Subdomain enumeration,Web scraping and finding usernames automation script written in python

Related tags

Security related resourcespythonpython3
Overview

๐“Ÿ๐“จ๐“ž๐“ข๐“˜๐“๐“ฃ

Subdomain enumeration,Web scraping and finding usernames automation script written in python

Installation

git clone https://github.com/d8rkmind/Pyosint.git
cd PyOsint
pip3 install -r requirements.txt

Usage :

python3 Pyosint.py [OPTIONS]

Brief info:

The main functionality of this program has been divided to 3 parts

  • Find - Module to search For usenames form a list of 326 websites
  • Scrap - To Scrap a website to extract all links form a given website and store it in a file
  • Enum - To automate the search of subdomains of a given domain from different services

In Scrap module results are automatically stored in output/web folder wit he ip-address of the website as the filename

The services used are Virus Total,PassiveDns,CrtSearch,ThreatCrowd
Enum module an Api key of Virus total that you can get from going Here

Paste the key inside api.json file:

* if this step is not done Virus total may block your request

Command Line Utilization Information.

The following are the sub-commands that work this program
Arguments Shot
form		 Long
form		 Functionality
Name -n --name To specify the domain name or username to use
Module -m --module To specify which module to use
Output -o --output To specify outputfile name
Thread -t --threads To specify the number of threads to use
[ Not applicable to web crawling ]
Limit -l --limit to specify the maxium value of web urls to crawl
[ Applicable only to web crawling ]
Verbose -v --verbose To enable verbose mode
[ Applicable only to Enumeration ]
Ports -p --ports To specify the ports to scan
[ Applicable only to Enumeration ]
Help -h --help To Show the help options

Example :

Linux commands:
python3 pyosint.py -m find -n exampleuser               <-- Username-huntdown

python3 pyosint.py -m scrap -n http://scanme.nmap.org   <-- Scrapping using bot

python3 pyosint.py -m enum -n google.com                <-- Subdomain enum

The project is still in development and will be added with additional functionality.
Happy to hear suggestions for improvement.


Special Thanks to ๐“ฃ๐“ฎ๐“ฌ๐“ฑ๐“ท๐“ธ๐“ป๐“ฎ๐“ฌ๐“ด and ๐“ข๐“ฑ๐“พ๐“ท๐“พ๐” - ๐“ข๐“ฝ๐“พ๐”๐“ท๐“ฎ๐“ฝ for working in this project

Note :

This is only for educational and research purposes.The developers will not be held responsible for any harm caused by anyone who misuses the material.

License :

Pyosint is licensed under the GNU GPL license. take a look at the LICENSE for more information

Update informations

Update on 18-8-21:

Rewritten the code completely ,Improved interface

Update on 20-8-21:

Subdomain enumeration module (enum) has been added

Update on 23-8-21:

Find module code that has been optimised. The number of sites to automate has grown from 14 to 147, and connection error has been resolved.

Update on 16-09-21:

  • Program has been re-written to work with arguments
  • Find module has been added threading Functionality
  • Output functionality has been added to every module
  • More Error handiling has been added
  • Number of sites has been increased from 147 to 326
  • Cross platform portable
  • Reduced unused and unwanted codes
  • Removed console mode
You might also like...
NExfil is an OSINT tool written in python for finding profiles by username.
NExfil is an OSINT tool written in python for finding profiles by username.

NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds.

thewhiteh4t 1.4k Jan 1, 2023
Web Scraping com Python - Raspando Vagas para Programadores
Web Scraping com Python - Raspando Vagas para Programadores

Web Scraping com Python - Raspando Vagas para Programadores Sobre o Projeto Web

Kayo Libarino 3 Dec 30, 2021
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

Duc Linh Nguyen 4 Aug 8, 2022
Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells
Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

Nano 108 Dec 4, 2021
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

The SCodeScanner stands for Source Code Scanner, where you can scan your source code files like PHP and get identify the vulnerabilities inside it. The tool can use by Pentester, Developer to quickly identify the weakness.

null 136 Dec 13, 2022
IDAPatternSearch adds a capability of finding functions according to bit-patterns into the well-known IDA Pro disassembler based on Ghidraโ€™s function patterns format.

