Subdomain enumeration,Web scraping and finding usernames automation script written in python

Related tags

Security related resourcespythonpython3
Overview

๐“Ÿ๐“จ๐“ž๐“ข๐“˜๐“๐“ฃ

Subdomain enumeration,Web scraping and finding usernames automation script written in python

Installation

git clone https://github.com/d8rkmind/Pyosint.git
cd PyOsint
pip3 install -r requirements.txt

Usage :

python3 Pyosint.py [OPTIONS]

Brief info:

The main functionality of this program has been divided to 3 parts

  • Find - Module to search For usenames form a list of 326 websites
  • Scrap - To Scrap a website to extract all links form a given website and store it in a file
  • Enum - To automate the search of subdomains of a given domain from different services

In Scrap module results are automatically stored in output/web folder wit he ip-address of the website as the filename

The services used are Virus Total,PassiveDns,CrtSearch,ThreatCrowd
Enum module an Api key of Virus total that you can get from going Here

Paste the key inside api.json file:

* if this step is not done Virus total may block your request

Command Line Utilization Information.

The following are the sub-commands that work this program
Arguments Shot
form		 Long
form		 Functionality
Name -n --name To specify the domain name or username to use
Module -m --module To specify which module to use
Output -o --output To specify outputfile name
Thread -t --threads To specify the number of threads to use
[ Not applicable to web crawling ]
Limit -l --limit to specify the maxium value of web urls to crawl
[ Applicable only to web crawling ]
Verbose -v --verbose To enable verbose mode
[ Applicable only to Enumeration ]
Ports -p --ports To specify the ports to scan
[ Applicable only to Enumeration ]
Help -h --help To Show the help options

Example :

Linux commands:
python3 pyosint.py -m find -n exampleuser               <-- Username-huntdown

python3 pyosint.py -m scrap -n http://scanme.nmap.org   <-- Scrapping using bot

python3 pyosint.py -m enum -n google.com                <-- Subdomain enum

The project is still in development and will be added with additional functionality.
Happy to hear suggestions for improvement.


Special Thanks to ๐“ฃ๐“ฎ๐“ฌ๐“ฑ๐“ท๐“ธ๐“ป๐“ฎ๐“ฌ๐“ด and ๐“ข๐“ฑ๐“พ๐“ท๐“พ๐” - ๐“ข๐“ฝ๐“พ๐”๐“ท๐“ฎ๐“ฝ for working in this project

Note :

This is only for educational and research purposes.The developers will not be held responsible for any harm caused by anyone who misuses the material.

License :

Pyosint is licensed under the GNU GPL license. take a look at the LICENSE for more information

Update informations

Update on 18-8-21:

Rewritten the code completely ,Improved interface

Update on 20-8-21:

Subdomain enumeration module (enum) has been added

Update on 23-8-21:

Find module code that has been optimised. The number of sites to automate has grown from 14 to 147, and connection error has been resolved.

Update on 16-09-21:

  • Program has been re-written to work with arguments
  • Find module has been added threading Functionality
  • Output functionality has been added to every module
  • More Error handiling has been added
  • Number of sites has been increased from 147 to 326
  • Cross platform portable
  • Reduced unused and unwanted codes
  • Removed console mode
You might also like...
NExfil is an OSINT tool written in python for finding profiles by username.
NExfil is an OSINT tool written in python for finding profiles by username.

NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds.

thewhiteh4t 1.4k Jan 1, 2023
Web Scraping com Python - Raspando Vagas para Programadores
Web Scraping com Python - Raspando Vagas para Programadores

Web Scraping com Python - Raspando Vagas para Programadores Sobre o Projeto Web

Kayo Libarino 3 Dec 30, 2021
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

Duc Linh Nguyen 4 Aug 8, 2022
Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells
Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

Nano 108 Dec 4, 2021
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

The SCodeScanner stands for Source Code Scanner, where you can scan your source code files like PHP and get identify the vulnerabilities inside it. The tool can use by Pentester, Developer to quickly identify the weakness.

null 136 Dec 13, 2022
IDAPatternSearch adds a capability of finding functions according to bit-patterns into the well-known IDA Pro disassembler based on Ghidraโ€™s function patterns format.

