Jose Manuel Ortega Candel, profile picture
Uploaded byJose Manuel Ortega Candel
PDF, PPTX1,753 views

OSINT tools for security auditing with python

This document discusses an OSINT (open-source intelligence) presentation on tools developed with Python for server information, geolocation, metadata, and social media footprinting from Twitter and other sources. It provides information on defining intelligence targets and the types of data to obtain (technical, social, physical, logical). It also lists tools and APIs for geolocation, server information from Censys and Shodan, the Recon-NG toolkit, and OSINT frameworks like Spiderfoot and theHarvester. Python libraries mentioned include BeautifulSoup, Requests, Shodan, and GeoIP. The presentation will be given at PYCONES in October 2016.

Download as PDF, PPTX
José Manuel Ortega @jmortegac PYCONES 7-9 OCT 2016
https://github.com/jmortega/osint_tools_security_auditing
▪ OSINT introduction ▪ Server information(Censys,Shodan) ▪ OSINT tools developed with python ▪ Geolocation,Metadata ▪ Twitter,Footprinting,FullContact
▪ Define a specific target and data you wish to obtain ▪ Technical-Accounts,servers,services,software ▪ Social-Social Media,Email,Photos ▪ Physical-Address,Home IP address,Footprinting ▪ Logical-Network,Operational intelligence
▪ GeoLocation ▪ IP address ▪ Email address ▪ Telephone Number ▪ Usernames in social network profiles ▪ Metadata information from images ▪ Server information & vulnerabilities
▪ https://www.censys.io/api/v1/view/ipv4/<ip_address> ▪ https://www.censys.io/api/v1/view/websites/<domain>
▪ Checking data with ip address ▪ https://www.shodan.io/host/144.76.246.116
https://developer.shodan.io/api
▪ https://bitbucket.org/LaNMaSteR53/recon-ng ▪ Open Source OSINT toolkit written in python ▪ Actively maintained ▪ Uses modules and saves all recollected information in databases
▪ dnspython - http://www.dnspython.org/ ▪ dicttoxml - https://github.com/quandyfactory/dicttoxml/ ▪ jsonrpclib - https://github.com/joshmarshall/jsonrpclib/ ▪ lxml - http://lxml.de/ ▪ slowaes - https://code.google.com/p/slowaes/ ▪ XlsxWriter - https://github.com/jmcnamara/XlsxWriter/ ▪ Mechanize ▪ PyPDF2 ▪ sqlite3
▪ https://github.com/laramies/theHarvester
▪ httplib ▪ socket ▪ requests ▪ shodan
▪ pip install osrframework ▪ Developed in python 2.7 ▪ Integrates with maltego transforms ▪ https://pypi.python.org/pypi/osrframework/0.13.2 ▪ https://github.com/i3visio/osrframework
▪ BeautifulSoup ▪ Requests ▪ Mechanize ▪ pyDNSresolving name servers ▪ python-whoisto recover the whois info from a domain ▪ tweepyfor connecting with Twitter API ▪ Skype4Py for connecting with Skype API ▪ Python-emailahoyfor checking email address ▪ Multiprocessingimport Process, Queue, Pool
Source Location Notes abuse.ch http://www.abuse.ch Various malware trackers. AdBlock https://easylist- downloads.adblockplus.org/easylist.txt AdBlock pattern matches AlienVault https://reputation.alienvault.com AlienVault’s IP reputation database. Autoshun.org http://www.autoshun.org Blacklists. AVG Site Safety Report http://www.avgthreatlabas.com Site safety checker. Bing http://www.bing.com Scraping but future version to also use API. Blocklist.de http://lists.blocklist.de Blacklists. Checkusernames.com http://www.checkusernames.com Look up username availability on popular sites. DNS Your configured DNS server. Defaults to your local DNS but can be configured to whatever IP address you supply SpiderFoot. DomainTools http://www.domaintools.com DroneBL http://www.dronebl.org Facebook http://www.facebook.com Scraping but future version to also use API. FreeGeoIP http://freegeoip.net Google http://www.google.com Scraping but future version to also use API. Google+ http://plus.google.com Scraping but future version to also use API. Google Safe Browsing http://www.google.com/safebrowsing Site safety checker. LinkedIn http://www.linkedin.com Scraping but future version to also use API. malc0de.com http://malc0de.com Blacklists. malwaredomainlist.com http://www.malwaredomainlist.com Blacklists.
