DataSploit – Framework to Perform Various OSINT Techniques

Last Release: 06/30/2017    

DataSploit – Framework to Perform Various OSINT Techniques

Introduction

DataSploit is an OSINT Framework which allows you to perform various recon techniques (on phone numbers, bitcoin addresses, people, companies, etc.), to aggregate all the raw data, and give data in multiple formats. If you are pentester, cybersecurity researcher or bug hunter, you’ll find DataSploit very useful OSINT framework. It brings all useful and effective OSINT tools and techniques in one place, correlates the raw data captured and gives you all the relevant information about the target’s domain/email/IP, etc.

DataSploit Logo

DataSploit: An OSINT Framework to Perform Various Recon Techniques

Written in Python, this tool allows you to collect relevant information about a target and make/plan your attack/defence smoothly and quickly. DataSploit is an easy to use OSINT framework, but you can also use it as a library and write your own modules/tools.

DataSploit simply requires the bare minimum data before it goes out on a mining spree. Once the data is collected, firstly the noise is removed, after which data is correlated and after multiple iterations it is stored locally in a database (mongoDB) which could be easily visualised on the UI provided (Django). (DataSploit Offical Docu)

Features:

  • Performs automated OSINT on a domain / email / username / IP and find out relevant information from different sources.
  • Easy to contribute OSINT Framework.
  • Code for Banner, Main and Output function. Datasploit automagically do rest of the things for you.
  • Useful for Pen-testers, Bug Bounty Hunters, Cyber Investigators, Product companies, Security Engineers, etc.
  • Collaborate the results, show them in a consolidated manner.
  • Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, usernames, dumped accounts, etc. related to the target.
  • Can be used as library, automated scripts or standalone scripts.
  • Can generate lists which can be feeded to active scan tools.
  • Generates HTML, along with text files.

Requirements:

  • Python 2.7 (not support for Python 3.0)
  • All from requirements.txt

Install

Standalone Tool Installation

To install it as a standalone Tool, first you need to clone DataSploit repo and navigate to the working directory:

$ git clone https://github.com/datasploit/datasploit 
$ cd datasploit

Then install all python libraries (requirements.txt) via pip:

$ pip install -r requirements.txt
Kali Linux users: install the requirements using the following command:
 $ pip install --upgrade --force-reinstall -r requirements.txt 

And rename sample-config.py file:

$ mv sample-config.py config.py

Installation as a Library

Install DataSploit using pip (this command will install all the dependencies:

$ pip install datasploit

Once dataSploit is installed successfully, go and edit the config file to add your own API keys:

$ datasploit_config

Follow the guide on how to generate API keys.

Basic Usage

To see available options/commands, simply run:

$ python datasploit.py -h
usage: datasploit.py [-h] [-i SINGLE_TARGET] [-f FILE_TARGET] [-a] [-q]
                     [-o OUTPUT]

  ____/ /____ _ / /_ ____ _ _____ ____   / /____   (_)/ /_
 / __  // __ `// __// __ `// ___// __ \ / // __ \ / // __/
/ /_/ // /_/ // /_ / /_/ /(__  )/ /_/ // // /_/ // // /_
\__,_/ \__,_/ \__/ \__,_//____// .___//_/ \____//_/ \__/
                              /_/

           Open Source Assistant for #OSINT
               www.datasploit.info

optional arguments:
  -h, --help            show this help message and exit
  -i SINGLE_TARGET, --input SINGLE_TARGET
                        Provide Input
  -f FILE_TARGET, --file FILE_TARGET
                        Provide Input
  -a, --active          Run Active Scan attacks
  -q, --quiet           Run scans in automated manner accepting default
                        answers
  -o OUTPUT, --output OUTPUT
                        Provide Destination Directory

              Connect at Social Media: @datasploit

Example: to run any script, you need to pass the respective argument:

$ python domainOsint.py -d example.com 
domainOsint will call all other domain_* scripts and list down data as well as dump the same in MongoDB.

For more usage examples and explanations, refer to the official DataSploit docu. (click on the “documentation button below)

Documentation Box
Download Box