Just the code of my OSINT bot searching for sensitive data leaks on different paste sites.
Search terms:
- credentials
- private RSA keys
- Wordpress configuration files
- MySQL connect strings
- onion links
- links to files hosted inside the onion network (PDF, DOC, DOCX, XLS, XLSX)
- This bot is not beautiful.
- The code is not complete so far. Some parts like integrating the credentials in a database are missing in this online repository.
- If you want to use this code, feel free to do so. Keep in mind you have to customize things to make it run on your system.
IMPORTANT
The bot can be run in two major modes:
- API mode
- Scraping mode (using TOR)
To start the bot in API mode just run the program in the following way:
python run.py -0
To start the bot in scraping mode run it in the following way:
python run.py -1
MaxCircuitDirtiness 30
Usage
To learn how to use the software you just need to call the run.py script with the -h/--help argument.
python run.py -h
_________
/ _____/ ____ _____ ___ __ ____ ____ ____ ___________
\_____ \_/ ___\\__ \\ \/ // __ \ / \ / ___\_/ __ \_ __ \
/ \ \___ / __ \\ /\ ___/| | \/ /_/ > ___/| | \/
/_______ /\___ >____ /\_/ \___ >___| /\___ / \___ >__|
\/ \/ \/ \/ \//_____/ \/
usage: run.py [-h] [-0] [-1] [-2] [-ps]
Control software for the different modules of this paste crawler.
optional arguments:
-h, --help show this help message and exit
-0, --pastebinCOMapi Activate Pastebin.com module (using API)
-1, --pastebinCOMtor Activate Pastebin.com module (standard scraping using
TOR to avoid IP blocking)
-2, --pasteORG Activate Paste.org module
-ps, --pStatistic Show a simple statistic.
Just start the Pastebin.com module separately...
python P_bot.py
Keep in mind that at the moment only combinations like USERNAME:PASSWORD and other simple combinations are detected. However, there is a tool to search for proxy logs containing credentials.
You can search for proxy logs (URLs with username and password combinations) by using getProxyLogs.py file
python getProxyLogs.py data/raw_pastes
If you want to search the raw data for specific strings you can do it using searchRaw.py (really slow).
python searchRaw.py SEARCHSTRING
To see statistics of the bot just call
python status.py
The file findSensitiveData.py searches a folder (with pastes) for sensitive data like credit cards, RSA keys or mysqli_connect strings. Keep in mind that this script uses grep and therefore is really slow on a big amount of paste files. If you want to analyze a big amount of pastes I recommend an ELK-Stack.
python findSensitiveData.py data/raw_pastes
There are two scripts stalk_user.py/stalk_user_wrapper.py which can be used to monitor a specific twitter user. This means every tweet he posts gets saved and every containing URL gets downloaded. To start the stalker just execute the wrapper.
python stalk_user_wrapper.py