IDA Pattern Search by Argus Cyber Security Ltd. The IDA Pattern Search plugin adds a capability of finding functions according to bit-patterns into th

David Lazar 48 Dec 29, 2022
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How โ€ข Install โ€ข Todo โ€ข Join Discord How it works

Krypt0mux 162 Nov 25, 2022
A simple automatic tool for finding vulnerable log4j hosts
A simple automatic tool for finding vulnerable log4j hosts

Log4Scan A simple automatic tool for finding vulnerable log4j hosts Installation pip3 install -r requirements.txt Usage usage: log4scan.py [-h] (-f FI

Federico Rapetti 20018955 6 Mar 10, 2022
Tool for finding PHP source code vulnerabilities.

vulnz Tool for finding php source code vulnerabilities. Scans PHP source code and prints out potentially dangerous lines. This tool is useful for secu

Mateo Hanลพek 1 Jan 14, 2022
Releases(v1)
Owner
Syam
Student and Linux enthusiast
Syam
GitHub Repository
Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download

Finn Lancaster 3 Oct 05, 2022
Salesforce Recon and Exploitation Toolkit

Salesforce Recon and Exploitation Toolkit Salesforce Recon and Exploitation Toolkit Usage python3 main.py URL References Announcement Blog - https:/

81 Dec 23, 2022
OLOP: One-Line & Obfuscated Python

OLOP: One-Line & Obfuscated Python This repository contains useful python modules for one-line and obfuscated python. pip install olop-ShadowLugia650

1 Jan 09, 2022
Python low-interaction honeyclient

Thug The number of client-side attacks has grown significantly in the past few years shifting focus on poorly protected vulnerable clients. Just as th

Angelo Dell'Aera 896 Dec 19, 2022
RedDrop is a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives.

RedDrop Exfil Server Check out the accompanying MaverisLabs Blog Post Here! RedDrop Exfil Server is a Python Flask Web Server for Penetration Testers,

53 Nov 01, 2022
Burp Suite extension for encoding/decoding EVM calldata

unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi

Halborn 16 Aug 30, 2022
Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.

Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more. BLOG COMING SOON Code and README.md this time around are

96 Dec 14, 2022
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

MurMurHash This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. What is MurMurHash? Murm

Viral Maniar 87 Dec 31, 2022
Spring4Shell - Spring Core RCE - CVE-2022-22965

Spring Core RCE - CVE-2022-22965 After Spring Cloud, on March 29, another heavyweight vulnerability of Spring broke out on the Internet: Spring Core R

Malte Gejr 118 Dec 31, 2022
This tool allows to automatically test for Content Security Policy bypass payloads.

CSPass This tool allows to automatically test for Content Security Policy bypass payloads. Usage [cspass]$ ./cspass.py -h usage: cspass.py [-h] [--no-

Ruulian 30 Nov 22, 2022
A CTF2.5/MMF2 Decompiler

CondaDEV A CTF2.5/MMF2 Decompiler What is CondaDEV? CondaDEV (anaCondaDEVeloper) is a fork of Anaconda Mode 4.1, with a lot of Quality of Life patches

ClickNinYT 4 Mar 07, 2022
A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java loggin

koz 1.5k Jan 04, 2023
Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe

Welcome to HubbleStack!! You can find the docs here You can file an issue here Follow us on Twitter! Development Below are sample instructions to setu

HubbleStack 368 Jan 04, 2023
Northwave Log4j CVE-2021-44228 checker

Northwave Log4j CVE-2021-44228 checker Friday 10 December 2021 a new Proof-of-Concept 1 addressing a Remote code Execution (RCE) vulnerability in the

Northwave 125 Dec 09, 2022
These are Simple python scripts to test/scan your network

Disclaimer This tool is for Educational purpose only. We do not promote or encourage any illegal activities. Summary These are Simple python scripts t

Varun Jagtap 5 Oct 08, 2022
Password database With special stuff

This is a Password database I made for myself, as I want to keep all my passwords in the same place. but still protected, shall anyone get access to the file. And so I made this simple password datab

9 Oct 30, 2022
Log4j-Scanner with Bind-Receipt and custom hostnames

Hrafna - Log4j-Scanner for the masses Features Scanning-system designed to check your own infra for vulnerable log4j-installations start and stop scan

18 Jan 23, 2022
A Feature Rich Modular Malware Configuration Extraction Utility for MalDuck

Malware Configuration Extractor A Malware Configuration Extraction Tool and Modules for MalDuck This project is FREE as in FREE ๐Ÿบ , use it commercial

c3rb3ru5 103 Dec 18, 2022
vulnerable APIs

vulnerable-apis vulnerable APIs inspired by https://github.com/mattvaldes/vulnerable-api Setup Docker If, Out of the box docker pull kmmanoj/vulnerabl

9 Jun 01, 2022
A tool to brute force a gmail account. Use this tool to crack multiple accounts

A tool to brute force a gmail account. Use this tool to crack multiple accounts. This tool is developed to crack multiple accounts

Saad 12 Dec 30, 2022