# Passive ### Introduction Information gathering is one of the most important steps during a pentest, it can be considered the longest step. ### Objective The goal of this project is for you to become more comfortable with open source investigative methods ### Advice Before asking help, ask yourself if you have really thought about all the possibilities. https://en.kali.tools/all/?category=recon https://github.com/topics/osint-tools https://en.wikipedia.org/wiki/Open-source_intelligence https://en.wikipedia.org/wiki/Doxing ### Guidelines You are going here to create your first passive recognition tool, you have the choice of language, however your program will have to recognize the information entered (FULL NAME, IP, @login). For the case of the full name, it will have to recognize the entry: "Last name" and "First name", and then look in the directories for the telephone number and the address. If it is the IP address, your tool should display at least the city and the name of the internet service provider. If it is a username, your tool will have to check if this username is used in at least 5 known social networks. The result should be stored in a result.txt file (result2.txt if the file already exists) ### Bonus You can add more API features ### Usage ``` $> passive --help Welcome to passive v1.0.0 OPTIONS: -fn Search with full-name -ip Search with ip address -u Search with username $> passive -fn "Jean Dupont" First name: Jean Last name: Dupont Address: 7 rue du Progrès 75016 Paris Number: +33601010101 Saved in result.txt $> passive -ip 127.0.0.1 ISP: FSociety, S.A. City Lat/Lon: (13.731) / (-1.1373) Saved in result2.txt $> passive -u "@user01" Facebook : yes Twitter : yes Linkedin : yes Instagram : no Skype : yes Saved in result3.txt ``` ### Submission and audit Files that must be inside your repository: - Your program source code. - A README.md file, which clearly explains how to use the program. Don’t hesitate to double-check the names of your folders and files to ensure they are correct! > ⚠️ These methods and tools are for educational purposes only, so that you have a better understanding of how to protect against similar vulnerabilities. You must ensure that you do not attempt any exploit-type activity without the explicit permission of the owner of the machine, system or application. Failure to obtain permission risks breaking the law.