woj-ciech/LeakLooker woj-ciech/LeakLooker

  • This repository has been archived on 28/Jun/2020
  • Stars
    star
    1,291
  • Rank 36,183 (Top 0.8 %)
  • Language
  • Created over 5 years ago
  • Updated about 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
woj-ciech/LeakLooker
github

woj-ciech

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Find open databases - Powered by Binaryedge.io

LeakLooker - Powered by Binaryedge.io

Find open databases/services

GUI https://www.offensiveosint.io/leaklooker-gui-discover-browse-and-monitor-database-source-code-leaks/ https://github.com/woj-ciech/LeakLooker-X

New version supports:

  • Elasticsearch
  • CouchDB
  • MongoDB
  • Gitlab
  • Rsync
  • Jenkins
  • Sonarqube
  • Kibana
  • CassandraDB
  • RethinkDB
  • Directory listing
  • Amazon S3

and custom query.

Queries:

https://docs.binaryedge.io/api-v2/

Background: https://www.offensiveosint.io/leaklooker-find-open-databases-in-seconds/ https://www.offensiveosint.io/fun-with-amazon-s3-leaks-and-bucket-takeover-attack/ https://www.offensiveosint.io/leaklooker-v2-find-more-open-servers-and-source-code-leaks/ https://www.offensiveosint.io/leaklooker-part-3-dna-samples-internal-files-and-more/

Requirements:

Python 3 & Binaryedge API

Paste your BinaryEdge API key in line 113

pip3 install colorama
pip3 install hurry.filesize
pip3 install beautifulsoup4
pip3 install pybinaryedge

pip install -r requirements.txt

Usage

(venv) root@kali:~/PycharmProjects/LeakLooker# python leaklooker.py -h

         ,
         )\
        /  \
       '  # '
       ',  ,'
         `'

         ,
         )\
        /  \
       '  ~ '
       ',  ,'
         `'
LeakLooker - Find open databases - Powered by Binaryedge.io
https://medium.com/@woj_ciech https://github.com/woj-ciech/
Example: python leaklooker.py --mongodb --couchdb --kibana --elastic --first 21 --last 37
usage: leaklooker.py [-h] [--elastic] [--couchdb] [--mongodb] [--gitlab]
                     [--rsync] [--jenkins] [--sonarqube] [--query QUERY]
                     [--cassandra] [--rethink] [--listing] [--kibana]
                     [--s3asia] [--s3usa] [--s3europe] [--first FIRST]
                     [--last LAST]

optional arguments:
  -h, --help     show this help message and exit
  --elastic      Elastic search (default: False)
  --couchdb      CouchDB (default: False)
  --mongodb      MongoDB (default: False)
  --gitlab       Gitlab (default: False)
  --rsync        Rsync (default: False)
  --jenkins      Jenkins (default: False)
  --sonarqube    SonarQube (default: False)
  --query QUERY  Additional query or filter for BinaryEdge (default: )
  --cassandra    Cassandra DB (default: False)
  --rethink      Rethink DB (default: False)
  --listing      Listing directory (default: False)
  --kibana       Kibana (default: False)
  --s3asia       Amazon s3 s3.ap-southeast-1 (default: False)
  --s3usa        Amazon s3 s3.ap-southeast-1 (default: False)
  --s3europe     Amazon s3 s3.ap-southeast-1 (default: False)

Pages:
  --first FIRST  First page (default: None)
  --last LAST    Last page (default: None)