Source Location Notes malwaredomains.com http://www.malwaredomains.com Blacklists. McAfee SiteAdvisor http://www.siteadvisor.com Site safety checker. NameDroppers http://www.namedroppers.org Nothink.org http://www.nothink.org Blacklists. OpenBL http://www.openbl.org Blacklists. PasteBin http://www.pastebin.com Achieved through Google scraping. PGP Servers http://pgp.mit.edu/pks/ PGP public keys. PhishTank http://www.phishtank.org Identified phishing sites. Project Honeypot http://www.projecthoneypot.org Blacklists. API key needed. RIPE/ARIN http://stat.ripe.net/ Robtex http://www.robtex.com SANS ISC http://isc.sans.edu Internet Storm Center IP reputation database. SHODAN http://www.shodanhq.com API key needed. SORBS http://www.sorbs.net Blacklists. SpamHaus http://www.spamhaus.org Blacklists. ThreatExpert http://www.threatexpert.com Blacklists. TOR Node List http://torstatus.blutmagie.de TotalHash.com http://www.totalhash.com Domains/IPs used by malware. UCEPROTECT http://www.uceprotect.net Blacklists. VirusTotal http://www.virustotal.com Domains/IPs used by malware. API key needed. Whois Various Whois servers for different TLDs. Yahoo http://www.yahoo.com Scraping but future version to also use API. Zone-H http://www.zone-h.org Easy to get black-listed. Log onto the site in a browser from the IP you’re scanning from first and enter the CAPTCHA, then it should be fine.
▪ Python 2.7 ▪ BeautifulSoup ▪ DNSPython ▪ Socks ▪ Socket ▪ SSL ▪ CherryPy ▪ M2MCrypto ▪ Netaddr ▪ pyPDF
from bs4 import BeautifulSoup, SoupStrainer
▪ PDFPyPDF2,PDFMiner ▪ ImagesPillow,pyexiv2(python 2.7),gexiv2(python 3)
import geoip2 import geoip2.database http://dev.maxmind.com/geoip/geoip2/geolite2/
▪ Orb(Python 2.x) • https://github.com/epsylon/orb • python-whois - Python module for retrieving WHOIS information • python-dnspython - DNS toolkit for Python • python-nmap - Python interface to the Nmap port scanner • InstaRecon(Python 2.x) • https://github.com/vergl4s/instarecon • dnspython,ipaddress • ipwhois,python-whois • requests,shodan
▪ BeautifulSoup for parsing web information ▪ Requests,urllib3 for synchronous requests ▪ Asyncio,aiohttp for asynchronous requests ▪ Robobrowser,Scrapy for web crawling ▪ PyGeoIP,geoip2,geojson for GeoLocation ▪ python-twitter,tweepy for connecting with twitter ▪ Shodan for obtain information for servers ▪ DNSPython,netaddr for resolving ip address
python tinfoleak.py pycones -i -s --sdate 2016/01/01 --hashtags --mentions --meta --media [d] --geo GEOFILE --top 10 -o report.html
▪ import tweepyTwitter API library for Python ▪ from PIL import Image, ExifTags, ImageCmsmetadata from images ▪ import pyexiv2metadata from images ▪ import urllib2requests ▪ from OpenSSL import SSL ▪ from jinja2 import Template, Environment, FileSystemLoaderreport
▪ We know we have a valid email address ▪ What other profiles are associated with this address? ▪ Go to fullcontact.com for an API key…..
▪ https://sourceforge.net/projects/spiderfoot ▪ http://www.edge-security.com/theharvester.php ▪ https://developer.shodan.io/api ▪ http://www.clips.ua.ac.be/pattern ▪ http://www.pentest- standard.org/index.php/PTES_Technical_Guidelines#OSINT ▪ http://www.vicenteaguileradiaz.com/tools ▪ https://github.com/automatingosint/osint_public ▪ http://www.automatingosint.com/blog/
Thanks! @jmortegac AMSTERDAM 9-12 MAY 2016

More Related Content

PDF
OSINT tools for security auditing [FOSDEM edition]
byJose Manuel Ortega Candel
 
