• This repository has been archived on 27/Jun/2020
  • Stars
    star
    669
  • Rank 67,451 (Top 2 %)
  • Language
    Python
  • Created about 6 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.

Danger zone

Danger_zone

Info

Correlate data between domains, ips and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
Background story --> https://www.offensiveosint.io/osint-tool-for-visualizing-relationships-between-domains-ips-and-email-addresses/

Cases

  • Based on given email, check for associate domains and then check these domains for other emails and IPs.
  • For domains check for IP and Emails and next look for associated domains.
  • Extract domain from IP, check domain for other IPs and email.

Modules

Setup & Configuration:

git clone
pip install -r requirements.txt
pip install Google-search-api

For Elasticsearch setup go here https://www.elastic.co/guide/en/elasticsearch/reference/current/_installation.html

For Kibana setup go here https://www.elastic.co/guide/en/kibana/6.4/install.html

Edit settings.json file and put there your keys and ElasticSearch info

{
  "keys":{
    "whoxy": "xxx",
    "virustotal": "xxx"
  },
  "elastic":{
    "host":"127.0.0.1",
    "port":9200
  }
}

Usage

python danger-zone.py -h
usage: dangerzone.py [-h] [--email EMAIL] [--address ADDRESS] [--domain DOMAIN]
               [--elasticsearch]

Correlate data between domains, ips and email addresses and present it as a
graph.

optional arguments:
  -h, --help         show this help message and exit
  --email EMAIL      Email address
  --address ADDRESS  IP address
  --domain DOMAIN    Domain name
  --elasticsearch    Elasticsearch output

Example domain check

python danger-zone.py --domain example.net --elastic
Successfully connected to ElasticSearch
----------------VirusTotal module---------------------------
[*] Domain was resolved to following IPs: 
xxx.xxx.xxx.xxx on 2017-02-20 00:00:00
[*] Saving output to Elasticsearch
-------------------WhoIs history module---------------------
[*} Found 1 result(s)
[*] Domain example.net was registered on 2017-02-15 in GoDaddy.com, LLC
[*] Contact: 
[REDACTED]
[*] Name servers:
ns47.domaincontrol.com
ns48.domaincontrol.com
---
[*] Saving output to Elasticsearch
.net is sponsored by VeriSign Global Registry Services
[...]
--------------------Threatcrowd module------------------------
Reputation of 0downcarleasedeals.com: no opinion
[*] Domain was resolved to following IPs: 
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
[*] Saving output to Elasticsearch
----------------VirusTotal module---------------------------
API limitation, putting into sleep for 70 sec
[*] Domain was resolved to following IPs: 
xxx.xxx.xxx.xxx on 2017-09-28 00:00:00
xxx.xxx.xxx.xxx on 2018-08-22 13:57:06
xxx.xxx.xxx.xxx on 2018-09-21 00:28:27
[*] Saving output to Elasticsearch
-------------------WhoIs history module---------------------
[*} Found 1 result(s)
[*] Domain example2.com was registered on 2017-01-24 in GoDaddy.com, LLC
[*] Contact: 
[REDACTED]
[*] Name servers:
ns47.domaincontrol.com
ns48.domaincontrol.com
---
[*] Saving output to Elasticsearch
[*] Saving graph to graph/20180920-185210-example.net.png
Press Enter to quit...

Outputs

Graph:

Generated graph which started from fximperium[.]net

Console

Report generated to console contains more information than saved files.
Additional information are Google results, username check and HaveIBeenPwned module.
The most important things are colored in console, which lets you better remember and associate findings.

Kibana

It creates index with name of each module contains specific information

JSON

The following structure is created.

Limitations

I tried to find as many free of charge services I could but nothing good is for free. Luckily, you need to create only two account to use this tool. First is VirusTotal, which is totally free but allows you to make only 4 request per minute.
Whoxy service provides you free credits at the beginning and it's enough to test it and gather all of the useful info.
It goes only 2-3 level down checking only 3 newest findings, the reason behind that is graph would be unreadable with lots of connections, but full information is saved into JSON files and/or ElasticSearch.

Golden rule

Don't jump to conclusions too fast.

More Repositories

1

LeakLooker

Find open databases - Powered by Binaryedge.io
1,291
star
2

kamerka

Build interactive map of cameras from Shodan
1,238
star
3

Kamerka-GUI

Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
HTML
705
star
4

LeakLooker-X

LeakLooker GUI - Discover, browse and monitor database/source code leaks
JavaScript
277
star
5

OSINT

CSS
264
star
6

SocialPath

Track users across social media platform
CSS
154
star
7

Shomap

Create visualization from Shodan query
HTML
70
star
8

Daily-dose-of-malware

Script lets you gather malicious software and c&c servers from open source platforms like Malshare, Malcode, Google, Cymon - vxvault, cybercrime tracker and c2 for Pony.
Python
36
star
9

pepe

Collect information about email addresses from Pastebin
Python
35
star
10

intelx_viz

Collect information about leaks for particular domain in IntelX and present it on a tree view graph.
HTML
26
star
11

offensive-osint

Scripts related to offensiveosint.io
HTML
19
star
12

woj-ciech

Offensive OSINT
17
star
13

Social-media-c2

Script is a proof of concept how to control your machine by using social media sites.
Python
17
star
14

kupa3

Tracking the trackers. Draw connections between scripts and domains on website.
Python
14
star
15

nadesrau

Detect firearm and nudity on Twitter and Instagram
Python
12
star
16

Wallet-watcher

Small script for retrieving incoming transactions based on provided hour period.
Python
12
star
17

Awake

Bug Bounty Monitor
Python
11
star
18

Bad-Ads

Monitor ads on Bedpage
CSS
9
star
19

other

Small scripts
Python
6
star
20

kamerka-demo

Demo for κ“˜amerka GUI
3
star
21

stock_viz

HTML
2
star