You need to specify first and last page

Example

Search for RethinkDB and listing directory in pages from 21 to 37

root@kali:~/PycharmProjects/LeakLooker# python leaklooker.py --rethink --listing --first 21 --last 37
----------------------------------Listing directory - Page 21--------------------------------
https://[REDACTED]:6666
Product: Apache httpd
Hostname: localhost
[REDACTED]/
[REDACTED]/
[REDACTED]/
[REDACTED]/
[REDACTED]/
-----------------------------
https://[REDACTED]:6666
Product: MiniServ
-----------------------------
https://[REDACTED]:6666
Product: Apache httpd
[REDACTED]/
[REDACTED]/
[REDACTED].html
[REDACTED]/
[REDACTED].css
[REDACTED]/
[REDACTED]/
[REDACTED]/
favicon.ico
-----------------------------
https://[REDACTED]:6666
Product: Apache httpd
[REDACTED]/
[REDACTED]/
[REDACTED]/
[REDACTED]..>
[REDACTED]/
[REDACTED]..>
[REDACTED]/
----------------------------------Rethink DB - Page 21--------------------------------
ReQL: [REDACTED]:28015
HTTP Admin: http://[REDACTED]:8080
Hostname: [REDACTED]
Version: rethinkdb 2.3.6~0trusty (GCC 4.8.2)
Name: [REDACTED]
Database: [REDACTED]
Tables: 
Database: rethinkdb
Tables: 
cluster_config
current_issues
db_config
jobs
logs
permissions
server_config
server_status
stats
table_config
table_status
users
Database: [REDACTED]
Tables: 
-----------------------------
ReQL: [REDACTED]:28015
HTTP Admin: http://[REDACTED]:8080
Hostname: [REDACTED]
Version: rethinkdb 2.3.6~0jessie (GCC 4.9.2)
Name: [REDACTED]
Database: [REDACTED]
Tables: 
Database: rethinkdb
Tables: 
cluster_config
current_issues
db_config
jobs
logs
permissions
server_config
server_status
stats
table_config
table_status
users
Database: settings
Tables: 
-----------------------------

Search for Jenkins, Gitlab in Uruguay (Country code is UY) on pages from 1 to 2

root@kali:~/PycharmProjects/LeakLooker# python leaklooker.py --jenkins --gitlab --first 1 --last 2 --query "country:UY"
----------------------------------GitLab - Page 1--------------------------------
Total results: 13
https://[REDACTED]:443
GitLab Community Edition
Registration is open
-----------------------
https://[REDACTED]:443
Registration is closed. Check public repositories. https://164.73.232.10:443/explore
-----------------------
https://[REDACTED]:443
Registration is closed. Check public repositories. https://190.64.138.5:443/explore
-----------------------
https://[REDACTED]:443
GitLab Community Edition
Registration is open
[...]
----------------------------------Jenkins - Page 1--------------------------------
Total results: 6501
http://[REDACTED]:443
Executors
Windows
(master)
Jobs
-----------------------------
http://[REDACTED]:443
Executors
Jobs
-----------------------------
http://[REDACTED]:443
Executors
Jobs
[REDACTED]
[REDACTED]

Search for mongoDB and Elasticsearch with keyword "medical" only on first page

root@kali:~/PycharmProjects/LeakLooker# python leaklooker.py --mongo --elastic --first 1 --last 2 --query "medical"

Additional

Tool has been made for educational purposes only. I'm not responsible for any damage caused. Don't be evil.

More Repositories

1

kamerka

Build interactive map of cameras from Shodan
1,238
star
2

Kamerka-GUI

Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
HTML
690
star
3

Danger-zone

Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
Python
669
star
4

LeakLooker-X

LeakLooker GUI - Discover, browse and monitor database/source code leaks
JavaScript
274
star
5

OSINT

CSS
264
star
6

SocialPath

Track users across social media platform
CSS
154
star
7

Shomap

Create visualization from Shodan query
HTML
70
star
8

pepe

Collect information about email addresses from Pastebin
Python
35
star
9

Daily-dose-of-malware

Script lets you gather malicious software and c&c servers from open source platforms like Malshare, Malcode, Google, Cymon - vxvault, cybercrime tracker and c2 for Pony.
Python
33
star
10

intelx_viz

Collect information about leaks for particular domain in IntelX and present it on a tree view graph.
HTML
26
star
11

offensive-osint

Scripts related to offensiveosint.io
HTML
19
star
12

woj-ciech

Offensive OSINT
17
star
13

Social-media-c2

Script is a proof of concept how to control your machine by using social media sites.
Python
17
star
14

kupa3

Tracking the trackers. Draw connections between scripts and domains on website.
Python
13
star
15

nadesrau

Detect firearm and nudity on Twitter and Instagram
Python
12
star
16

Wallet-watcher

Small script for retrieving incoming transactions based on provided hour period.
Python
12
star
17

Awake

Bug Bounty Monitor
Python
11
star
18

Bad-Ads

Monitor ads on Bedpage
CSS
9
star
19

other

Small scripts
Python
6
star
20

kamerka-demo

Demo for κ“˜amerka GUI
3
star
21

stock_viz

HTML
2
star