## OSINTMaster
### Introduction: Open-source intelligence (OSINT) is a key component of cybersecurity, providing valuable insights into potential vulnerabilities and security risks. This project involves creating a tool that performs comprehensive passive reconnaissance using publicly available data. ### Objective: The goal is to build a multi-functions tool capable of retrieving detailed information based on user inputs such as `Full names`, `IP addresses`, `usernames`, and `domains`. This project will enhance your skills in data analysis, ethical considerations, and the use of various cybersecurity tools and APIs. By completing this project, You will: - Develop an understanding of OSINT techniques and their applications. - Gain practical experience in programming, API integration, and data handling. - Learn to identify and mitigate security risks, including subdomain takeovers. - Understand the ethical and legal implications of cybersecurity practices. ### Resources Some useful resources: [Open-source intelligence](https://en.wikipedia.org/wiki/Open-source_intelligence) [Doxing](https://en.wikipedia.org/wiki/Doxing) [Kali Tools - Recon](https://en.kali.tools/all/?category=recon) [OSINT Tools on GitHub](https://github.com/topics/osint-tools) Before asking help, ask yourself if you have really thought about all the possibilities. ### Role play To enhance the learning experience and assess your knowledge, a role play question session will be included as part of this project. This section will involve answering a series of questions in a simulated real-world scenario where you assume the role of a Cyber Security Expert explaining how to protect information from OSINT techniques to a team or stakeholder. The goal of the role play question session is to: - Assess your understanding of OSINT risks and mitigation strategies. - Test your ability to communicate effectively and explain security measures related to this project. - Challenge you to think critically about the importance of information security and consider alternative approaches. - Explain what subdomain takeovers are. Prepare for a role play question session in the audit. ### Project Requirements #### Input Handling: The tool should accept the following inputs: `Full Name`, `IP Address`, `Username`, and `Domain`. #### Information Retrieval: - Full Name: Parse the input to extract "First Name" and "Last Name". Look up associated information such as phone numbers, addresses, and social media profiles using directory APIs or web scraping. - IP Address: Retrieve geolocation data, ISP details, and check for any historical data associated with the IP (e.g., from abuse databases). - Username: Check for the presence of the username on at least five known social networks and public repositories. Retrieve public profile information, such as profile bio, activity status, and follower count. - Domain and Subdomain Enumeration: Enumerate subdomains and gather information including IP addresses, SSL certificate details, and potential vulnerabilities. Identify potential subdomain takeover risks by analyzing DNS records and associated resources. #### Subdomain Takeover Detection: Detect and report any subdomains pointing to potentially unclaimed or deprecated resources, indicating a risk of takeover. #### Output Management: Store the results in a well-organized file format. ### Usage Examples #### Command Line Interface: ```sh $> osintmaster --help Welcome to osintmaster multi-function Tool OPTIONS: -n "Full Name" Search information by full name -i "IP Address" Search information by IP address -u "Username" Search information by username -d "Domain" Enumerate subdomains and check for takeover risks -o "FileName" File name to save output ``` #### Example Outputs: ```sh $> osintmaster -n "FNAME LNAME" -o result1.txt First name: FNAME Last name: LNAME Phone Number: +1234567890 Address: Address123, CITY, COUNTRY-CODE LinkedIn: linkedin.com/in/XX.XX Facebook: facebook.com/XX.XX Data Saved in result1.txt ``` #### IP Address: ```sh $> osintmaster -i 8.8.8.8 -o result2.txt ISP: Google LLC City: Mountain View Country: COUNTRY ASN: 15169 Known Issues: No reported abuse Data Saved in result2.txt ``` #### Username: ```sh $> osintmaster -u "@username" -o result3.txt Facebook: Found Twitter: Found LinkedIn: Found Instagram: Not Found GitHub: Found Recent Activity: Active on GitHub, last post 1 days ago Data Saved in result3.txt ``` #### Domain and Subdomain Enumeration: ```sh $> osintmaster -d "example.com" -o result4.txt Main Domain: example.com Subdomains found: 3 - www.example.com (IP: 123.123.123.123) SSL Certificate: Valid until 2030-03-01 - mail.example.com (IP: 123.123.123.123) SSL Certificate: Valid until 2030-03-01 - test.example.com (IP: 123.123.123.123) SSL Certificate: Not found Potential Subdomain Takeover Risks: - Subdomain: test.example.com CNAME record points to a non-existent AWS S3 bucket Recommended Action: Remove or update the DNS record to prevent potential misuse Data saved in result4.txt ``` ### Bonus If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example: - User Interface: Develop a graphical user interface (GUI) for better user accessibility. - PDF Generation: Add a feature to generate your OSINT result as PDF files. Challenge yourself! ### Documentation Create a `README.md` file that provides comprehensive documentation for your tool (prerequisites, setup, configuration, usage, ...). This file must be submitted as part of the solution for the project. ### Ethical and Legal Considerations - Get Permission: Always obtain explicit permission before gathering information. - Respect Privacy: Collect only necessary data and store it securely. - Follow Laws: Adhere to relevant laws such as GDPR and CFAA. - Report Responsibly: Privately notify affected parties of any vulnerabilities. - Educational Use Only: Use this tool and techniques solely for learning and improving security. > ⚠️ Disclaimer: This project is for educational purposes only. Ensure all activities comply with legal and ethical standards. The institution is not responsible for misuse of the techniques and tools demonstrated. ### Submission and audit Upon completing this project, you should submit the following: - Your documentation in the `README.md` file. - The Source code of your tool. - Any required files to run your tool.