woj-ciech/LeakLooker-X woj-ciech/LeakLooker-X

  • Stars
    star
    274
  • Rank 149,397 (Top 3 %)
  • Language
    JavaScript
  • Created over 4 years ago
  • Updated almost 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
woj-ciech/LeakLooker-X
github

woj-ciech

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

LeakLooker GUI - Discover, browse and monitor database/source code leaks

LeakLooker X - GUI

Powered by Binary Edge

Discover, browse and monitor database/source code leaks

https://www.offensiveosint.io/offensive-osint-so1e07-offensive-leak-hunt-with-leaklooker

https://www.offensiveosint.io/leaklooker-gui-discover-browse-and-monitor-database-source-code-leaks/

Supported sources

  • Gitlab
  • Elasticsearch
  • Kibana
  • Sonarqube
  • Kibana
  • Jenkins
  • MongoDB
  • Rsync
  • Listing directory
  • Cassandra
  • CouchDB
  • RethinkDB
  • Anonymous FTP
  • S3 bruteforce
  • Open S3 buckets
  • Buckets in HTML
  • Github (Secrets)
  • API keys in HTML
  • Angular applications
  • Javascript (Secrets)

Requirements

  • python3
  • Binary Edge paid plan
  • django
  • celery
  • redis
  • BeautifulSoup
  • jsbeautifier
pip install -r requirements.txt
sudo apt-get install python3-jsbeautifier

Install & Run

  • Paste your Binary Edge api key into config.json
  • Paste your gmail email and password in case you want to use monitoring feature
python3 manage.py makemigrations
python3 manage.py migrate
python3 manage.py runserver

n a new window fire up redis

apt-get install redis redis-server

redis-server

In a new window (in main directory) run

celery -A leaklooker worker --loglevel=info

For scheduling task (monitoring) run also

celery -A leaklooker beat --loglevel=info

I

And server should be available on https://localhost:8000/

Guide

Useful commands https://github.com/woj-ciech/LeakLooker-X/blob/master/cheatsheet.md

Dashboard

Dashboard shows chart of retrieved databases by type

Number of confirmed/for later findings

Binary Edge credits and total amount of records in database

Progress of checking MongoDB/Cassandra/Rethink/Elastic (% of findings marked as confirmed or for later)

Random leaks by type (not confirmed nor marked for later)

Findings marked "for later" for the same random type

Notifications

Discover

  • by type

Orange "count" button counts amount of records in your database

Blue "count" button counts amount in Binary Edge

  • by keyword & network & all types at once

If there are no results (due to blacklist or they are already in db) you will be informed

Browse

  • by type (recommended)

  • whole database

Red button deletes record and put it in blacklist so it will be never displayed again

Green button confirms finding

Blue button marks it as "for later review"

Monitor

It will sent mail every 24 hours with new findings based on provided keywords/network.

It compares new results with database and blacklist and sends only new findings.

Screens

Queries

"gitlab": "title:%22gitlab%22%20AND%20web.body.content:%22register%22",
"elastic": "type:%22elasticsearch%22",
"dirs": "title:%22Index of /%22",
"jenkins": "title:%22Dashboard [Jenkins]%22",
"mongo": "type:%22mongodb%22",
"rsync": "port:873 @RSYNCD",
'sonarqube': "title:SonarQube",
'couchdb': "product:couchdb",
"kibana": "product:kibana",
"cassandra": "type:cassandra",
"rethink": "type:rethinkdb",
"ftp":"ftp.user:anonymous",
"asia":"tag:'webserver' s3.ap-southeast-1.amazonaws.com",
"europe":"tag:'webserver' s3-eu-west-1.amazonaws.com",
"north america":"tag:'webserver' s3-us-west-2.amazonaws.com",
"api_key":'web.body.content:"api_key" -web.title:swagger',
"stripe":'web.body.content:"STRIPE_KEY"',
"secret_key":'web.body.content:"secret_key" -web.title:swagger',
'google_api_key':'web.body.content:"google_api_key"'
'amazons3be':'web.body.content:ListBucketResult',
'angular':"web.body.content:polyfills web.body.content:main web.body.content:runtime"

Additional

  • I am not responsible for any damage caused by using the tool
  • You must login to the gmail account via browser first to use monitoring
  • If something does not work or you have an idea raise an issue
  • Tested on Kali Linux on newest browser
  • All credits for template goes to ColorLib

More Repositories

1

LeakLooker

Find open databases - Powered by Binaryedge.io
1,291
star
2

kamerka

Build interactive map of cameras from Shodan
1,238
star
3

Kamerka-GUI

Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.
HTML
690
star
4

Danger-zone

Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
Python
669
star
5

OSINT

CSS
264
star
6

SocialPath

Track users across social media platform
CSS
154
star
7

Shomap

Create visualization from Shodan query
HTML
70
star
8

pepe

Collect information about email addresses from Pastebin
Python
35
star
9

Daily-dose-of-malware

Script lets you gather malicious software and c&c servers from open source platforms like Malshare, Malcode, Google, Cymon - vxvault, cybercrime tracker and c2 for Pony.
Python
33
star
10

intelx_viz

Collect information about leaks for particular domain in IntelX and present it on a tree view graph.
HTML
26
star
11

offensive-osint

Scripts related to offensiveosint.io
HTML
19
star
12

woj-ciech

Offensive OSINT
17
star
13

Social-media-c2

Script is a proof of concept how to control your machine by using social media sites.
Python
17
star
14

kupa3

Tracking the trackers. Draw connections between scripts and domains on website.
Python
13
star
15

nadesrau

Detect firearm and nudity on Twitter and Instagram
Python
12
star
16

Wallet-watcher

Small script for retrieving incoming transactions based on provided hour period.
Python
12
star
17

Awake

Bug Bounty Monitor
Python
11
star
18

Bad-Ads

Monitor ads on Bedpage
CSS
9
star
19

other

Small scripts
Python
6
star
20

kamerka-demo

Demo for ๊“˜amerka GUI
3
star
21

stock_viz

HTML
2
star