root
/
public
mirror of https://github.com/01-edu/public.git
14
27
Fork 0
Code Releases Wiki Activity
Browse Source

CON-3040 fmt(osint-master) improve the subject and audit

CON-3116-Fix-nascar-online-alpha-subject-and-audit
Zouhair AMAZZAL 2 months ago committed by Zouhair AMAZZAL
parent
9d830bd3f8
commit
83e7c14b9a
2 changed files with 67 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 25
      subjects/cybersecurity/osint-master/README.md
  2. 39
      subjects/cybersecurity/osint-master/audit/README.md

25
subjects/cybersecurity/osint-master/README.md
unescape_control_characters View File

@ -5,19 +5,24 @@
</center> </center>
### Introduction: ### Introduction:
Open-source intelligence (OSINT) is a key component of cybersecurity, providing valuable insights into potential vulnerabilities and security risks. This project involves creating a tool that performs comprehensive passive reconnaissance using publicly available data. Open-source intelligence (OSINT) is a key component of cybersecurity, providing valuable insights into potential vulnerabilities and security risks. This project involves creating a tool that performs comprehensive passive reconnaissance using publicly available data.
### Objective: ### Objective:
The goal is to build a multi-functional using a programming language of your choice, The tool is capable of retrieving detailed information based on user inputs such as `Full names`, `IP addresses`, `usernames`, and `domains`. This project will enhance your skills in data analysis, ethical considerations, and the use of various cybersecurity tools and APIs.
The goal is to build a multi-functional tool using a programming language of your choice, The tool is capable of retrieving detailed information based on user inputs such as `Full names`, `IP addresses`, `usernames`, and `domains`. This project will enhance your skills in data analysis, ethical considerations, and the use of various cybersecurity tools and APIs.
By completing this project, You will: By completing this project, You will:
- Develop an understanding of OSINT techniques and their applications. - Develop an understanding of OSINT techniques and their applications.
- Gain practical experience in programming, API integration, and data handling. - Gain practical experience in programming, API integration, and data handling.
- Learn to identify and mitigate security risks, including subdomain takeovers. - Learn to identify and mitigate security risks, including subdomain takeovers.
- Understand the ethical and legal implications of cybersecurity practices. - Understand the ethical and legal implications of cybersecurity practices.
### Resources ### Resources
Some useful resources: Some useful resources:
- [Open-source intelligence](https://en.wikipedia.org/wiki/Open-source_intelligence) - [Open-source intelligence](https://en.wikipedia.org/wiki/Open-source_intelligence)
- [Doxing](https://en.wikipedia.org/wiki/Doxing) - [Doxing](https://en.wikipedia.org/wiki/Doxing)
- [Kali Tools - Recon](https://en.kali.tools/all/?category=recon) - [Kali Tools - Recon](https://en.kali.tools/all/?category=recon)
@ -26,10 +31,12 @@ Some useful resources:
Before asking for help, ask yourself if you have really thought about all the possibilities. Before asking for help, ask yourself if you have really thought about all the possibilities.
### Role play ### Role play
To enhance the learning experience and assess your knowledge, a role play question session will be included as part of this project. To enhance the learning experience and assess your knowledge, a role play question session will be included as part of this project.
This section will involve answering a series of questions in a simulated real-world scenario where you assume the role of a Cyber Security Expert explaining how to protect information from OSINT techniques to a team or stakeholder. This section will involve answering a series of questions in a simulated real-world scenario where you assume the role of a Cyber Security Expert explaining how to protect information from OSINT techniques to a team or stakeholder.
The goal of the role play question session is to: The goal of the role play question session is to:
- Assess your understanding of OSINT risks and mitigation strategies. - Assess your understanding of OSINT risks and mitigation strategies.
- Test your ability to communicate effectively and explain security measures related to this project. - Test your ability to communicate effectively and explain security measures related to this project.
