SlideShare uma empresa Scribd logo

DataSploit - Tool Demo at Null Bangalore - March Meet.

Transferir como PPTX, PDF
Shubham Mittal
Shubham Mittal

This presentation was given at Null / OWASP / Garage4Hackers - Bangalore meet on 18th March. After a little talk on what this tool is all about, I gave a demonstration on how to setup the tool followed by how to use the same.

Tecnologia
1 de 19
http://datasploit.info | @datasploit
• Just another Pen-tester. • Security Consultant @ NotSoSecure • 5+ Years of Experience • Worked as both Attacker, Defender. • Interests in Offensive Security, Defensive Security, Scripting, OSINT. • Free time ~ Travelling. • Speaker / Trainer / Presenter @ BlackHat, DefCon, NullCon, IETF.
What’s DataSploit? • Performs Automated OSINT (Reconnaissance) on Domain / Email / Username. • Fetches information from multiple online sources. • Works in passive mode, i.e. not a single packet is sent to the target. • Customized for Pen-testers / Product Security Guys / Cyber Investigators.
Coverage
Components • Domain Osint • Email Osint • IP Osint • Username Osint • WIP • Company Scoping • Phone Number OSINT • Active Modules
Sources Email: Basic Email Checks Work History Social profiles Location Information Slides Scribd Documents Related Websites HaveIBeenPwned Enumerated Usernames  Domain: WhoIS DNS Records PunkSpider Wappalyzer Github Email Harvestor  Domain IP History Pagelinks Wikileaks Subdomains Links from Forums Passive SSL Scan ZoomEye Shodan Censys Username: Git Details Check username on various sites. Profile Pics –Output saved in $username directory Frequent Hashtags Interaction on Twitter.
Documentation • http://www.datasploit.info • http://datasploit.readthedocs.io/en/latest/ • https://upgoingstar.github.io/datasploit/
Setting it up.. • Download from git (git clone or dowload) git clone https://github.com/DataSploit/datasploit.git • pip install –r requirements.txt • Config.py holds API keys • domain_xyz.py – running stand alone scriptss. • domainOsint / emailOsint – automated OSINT
Install Using Docker… Why not? • https://hub.docker.com/r/appsecco/datasploit/ • https://hub.docker.com/r/ftorn/datasploit/
Documentation.
What’s in there?
Twitter: @datasploit https://twitter.com/datasploit
Facebook: /datasploit https://www.facebook.co m/datasploit/
Roadmap • Allows to set up periodic scans and alerting for product security companies. • Intelligence on co-relation and identity verification. • Reports in CSV, JSON and HTML Format • Reverse Image Search and profile validation. • Works closely with various social network APIs. • Highlight credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. related to the target from more than 50 paste(s) websites. • IP Threat Intelligence • Active Scan modules. • Organization Scoping. • Integration with SE other tools. • Use graphical and visualization templates on UI. • Cloud related OSINT and active modules. • pip install datasploit (to be installed as both library as well as script)
Important Stuff. • Web UI is no more supported by us. • Feel free to explore previous commits for GUI Components.
How to Contribute • Test the tool (we are not full time devs, so you know ;)) • Write a module. Or Suggest a module. (we love feedbacks). • You can raise an issue with ‘enhancement / new feature’ label, drop an email or simply catch up. • Use / Promote / Write about the tool. • Write OSINT blogs / tool walkthrough(s) / etc. • Report issues at https://github.com/upgoingstar/datasploit/issues
Core Contributors. • Shubham Mittal (@upgoingstar) • Nutan Kumar Panda (@nutankumarpanda) • Sudhanshu (@sudhanshu_c) • Kunal (@KunalAggarwal92) • Kudos to • @anantshri for mentoring. • @chandrapal for feedbacks, suggestions and other help around issues.
Thanks. g0t questions? https://github.com/DataSploit/datasploit Follow @datasploit for OSINT news and latest updates. Tweet / DM to @datasploit upgoingstaar@gmail.com

Recomendados

DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017 DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017
Shubham Mittal
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence Tool
Shubham Mittal
 
