ODIN A Python tool for automating intelligence gathering, testing and reporting. ODIN is still in active development, so check the dev branch for the bleeding edge. Feedback is welcome!
Note: ODIN is designed to be run on Linux. About 90% of it will absolutely work on Windows or MacOS with Python 3 and a copy of urlcrazy, but
extract, used for pulling metadata from non-PDF files, is exclusive to Linux. You’ll be fine using an OS without access to
extract, but you’ll see some warnings and get less information.
ODIN is made possible through the help, input, and work provided by others. Therefore, this project is entirely open source and available to all to use/modify. All this developer did was assemble the tools, convert some of them to Python 3, and stitch them together into an all-in-one toolkit.
What Can ODIN Do?
ODIN is still very much in development, but it aims to automate many of the common recon tasks carried out by penetration testers. Such as:
+ Harvesting email addresses and employee names for a company.
+ Linking employees and companies to social media profiles.
+ Checking to see if discovered accounts have been a part of any public security breaches or appeared in any pastes.
+ Collecting data on domains and IP addresses from Shodan, Censys, DNS records, and whois/RDAP.
+ Discovering subdomains, their related IP addresses, and looking for CDNs that might allow for domain fronting.
+ Hunting Office files and PDFs under a domain, downloading them, and extracting metadata.
+ Linking key words, like a company name or domain, to AWS via S3 buckets and account aliases.
+ More to come in the future…
Setup API Keys
– Review the keys.config.sample file to fill-in your API keys and create a keys.config file.
– cd into the /setup directory and run setup_check.py to make sure your keys.config file is in order.
– Install awscli and run aw
Use and Download:
git clone https://github.com/chrismaddalena/ODIN && cd ODIN
virtualenv python3 myenv
pip3 install -r requirements.txt