- Challenge you to think critically about the importance of information security and consider alternative approaches. - Challenge you to think critically about the importance of information security and consider alternative approaches.
@ -38,10 +45,13 @@ The goal of the role play question session is to:
Prepare for a role play question session in the audit. Prepare for a role play question session in the audit.
### Project Requirements ### Project Requirements
#### Input Handling: #### Input Handling:
The tool should accept the following inputs: `Full Name`, `IP Address`, `Username`, and `Domain`. The tool should accept the following inputs: `Full Name`, `IP Address`, `Username`, and `Domain`.
#### Information Retrieval: #### Information Retrieval:
- Full Name: - Full Name:
Parse the input to extract "First Name" and "Last Name". Parse the input to extract "First Name" and "Last Name".
Look up associated information such as phone numbers, addresses, and social media profiles using directory APIs or web scraping. Look up associated information such as phone numbers, addresses, and social media profiles using directory APIs or web scraping.
@ -57,15 +67,14 @@ Retrieve public profile information, such as profile bio, activity status, and f
Enumerate subdomains and gather information including IP addresses, SSL certificate details, and potential vulnerabilities. Enumerate subdomains and gather information including IP addresses, SSL certificate details, and potential vulnerabilities.
Identify potential subdomain takeover risks by analyzing DNS records and associated resources. Identify potential subdomain takeover risks by analyzing DNS records and associated resources.
#### Subdomain Takeover Detection:
Detect and report any subdomains pointing to potentially unclaimed or deprecated resources, indicating a risk of takeover.
#### Output Management: #### Output Management:
Store the results in a well-organized file format. Store the results in a well-organized file format.
### Usage Examples ### Usage Examples
#### Command Line Interface: #### Command Line Interface:
```sh ```sh
$> osintmaster --help $> osintmaster --help
@ -80,6 +89,7 @@ OPTIONS:
``` ```
#### Example Outputs: #### Example Outputs:
```sh ```sh
$> osintmaster -n "FNAME LNAME" -o result1.txt $> osintmaster -n "FNAME LNAME" -o result1.txt
First name: FNAME First name: FNAME
@ -92,6 +102,7 @@ Data Saved in result1.txt
``` ```
#### IP Address: #### IP Address:
```sh ```sh
$> osintmaster -i 8.8.8.8 -o result2.txt $> osintmaster -i 8.8.8.8 -o result2.txt
ISP: Google LLC ISP: Google LLC
@ -103,6 +114,7 @@ Data Saved in result2.txt
``` ```
#### Username: #### Username:
```sh ```sh
$> osintmaster -u "@username" -o result3.txt $> osintmaster -u "@username" -o result3.txt
Facebook: Found Facebook: Found
@ -115,6 +127,7 @@ Data Saved in result3.txt
``` ```
#### Domain and Subdomain Enumeration: #### Domain and Subdomain Enumeration:
```sh ```sh
$> osintmaster -d "example.com" -o result4.txt $> osintmaster -d "example.com" -o result4.txt
Main Domain: example.com Main Domain: example.com
@ -136,6 +149,7 @@ Data saved in result4.txt
``` ```
### Bonus ### Bonus
If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example: If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
- User Interface: Develop a graphical user interface (GUI) for better user accessibility. - User Interface: Develop a graphical user interface (GUI) for better user accessibility.
@ -144,10 +158,12 @@ If you complete the mandatory part successfully, and you still have free time, y
Challenge yourself! Challenge yourself!
### Documentation ### Documentation
Create a `README.md` file that provides comprehensive documentation for your tool (prerequisites, setup, configuration, usage, ...). This file must be submitted as part of the solution for the project. Create a `README.md` file that provides comprehensive documentation for your tool (prerequisites, setup, configuration, usage, ...). This file must be submitted as part of the solution for the project.
Add clear guidelines and warnings about the ethical and legal use of the tool to your documentation. Add clear guidelines and warnings about the ethical and legal use of the tool to your documentation.