IDA Pattern Search by Argus Cyber Security Ltd. The IDA Pattern Search plugin adds a capability of finding functions according to bit-patterns into th

David Lazar 48 Dec 29, 2022
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How โ€ข Install โ€ข Todo โ€ข Join Discord How it works

Krypt0mux 162 Nov 25, 2022
A simple automatic tool for finding vulnerable log4j hosts
A simple automatic tool for finding vulnerable log4j hosts

Log4Scan A simple automatic tool for finding vulnerable log4j hosts Installation pip3 install -r requirements.txt Usage usage: log4scan.py [-h] (-f FI

Federico Rapetti 20018955 6 Mar 10, 2022
Tool for finding PHP source code vulnerabilities.

vulnz Tool for finding php source code vulnerabilities. Scans PHP source code and prints out potentially dangerous lines. This tool is useful for secu

Mateo Hanลพek 1 Jan 14, 2022
Releases(v1)
Owner
Syam
Student and Linux enthusiast
Syam
GitHub Repository
Python program that generates secure passwords.

Python program that generates secure passwords. The user has the option to select the length of the password, amount of passwords,

4 Dec 07, 2021
Get related domains / subdomains by looking at Google Analytics IDs

DomainRelationShips โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

Josuรฉ Encinar 161 Jan 02, 2023
Scan publicly accessible assets on your AWS cloud environment

poro Description Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databas

9rnt 134 Dec 16, 2022
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Pupy Installation Installation instructions are on the wiki, in addition to all other documentation. For maximum compatibility, it is recommended to u

7.4k Jan 04, 2023
CVE-2022-21907 Vulnerability PoC

CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17, just some sm

Michele 16 Dec 18, 2022
SSH Tool For OSINT and then Cracking.

sshmap SSH Tool For OSINT and then Cracking. Linux Systems Only Usage: Scanner Syntax: scanner start/stop/status - Sarts/stops/sho

Miss Bliss 5 Apr 04, 2022
Having a weak password is not good for a system that demands high confidentiality and security of user credentials

Having a weak password is not good for a system that demands high confidentiality and security of user credentials. It turns out that people find it difficult to make up a strong password that is str

PyLaboratory 0 Feb 07, 2022
ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

ProxyLogon For Python3 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF-GetWebShell) usage: python ProxyLogon.py --host=exchang

112 Dec 01, 2022
GDID (Google Dorks for Information Disclosure)

GDID (Google Dorks for Information Disclosure) Script made for your recon automation in Bug Bounty or Pentest. It will help you to find Information Di

Nischacid 5 Mar 10, 2022
Script Crack Facebook Premium ๐Ÿšถโ€โ™‚

prem Script Crack Facebook Premium ๐Ÿšถโ€โ™‚ Install Script $ pkg update && pkg update $ termux-setup-storage $ pkg install git $ pkg install python $ pip

Yumasaa 1 Dec 03, 2021
labsecurity is a framework and its use is for ethical hacking and computer security

labsecurity labsecurity is a framework and its use is for ethical hacking and computer security. Warning This tool is only for educational purpose. If

Dylan Meca 16 Dec 08, 2022
Python tool for dumping flash via uboot reliably

Reliable Uboot Flash Dumper is a Python tool for dumping flash via uboot reliably. If you've ever had to dump flash via uboot and a serial connection and became frustrated about doing it several time

SecurityJon 25 May 10, 2022
A web-app helping to create strong passwords that are easy to remember.

This is a simple Web-App that demonstrates a method of creating strong passwords that are still easy to remember. It also provides time estimates how long it would take an attacker to crack a passwor

2 Jun 04, 2021
Obfuscate ip address using different encodings

ipobfuscator How it works? Single ip address can be written in multiple ways. The most popular way is to represent ip as 4 octets separated with dots.

Piotr Warmke 1 Nov 02, 2021
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

CVE-2021-21389 BuddyPress 7.2.1 - REST API Privilege Escalation to RCE PoC (Full) Affected version: 5.0.0 to 7.2.0 User requirement: Subscriber user

KIEN HOANG 17 Nov 09, 2022
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

sshuttle: where transparent proxy meets VPN meets ssh As far as I know, sshuttle is the only program that solves the following common case: Your clien

9.4k Jan 04, 2023
Hack any account sending fake nitro QR code (only for educational purpose)

DISCORD_ACCOUNT_HACKING_TOOL ( EDUCATIONAL PURPOSE ) Hack any account sending fake nitro QR code (only for educational purpose) Start my program token

Novy 7 Jan 07, 2022
Script Crack Facebook Premium ๐Ÿšถโ€โ™‚

premium Script Crack Facebook Premium ๐Ÿšถโ€โ™‚ In Script Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install python $ pkg inst

Yumasaa 2 Dec 19, 2021
PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe

PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe with additional features such as malware checker/detector! Also checks file(s) for suspicious words, dis

Rdimo 56 Jul 31, 2022
Natas teaches the basics of serverside web-security.

over-the-wire-natas Natas teaches the basics of serverside web-security. Each level of natas consists of its own website located at http://natasX.nata

Siddhant Chouhan 1 Nov 27, 2021