishing a session. This may call for future development later. This plugin has 5 search types.

  • Cell Phone Number Search (Test: )
  • SIM Search
  • IMEI Search
  • IMSI Search
  • ISPC Search

(Refer to the website for other test searches)
Query type: Phone Number.

Pinterest Search

This plugin requires an API key and works by performing a search against the pinterest.com site. Pinterest is a social media site where people can share things in the form of images known as pins. There are 2 kinds of search options available, represented by 2 options in the web application:

  • Pin Search - Searches for a pin based on a given pin id. Test query: 509258670361306287
  • Board Search - Searches for pins on a board based on a given board id. Test query: 509258739053404977

After obtaining the API details and OAuth token, please add the appropriate details to the config.json file, under "pinterest":

"pinterest": {
  "oauth_token": "OAUTH TOKEN GOES HERE"
}

PSBDump Search

This plugin requires an API key and works by performing an API search against the psbdmp.cc site. Registration is free and easy. After obtaining the API key and other details, please add it to the config.json file, under "psbdmp":

"psbdmp": {
  "api_key": "API KEY GOES HERE"
}

Pulsedive Search

This plugin requires an API key and works by performing an API search against the pulsedive.com site to get domain information for a given domain name. Registration is free and easy. After obtaining the API key and other details, please add it to the config.json file, under "pulsedive":

"pulsedive": {
  "api_key": "API KEY GOES HERE"
}

Reddit Search

This plugin requires an API key and works by performing an API search against the reddit.com website. Reddit is an online forum for a huge plethora of things. Registration is free and easy. After obtaining the API key and other details, please add it to the config.json file, under "reddit":

"reddit": {
  "client_id": "ID GOES HERE",
  "client_secret": "SECRET GOES HERE",
  "user_agent": "USER AGENT  GOES HERE",
  "username": "USERNAME GOES HERE",
  "password": "PASSWORD GOES HERE",
  "subreddits": "all"
}

Test query: cooking

RSS Feed Search

This plugin doesn't require an API key, and works by performing a search against a pre-specified list of RSS feeds for a given query. To add or remove RSS feeds from this list you will need to edit the "RSS_Feeds.txt" file, in the config directory. The file by default contains 34 common, well-known RSS feeds.

Shodan Search

This plugin requires an API key and works by performing an API search against the shodan.io website. Shodan is a powerful web application with port and service scanning results of publicly available servers around the globe. Registration is free and easy. After obtaining the API key, please add it to the config.json file, under "shodan":

"shodan": {
  "api_key": "KEY GOES HERE"
}

Query type: Queries for Shodan search can either be a general query or a specific host.

Spamcop Search

This plugin doesn't require an API key, and works by performing a search against the spamcop.net site for a given IP address to determine whether it is blacklisted or not.

Threat Crowd Search

This plugin doesn't require an API key and works by performing a search against the threatcrowd.org website. Threat Crowd is a search engine for open-source threats. There are 5 kinds of of search options:

  • Email Search
  • Host Search
  • IP Address Search
  • Antivirus Search
  • Virus Report Search

Torrent Search

Note: This plugin is now available again after conversion to a new library. This plugin doesn't require an API key; however, it does work by performing an API search against a replica of thepiratebay.org website. Torrents are a method of sharing files, typically used to share copyright files. Therefore, no details need to be added to the config.json file.

Test query: Modern Family

Tor Whois Search

This plugin doesn't require an API and works by performing a search for a given valid .onion domain again the torwhois.com website, and returns the whois information of that domain.

Test Query: facebookcorewwwi.onion

Trumail Search

This plugin doesn't require an API key, and works by performing a search against the trumail.io site for a given email address.

Tumblr Search

This plugin requires an API key, and works by performing an API call to the Tumblr API to search for Tumblr pages. After obtaining the API key and other details, please add it to the config.json file, under "tumblr":

"tumblr": {
  "consumer_key": "KEY GOES HERE",
  "consumer_secret": "SECRET GOES HERE",
  "oauth_token": "TOKEN GOES HERE",
  "oauth_secret": "SECRET GOES HERE"
}

Query type: Username.

