• Stars
    star
    491
  • Rank 87,333 (Top 2 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 7 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The Traditional Swiss Army Knife for OSINT

Belati

Belati

Awesome OSINT OSINT Framework n0where ToolsWatch BlackArch Scanner Echo Ezine 31

Belati - The Traditional Swiss Army Knife For OSINT

Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT :)

Current Version

v0.2.4

Belati In Action

Belati In Action 0.24-stable Preview

Why I Made this?

Just for learning stuff and OSINT purpose. Correct me if i'm wrong

What Belati can do?

  • Interactive command line shell
  • Whois(Indonesian TLD Support)
  • Banner Grabbing
  • Subdomain Enumeration
  • Service Scanning for all Subdomain Machine
  • Web Appalyzer Support
  • DNS mapping / Zone Scanning
  • Mail Harvester from Website & Search Engine
  • Mail Harvester from MIT PGP Public Key Server
  • Scrapping Public Document for Domain from Search Engine
  • Fake and Random User Agent ( Prevent from blocking )
  • Proxy Support for Harvesting Emails and Documents
  • Public Git Finder in domain/subdomain
  • Public SVN Finder in domain/subdomain
  • Robot.txt Scraper in domain/subdomain
  • Gather Public Company Info & Employee
  • SQLite3 Database Support for storing Belati Results
  • Setup Wizard/Configuration for Belati
  • Django Web Management
  • Webserver only mode
  • Auto Dependency Checker
  • Auto Update system
  • Document Metadata/Exif Extractor
  • Document Author Metadata
  • Graph Visualization( On Progress )

TODO

Please see Belati TODO list here -> #12

Library

  • python-whois
  • Sublist3r
  • Subbrute

Requirements

  • nmap
  • git
  • sqlite3
  • exiftool

Install/Usage

git clone https://github.com/aancw/Belati.git
cd Belati
git submodule update --init --recursive --remote
pip install --upgrade pip
pip install -r requirements.txt #please use pip with python v2
sudo su
python Belati.py --help

Docker Installation

  • Download Dockerfile:
wget https://raw.githubusercontent.com/aancw/Belati/master/Dockerfile
  • Execute the following command to create a Docker image locally:

    docker build -t belati . #dot
  • To create a container from the image, execute:

    docker run -p 8000:8000 -it belati /bin/bash
  • Running Belati

    belati -h

For more info, please refer to this guide: https://github.com/espi0n/Dockerfiles/blob/master/Belati/README.md

Tested On

  • Ubuntu 16.04 x86_64
  • Arch Linux x86_64
  • CentOS 7
  • Debian Jessie
  • MacOS

Python Requirements

This tool not compatible with Python 3. I need to migrate this later. So use python v2.7 instead!

Why Need Root Privilege?

I've try to avoid using Root Privilege, but nmap need Root Privilege. You can add sudo or other way to run nmap without root privilege. It's your choice ;)

Reference -> https://secwiki.org/w/Running_nmap_as_an_unprivileged_user

Don't worry. Belati still running well when you are run with normal user ;)

Dependencies

  • urllib2
  • dnspython
  • requests
  • argparse
  • texttable
  • python-geoip-geolite2
  • python-geoip
  • dnsknife
  • termcolor
  • colorama
  • validators
  • tqdm
  • tldextract
  • fake-useragent
  • python-wappalyzer
  • future
  • beautifulsoup4
  • python-whois
  • futures
  • django
  • pyexifinfo
  • cmd2
  • tabulate

Missing Dependencies?

If you are seeing this

$ python Belati.py

            You are missing a module required for Belati. In order to continue using Belati, please install them with:

            `pip install --upgrade --force-reinstall -r requirements.txt`

            or manually install missing modules with:

            `pip install --upgrade --force-reinstall dnspython requests termcolor colorama future beautifulsoup4 futures`

and this

You are using pip version 8.1.2, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

Please upgrade pip version and follow the instructions:

pip install --upgrade pip

System Dependencies

For CentOS/Fedora user, please install this:

yum install gcc gmp gmp-devel python-devel

For Debian/Ubuntu user, please install this:

sudo apt-get install nmap git sqlite3 exiftool

Notice

This tool is for educational purposes only. Any damage you make will not affect the author. Do It With Your Own Risk!