PPTX
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
byAngelo Alviar
 
PPS
Information Gathering With Google
byZero Science Lab
 
PPT
Advanced Information Gathering AKA Google Hacking
byGareth Davies
 
PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
byBishop Fox
 
PDF
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
byBishop Fox
 
PDF
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
byEC-Council
 
PDF
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
byEC-Council
 
OSINT tools for security auditing [FOSDEM edition]
byJose Manuel Ortega Candel
 
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
byAngelo Alviar
 
Information Gathering With Google
byZero Science Lab
 
Advanced Information Gathering AKA Google Hacking
byGareth Davies
 
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
byBishop Fox
 
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
byBishop Fox
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
byEC-Council
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
byEC-Council
 

What's hot

PDF
Pulp Google Hacking
byBishop Fox
 
PDF
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
byBishop Fox
 
PDF
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
byBishop Fox
 
PDF
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
byRob Ragan
 
PPTX
The Background Noise of the Internet
byAndrew Morris
 
PDF
Tenacious Diggity - Skinny Dippin in a Sea of Bing
byRob Ragan
 
PDF
Hunting for the secrets in a cloud forest
bySecuRing
 
PDF
Hunting for the secrets in a cloud forest
bySecuRing
 
PDF
(130119) #fitalk apt, cyber espionage threat
byINSIGHT FORENSIC
 
PDF
(130216) #fitalk potentially malicious ur ls
byINSIGHT FORENSIC
 
PPTX
Tcpdump hunter
byAndrew McNicol
 
PDF
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
byAndrew Morris
 
PPTX
Google Dorks
byAdhoura Academy
 
PPT
BSides Philly Finding a Company's BreakPoint
byAndrew McNicol
 
PDF
NPTs
byBrandon Levene
 
PPTX
Google Dorks and SQL Injection
byMudassir Hassan Khan
 
PDF
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
byChi En (Ashley) Shen
 
PPTX
ToR - Deep Web
byMurray Security Services
 
PDF
Introduction to Web Application Security - Blackhoodie US 2018
byNiranjanaa Ragupathy
 
Pulp Google Hacking
byBishop Fox
 
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
byBishop Fox
 
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
byBishop Fox
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
byRob Ragan
 
The Background Noise of the Internet
byAndrew Morris
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
byRob Ragan
 
Hunting for the secrets in a cloud forest
bySecuRing
 
Hunting for the secrets in a cloud forest
bySecuRing
 
(130119) #fitalk apt, cyber espionage threat
byINSIGHT FORENSIC
 
(130216) #fitalk potentially malicious ur ls
byINSIGHT FORENSIC
 
Tcpdump hunter
byAndrew McNicol
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
byAndrew Morris
 
Google Dorks
byAdhoura Academy
 
BSides Philly Finding a Company's BreakPoint
byAndrew McNicol
 
NPTs
byBrandon Levene
 
Google Dorks and SQL Injection
byMudassir Hassan Khan
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
byChi En (Ashley) Shen
 
ToR - Deep Web
byMurray Security Services
 
Introduction to Web Application Security - Blackhoodie US 2018
byNiranjanaa Ragupathy
 

Viewers also liked

PDF
Python Cryptography & Security
byJose Manuel Ortega Candel
 
PDF
Operations security - SyPy Dec 2014 (Sydney Python users)
byMikko Ohtamaa
 
PDF
Offensive cyber security: Smashing the stack with Python
byMalachi Jones
 
PDF
Network Security and Analysis with Python
bypycontw
 
PDF
Open source intelligence information gathering (OSINT)
byphexcom1
 
PPTX
Introduction to Python for Security Professionals
byAndrew McNicol
 
PDF
Offensive OSINT
byChristian Martorella
 
PDF
Webscraping with asyncio
byJose Manuel Ortega Candel
 
Python Cryptography & Security
byJose Manuel Ortega Candel
 
Operations security - SyPy Dec 2014 (Sydney Python users)
byMikko Ohtamaa
 
Offensive cyber security: Smashing the stack with Python
byMalachi Jones
 
Network Security and Analysis with Python
bypycontw
 
Open source intelligence information gathering (OSINT)
byphexcom1
 
Introduction to Python for Security Professionals
byAndrew McNicol
 
Offensive OSINT
byChristian Martorella
 
Webscraping with asyncio
byJose Manuel Ortega Candel
 

Similar to OSINT tools for security auditing with python

PDF
Ethical hacking with Python tools
byJose Manuel Ortega Candel
 
PDF
The Web Application Hackers Toolchain
byjasonhaddix
 
PDF
Osint ashish mistry
byn|u - The Open Security Community
 
PDF
OSINT: Open Source Intelligence - Rohan Braganza
byNSConclave
 
PDF
Python para equipos de ciberseguridad
byJose Manuel Ortega Candel
 
PDF
Computer security
byMohamed Abdo
 
PPTX
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
byKenneth Kwon
 
PPTX
Reconnaissance - For pentesting and user awareness
byLeon Teale
 
PPTX
How Python Empowers Ethical Hackers by Supriya Kumar Mitra
bynull - The Open Security Community
 
