Latest changelog datasploit 26/11/2016:
* File permissions update
* code change for emailOsint
* google cse api help added. old steps updated
* Corrected points for google cse api generation
datasploit
Overview
+ Performs automated OSINT on a domain / email / username / phone and find out relevant information from different sources.
+ Useful for Pen-testers, Cyber Investigators, Product companies, defensive security professionals, etc.
+ Correlates and collaborate the results, show them in a consolidated manner.
+ Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. related to the target.
+ Available as single consolidating tool as well as standalone scripts.
+ Available in both GUI and Console.
Why DataSploit?
Irrespective of whether you are attacking a target or defending one, you need to have a clear picture of the threat landscape before you get in. This is where DataSploit comes into the picture. Utilizing various Open Source Intelligence (OSINT) tools and techniques that we have found to be effective, DataSploit brings them all into one place, correlates the raw data captured and gives the user, all the relevant information about the domain / email / phone number / person, etc. It allows you to collect relevant information about a target which can expand your attack/defence surface very quickly. Sometimes it might even pluck the low hanging fruits for you without even touching the target and give you quick wins. Of course, a user can pick a single small job (which do not correlates obviously), or can pick up the parent search which will launch a bunch of queries, call other required scripts recursively, correlate the data and give you all juicy information in one go.
Tool Background
Created using our beloved Python, MongoDb and Django, DataSploit simply requires the bare minimum data (such as domain name, email ID, person name, etc.) before it goes out on a mining spree. Once the data is collected, firstly the noise is removed, after which data is correlated and after multiple iterations it is stored locally in a database which could be easily visualised on the UI provided. The sources that have been integrated are all hand picked and are known to be providing reliable information. We have used them previously during different offensive as well as defensive engagements and found them helpful.
Gui Config
Use and download from source:
git clone https://github.com/upgoingstar/datasploit.git && cd datasploit pip install -r requirements.txt Open config_sample.py, then replace it with your API mv config_sample.py config.py [Generate API Keys and paste inside config.py] Install MongoDB: https://docs.mongodb.com/manual/installation Setup database: mkdir datasploitDb mongod --dbpath datasploitDb Install RabitMQ: Install RabitMQ For Gui: python manage.py runserver migrate python manage.py runserver 0.0.0.0:8000 For Cli: Run python domainOsint.py <domain_name> Update: git pull origin master
Source: http://datasploit.readthedocs.io/en/latest/ | Our Post Before