• Stars
    star
    1,559
  • Rank 29,158 (Top 0.6 %)
  • Language
    Rust
  • License
    GNU General Publi...
  • Created over 5 years ago
  • Updated 11 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Semi-automatic OSINT framework and package manager

sn0int crates.io Documentation Status irc.hackint.org:6697/#sn0int @sn0int @sn0int@chaos.social registry status

sn0int (pronounced /snoΙͺnt/) is a semi-automatic OSINT framework and package manager. It's used by IT security professionals, bug bounty hunters, law enforcement agencies and in security awareness trainings to gather intelligence about a given target or about yourself. sn0int is enumerating attack surface by semi-automatically processing public information and mapping the results in a unified format for followup investigations.

Among other things, sn0int is currently able to:

  • Harvest subdomains from certificate transparency logs and passive dns
  • Mass resolve collected subdomains and scan for http or https services
  • Enrich ip addresses with asn and geoip info
  • Harvest emails from pgp keyservers and whois
  • Discover compromised logins in breaches
  • Find somebody's profiles across the internet
  • Enumerate local networks with unique techniques like passive arp
  • Gather information about phonenumbers
  • Harvest activity and images from social media profiles
  • Basic image processing

sn0int is heavily inspired by recon-ng and maltego, but remains more flexible and is fully opensource. None of the investigations listed above are hardcoded in the source, instead they are provided by modules that are executed in a sandbox. You can easily extend sn0int by writing your own modules and share them with other users by publishing them to the sn0int registry. This allows you to ship updates for your modules on your own instead of pull-requesting them into the sn0int codebase.

For questions and support join us on IRC: irc.hackint.org:6697/#sn0int

asciicast

Installation

Packaging status

Archlinux

pacman -S sn0int

Mac OSX

brew install sn0int

Debian/Ubuntu/Kali

There are prebuilt packages signed by a debian maintainer:

sudo apt install curl sq
curl -sSf https://apt.vulns.sexy/kpcyrd.pgp | sq dearmor | sudo tee /etc/apt/trusted.gpg.d/apt-vulns-sexy.gpg > /dev/null
echo deb http://apt.vulns.sexy stable main | sudo tee /etc/apt/sources.list.d/apt-vulns-sexy.list
apt update

Docker

docker run --rm --init -it -v "$PWD/.cache:/cache" -v "$PWD/.data:/data" kpcyrd/sn0int

Alpine

apk add sn0int

OpenBSD

pkg_add sn0int

Gentoo

layman -a pentoo
emerge --ask net-analyzer/sn0int

NixOS

nix-env -i sn0int

For everything else please have a look at the detailed list.

Getting started

Rationale

This tool was written for companies to help them understand their attack surface from a blackbox point of view. It's often difficult to understand that something is easier to discover than some people assume, putting them at risk of false security.

It's also designed to be useful for red team assessments and bug bounties, which also help companies to identify weaknesses that could result in a compromise.

Some functionality was written to do the same thing for individuals to raise awareness about personal attack surface, privacy and how much data is publicly available. These issues are often out of scope in bug bounties and sometimes by design. We believe that blaming the user is the wrong approach and these issues should be addressed at the root cause by the people designing those systems.

License

GPLv3+

More Repositories

1

sniffglue

Secure multithreaded packet sniffer
Rust
958
star
2

rshijack

tcp connection hijacker, rust rewrite of shijack
Rust
395
star
3

authoscope

Scriptable network authentication cracker (formerly `badtouch`)
Rust
359
star
4

rebuilderd

Independent verification of binary packages - reproducible builds
Rust
327
star
5

mini-docker-rust

Very small rust docker image
Dockerfile
171
star
6

spotify-launcher

Client for spotify's apt repository in Rust for Arch Linux
Rust
152
star
7

i-probably-didnt-backdoor-this

A practical experiment on supply-chain security using reproducible builds
Dockerfile
148
star
8

nude-rs

High performance nudity detection in rust
Rust
125
star
9

sh4d0wup

Signing-key abuse and update exploitation framework
Rust
119
star
10

libredefender

Imagine the information security compliance guideline says you need an antivirus but you run Arch Linux
Rust
117
star
11