PDF
Mp26 : Tachyon, sloppiness is bliss
byMontreal Python
 
PPTX
PRESENTATION of CEH Tools.pptx
byAadityaSaxena12
 
PDF
CEH Module 2 Footprinting CEH V13, concepts
byammarhassan185568
 
PDF
Silent web app testing by example - BerlinSides 2011
byAbraham Aranguren
 
PDF
OSINT for Attack and Defense
byAndrew McNicol
 
PDF
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
byegypt
 
PDF
Black hat dc-2010-egypt-uav-slides
byBakry3
 
PPTX
OTG-Recon
bySedthakit Prasanphanich
 
DOCX
FBI & Secret Service- Business Email Compromise Workshop
byErnest Staats
 
PDF
OpenFest 2012 : Leveraging the public internet
bytkisason
 
PDF
Owasp modern information gathering
byKZA
 
Ethical hacking with Python tools
byJose Manuel Ortega Candel
 
The Web Application Hackers Toolchain
byjasonhaddix
 
Osint ashish mistry
byn|u - The Open Security Community
 
OSINT: Open Source Intelligence - Rohan Braganza
byNSConclave
 
Python para equipos de ciberseguridad
byJose Manuel Ortega Candel
 
Computer security
byMohamed Abdo
 
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
byKenneth Kwon
 
Reconnaissance - For pentesting and user awareness
byLeon Teale
 
How Python Empowers Ethical Hackers by Supriya Kumar Mitra
bynull - The Open Security Community
 
Mp26 : Tachyon, sloppiness is bliss
byMontreal Python
 
PRESENTATION of CEH Tools.pptx
byAadityaSaxena12
 
CEH Module 2 Footprinting CEH V13, concepts
byammarhassan185568
 
Silent web app testing by example - BerlinSides 2011
byAbraham Aranguren
 
OSINT for Attack and Defense
byAndrew McNicol
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
byegypt
 
Black hat dc-2010-egypt-uav-slides
byBakry3
 
OTG-Recon
bySedthakit Prasanphanich
 
FBI & Secret Service- Business Email Compromise Workshop
byErnest Staats
 
OpenFest 2012 : Leveraging the public internet
bytkisason
 
Owasp modern information gathering
byKZA
 

More from Jose Manuel Ortega Candel

PDF
Simulando ataques adversarios con TextAttack: Vulnerabilidades y defensas en PLN
byJose Manuel Ortega Candel
 
PDF
Seguridad y auditorías en Modelos grandes del lenguaje (LLM)
byJose Manuel Ortega Candel
 
PDF
Seguridad y auditorías en Modelos grandes del lenguaje (LLM).pdf
byJose Manuel Ortega Candel
 
PDF
Beyond the hype: The reality of AI security.pdf
byJose Manuel Ortega Candel
 
PDF
Seguridad de APIs en Drupal_ herramientas, mejores prácticas y estrategias pa...
byJose Manuel Ortega Candel
 
PDF
Security and auditing tools in Large Language Models (LLM).pdf
byJose Manuel Ortega Candel
 
PDF
Herramientas de benchmarks para evaluar el rendimiento en máquinas y aplicaci...
byJose Manuel Ortega Candel
 
PDF
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
byJose Manuel Ortega Candel
 
PDF
PyGoat Analizando la seguridad en aplicaciones Django.pdf
byJose Manuel Ortega Candel
 
PDF
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
byJose Manuel Ortega Candel
 
PDF
Evolution of security strategies in K8s environments- All day devops
byJose Manuel Ortega Candel
 
PDF
Evolution of security strategies in K8s environments.pdf
byJose Manuel Ortega Candel
 
PDF
Implementing Observability for Kubernetes.pdf
byJose Manuel Ortega Candel
 
PDF
Computación distribuida usando Python
byJose Manuel Ortega Candel
 
PDF
Seguridad en arquitecturas serverless y entornos cloud
byJose Manuel Ortega Candel
 
