What’s DataSploit

Февраль 23, 2021

Содержание

2. Just another Pen-tester. Security Consultant @ NotSoSecure 5+ Years of Experience Twitter - @upgoingstar Email -
3. What’s DataSploit? Automated OSINT Tool for Domain / Email / Username / IP Addresses Fetches information
4. Why DataSploit? So much data. Server’s Username / Passwords Address Email Id Phone Number Credentials Interests
5. Lets talk real time? History?
6. Components Domain Osint Email Osint IP Osint Username Osint WIP Company Scoping Phone Number OSINT Active
7. Sources and Flow Email: Basic Email Checks Work History Social profiles Enumerated Usernames ?? Location Information
8. Setting it up.. Manual Download from git (git clone or download) git clone https://github.com/DataSploit/datasploit.git pip install
9. Documentation. https://datasploit.github.io/datasploit/
10. What’s in there?
11. Output Formats HTML JSON Emails List (txt file) Subdomains List (txt file)
13. Twitter: @datasploit https://twitter.com/datasploit
14. Facebook: /datasploit https://www.facebook.com/datasploit/
15. Roadmap Allows to set up periodic scans and alerting for product security companies. Intelligence on co-relation
16. Coverage
17. How to Contribute Help us in testing the tool Expand : Write/Suggest modules Give Feedback: raise
18. Core Contributors. Shubham Mittal (@upgoingstar) Nutan Kumar Panda (@nutankumarpanda) Sudhanshu (@sudhanshu_c) Kunal (@KunalAggarwal92) Kudos to @anantshri
20. Скачать презентацию

Just another Pen-tester.
Security Consultant @ NotSoSecure
5+ Years of Experience
Twitter - @upgoingstar
Email -

What’s DataSploit?
Automated OSINT Tool for Domain / Email / Username / IP

Addresses
Fetches information from multiple HIDDEN sources.
Works in passive mode.
Written in Python.
Multiple report formats available.
Customized for Pen-testers / Product Security Guys / Cyber Investigators.

Слайд 4

Why DataSploit?
So much data.
Server’s Username / Passwords
Address
Email Id
Phone Number
Credentials
Interests
Friends
Preferences
Legacy Machines
Unnecessary Ports Information
Technologies

in use, and blah blah..

Слайд 5

Lets talk real time? History?

Слайд 6

Components
Domain Osint
Email Osint
IP Osint
Username Osint
WIP
Company Scoping
Phone Number OSINT
Active Modules

Слайд 7

Sources and Flow
Email:
Basic Email Checks
Work History
Social profiles
Enumerated Usernames ??
Location Information
Slides
Scribd

Documents
Related Websites
HaveIBeenPwned

Domain:
WhoIS
DNS Records
PunkSpider
Wappalyzer
Github
Email Harvestor ??
Domain IP History
Paste(s) Search
Pagelinks
Wikileaks
Links from Forums
Passive SSL Scan
ZoomEye
Shodan
Censys
Subdomains ??

Username:
Git Details
Check username on various sites.
Profile Pics –Output saved in $username directory
Frequent Hashtags
Interaction on Twitter.

Active Modules

Слайд 8

Setting it up..
Manual
Download from git (git clone or download)
git clone https://github.com/DataSploit/datasploit.git
pip

install –r requirements.txt
config.py holds API keys
domain_xyz.py – running stand alone scripts.
domainOsint / emailOsint / ipOsint – automated OSINT
active_scan.py
Automated
https://hub.docker.com/r/appsecco/datasploit/
https://hub.docker.com/r/ftorn/datasploit/

Слайд 9

Documentation.
https://datasploit.github.io/datasploit/

Слайд 10

What’s in there?

Слайд 11

Output Formats
HTML
JSON
Emails List (txt file)
Subdomains List (txt file)

Слайд 12

Слайд 13

Twitter: @datasploit https://twitter.com/datasploit

Слайд 14

Facebook: /datasploit https://www.facebook.com/datasploit/

Слайд 15

Roadmap
Allows to set up periodic scans and alerting for product security companies.
Intelligence

on co-relation and identity verification.
Reports in CSV.
Reverse Image Search and profile validation.
Works closely with various social network APIs.
Refine Pastebin and Github Searches.
IP Threat Intelligence.
Organization Scoping.
Integration with SE other tools.
Cloud related OSINT and active modules.
pip install datasploit (to be installed as both library as well as script)

Слайд 16

Coverage

Слайд 17

How to Contribute
Help us in testing the tool
Expand : Write/Suggest modules
Give Feedback:

raise issues, tweet, drop an email.
Use / Promote / Write about the tool.
Write OSINT blogs / tool walkthrough(s) / etc.
Report issues at https://github.com/datasploit/datasploit/issues

Слайд 18

Core Contributors.
Shubham Mittal (@upgoingstar)
Nutan Kumar Panda (@nutankumarpanda)
Sudhanshu (@sudhanshu_c)
Kunal (@KunalAggarwal92)
Kudos to
@anantshri for

mentoring.
@ bnchandrapal for feedbacks, suggestions and other help around issues.