### Ethical and Legal Considerations ### Ethical and Legal Considerations
- Get Permission: Always obtain explicit permission before gathering information. - Get Permission: Always obtain explicit permission before gathering information.
- Respect Privacy: Collect only necessary data and store it securely. - Respect Privacy: Collect only necessary data and store it securely.
- Follow Laws: Adhere to relevant laws such as GDPR and CFAA. - Follow Laws: Adhere to relevant laws such as GDPR and CFAA.
@ -157,6 +173,7 @@ Add clear guidelines and warnings about the ethical and legal use of the tool to
> ⚠️ Disclaimer: This project is for educational purposes only. Ensure all activities comply with legal and ethical standards. The institution is not responsible for misuse of the techniques and tools demonstrated. > ⚠️ Disclaimer: This project is for educational purposes only. Ensure all activities comply with legal and ethical standards. The institution is not responsible for misuse of the techniques and tools demonstrated.
### Submission and audit ### Submission and audit
Upon completing this project, you should submit the following: Upon completing this project, you should submit the following:
- Your documentation in the `README.md` file. - Your documentation in the `README.md` file.

39
subjects/cybersecurity/osint-master/audit/README.md
unescape_control_characters View File

@ -1,76 +1,107 @@
#### General #### General
##### Check the Repo content. ##### Check the Repo content.
Files that must be inside the repository: Files that must be inside the repository:
- Detailed documentation in the `README.md` file. - Detailed documentation in the `README.md` file.
- Source code for the OSINT-Master tool. - Source code for the OSINT-Master tool.
- Any required configuration files and scripts for running the tool. - Any required configuration files and scripts for running the tool.
###### Are all the required files present? ###### Are all the required files present?
##### Play the role of a stakeholder ##### Play the role of a stakeholder
Organize a simulated scenario where the student take on the role of Cyber Security Experts and explain their solution and knowledge to a team or stakeholder. Evaluate their grasp of the concepts and technologies used in the project, their communication efficacy, and their critical thinking about their solution and knowledge behind this project. Organize a simulated scenario where the student take on the role of Cyber Security Experts and explain their solution and knowledge to a team or stakeholder. Evaluate their grasp of the concepts and technologies used in the project, their communication efficacy, and their critical thinking about their solution and knowledge behind this project.
Suggested role play questions include: Suggested role play questions include:
- What is OSINT and why is it significant in cybersecurity? - What is OSINT and why is it significant in cybersecurity?
- What types of information can be gathered using OSINT techniques? - What types of information can be gathered using OSINT techniques?
- Explain what subdomain takeovers are, and how to protect against it? - Explain what subdomain takeovers are, and how to protect against it?
- How does the OSINT-Master tool help in identifying sensitive information? - How does the OSINT-Master tool help identify sensitive information?
- What challenges did you face while developing the OSINT-Master tool and how did you address them? - What challenges did you face while developing the OSINT-Master tool and how did you address them?
- How we can protect our cretical information from OSINT techniques? - How can we protect our crytical information from OSINT techniques?
- How can this tool help in a defensive approach? - How can this tool help in a defensive approach?
###### Were the student able to answer all the questions? ###### Were the student able to answer all the questions?
###### Did the student demonstrate a thorough understanding of the concepts and technologies used in the project? ###### Did the student demonstrate a thorough understanding of the concepts and technologies used in the project?
###### Were the student able to communicate effectively and justify their decisions and explain the knowledge behind this project?
###### Did the student able to evalute the value of this project in the real life scenarios? ###### Were the students able to communicate effectively and justify their decisions and explain the knowledge behind this project?
###### Was the student able to evaluate the value of this project in real-life scenarios?
###### Did the students demonstrate an understanding of ethical and legal considerations related to OSINT? ###### Did the students demonstrate an understanding of ethical and legal considerations related to OSINT?