PDF
Construyendo arquitecturas zero trust sobre entornos cloud
byJose Manuel Ortega Candel
 
PDF
Tips and tricks for data science projects with Python
byJose Manuel Ortega Candel
 
PDF
Sharing secret keys in Docker containers and K8s
byJose Manuel Ortega Candel
 
PDF
Implementing cert-manager in K8s
byJose Manuel Ortega Candel
 
PDF
Python para equipos de ciberseguridad(pycones)
byJose Manuel Ortega Candel
 
Simulando ataques adversarios con TextAttack: Vulnerabilidades y defensas en PLN
byJose Manuel Ortega Candel
 
Seguridad y auditorías en Modelos grandes del lenguaje (LLM)
byJose Manuel Ortega Candel
 
Seguridad y auditorías en Modelos grandes del lenguaje (LLM).pdf
byJose Manuel Ortega Candel
 
Beyond the hype: The reality of AI security.pdf
byJose Manuel Ortega Candel
 
Seguridad de APIs en Drupal_ herramientas, mejores prácticas y estrategias pa...
byJose Manuel Ortega Candel
 
Security and auditing tools in Large Language Models (LLM).pdf
byJose Manuel Ortega Candel
 
Herramientas de benchmarks para evaluar el rendimiento en máquinas y aplicaci...
byJose Manuel Ortega Candel
 
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
byJose Manuel Ortega Candel
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
byJose Manuel Ortega Candel
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
byJose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments- All day devops
byJose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments.pdf
byJose Manuel Ortega Candel
 
Implementing Observability for Kubernetes.pdf
byJose Manuel Ortega Candel
 
Computación distribuida usando Python
byJose Manuel Ortega Candel
 
Seguridad en arquitecturas serverless y entornos cloud
byJose Manuel Ortega Candel
 
Construyendo arquitecturas zero trust sobre entornos cloud
byJose Manuel Ortega Candel
 
Tips and tricks for data science projects with Python
byJose Manuel Ortega Candel
 
Sharing secret keys in Docker containers and K8s
byJose Manuel Ortega Candel
 
Implementing cert-manager in K8s
byJose Manuel Ortega Candel
 
Python para equipos de ciberseguridad(pycones)
byJose Manuel Ortega Candel
 

Recently uploaded

PDF
ODSC West 2025 OpenMetadata Workshop.pdf
byOpenMetadata
 
PPTX
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
PPTX
2025 - AI terms & Meanings for Marketers
byashishav29
 
PDF
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
PDF
FME Realize in the Real World - The Power of Spatial Computing in Action
bySafe Software
 
PDF
Top 11 Sites to Buy Verified GitHub Accounts in 2025
byBuy GitHub Accounts Looking for a verified GitHub account?
 
PPTX
UiPath Data Fabric From Data Silos to Unified Flows.pptx
bysuhanisingh58689
 
PDF
How Generative AI Helps US Healthcare Startups Save 40.pdf
byimoliviabennett
 
DOCX
Formula 3 - MACO using general limit.docx
byMarkus Janssen
 
PDF
RR B.Ed. educational trust. Ashish Tiwari
byat386834
 
PDF
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
PDF
Transcript: Embedding sustainability: Tips for ebook and print production - T...
byBookNet Canada
 
PDF
AI Demands More: Help Ensure Network Readiness With ThousandEyes
byThousandEyes
 
PPTX
OutSystems ONE 2025-recap presentation.pptx
bymostafaothman27
 
PPTX
UiPath Automation Suite_Community Session_3/3
bysuhanisingh58689
 
PDF
n8n - Next Generation Workflow Automation with Open Source
byDaisuke Masuda
 
PDF
Unlocking Access: Enriching Public Services with Location Intelligence.pdf
byPrecisely
 
DOCX
Formula 1 - APIC general MACO calculation.docx
byMarkus Janssen
 
PDF
Transcript: Ready, set, go: Pre-fall sales trends and data-driven insights - ...
byBookNet Canada
 
PDF
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
ODSC West 2025 OpenMetadata Workshop.pdf
byOpenMetadata
 
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
2025 - AI terms & Meanings for Marketers
byashishav29
 
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
FME Realize in the Real World - The Power of Spatial Computing in Action
bySafe Software
 
Top 11 Sites to Buy Verified GitHub Accounts in 2025
byBuy GitHub Accounts Looking for a verified GitHub account?
 