Twitter Search

This plugin requires an API key and works by performing an API search against the twitter.com website. Registration is free and easy. After obtaining the API key and other details, please add it to the config.json file, under "twitter":

"twitter": {
  "consumer_key": "KEY GOES HERE",
  "consumer_secret": "SECRET GOES HERE",
  "access_key": "KEY GOES HERE",
  "access_secret": "SECRET GOES HERE"
}

Test query: BarackObama
Query type: Username.

URLScan Search

This plugin requires an API key, and works by performing an API call to the URLScan API to search for a given domain name. After obtaining the API key and other details, please add it to the config.json file, under "urlscan":

"urlscan": {
  "api_key": "API KEY GOES HERE"
}

Query type: Username.

Username Search

This plugin doesn't require any API keys and works by performing a search against the usersearch.org site to determine whether the given username is in use across a series of different social media sites.

Test query: [Your Username]
Query type: Username.

Username (NameAPI) Search

This plugin doesn't require an API key, and works by performing a search against the nameapi.org API. This plugin has several tasks:

  • Get Gender from Fullname
  • Get Name from Email
  • Determine if Email is Disposable

Vehicle Registration Search

Note: This search only supports Australian registration numbers.

This plugin doesn't require any API keys and works by performing an API search against a publicly available car insurance site to obtain the details of the vehicle that matches the query provided which should be a valid registration plate number. The API requires a state to be provided; however, this plugin iterates through all 8 Australian States and Territories to avoid having to specify a state each search.

Test query: [any Australian license plate]

Virus Total Search

This plugin requires an API key and works by performing an API search against virustotal.com. Registration is free and easy. There are 4 kinds of searches provided by this task:

  • Domain Search
  • URL Search
  • IP Address Search
  • File Hash Search

After obtaining the API key and other details, please add it to the config.json file, under "virustotal":

"virustotal": {
  "api_key": ""
}

Vkontakte Search

This plugin requires an API key and works by performing an API search against the Russian social media site vk.com. Registration is free, but if you don't speak Russian, install the google translate extension to help with the registration process. After obtaining the API key and other details, please add it to the config.json file, under "vkontakte":

"vkontakte": {
  "access_token": "access_token"
}

Query type: Username.

This search is split into two searchers, users and groups.
Test user query: Vasya Babich

Vulners Search

This plugin requires an API and works by performing an API search against the vulners.com site, which uses the vulners database that contains exploits and vulnerabilities, to find such items that are similar to the provided query. After obtaining the API key and other details, please add it to the config.json file, under "vulners":

"vulners": {
  "api_key": "KEY GOES HERE"
}

Test query: hikvision

WhatCMS Search

This plugin requires an API key and works by performing an API search against the whatcms.org API. Registration is free and easy. After obtaining the API key and other details, please add it to the config.json file, under "whatcms":

"vkontakte": {
  "api_key": "API KEY GOES HERE"
}

Windows Store Search

This plugin doesn't require an API key and works by querying the microsoft.com site for apps, music, videos, etc. available on the Windows/Microsoft store.

Test query: david

Yandex Search

This plugin requires an API key and works by performing an API search against the Russian search engine yandex.ru. Registration is free, but if you don't speak Russian, install the google translate extension to help. After obtaining the API key and other details, please add it to the config.json file, under "yandex":

"yandex": {
  "username": "username",
  "api_key": "api_key"
}

Test query: test

YouTube Search

This plugin requires an API key and works by performing an API search against the youtube.com website. Registration is free and easy. After obtaining the API key and other details, please add it to the config.json file, under "youtube":

"youtube": {
  "developer_key": "KEY GOES HERE",
  "application_name": "APP NAME GOES HERE",
  "application_version": "APP VERSION GOES HERE"
}

Test query: Dua Lipa

Zone-H Search

This plugin doesn't require an API key and works by querying the zone-h.org site for a given domain name.