Feedback/Suggestion

Feel free to create Issue in this repository or email me at cacaddv [at] gmail.com . Your feedback and suggestion is useful for Belati development progress :)

Contribution

Belati welcomes contribution from everyone. Please see CONTRIBUTING.md

Contributors

Please see CONTRIBUTORS.md and please add your name for credit in that file :)

Thanks To

Thanks to PyWhois Library, Sublist3r, MailHarvester, Emingoo for being part of my code. Also thanks to Hispagatos, Infosec-ninjas, eCHo, RNDC( Research and development center ) and all other people who are inspiring this project :)

Publications

Echo Ezine 31 : http://ezine.echo.or.id/issue31/005.txt - Belati : Collecting Public Data & Public Document for OSINT Purpose - Petruknisme

IDSECCONF 2017 : https://www.slideshare.net/idsecconf/belati-the-traditional-swiss-army-knife-for-osint - Belati: The Traditional Swiss Army Knife for OSINT

License

Author: Aan Wahyu( https://petruknisme.com )

Belati is licensed under GPL V2. You can use, modify, or redistribute this tool under the terms of GNU General Public License (GPLv2). Please see LICENSE for the full license text.

More Repositories

1

spose

Squid Pivoting Open Port Scanner
Python
40
star
2

DllProxy-rs

Rust Implementation of SharpDllProxy for DLL Proxying Technique
Rust
22
star
3

TMTG

TMTG(Twint Mention to Graph) is tools for converting twint user mentions data to network graph for use in Gephi or others network mapping tools that support GEXF file format.
Python
14
star
4

CheckMyUsername

Python Library for Social Media and Other Service Username Availability Checker
Python
5
star
5

easy-rust-notes

My personal notes and code for learning Rust in easy_rust tutorial https://github.com/Dhghomon/easy_rust
5
star
6

polkit-auto-exploit

Automatic Explotation PoC for Polkit CVE-2021-3560
Go
5
star
7

extract-myreact

Extracting react native app source code from apk file.
Rust
4
star
8

unquoted_checker

Scanner for finding Unquoted Service Path for Privilege Escalation
C#
4
star
9

APK-FiD

Give me your APK, I will give you framework name
Rust
3
star
10

Dysco

Dysco(Dynamic PHP Shell Command for RCE)
PHP
3
star
11

docker-101-id

This ebook about Docker from zero to hero. Just for education purpose only with Indonesian Language.. I hope i can commitment :)
3
star
12

CVE-2022-1388-rs

CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE written in Rust
Rust
2
star
13

AM3S

Asterisk Manager/Monitor Multiple Server With Python - Coming Soon
Python
2
star
14

Spring4shell-poc-rs

Spring 4 Shell PoC script writted in Rust
Rust
2
star
15

lsacache2hashcat

Give me lsadump::cache output from mimikatz, I will transform it to DCC2 Hashcat compatible. Useful for so many credentials cache
Rust
2
star
16

panduan-memulai-belajar-django

Buku ini merupakan Panduan untuk Memulai Belajar Django bagi pemula. Dibuku ini akan membahas dari teori dasar Django sampai praktek pembuatan aplikasi. Buku ini ditujukan untuk dokumentasi Kuliah Online SinauDev
2
star
17

ZamasuSearch

Zamasu Search is a Python GUI Based for Searching Exploit from exploit-db.com repository
Python
1
star
18

aancw

1
star
19

RVIServerMasterOS

This repository is for RumahVoIP Server Master Operating System/RumahVoIP Node Server
1
star
20

Spring4shell-poc-lab

PoC Lab for Spring4shell vulnerability
Shell
1
star
21

tomatime

A Pomodoro App for Linux Platform
Makefile
1
star
22

fuzzing-101-solutions-learning

All resource backup from https://github.com/epi052/fuzzing-101-solutions/ with some adaptation for my fuzzing learning purpose. I'm not own any copyright
Rust
1
star
23

dirList-JSON-Hash

dirList-JSON-Hash is Command line tool for directory listing with JSON output format, hash(MD5,CRC32,SHA1,SHA256,SHA512) file support and file information. Usefull for generate list of update file for application updater.
PHP
1
star
24

remote-template-injector

VBA Macro Remote Template Injection written in Rust
Rust
1
star