Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
http://datasploit.info | @datasploit
• Just another Pen-tester.
• Security Consultant @ NotSoSecure
• 5+ Years of Experience
• Worked as both Attacker, Defende...
What’s DataSploit?
• Performs Automated OSINT (Reconnaissance) on Domain / Email /
Username.
• Fetches information from mu...
Coverage
Components
• Domain Osint
• Email Osint
• IP Osint
• Username Osint
• WIP
• Company Scoping
• Phone Number OSINT
• Active ...
Sources
Email:
Basic Email Checks
Work History
Social profiles
Location Information
Slides
Scribd Documents
Related Websit...
Documentation
• http://www.datasploit.info
• http://datasploit.readthedocs.io/en/latest/
• https://upgoingstar.github.io/d...
Setting it up..
• Download from git (git clone or dowload)
git clone https://github.com/DataSploit/datasploit.git
• pip in...
Install Using Docker… Why not?
• https://hub.docker.com/r/appsecco/datasploit/
• https://hub.docker.com/r/ftorn/datasploit/
Documentation.
What’s in there?
Twitter:
@datasploit
https://twitter.com/datasploit
Facebook:
/datasploit
https://www.facebook.co
m/datasploit/
Roadmap
• Allows to set up periodic scans and alerting for product security companies.
• Intelligence on co-relation and i...
Important Stuff.
• Web UI is no more supported by us.
• Feel free to explore previous commits for GUI Components.
How to Contribute
• Test the tool (we are not full time devs, so you know ;))
• Write a module. Or Suggest a module. (we l...
Core Contributors.
• Shubham Mittal (@upgoingstar)
• Nutan Kumar Panda (@nutankumarpanda)
• Sudhanshu (@sudhanshu_c)
• Kun...
Thanks. g0t questions?
https://github.com/DataSploit/datasploit
Follow @datasploit for OSINT news and latest updates.
Twee...
DataSploit - Tool Demo at Null Bangalore - March Meet.
Nächste SlideShare
Wird geladen in …5
×

DataSploit - Tool Demo at Null Bangalore - March Meet.

This presentation was given at Null / OWASP / Garage4Hackers - Bangalore meet on 18th March.
After a little talk on what this tool is all about, I gave a demonstration on how to setup the tool followed by how to use the same.

  • Loggen Sie sich ein, um Kommentare anzuzeigen.

DataSploit - Tool Demo at Null Bangalore - March Meet.

  1. 1. http://datasploit.info | @datasploit
  2. 2. • Just another Pen-tester. • Security Consultant @ NotSoSecure • 5+ Years of Experience • Worked as both Attacker, Defender. • Interests in Offensive Security, Defensive Security, Scripting, OSINT. • Free time ~ Travelling. • Speaker / Trainer / Presenter @ BlackHat, DefCon, NullCon, IETF.
  3. 3. What’s DataSploit? • Performs Automated OSINT (Reconnaissance) on Domain / Email / Username. • Fetches information from multiple online sources. • Works in passive mode, i.e. not a single packet is sent to the target. • Customized for Pen-testers / Product Security Guys / Cyber Investigators.
  4. 4. Coverage
  5. 5. Components • Domain Osint • Email Osint • IP Osint • Username Osint • WIP • Company Scoping • Phone Number OSINT • Active Modules
  6. 6. Sources Email: Basic Email Checks Work History Social profiles Location Information Slides Scribd Documents Related Websites HaveIBeenPwned Enumerated Usernames  Domain: WhoIS DNS Records PunkSpider Wappalyzer Github Email Harvestor  Domain IP History Pagelinks Wikileaks Subdomains Links from Forums Passive SSL Scan ZoomEye Shodan Censys Username: Git Details Check username on various sites. Profile Pics –Output saved in $username directory Frequent Hashtags Interaction on Twitter.
  7. 7. Documentation • http://www.datasploit.info • http://datasploit.readthedocs.io/en/latest/ • https://upgoingstar.github.io/datasploit/
  8. 8. Setting it up.. • Download from git (git clone or dowload) git clone https://github.com/DataSploit/datasploit.git • pip install –r requirements.txt • Config.py holds API keys • domain_xyz.py – running stand alone scriptss. • domainOsint / emailOsint – automated OSINT
  9. 9. Install Using Docker… Why not? • https://hub.docker.com/r/appsecco/datasploit/ • https://hub.docker.com/r/ftorn/datasploit/
  10. 10. Documentation.
  11. 11. What’s in there?
  12. 12. Twitter: @datasploit https://twitter.com/datasploit
  13. 13. Facebook: /datasploit https://www.facebook.co m/datasploit/
  14. 14. Roadmap • Allows to set up periodic scans and alerting for product security companies. • Intelligence on co-relation and identity verification. • Reports in CSV, JSON and HTML Format • Reverse Image Search and profile validation. • Works closely with various social network APIs. • Highlight credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. related to the target from more than 50 paste(s) websites. • IP Threat Intelligence • Active Scan modules. • Organization Scoping. • Integration with SE other tools. • Use graphical and visualization templates on UI. • Cloud related OSINT and active modules. • pip install datasploit (to be installed as both library as well as script)
  15. 15. Important Stuff. • Web UI is no more supported by us. • Feel free to explore previous commits for GUI Components.
  16. 16. How to Contribute • Test the tool (we are not full time devs, so you know ;)) • Write a module. Or Suggest a module. (we love feedbacks). • You can raise an issue with ‘enhancement / new feature’ label, drop an email or simply catch up. • Use / Promote / Write about the tool. • Write OSINT blogs / tool walkthrough(s) / etc. • Report issues at https://github.com/upgoingstar/datasploit/issues
  17. 17. Core Contributors. • Shubham Mittal (@upgoingstar) • Nutan Kumar Panda (@nutankumarpanda) • Sudhanshu (@sudhanshu_c) • Kunal (@KunalAggarwal92) • Kudos to • @anantshri for mentoring. • @chandrapal for feedbacks, suggestions and other help around issues.
  18. 18. Thanks. g0t questions? https://github.com/DataSploit/datasploit Follow @datasploit for OSINT news and latest updates. Tweet / DM to @datasploit upgoingstaar@gmail.com

×