UiPath Data Fabric From Data Silos to Unified Flows.pptx
bysuhanisingh58689
 
How Generative AI Helps US Healthcare Startups Save 40.pdf
byimoliviabennett
 
Formula 3 - MACO using general limit.docx
byMarkus Janssen
 
RR B.Ed. educational trust. Ashish Tiwari
byat386834
 
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
Transcript: Embedding sustainability: Tips for ebook and print production - T...
byBookNet Canada
 
AI Demands More: Help Ensure Network Readiness With ThousandEyes
byThousandEyes
 
OutSystems ONE 2025-recap presentation.pptx
bymostafaothman27
 
UiPath Automation Suite_Community Session_3/3
bysuhanisingh58689
 
n8n - Next Generation Workflow Automation with Open Source
byDaisuke Masuda
 
Unlocking Access: Enriching Public Services with Location Intelligence.pdf
byPrecisely
 
Formula 1 - APIC general MACO calculation.docx
byMarkus Janssen
 
Transcript: Ready, set, go: Pre-fall sales trends and data-driven insights - ...
byBookNet Canada
 
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 

OSINT tools for security auditing with python

  • 1.
  • 3.
  • 4.
    ▪ OSINT introduction ▪Server information(Censys,Shodan) ▪ OSINT tools developed with python ▪ Geolocation,Metadata ▪ Twitter,Footprinting,FullContact
  • 5.
    ▪ Define aspecific target and data you wish to obtain ▪ Technical-Accounts,servers,services,software ▪ Social-Social Media,Email,Photos ▪ Physical-Address,Home IP address,Footprinting ▪ Logical-Network,Operational intelligence
  • 6.
    ▪ GeoLocation ▪ IPaddress ▪ Email address ▪ Telephone Number ▪ Usernames in social network profiles ▪ Metadata information from images ▪ Server information & vulnerabilities
  • 8.
  • 13.
    ▪ Checking datawith ip address ▪ https://www.shodan.io/host/144.76.246.116
  • 15.
  • 16.
    ▪ https://bitbucket.org/LaNMaSteR53/recon-ng ▪ OpenSource OSINT toolkit written in python ▪ Actively maintained ▪ Uses modules and saves all recollected information in databases
  • 17.
    ▪ dnspython -http://www.dnspython.org/ ▪ dicttoxml - https://github.com/quandyfactory/dicttoxml/ ▪ jsonrpclib - https://github.com/joshmarshall/jsonrpclib/ ▪ lxml - http://lxml.de/ ▪ slowaes - https://code.google.com/p/slowaes/ ▪ XlsxWriter - https://github.com/jmcnamara/XlsxWriter/ ▪ Mechanize ▪ PyPDF2 ▪ sqlite3
  • 25.
  • 27.
    ▪ httplib ▪ socket ▪requests ▪ shodan
  • 29.
    ▪ pip installosrframework ▪ Developed in python 2.7 ▪ Integrates with maltego transforms ▪ https://pypi.python.org/pypi/osrframework/0.13.2 ▪ https://github.com/i3visio/osrframework
  • 30.
    ▪ BeautifulSoup ▪ Requests ▪Mechanize ▪ pyDNSresolving name servers ▪ python-whoisto recover the whois info from a domain ▪ tweepyfor connecting with Twitter API ▪ Skype4Py for connecting with Skype API ▪ Python-emailahoyfor checking email address ▪ Multiprocessingimport Process, Queue, Pool
  • 39.
    Source Location Notes abuse.chhttp://www.abuse.ch Various malware trackers. AdBlock https://easylist- downloads.adblockplus.org/easylist.txt AdBlock pattern matches AlienVault https://reputation.alienvault.com AlienVault’s IP reputation database. Autoshun.org http://www.autoshun.org Blacklists. AVG Site Safety Report http://www.avgthreatlabas.com Site safety checker. Bing http://www.bing.com Scraping but future version to also use API. Blocklist.de http://lists.blocklist.de Blacklists. Checkusernames.com http://www.checkusernames.com Look up username availability on popular sites. DNS Your configured DNS server. Defaults to your local DNS but can be configured to whatever IP address you supply SpiderFoot. DomainTools http://www.domaintools.com DroneBL http://www.dronebl.org Facebook http://www.facebook.com Scraping but future version to also use API. FreeGeoIP http://freegeoip.net Google http://www.google.com Scraping but future version to also use API. Google+ http://plus.google.com Scraping but future version to also use API. Google Safe Browsing http://www.google.com/safebrowsing Site safety checker. LinkedIn http://www.linkedin.com Scraping but future version to also use API. malc0de.com http://malc0de.com Blacklists. malwaredomainlist.com http://www.malwaredomainlist.com Blacklists.