Rv defcon25 osint tactics on source code intelligence - simon roses
Rv defcon25 osint tactics on source code intelligence - simon rosesRv defcon25 osint tactics on source code intelligence - simon roses
Rv defcon25 osint tactics on source code intelligence - simon roses
reconvillage
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
Sudhanshu Chauhan
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python
37point2
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
Nutan Kumar Panda
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plug
Kamal Rathaur
 

Recomendados

DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017 DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017
Shubham Mittal
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence Tool
Shubham Mittal
 
Rv defcon25 osint tactics on source code intelligence - simon roses
Rv defcon25 osint tactics on source code intelligence - simon rosesRv defcon25 osint tactics on source code intelligence - simon roses
Rv defcon25 osint tactics on source code intelligence - simon roses
reconvillage
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
Sudhanshu Chauhan
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python
37point2
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
Nutan Kumar Panda
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plug
Kamal Rathaur
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
Philippe Lin
 
Thinking of Documentation as Code [YUIConf 2013]
Thinking of Documentation as Code [YUIConf 2013]Thinking of Documentation as Code [YUIConf 2013]
Thinking of Documentation as Code [YUIConf 2013]
evangoer
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
Chris Gates
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistry
n|u - The Open Security Community
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
Jerod Brennen
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah
 
Facebook Stetho
Facebook StethoFacebook Stetho
Facebook Stetho
Eugen Martynov
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
RedHunt Labs
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security Analysis
Anton Goncharov
 
Goans-Helms-IT Security at Georgia Tech Library
Goans-Helms-IT Security at Georgia Tech LibraryGoans-Helms-IT Security at Georgia Tech Library
Goans-Helms-IT Security at Georgia Tech Library
National Information Standards Organization (NISO)
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
Olakanmi Oluwole
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident Response
Christopher Beiring
 
Intro to Solr in Drupal
Intro to Solr in Drupal Intro to Solr in Drupal
Intro to Solr in Drupal
Mediacurrent
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
Anton Goncharov
 
Stealing Credentials Malware and more
Stealing Credentials Malware and moreStealing Credentials Malware and more
Stealing Credentials Malware and more
Omer Meshar
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
Crypto-Book Hotnets
Crypto-Book HotnetsCrypto-Book Hotnets
Crypto-Book Hotnets
mahan9
 
Null Bangalore Meet 18/03/17
Null Bangalore Meet 18/03/17Null Bangalore Meet 18/03/17
Null Bangalore Meet 18/03/17
Subash SN
 
Poodle
PoodlePoodle
Poodle
Samit Anwer
 

Mais conteúdo relacionado

Mais procurados

OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident Response
Christopher Beiring
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
Anton Goncharov
 
Crypto-Book Hotnets
Crypto-Book HotnetsCrypto-Book Hotnets
Crypto-Book Hotnets
mahan9
 

Mais procurados (20)

OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
 
Thinking of Documentation as Code [YUIConf 2013]
Thinking of Documentation as Code [YUIConf 2013]Thinking of Documentation as Code [YUIConf 2013]
Thinking of Documentation as Code [YUIConf 2013]
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistry
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
 
Facebook Stetho
Facebook StethoFacebook Stetho
Facebook Stetho
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security Analysis
 
Goans-Helms-IT Security at Georgia Tech Library
Goans-Helms-IT Security at Georgia Tech LibraryGoans-Helms-IT Security at Georgia Tech Library
Goans-Helms-IT Security at Georgia Tech Library
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident Response
 
Intro to Solr in Drupal
Intro to Solr in Drupal Intro to Solr in Drupal
Intro to Solr in Drupal
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
 
Stealing Credentials Malware and more
Stealing Credentials Malware and moreStealing Credentials Malware and more
Stealing Credentials Malware and more
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
Crypto-Book Hotnets
Crypto-Book HotnetsCrypto-Book Hotnets
Crypto-Book Hotnets
 

Destaque

Post Exploitation Using Meterpreter
Post Exploitation Using MeterpreterPost Exploitation Using Meterpreter
Post Exploitation Using Meterpreter
Shubham Mittal
 
Denial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity NetworksDenial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity Networks
Jens Oberender
 
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON
 

Destaque (20)