ipfs.ink

PROJECT HAS BEEN SHUTDOWN - Publish and render markdown essays to and from ipfs
JavaScript
109
star
12

pacman-bintrans

Experimental binary transparency for pacman with sigstore and rekor
Rust
83
star
13

boxxy-rs

Linkable sandbox explorer
Rust
70
star
14

acme-redirect

Tiny http daemon that answers acme challenges and redirects everything else to https
Rust
68
star
15

arch-audit-gtk

Arch Linux Security Update Notifications
Rust
55
star
16

narnia

🚧 EXPERIMENTAL 🚧 Secure hidden service webserver
Rust
49
star
17

yrd

cjdns swiss army knife
Python
48
star
18

repro-env

Dependency lockfiles for reproducible build environments πŸ“¦πŸ”’
Rust
33
star
19

archlinux-userland-fs-cmp

Forensic tool to read all installed packages from a mounted Arch Linux drive and compare the filesystem to a trusted source
Rust
32
star
20

defcon26-pow

Fast defcon 26 quals pow solver
Rust
26
star
21

backseat-signed

Authenticate the cryptographic chain-of-custody of Linux distributions (like Arch Linux and Debian) to their source code inputs
Rust
25
star
22

what-the-src

Source code of https://whatsrc.org/
Rust
24
star
23

progpick

Bruteforce with a stream of permutations of a specific pattern
Rust
23
star
24

syscallz-rs

Simple seccomp library for rust
Rust
22
star
25

sn0int-modules

Lua
21
star
26

cargo-debstatus

cargo-tree for debian packaging
Rust
20
star
27

tr1pd

tamper resistant audit log
Rust
17
star
28

forensic-adb

Tokio based client library for the Android Debug Bridge (adb) based on mozdevice
Rust
16
star
29

snail

Parasitic network manager
Rust
15
star
30

rocket_failure

Semantic error handling for rocket applications
Rust
15
star
31

auth-tarball-from-git

Authenticate a tarball through a signed tag in a git repository (with reproducible builds)
Rust
15
star
32

apt-swarm

πŸ₯Έ p2p gossip network for update transparency, based on pgp πŸ₯Έ
Rust
15
star
33

worker-ratelimit

General purpose rate limiting library for Cloudflare Workers
Rust
14
star
34

laundry5

Shuffles your socks - rotating proxy frontend server
Rust
13
star
35

kmod-rs

Bindings to libkmod to manage linux kernel modules
Rust
13
star
36

ismyarchverifiedyet

🚧 Experimental script to query rebuilderd for results 🚧
Python
13
star
37

chrootable-https

Sandbox+chroot friendly https client
Rust
12
star
38

brchd

Data exfiltration toolkit
Rust
12
star
39

nmcssh

Solving Zooko's triangle for ssh authentication
Python
11
star
40

updlockfiles

Manage lockfiles in PKGBUILDs for upstreams that don't ship them, `updpkgsums` for dependency trees (Arch Linux tooling)
Rust
11
star
41

booty

Minimal forensic/exfiltration/evil-maid/rescue live boot system
Shell
10
star
42

burritun

Wrap a tun device in a tap device
Rust
10
star
43

archlinux-inputs-fsck

Lint repository of PKGBUILDs for cryptographically pinned inputs
Rust
10
star
44

rp2040-37c3-oled

Pure Rust firmware for 37c3 logo animation (waveshare-rp2040-zero with 128x64 oled screen - i2c sda: gpio14, scl: gpio15)
Rust
10
star
45

nessus-rs

Nessus Vulnerability Scanner API client
Rust
8
star
46

a2p

fancy html5 file upload, webrtc seeding swarm, auto torrent and scp interface
JavaScript
7
star
47

homeassistant-rs

home-assistant api client
Rust
6
star
48

memry

mem'ry, tar pipe curl
JavaScript
6
star
49

masshype

Util for massive cjdns routers
JavaScript
6
star
50

stalkerware-indicators-rs

Parser for Echap's stalkerware-indicators repo
Rust
6
star
51

summarize-cli

Attempt to summarize text from `stdin`, using a large language model (locally and offline), to `stdout`
Rust
6
star
52

