root
/
public
mirror of https://github.com/01-edu/public.git
14
27
Fork 0
Code Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5898 Commits
88 Branches
8 Tags
372 MiB
Tree: 94dc18d7c7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '94dc18d7c7'
${ noResults }
public/subjects/cybersecurity/osint-master/README.md

164 lines
6.6 KiB
Raw Normal View History unescape_control_characters

CON-3040 feat(osint-master) remake the passive project subject
2 months ago
## OSINTMaster
<center>
<img src="./resources/osint-meme.png?raw=true" style = "width: 673px !important; height: 439px !important;"/>
</center>
### Introduction:
Open-source intelligence (OSINT) is a key component of cybersecurity, providing valuable insights into potential vulnerabilities and security risks. This project involves creating a tool that performs comprehensive passive reconnaissance using publicly available data.
### Objective:
The goal is to build a multi-functions tool capable of retrieving detailed information based on user inputs such as `Full names`, `IP addresses`, `usernames`, and `domains`. This project will enhance your skills in data analysis, ethical considerations, and the use of various cybersecurity tools and APIs.
By completing this project, You will:
- Develop an understanding of OSINT techniques and their applications.
- Gain practical experience in programming, API integration, and data handling.
- Learn to identify and mitigate security risks, including subdomain takeovers.
- Understand the ethical and legal implications of cybersecurity practices.
### Resources
Some useful resources:
[Open-source intelligence](https://en.wikipedia.org/wiki/Open-source_intelligence)
[Doxing](https://en.wikipedia.org/wiki/Doxing)
[Kali Tools - Recon](https://en.kali.tools/all/?category=recon)
[OSINT Tools on GitHub](https://github.com/topics/osint-tools)
Before asking help, ask yourself if you have really thought about all the possibilities.
### Role play
To enhance the learning experience and assess your knowledge, a role play question session will be included as part of this project.
This section will involve answering a series of questions in a simulated real-world scenario where you assume the role of a Cyber Security Expert explaining how to protect information from OSINT techniques to a team or stakeholder.
The goal of the role play question session is to:
- Assess your understanding of OSINT risks and mitigation strategies.
- Test your ability to communicate effectively and explain security measures related to this project.
- Challenge you to think critically about the importance of information security and consider alternative approaches.
- Explain what subdomain takeovers are.
Prepare for a role play question session in the audit.
### Project Requirements
#### Input Handling:
The tool should accept the following inputs: `Full Name`, `IP Address`, `Username`, and `Domain`.
#### Information Retrieval:
- Full Name:
Parse the input to extract "First Name" and "Last Name".
Look up associated information such as phone numbers, addresses, and social media profiles using directory APIs or web scraping.
- IP Address:
Retrieve geolocation data, ISP details, and check for any historical data associated with the IP (e.g., from abuse databases).
- Username:
Check for the presence of the username on at least five known social networks and public repositories.
Retrieve public profile information, such as profile bio, activity status, and follower count.
- Domain and Subdomain Enumeration:
Enumerate subdomains and gather information including IP addresses, SSL certificate details, and potential vulnerabilities.
Identify potential subdomain takeover risks by analyzing DNS records and associated resources.
#### Subdomain Takeover Detection:
Detect and report any subdomains pointing to potentially unclaimed or deprecated resources, indicating a risk of takeover.
#### Output Management:
Store the results in a well-organized file format.
### Usage Examples
#### Command Line Interface:
```sh
$> osintmaster --help
Welcome to osintmaster multi-function Tool
OPTIONS:
-n "Full Name" Search information by full name
-i "IP Address" Search information by IP address
-u "Username" Search information by username
-d "Domain" Enumerate subdomains and check for takeover risks
-o "FileName" File name to save output
```
#### Example Outputs:
```sh
$> osintmaster -n "FNAME LNAME" -o result1.txt
First name: FNAME
Last name: LNAME
Phone Number: +1234567890
Address: Address123, CITY, COUNTRY-CODE
LinkedIn: linkedin.com/in/XX.XX
Facebook: facebook.com/XX.XX
Data Saved in result1.txt
```
#### IP Address:
```sh
$> osintmaster -i 8.8.8.8 -o result2.txt
ISP: Google LLC
City: Mountain View
Country: COUNTRY
ASN: 15169
Known Issues: No reported abuse
Data Saved in result2.txt
```
#### Username:
```sh
$> osintmaster -u "@username" -o result3.txt
Facebook: Found
Twitter: Found
LinkedIn: Found
Instagram: Not Found
GitHub: Found
Recent Activity: Active on GitHub, last post 1 days ago
Data Saved in result3.txt
```
#### Domain and Subdomain Enumeration:
```sh
$> osintmaster -d "example.com" -o result4.txt
Main Domain: example.com
Subdomains found: 3
- www.example.com (IP: 123.123.123.123)
SSL Certificate: Valid until 2030-03-01
- mail.example.com (IP: 123.123.123.123)
SSL Certificate: Valid until 2030-03-01
- test.example.com (IP: 123.123.123.123)
SSL Certificate: Not found
Potential Subdomain Takeover Risks:
- Subdomain: test.example.com
CNAME record points to a non-existent AWS S3 bucket
Recommended Action: Remove or update the DNS record to prevent potential misuse
Data saved in result4.txt
```
### Bonus
If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
- User Interface: Develop a graphical user interface (GUI) for better user accessibility.
- PDF Generation: Add a feature to generate your OSINT result as PDF files.
Challenge yourself!
### Documentation
Create a `README.md` file that provides comprehensive documentation for your tool (prerequisites, setup, configuration, usage, ...). This file must be submitted as part of the solution for the project.
### Ethical and Legal Considerations
- Get Permission: Always obtain explicit permission before gathering information.
- Respect Privacy: Collect only necessary data and store it securely.
- Follow Laws: Adhere to relevant laws such as GDPR and CFAA.
- Report Responsibly: Privately notify affected parties of any vulnerabilities.
- Educational Use Only: Use this tool and techniques solely for learning and improving security.
> Disclaimer: This project is for educational purposes only. Ensure all activities comply with legal and ethical standards. The institution is not responsible for misuse of the techniques and tools demonstrated.
### Submission and audit
Upon completing this project, you should submit the following:
- Your documentation in the `README.md` file.
- The Source code of your tool.
- Any required files to run your tool.