From 4a9f3ab4de0521434dc96d79c7b362443c9091fa Mon Sep 17 00:00:00 2001 From: Zouhair AMAZZAL Date: Thu, 8 Aug 2024 22:54:11 +0300 Subject: [PATCH] CON-3040 recover the passive folder --- subjects/cybersecurity/passive/README.md | 78 +++++++++++++++++++ .../cybersecurity/passive/audit/README.md | 39 ++++++++++ 2 files changed, 117 insertions(+) create mode 100644 subjects/cybersecurity/passive/README.md create mode 100644 subjects/cybersecurity/passive/audit/README.md diff --git a/subjects/cybersecurity/passive/README.md b/subjects/cybersecurity/passive/README.md new file mode 100644 index 000000000..c72c617c5 --- /dev/null +++ b/subjects/cybersecurity/passive/README.md @@ -0,0 +1,78 @@ +# Passive + +### Introduction + +Information gathering is one of the most important steps during a pentest, it can be considered the longest step. + +### Objective + +The goal of this project is for you to become more comfortable with open source investigative methods + +### Advice + +Before asking help, ask yourself if you have really thought about all the possibilities. +https://en.kali.tools/all/?category=recon +https://github.com/topics/osint-tools +https://en.wikipedia.org/wiki/Open-source_intelligence +https://en.wikipedia.org/wiki/Doxing + +### Guidelines + +You are going here to create your first passive recognition tool, you have the choice of language, however your program will have to recognize the information entered (FULL NAME, IP, @login). + +For the case of the full name, it will have to recognize the entry: "Last name" and "First name", and then look in the directories for the telephone number and the address. + +If it is the IP address, your tool should display at least the city and the name of the internet service provider. + +If it is a username, your tool will have to check if this username is used in at least 5 known social networks. + +The result should be stored in a result.txt file (result2.txt if the file already exists) + +### Bonus + +You can add more API features + +### Usage + +``` +$> passive --help + +Welcome to passive v1.0.0 + +OPTIONS: + -fn Search with full-name + -ip Search with ip address + -u Search with username + +$> passive -fn "Jean Dupont" +First name: Jean +Last name: Dupont +Address: 7 rue du Progrès +75016 Paris +Number: +33601010101 +Saved in result.txt + +$> passive -ip 127.0.0.1 +ISP: FSociety, S.A. +City Lat/Lon: (13.731) / (-1.1373) +Saved in result2.txt + +$> passive -u "@user01" +Facebook : yes +Twitter : yes +Linkedin : yes +Instagram : no +Skype : yes +Saved in result3.txt +``` + +### Submission and audit + +Files that must be inside your repository: + +- Your program source code. +- A README.md file, which clearly explains how to use the program. + +Don’t hesitate to double-check the names of your folders and files to ensure they are correct! + +> ⚠️ These methods and tools are for educational purposes only, so that you have a better understanding of how to protect against similar vulnerabilities. You must ensure that you do not attempt any exploit-type activity without the explicit permission of the owner of the machine, system or application. Failure to obtain permission risks breaking the law. diff --git a/subjects/cybersecurity/passive/audit/README.md b/subjects/cybersecurity/passive/audit/README.md new file mode 100644 index 000000000..342156754 --- /dev/null +++ b/subjects/cybersecurity/passive/audit/README.md @@ -0,0 +1,39 @@ +#### General + +###### Is the student able to explain clearly the used investigative methods? + +###### Is the student able to explain clearly what OSINT means? + +###### Is the student able to explain clearly how his program works? + +##### Check the Repo content + +Files that must be inside your repository: + +- Your program source code. + +- A README.md file, which clearly explains how to use the program. + +###### Are the required files present? + +##### Ask the student to present his program to you by doing 3 tests + +###### Is the information entered as an argument a full name, an IP address, and a username? + +##### Try flag "-fn" with the following command `passive -fn "Jean Dupont"` + +###### Does the program display the address, and the telephone number for the full name entered? + +##### Try flag "-ip" with the following command `passive -ip 127.0.0.1` + +###### Does the program display the ISP, and position for the entered IP address? + +##### Try flag "-u" with the following command `passive -u "@user01"` + +###### Does the program check if the user entered is present in is present in at least 5 social networks? + +###### Does the program retrieve this information from a public source? + +###### Does the program save the result of each command in a result.txt file? + +###### If the result.txt file already exists is a new file created?