signal-whois

Resolve a signal username or link to a signal uuid
Rust
6
star
53

sloppy-rfc4880

Pure rust parser for RFC-4880 (OpenPGP Message Format)
Rust
5
star
54

rebuilderd-debian-buildinfo-crawler

Reproducible Builds: Scraper/Parser for https://buildinfos.debian.net into structured data
Rust
5
star
55

syrup-rs

Simple abstraction around pancurses for chat-like interfaces
Rust
5
star
56

autovoice

irc bot to automatically give +v to users after they've been in the channel for some time
Rust
5
star
57

signal-doh-ech

🚧 Experimental source dump for pluggable transport for signal-desktop, not fully implemented, do not use in production 🚧
Rust
5
star
58

archlinux-linux-reproducible

Binary reproducible fork of the Arch Linux kernel package
Shell
4
star
59

46snihdnat

4 to 6 server name indication hybrid destination network address translation
JavaScript
4
star
60

mrsc

mpsc with requests
Rust
4
star
61

tls.li

Hardened TLS configuration examples
CSS
4
star
62

cjdns-rs

Admin API implementation of cjdns
Rust
4
star
63

os-version

Rust
4
star
64

webhook-server

Multiprocess sandboxed webhook daemon
Rust
4
star
65

ipfs-mirror

ipfs mirror utils with leveldb cache for immutable files
Python
4
star
66

archlinux-scan-malloc-usable-size

Scan the symbols of all ELF binaries in all Arch Linux packages for usage of malloc_usable_size (-D_FORTIFY_SOURCE=3 compatibility)
Rust
4
star
67

game-dont-panic

Pure Rust firmware, bare metal Space Invaders/Endoparasitic crossover game for waveshare-rp2040-zero, with a 128x64 OLED i2c screen, a rotary encoder and a button
Rust
4
star
68

elf2nucleus

Integrate micronucleus into the cargo buildsystem, flash an AVR firmware from an elf file
Rust
4
star
69

promisc

cjdns peering bot
Python
3
star
70

jenkins-debian

personal fork of jenkins.debian.net
Shell
3
star
71

onionjson

Tor2Web for json
HTML
3
star
72

wrbt-web

Web implementation of wrbt
HTML
3
star
73

csrf.fun

Cross Site Request Forgery Debugger
JavaScript
3
star
74

hype-qr

QRify cjdns connect strings
JavaScript
3
star
75

d3xs

Physical access control (Rust firmware)
Rust
3
star
76

annex-accumulate

Super folder for git-annex drives
Python
3
star
77

cloudflare-worker-rust

Build a Hello World WebAssembly web-service with Rust and run it locally with Cloudflare's workerd
Rust
3
star
78

sn0int-signal

Rust
2
star
79

huesaverd

Rust
2
star
80

abuild-reusesig

Rust
2
star
81

embedded-triple

Embed the target triple into the binary
Rust
2
star
82

s2ws

Expose Spawn to WebSockets
JavaScript
2
star
83

ysf-sn0int-modules

my sn0int modules or patches
Lua
2
star
84

attiny85-hello-world

Hello World Rust firmware for digispark attiny85 microcontroller
Rust
2
star
85

BadCrypto

A challenge for my future self
Python
1
star
86

shepard

The hackers monitoring
Python
1
star
87

labsh

Restricted shell for docker build server
Rust
1
star
88

dotfiles

Shell
1
star
89

waflz

Link preview irc bot
Rust
1
star
90

scdoc

personal mirror
C
1
star
91

PKGBUILD-acmetool

Shell
1
star
92

rust-diesel-bug-2365

Rust
1
star
93

kpcyrd

1
star
94

pkgbuild-signal-desktop

Send pull requests for the signal-desktop Arch Linux package here
Shell
1
star
95

updvcspins

Manage pinned VCS repositories in PKGBUILDs (Arch Linux tooling)
Rust
1
star
96

wrbt-httpd

Authorize peering requests on remote servers
Python
1
star
97

namecoin-zones

Converts the namecoin blockchain to dns zones
Python
1
star
98

not-butter

there is no butter
JavaScript
1
star
99

aur-repro

Reproducible Builds for packages in the Arch User Repository (AUR)
Shell
1
star
100

iam

Simple whois server implementation
Shell
1
star