AutOSINT – Tool to automate common osint tasks.
AutOSINT.py v0.1, is a way to do some automated OSINT task.
Dependencies:
– Python 2.7.x
– pip2 install docx
– pip2 install shodan
– pip2 install google
+ You must have shodan API key.
+ All Operating Sysstem Support: Windows, Linux/Unix & Mac OSX.
Features:
* poll various OSINT sources for data, write to .doc
* whois – added
* dns – added
* shodan – added
* scrape pastebin, etc
* google dorks via googlesearch
* BGP info
* AS info
* linkedin (from Nick)
use and download:
|
1 2 3 4 5 |
git clone https://github.com/bharshbarger-r7/AutOSINT && AutOSINT pip install docx pip install shodan pip install google python AutOSINT.py |
Script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 |
#!/usr/bin/python #Special thanks to: #Nick Sanzotta, for helping with general coding expertise #unum alces! # poll various OSINT sources for data, write to .doc # whois - added # dns - added # shodan - added # scrape pastebin, etc # google dorks via googlesearch # BGP info # AS info # linkedin (from Nick) import sys import argparse import subprocess import dns.resolver import shodan import docx from google import search #python-docx: https://pypi.python.org/pypi/python-docx #shodan: https://github.com/achillean/shodan-python #google: https://pypi.python.org/pypi/google, also installs beautifulsoup class colors: white = "\033[1;37m" normal = "\033[0;00m" red = "\033[1;31m" blue = "\033[1;34m" green = "\033[1;32m" banner = '\n ' + "-" * 85 + colors.green + '\n AutOSINT.py v0.1, a way to do some automated OSINT tasks\n ' + colors.normal + "-" * 85 + "\n" print banner #check module dependencies modulename = 'shodan' if modulename not in sys.modules: print colors.red+'\n !!!You have not imported the {} module!!!'.format(modulename) +'\n'+colors.normal else: print colors.green+'\n all module dependencies found \n'+colors.normal #parse input, nargs allows one or more to be entered parser = argparse.ArgumentParser() parser.add_argument("-d","--domain", nargs='+', help="the domain(s) you want to search") parser.add_argument("-i", "--ipaddress", nargs='+', help="the IP address(es) you want to search") parser.add_argument("-a", "--all", help="run all queries", action='store_true') parser.add_argument("-w", "--whois", help="query whois", action='store_true') parser.add_argument("-n", "--nslookup",help="query DNS", action='store_true') parser.add_argument("-g", "--google",help="query Google", action='store_true') parser.add_argument("-s", "--shodan", nargs='+',help="query Shodan with -s <apikey>") args = parser.parse_args() #set all if all is set, lol if args.all is True: args.whois = True args.nslookup = True args.google = True print args #require at least one argument if not (args.domain or args.ipaddress): parser.error(colors.red+"No action requested, add domain(s) or IP address(es)"+colors.normal) #only allow one of ip or domain if (args.domain and args.ipaddress): parser.error(colors.red+'Only one argument at a time'+colors.normal) #if no queries defined, exit if (args.whois is False and args.nslookup is False and args.google is False and args.shodan is False): print colors.red+"No options specified, use -h or --help for a list"+colors.normal exit() #check to see if an ip or domain name was entered if (args.domain): lookup=args.domain else: lookup=args.ipaddress # only grabs first entry for now print colors.green+"\nSearching Sources for: " + lookup[0]+colors.normal lookup = str(lookup[0]) #probably just need a function to pass in arguments and conditionally run queries instead of 1000 if statements # #whois query, dumps out a list if args.whois is True: whoisProcess = subprocess.Popen(["whois",lookup], stdout=subprocess.PIPE) whoisOutput = whoisProcess.communicate()[0].split('\n') print colors.green+"\nQuerying whois\n"+colors.normal print (whoisOutput) else: whoisOutput="no whois performed" #DNS query, dumps out a list if args.nslookup is True: dnsProcess = subprocess.Popen(['host','-a',lookup], stdout=subprocess.PIPE) dnsOutput = dnsProcess.communicate()[0].split('\n') print colors.green+"\nQuerying DNS via host -a\n"+colors.normal print (dnsOutput) else: dnsOutput="no dns lookup performed" googleOutput=[] if args.google is True: print colors.green+"\nQuerying google\n"+colors.normal for url in search('password site:' +lookup, stop=20): print(url) googleOutput.append(url) #probably need to customize search type based on -i or -d #ref this https://shodan.readthedocs.io/en/latest/tutorial.html#connect-to-the-api #returns json shodanOutput=[] if args.shodan is not None: print colors.green+"\nQuerying Shodan\n"+colors.normal SHODAN_API_KEY = args.shodan api = shodan.Shodan(SHODAN_API_KEY) # Search Shodan results = api.search(lookup) # Show the results print 'Results found: %s' % results['total'] for result in results['matches']: print 'IP: %s' % result['ip_str'] print result['data'] shodanOutput.append(str(results)) #dump to a word doc doc = docx.Document() doc.add_paragraph('Sample Output') doc.add_paragraph('Google search for the word password') doc.add_paragraph(googleOutput) doc.add_paragraph(whoisOutput) doc.add_paragraph(dnsOutput) doc.add_paragraph(shodanOutput) doc.save('OSINT.docx') exit() |
Source: https://github.com/bharshbarger-r7