  • 40.
    Source Location Notes malwaredomains.comhttp://www.malwaredomains.com Blacklists. McAfee SiteAdvisor http://www.siteadvisor.com Site safety checker. NameDroppers http://www.namedroppers.org Nothink.org http://www.nothink.org Blacklists. OpenBL http://www.openbl.org Blacklists. PasteBin http://www.pastebin.com Achieved through Google scraping. PGP Servers http://pgp.mit.edu/pks/ PGP public keys. PhishTank http://www.phishtank.org Identified phishing sites. Project Honeypot http://www.projecthoneypot.org Blacklists. API key needed. RIPE/ARIN http://stat.ripe.net/ Robtex http://www.robtex.com SANS ISC http://isc.sans.edu Internet Storm Center IP reputation database. SHODAN http://www.shodanhq.com API key needed. SORBS http://www.sorbs.net Blacklists. SpamHaus http://www.spamhaus.org Blacklists. ThreatExpert http://www.threatexpert.com Blacklists. TOR Node List http://torstatus.blutmagie.de TotalHash.com http://www.totalhash.com Domains/IPs used by malware. UCEPROTECT http://www.uceprotect.net Blacklists. VirusTotal http://www.virustotal.com Domains/IPs used by malware. API key needed. Whois Various Whois servers for different TLDs. Yahoo http://www.yahoo.com Scraping but future version to also use API. Zone-H http://www.zone-h.org Easy to get black-listed. Log onto the site in a browser from the IP you’re scanning from first and enter the CAPTCHA, then it should be fine.
  • 41.
    ▪ Python 2.7 ▪BeautifulSoup ▪ DNSPython ▪ Socks ▪ Socket ▪ SSL ▪ CherryPy ▪ M2MCrypto ▪ Netaddr ▪ pyPDF
  • 42.
    from bs4 importBeautifulSoup, SoupStrainer
  • 46.
  • 47.
  • 48.
    ▪ Orb(Python 2.x) •https://github.com/epsylon/orb • python-whois - Python module for retrieving WHOIS information • python-dnspython - DNS toolkit for Python • python-nmap - Python interface to the Nmap port scanner • InstaRecon(Python 2.x) • https://github.com/vergl4s/instarecon • dnspython,ipaddress • ipwhois,python-whois • requests,shodan
  • 51.
    ▪ BeautifulSoup forparsing web information ▪ Requests,urllib3 for synchronous requests ▪ Asyncio,aiohttp for asynchronous requests ▪ Robobrowser,Scrapy for web crawling ▪ PyGeoIP,geoip2,geojson for GeoLocation ▪ python-twitter,tweepy for connecting with twitter ▪ Shodan for obtain information for servers ▪ DNSPython,netaddr for resolving ip address
  • 53.
    python tinfoleak.py pycones-i -s --sdate 2016/01/01 --hashtags --mentions --meta --media [d] --geo GEOFILE --top 10 -o report.html
  • 55.
    ▪ import tweepyTwitterAPI library for Python ▪ from PIL import Image, ExifTags, ImageCmsmetadata from images ▪ import pyexiv2metadata from images ▪ import urllib2requests ▪ from OpenSSL import SSL ▪ from jinja2 import Template, Environment, FileSystemLoaderreport
  • 61.
    ▪ We knowwe have a valid email address ▪ What other profiles are associated with this address? ▪ Go to fullcontact.com for an API key…..
  • 67.
    ▪ https://sourceforge.net/projects/spiderfoot ▪ http://www.edge-security.com/theharvester.php ▪https://developer.shodan.io/api ▪ http://www.clips.ua.ac.be/pattern ▪ http://www.pentest- standard.org/index.php/PTES_Technical_Guidelines#OSINT ▪ http://www.vicenteaguileradiaz.com/tools ▪ https://github.com/automatingosint/osint_public ▪ http://www.automatingosint.com/blog/
  • 69.