root
/
public
mirror of https://github.com/01-edu/public.git
14
27
Fork 0
Code Releases Wiki Activity
Browse Source

CON-3040 feat(osint-master) remake the passive project subject

CON-3116-Fix-nascar-online-alpha-subject-and-audit
Zouhair AMAZZAL 3 months ago committed by Zouhair AMAZZAL
parent
bf0e6e8876
commit
94dc18d7c7
5 changed files with 164 additions and 117 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 164
      subjects/cybersecurity/osint-master/README.md
  2. 0
      subjects/cybersecurity/osint-master/audit/README.md
  3. BIN
      subjects/cybersecurity/osint-master/resources/osint-meme.png
  4. 78
      subjects/cybersecurity/passive/README.md
  5. 39
      subjects/cybersecurity/passive/audit/README.md

164
subjects/cybersecurity/osint-master/README.md
unescape_control_characters View File

@ -0,0 +1,164 @@
## OSINTMaster
<center>
<img src="./resources/osint-meme.png?raw=true" style = "width: 673px !important; height: 439px !important;"/>
</center>
### Introduction:
Open-source intelligence (OSINT) is a key component of cybersecurity, providing valuable insights into potential vulnerabilities and security risks. This project involves creating a tool that performs comprehensive passive reconnaissance using publicly available data.
### Objective:
The goal is to build a multi-functions tool capable of retrieving detailed information based on user inputs such as `Full names`, `IP addresses`, `usernames`, and `domains`. This project will enhance your skills in data analysis, ethical considerations, and the use of various cybersecurity tools and APIs.
By completing this project, You will:
- Develop an understanding of OSINT techniques and their applications.
- Gain practical experience in programming, API integration, and data handling.
- Learn to identify and mitigate security risks, including subdomain takeovers.
- Understand the ethical and legal implications of cybersecurity practices.
### Resources
Some useful resources:
[Open-source intelligence](https://en.wikipedia.org/wiki/Open-source_intelligence)
[Doxing](https://en.wikipedia.org/wiki/Doxing)
[Kali Tools - Recon](https://en.kali.tools/all/?category=recon)
[OSINT Tools on GitHub](https://github.com/topics/osint-tools)
Before asking help, ask yourself if you have really thought about all the possibilities.
### Role play
To enhance the learning experience and assess your knowledge, a role play question session will be included as part of this project.
This section will involve answering a series of questions in a simulated real-world scenario where you assume the role of a Cyber Security Expert explaining how to protect information from OSINT techniques to a team or stakeholder.
The goal of the role play question session is to:
- Assess your understanding of OSINT risks and mitigation strategies.
- Test your ability to communicate effectively and explain security measures related to this project.
- Challenge you to think critically about the importance of information security and consider alternative approaches.
- Explain what subdomain takeovers are.
Prepare for a role play question session in the audit.
### Project Requirements
#### Input Handling:
The tool should accept the following inputs: `Full Name`, `IP Address`, `Username`, and `Domain`.
#### Information Retrieval:
- Full Name:
Parse the input to extract "First Name" and "Last Name".
Look up associated information such as phone numbers, addresses, and social media profiles using directory APIs or web scraping.
- IP Address:
Retrieve geolocation data, ISP details, and check for any historical data associated with the IP (e.g., from abuse databases).
- Username:
Check for the presence of the username on at least five known social networks and public repositories.
Retrieve public profile information, such as profile bio, activity status, and follower count.
- Domain and Subdomain Enumeration:
Enumerate subdomains and gather information including IP addresses, SSL certificate details, and potential vulnerabilities.
Identify potential subdomain takeover risks by analyzing DNS records and associated resources.
#### Subdomain Takeover Detection:
Detect and report any subdomains pointing to potentially unclaimed or deprecated resources, indicating a risk of takeover.
#### Output Management:
Store the results in a well-organized file format.
### Usage Examples
#### Command Line Interface:
```sh
$> osintmaster --help
Welcome to osintmaster multi-function Tool
OPTIONS:
-n "Full Name" Search information by full name
-i "IP Address" Search information by IP address
-u "Username" Search information by username
-d "Domain" Enumerate subdomains and check for takeover risks
-o "FileName" File name to save output
```
#### Example Outputs:
```sh
$> osintmaster -n "FNAME LNAME" -o result1.txt
First name: FNAME
Last name: LNAME
Phone Number: +1234567890
Address: Address123, CITY, COUNTRY-CODE
LinkedIn: linkedin.com/in/XX.XX
Facebook: facebook.com/XX.XX
Data Saved in result1.txt
```
#### IP Address:
```sh
$> osintmaster -i 8.8.8.8 -o result2.txt
ISP: Google LLC
City: Mountain View
Country: COUNTRY
ASN: 15169
Known Issues: No reported abuse
Data Saved in result2.txt
```
#### Username:
```sh
$> osintmaster -u "@username" -o result3.txt
Facebook: Found
Twitter: Found
LinkedIn: Found
Instagram: Not Found
GitHub: Found
Recent Activity: Active on GitHub, last post 1 days ago
Data Saved in result3.txt
```
#### Domain and Subdomain Enumeration:
```sh
$> osintmaster -d "example.com" -o result4.txt
Main Domain: example.com
Subdomains found: 3
- www.example.com (IP: 123.123.123.123)
SSL Certificate: Valid until 2030-03-01
- mail.example.com (IP: 123.123.123.123)
SSL Certificate: Valid until 2030-03-01
- test.example.com (IP: 123.123.123.123)
SSL Certificate: Not found
Potential Subdomain Takeover Risks:
- Subdomain: test.example.com
CNAME record points to a non-existent AWS S3 bucket
Recommended Action: Remove or update the DNS record to prevent potential misuse
Data saved in result4.txt
```
### Bonus
If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
- User Interface: Develop a graphical user interface (GUI) for better user accessibility.
- PDF Generation: Add a feature to generate your OSINT result as PDF files.
Challenge yourself!
### Documentation
Create a `README.md` file that provides comprehensive documentation for your tool (prerequisites, setup, configuration, usage, ...). This file must be submitted as part of the solution for the project.
### Ethical and Legal Considerations
- Get Permission: Always obtain explicit permission before gathering information.
- Respect Privacy: Collect only necessary data and store it securely.
- Follow Laws: Adhere to relevant laws such as GDPR and CFAA.
- Report Responsibly: Privately notify affected parties of any vulnerabilities.
- Educational Use Only: Use this tool and techniques solely for learning and improving security.
> ⚠ Disclaimer: This project is for educational purposes only. Ensure all activities comply with legal and ethical standards. The institution is not responsible for misuse of the techniques and tools demonstrated.
### Submission and audit
Upon completing this project, you should submit the following:
- Your documentation in the `README.md` file.
- The Source code of your tool.
- Any required files to run your tool.