##### Check the Student Documentation in the `README.md` File ##### Check the Student Documentation in the `README.md` File
###### Does the `README.md` file contain all the necessary information about the tool (prerequisites, setup, configuration, usage, ...)? ###### Does the `README.md` file contain all the necessary information about the tool (prerequisites, setup, configuration, usage, ...)?
###### Does the `README.md` file contain clear guidelines and warnings about the ethical and legal use of the tool? ###### Does the `README.md` file contain clear guidelines and warnings about the ethical and legal use of the tool?
##### Review the Tool's Design and Implementation ##### Review the Tool's Design and Implementation
1. **Help Command:** 1. **Help Command:**
```sh ```sh
$> osintmaster --help $> osintmaster --help
``` ```
###### Does the output include explanation how to use the tool? ###### Does the output include explanation how to use the tool?
2. **Full Name Option:** 2. **Full Name Option:**
```sh ```sh
$> osintmaster -n "Full Name" -o filename $> osintmaster -n "Full Name" -o filename
``` ```
###### Does the output include accurate details such as phone numbers, addresses, and social media profiles? ###### Does the output include accurate details such as phone numbers, addresses, and social media profiles?
###### Does the output stored to the file specified in the output parameter? ###### Does the output stored to the file specified in the output parameter?
3. **IP Adress Option:** 3. **IP Adress Option:**
```sh ```sh
$> osintmaster -i "IP Address" -o filename $> osintmaster -i "IP Address" -o filename
``` ```
###### Does the output include geolocation data, ISP details, and historical data? ###### Does the output include geolocation data, ISP details, and historical data?
###### Does the output stored to the file specified in the output parameter? ###### Does the output stored to the file specified in the output parameter?
4. **Username Option:** 4. **Username Option:**
```sh ```sh
$> osintmaster -u "Username" -o filename $> osintmaster -u "Username" -o filename
``` ```
###### Does the output check the presence of the username on multiple social networks and public repositories? ###### Does the output check the presence of the username on multiple social networks and public repositories?
###### Does the output stored to the file specified in the output parameter? ###### Does the output stored to the file specified in the output parameter?
5. **Domain Option:** 5. **Domain Option:**
```sh ```sh
$> osintmaster -d "Domain" -o filename $> osintmaster -d "Domain" -o filename
``` ```
###### Does the output enumerate subdomains, gather relevant information, and identify potential subdomain takeover risks? ###### Does the output enumerate subdomains, gather relevant information, and identify potential subdomain takeover risks?
###### Does the output stored to the file specified in the output parameter? ###### Does the output stored to the file specified in the output parameter?
##### Ensure that the student submission meets the project requirements: ##### Ensure that the student submission meets the project requirements:
1. **Functionality:** Does the tool retrieve detailed information based on the given inputs (Full Name, IP Address, Username, and Domain)? 1. **Functionality:** Does the tool retrieve detailed information based on the given inputs (Full Name, IP Address, Username, and Domain)?
2. **Data Accuracy:** Is the retrieved information accurate and relevant? 2. **Data Accuracy:** Is the retrieved information accurate and relevant?
3. **Ethical Considerations:** Are there clear guidelines and warnings about the ethical and legal use of the tool? 3. **Ethical Considerations:** Are there clear guidelines and warnings about the ethical and legal use of the tool?
4. **Usability:** Is the tool user-friendly and well-documented? 4. **Usability:** Is the tool user-friendly and well-documented?
###### Did the tool design and implementation align with all the project requirements above? ###### Did the tool design and implementation align with all the project requirements above?
###### Were the students able to implement a functional and reliable tool that meets the project requirements? ###### Were the students able to implement a functional and reliable tool that meets the project requirements?
#### Bonus #### Bonus
###### + Did the student implement additional valuable features? ###### + Did the student implement additional valuable features?
###### + Is this project an outstanding project that exceeds the basic requirements? ###### + Is this project an outstanding project that exceeds the basic requirements?
Write Preview
Loading…
Cancel
Save