What’s DataSploit

Слайд 2

Just another Pen-tester.
Security Consultant @ NotSoSecure
5+ Years of Experience
Twitter - @upgoingstar
Email -

Just another Pen-tester. Security Consultant @ NotSoSecure 5+ Years of Experience Twitter

Слайд 3

What’s DataSploit?

Automated OSINT Tool for Domain / Email / Username / IP

What’s DataSploit? Automated OSINT Tool for Domain / Email / Username /
Addresses
Fetches information from multiple HIDDEN sources.
Works in passive mode.
Written in Python.
Multiple report formats available.
Customized for Pen-testers / Product Security Guys / Cyber Investigators.

Слайд 4

Why DataSploit?

So much data.
Server’s Username / Passwords
Address
Email Id
Phone Number
Credentials
Interests
Friends
Preferences
Legacy Machines
Unnecessary Ports Information
Technologies

Why DataSploit? So much data. Server’s Username / Passwords Address Email Id
in use, and blah blah..

Слайд 5

Lets talk real time? History?

Lets talk real time? History?

Слайд 6

Components

Domain Osint
Email Osint
IP Osint
Username Osint
WIP
Company Scoping
Phone Number OSINT
Active Modules

Components Domain Osint Email Osint IP Osint Username Osint WIP Company Scoping

Слайд 7

Sources and Flow

Email:
Basic Email Checks
Work History
Social profiles
Enumerated Usernames ??
Location Information
Slides
Scribd

Sources and Flow Email: Basic Email Checks Work History Social profiles Enumerated
Documents
Related Websites
HaveIBeenPwned

Domain:
WhoIS
DNS Records
PunkSpider
Wappalyzer
Github
Email Harvestor ??
Domain IP History
Paste(s) Search
Pagelinks
Wikileaks
Links from Forums
Passive SSL Scan
ZoomEye
Shodan
Censys
Subdomains ??

Username:
Git Details
Check username on various sites.
Profile Pics –Output saved in $username directory
Frequent Hashtags
Interaction on Twitter.

Active Modules

Слайд 8

Setting it up..

Manual
Download from git (git clone or download)
git clone https://github.com/DataSploit/datasploit.git
pip

Setting it up.. Manual Download from git (git clone or download) git
install –r requirements.txt
config.py holds API keys
domain_xyz.py – running stand alone scripts.
domainOsint / emailOsint / ipOsint – automated OSINT
active_scan.py
Automated
https://hub.docker.com/r/appsecco/datasploit/
https://hub.docker.com/r/ftorn/datasploit/

Слайд 9

Documentation.

https://datasploit.github.io/datasploit/

Documentation. https://datasploit.github.io/datasploit/

Слайд 10

What’s in there?

What’s in there?

Слайд 11

Output Formats

HTML
JSON
Emails List (txt file)
Subdomains List (txt file)

Output Formats HTML JSON Emails List (txt file) Subdomains List (txt file)

Слайд 13

Twitter: @datasploit https://twitter.com/datasploit

Twitter: @datasploit https://twitter.com/datasploit

Слайд 14

Facebook: /datasploit https://www.facebook.com/datasploit/

Facebook: /datasploit https://www.facebook.com/datasploit/

Слайд 15

Roadmap

Allows to set up periodic scans and alerting for product security companies.
Intelligence

Roadmap Allows to set up periodic scans and alerting for product security
on co-relation and identity verification.
Reports in CSV.
Reverse Image Search and profile validation.
Works closely with various social network APIs.
Refine Pastebin and Github Searches.
IP Threat Intelligence.
Organization Scoping.
Integration with SE other tools.
Cloud related OSINT and active modules.
pip install datasploit (to be installed as both library as well as script)

Слайд 17

How to Contribute

Help us in testing the tool
Expand : Write/Suggest modules
Give Feedback:

How to Contribute Help us in testing the tool Expand : Write/Suggest
raise issues, tweet, drop an email.
Use / Promote / Write about the tool.
Write OSINT blogs / tool walkthrough(s) / etc.
Report issues at https://github.com/datasploit/datasploit/issues

Слайд 18

Core Contributors.

Shubham Mittal (@upgoingstar)
Nutan Kumar Panda (@nutankumarpanda)
Sudhanshu (@sudhanshu_c)
Kunal (@KunalAggarwal92)
Kudos to
@anantshri for

Core Contributors. Shubham Mittal (@upgoingstar) Nutan Kumar Panda (@nutankumarpanda) Sudhanshu (@sudhanshu_c) Kunal
mentoring.
@ bnchandrapal for feedbacks, suggestions and other help around issues.
Имя файла: What’s-DataSploit.pptx
Количество просмотров: 40
Количество скачиваний: 0