0
subjects/cybersecurity/osint-master/audit/README.md
unescape_control_characters View File

BIN
subjects/cybersecurity/osint-master/resources/osint-meme.png
View File

diff.bin_not_shown
Side by Side

After

Width:  |  Height:  |  Size: 244 KiB

78
subjects/cybersecurity/passive/README.md
unescape_control_characters View File

@ -1,78 +0,0 @@
# Passive
### Introduction
Information gathering is one of the most important steps during a pentest, it can be considered the longest step.
### Objective
The goal of this project is for you to become more comfortable with open source investigative methods
### Advice
Before asking help, ask yourself if you have really thought about all the possibilities.
https://en.kali.tools/all/?category=recon
https://github.com/topics/osint-tools
https://en.wikipedia.org/wiki/Open-source_intelligence
https://en.wikipedia.org/wiki/Doxing
### Guidelines
You are going here to create your first passive recognition tool, you have the choice of language, however your program will have to recognize the information entered (FULL NAME, IP, @login).
For the case of the full name, it will have to recognize the entry: "Last name" and "First name", and then look in the directories for the telephone number and the address.
If it is the IP address, your tool should display at least the city and the name of the internet service provider.
If it is a username, your tool will have to check if this username is used in at least 5 known social networks.
The result should be stored in a result.txt file (result2.txt if the file already exists)
### Bonus
You can add more API features
### Usage
```
$> passive --help
Welcome to passive v1.0.0
OPTIONS:
-fn Search with full-name
-ip Search with ip address
-u Search with username
$> passive -fn "Jean Dupont"
First name: Jean
Last name: Dupont
Address: 7 rue du Progrès
75016 Paris
Number: +33601010101
Saved in result.txt
$> passive -ip 127.0.0.1
ISP: FSociety, S.A.
City Lat/Lon: (13.731) / (-1.1373)
Saved in result2.txt
$> passive -u "@user01"
Facebook : yes
Twitter : yes
Linkedin : yes
Instagram : no
Skype : yes
Saved in result3.txt
```
### Submission and audit
Files that must be inside your repository:
- Your program source code.
- A README.md file, which clearly explains how to use the program.
Don’t hesitate to double-check the names of your folders and files to ensure they are correct!
> ⚠ These methods and tools are for educational purposes only, so that you have a better understanding of how to protect against similar vulnerabilities. You must ensure that you do not attempt any exploit-type activity without the explicit permission of the owner of the machine, system or application. Failure to obtain permission risks breaking the law.

39
subjects/cybersecurity/passive/audit/README.md
unescape_control_characters View File

@ -1,39 +0,0 @@
#### General
###### Is the student able to explain clearly the used investigative methods?
###### Is the student able to explain clearly what OSINT means?
###### Is the student able to explain clearly how his program works?
##### Check the Repo content
Files that must be inside your repository:
- Your program source code.
- A README.md file, which clearly explains how to use the program.
###### Are the required files present?
##### Ask the student to present his program to you by doing 3 tests
###### Is the information entered as an argument a full name, an IP address, and a username?
##### Try flag "-fn" with the following command `passive -fn "Jean Dupont"`
###### Does the program display the address, and the telephone number for the full name entered?
##### Try flag "-ip" with the following command `passive -ip 127.0.0.1`
###### Does the program display the ISP, and position for the entered IP address?
##### Try flag "-u" with the following command `passive -u "@user01"`
###### Does the program check if the user entered is present in is present in at least 5 social networks?
###### Does the program retrieve this information from a public source?
###### Does the program save the result of each command in a result.txt file?
###### If the result.txt file already exists is a new file created?
Write Preview
Loading…
Cancel
Save