Null Bangalore Meet 18/03/17
Null Bangalore Meet 18/03/17Null Bangalore Meet 18/03/17
Null Bangalore Meet 18/03/17
 
Poodle
PoodlePoodle
Poodle
 
Mod security
Mod securityMod security
Mod security
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
 
Messing around avs
Messing around avsMessing around avs
Messing around avs
 
Post Exploitation Using Meterpreter
Post Exploitation Using MeterpreterPost Exploitation Using Meterpreter
Post Exploitation Using Meterpreter
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Apostila-calculos-1-pdf
Apostila-calculos-1-pdfApostila-calculos-1-pdf
Apostila-calculos-1-pdf
 
The Open Archives Initiative
The Open Archives InitiativeThe Open Archives Initiative
The Open Archives Initiative
 
Sharing with the Open Archives Initiative
Sharing with the Open Archives InitiativeSharing with the Open Archives Initiative
Sharing with the Open Archives Initiative
 
Ips and-ids
Ips and-idsIps and-ids
Ips and-ids
 
Denial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity NetworksDenial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity Networks
 
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
 
Meterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideMeterpreter in Metasploit User Guide
Meterpreter in Metasploit User Guide
 
An Introduction to Sysinternals
An Introduction to SysinternalsAn Introduction to Sysinternals
An Introduction to Sysinternals
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy
 
App sec in the time of docker containers
App sec in the time of docker containersApp sec in the time of docker containers
App sec in the time of docker containers
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
Information Gathering With Maltego
Information Gathering With MaltegoInformation Gathering With Maltego
Information Gathering With Maltego
 

Semelhante a DataSploit - Tool Demo at Null Bangalore - March Meet.

Defending the Enterprise with Evernote at SourceBoston on May 27, 2015
Defending the Enterprise with Evernote at SourceBoston on May 27, 2015Defending the Enterprise with Evernote at SourceBoston on May 27, 2015
Defending the Enterprise with Evernote at SourceBoston on May 27, 2015
grecsl
 
The iOS technical interview: get your dream job as an iOS developer
The iOS technical interview: get your dream job as an iOS developerThe iOS technical interview: get your dream job as an iOS developer
The iOS technical interview: get your dream job as an iOS developer
Juan C Catalan
 
NotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersNotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for Pentesters
Rob Fuller
 

Semelhante a DataSploit - Tool Demo at Null Bangalore - March Meet. (20)

The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
 
Defending the Enterprise with Evernote at SourceBoston on May 27, 2015
Defending the Enterprise with Evernote at SourceBoston on May 27, 2015Defending the Enterprise with Evernote at SourceBoston on May 27, 2015
Defending the Enterprise with Evernote at SourceBoston on May 27, 2015
 
The iOS technical interview: get your dream job as an iOS developer
The iOS technical interview: get your dream job as an iOS developerThe iOS technical interview: get your dream job as an iOS developer
The iOS technical interview: get your dream job as an iOS developer
 
IT Systems for Knowledge Management used in Software Engineering (2010)
IT Systems for Knowledge Management used in Software Engineering (2010)IT Systems for Knowledge Management used in Software Engineering (2010)
IT Systems for Knowledge Management used in Software Engineering (2010)
 
2015 WritersUA Sourcing Graphics
2015 WritersUA Sourcing Graphics2015 WritersUA Sourcing Graphics
2015 WritersUA Sourcing Graphics
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
 
DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wp
 
Tips to Kick-start your Software Engineering Career
Tips to Kick-start your Software Engineering CareerTips to Kick-start your Software Engineering Career
Tips to Kick-start your Software Engineering Career
 
Tips to kick-start your Software Engineering Career - Ferdous Mahmud Shaon
Tips to kick-start your Software Engineering Career - Ferdous Mahmud ShaonTips to kick-start your Software Engineering Career - Ferdous Mahmud Shaon
Tips to kick-start your Software Engineering Career - Ferdous Mahmud Shaon
 
DEVNET-2002 Coding 201: Coding Skills 201: Going Further with REST and Python...
DEVNET-2002 Coding 201: Coding Skills 201: Going Further with REST and Python...DEVNET-2002 Coding 201: Coding Skills 201: Going Further with REST and Python...
DEVNET-2002 Coding 201: Coding Skills 201: Going Further with REST and Python...
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
 
