Skip to content

isaudits/pasv-agrsv

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

pasv-agrsv.py

Passive recon / OSINT automation script:

  • Runs passive recon tools specified in config file given a TLD
  • Extracts email addresses, IP addresses, and DNS names from tool output using regex
  • Queries various OSINT sites specified in config file for TLD and saves result to specified format (default pdf)
  • Runs additional recon tools and website queries on IPs and DNS names found from initial TLD analysis
  • All identified domains, emails, ip addresses, dns names, and tool run history / output stored in sqlite database
  • Aggressive mode can be enabled for running non-passive tests on discovered hosts (e.g. screenshot and spider a website)

Notes

By default, the application runs in interactive mode allowing the user to select a project name / output directory as well as add multiple TLDs for analysis before executing scripted tasks. Optionally, a single domain can be specified as a command line parameter to immediately create a new project and execute the scripted tasks against that domain upon launch.

All scan parameters are pulled from config files so multiple configurations can be developed and specified with the -c flag. An example config file (default.example) is included and will be copied into the default path (default.cfg) upon initial launch.

Please feel free to submit PR for bugfixes or additional tools/sites/regex for default config file - any feedback, input, or improvement is greatly appreciated!

Script tested on Kali Linux as well as OSX and should function on UNIX-based systems with required dependencies.


Dependencies

Python Module Dependencies:

  • pyPdf (installed on Kali Linux by default)
  • elixir apt-get install python-elixir

Binary Dependencies:

  • cutycapt (installed on Kali Linux by default)

Dependencies in default tool config file:

  • webshag (installed by default on Kali 1.x but not 2.x) apt-get install webshag

Todo

  • Email domain filter currently only excludes emails not matching the active domain during TLD phase
  • HTML index page to summarize all output
  • Scrape cutycapt output for targets & emails (convert to text first?)

Copyright 2015

Matthew C. Jones, CPA, CISA, OSCP

IS Audits & Consulting, LLC - http://www.isaudits.com/

TJS Deemer Dana LLP - http://www.tjsdd.com/

Concept based upon functionality observed in the OSINT portion of the Kali Discover script by leebaird: https://github.com/leebaird/discover/


This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

About

Passive recon / OSINT automation script

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published