Social Media Data Collection & Analysis
Social Media Data Collection & AnalysisSocial Media Data Collection & Analysis
Social Media Data Collection & Analysis
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
 
Intro to SharePoint 2010 development for .NET developers
Intro to SharePoint 2010 development for .NET developersIntro to SharePoint 2010 development for .NET developers
Intro to SharePoint 2010 development for .NET developers
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
NotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersNotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for Pentesters
 
PyData Texas 2015 Keynote
PyData Texas 2015 KeynotePyData Texas 2015 Keynote
PyData Texas 2015 Keynote
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Último (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 

DataSploit - Tool Demo at Null Bangalore - March Meet.

  • 2. • Just another Pen-tester. • Security Consultant @ NotSoSecure • 5+ Years of Experience • Worked as both Attacker, Defender. • Interests in Offensive Security, Defensive Security, Scripting, OSINT. • Free time ~ Travelling. • Speaker / Trainer / Presenter @ BlackHat, DefCon, NullCon, IETF.
  • 3. What’s DataSploit? • Performs Automated OSINT (Reconnaissance) on Domain / Email / Username. • Fetches information from multiple online sources. • Works in passive mode, i.e. not a single packet is sent to the target. • Customized for Pen-testers / Product Security Guys / Cyber Investigators.
  • 5. Components • Domain Osint • Email Osint • IP Osint • Username Osint • WIP • Company Scoping • Phone Number OSINT • Active Modules
  • 6. Sources Email: Basic Email Checks Work History Social profiles Location Information Slides Scribd Documents Related Websites HaveIBeenPwned Enumerated Usernames  Domain: WhoIS DNS Records PunkSpider Wappalyzer Github Email Harvestor  Domain IP History Pagelinks Wikileaks Subdomains Links from Forums Passive SSL Scan ZoomEye Shodan Censys Username: Git Details Check username on various sites. Profile Pics –Output saved in $username directory Frequent Hashtags Interaction on Twitter.
  • 8. Setting it up.. • Download from git (git clone or dowload) git clone https://github.com/DataSploit/datasploit.git • pip install –r requirements.txt • Config.py holds API keys • domain_xyz.py – running stand alone scriptss. • domainOsint / emailOsint – automated OSINT
  • 9. Install Using Docker… Why not? • https://hub.docker.com/r/appsecco/datasploit/ • https://hub.docker.com/r/ftorn/datasploit/
  • 14. Roadmap • Allows to set up periodic scans and alerting for product security companies. • Intelligence on co-relation and identity verification. • Reports in CSV, JSON and HTML Format • Reverse Image Search and profile validation. • Works closely with various social network APIs. • Highlight credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. related to the target from more than 50 paste(s) websites. • IP Threat Intelligence • Active Scan modules. • Organization Scoping. • Integration with SE other tools. • Use graphical and visualization templates on UI. • Cloud related OSINT and active modules. • pip install datasploit (to be installed as both library as well as script)
  • 15. Important Stuff. • Web UI is no more supported by us. • Feel free to explore previous commits for GUI Components.
  • 16. How to Contribute • Test the tool (we are not full time devs, so you know ;)) • Write a module. Or Suggest a module. (we love feedbacks). • You can raise an issue with ‘enhancement / new feature’ label, drop an email or simply catch up. • Use / Promote / Write about the tool. • Write OSINT blogs / tool walkthrough(s) / etc. • Report issues at https://github.com/upgoingstar/datasploit/issues
  • 17. Core Contributors. • Shubham Mittal (@upgoingstar) • Nutan Kumar Panda (@nutankumarpanda) • Sudhanshu (@sudhanshu_c) • Kunal (@KunalAggarwal92) • Kudos to • @anantshri for mentoring. • @chandrapal for feedbacks, suggestions and other help around issues.
  • 18.
  • 19. Thanks. g0t questions? https://github.com/DataSploit/datasploit Follow @datasploit for OSINT news and latest updates. Tweet / DM to @datasploit upgoingstaar@gmail.com