Awesome

gOSINT

OSINT framework in Go

Take a look at the develop branch for more updates.

Introduction

gOSINT is a multiplatform OSINT Swiss army knife in Golang. If you want, feel free to contribute and/or leave a feedback!

Like my project? Please consider donation :)

What gOSINT can do

• Find mails from git repository
• Find Dumps for mail address
• Search for mail address linked to domain/mail address in PGP keyring
• Search for mail address in source code
• Retrieve Telegram Public Groups History
• Retrieve info about hosts via shodan scan

Building on Linux

You can use the building script, just clone the directory and execute it

git clone https://github.com/Nhoya/gOSINT
./build.sh

The package will be installed in /usr/local/bin

You can then call gOSINT from command line

$ gOSINT --help

Manual Building on Linux

Dependecies

Before building gOSINT manually you need to solve the dependencies:

go get "github.com/deckarep/golang-set"
go get "github.com/nhoya/goPwned"
go get "github.com/jessevdk/go-flags"
go get "gopkg.in/src-d/go-git.v4"
go get "github.com/jaytaylor/html2text"
go get "gopkg.in/ns3777k/go-shodan.v2/shodan"

git clone https://github.com/Nhoya/gOSINT && cd gOSINT && go build

Binaries for Windows

Check the AppVeyor Build page for builds

Modules

Currently gOSINT has different modules:

• git support for mail retriving (using github API, bitbucket API or RAW clone and search)
• Search for mails in PGP Server
• https://haveibeenpwned.com/ search for mail in databreach
• Retrieve Telegram Public Group Messages
• Search for mail address in source
• https://shodan.io search
• Social Media search
• Search Engine search

Usage

Usage:
  gOSINT [OPTIONS]

Application Options:
  -m, --module=[pgp|pwnd|git|plainSearch|telegram|shodan] Specify module
  -v, --version                                           Print version
      --url=                                              Specify target URL
      --gitAPI=[github|bitbucket]                         Specify git website API to use (for git module,optional)
  -c, --clone                                             Enable clone function for plainSearch module (need to specify repo URL)
      --mail=                                             Specify mail target (for pgp and pwnd module)
      --grace=                                            Specify telegram messages grace period (default: 15)
  -g, --tgroup=                                           Specify Telegram group/channel name
  -s, --tgstart=                                          Specify first message to scrape
  -e, --tgend=                                            Specify last message to scrape
      --dumpfile                                          Create and resume messages from dumpfile
      --ask-confirmation                                  Ask confirmation before adding mail to set (for plainSearch module)
  -p, --path=                                             Specify target path (for plainSearch module)
  -t, --target=                                           Specify shodan target host
      --newscan                                           Ask shodan for a new scan (-1 Scan credit)
      --honeypot                                          Check Honeypot probability
  -f, --full                                              Make deep search using linked modules

Help Options:
  -h, --help                                              Show this help message

Configuration file

The configuration file is in $HOME/.config/gOSINT.conf

If some API Keys are missing insert it there

PGP module Demo

Pwnd module Demo

Telegram Crawler Demo

Shodan module Demo

Examples

Currently gOSINT supports the following actions:

gOSINT -m git --url=[RepoURL] --gitAPI [github|bitbucket] (optional)

retrieve mail from git commits

gOSINT -m git --url [RepoURL] --gitAPI [github|bitbucket] (optional) -f

pass the result to pgp search and pwnd module

gOSINT -m pwnd --mail [targetMail]

search for breaches where targetMail is preset

gOSINT -m pgp --mail [targetMail]

search for others mail in PGP Server

gOSINT -m pgp --mail [targetMail] -f

pass the result to haveibeenpwn module

gOSINT -m sourceSerch --path [targetDirectory]

search for mails in source code (recursively)

gOSINT -m sourceSearh --path [targetDirectory] --ask-confirmation

ask confirmation before adding mail to search results

gOSINT -m sourceSearch --path [targetDirectory] -f

pass the result to pgp search and haveibeenpwnd modules

gOSINT -m sourceSearch --clone --url [targetRepository]

clone and search mail in repository source

gOSINT -m sourceSearch --clone --url [targetRepository] -f

pass the resoult to pgp search and haveibeenpwnd modules

gOSINT -m sourceSearch --clone --url [targetRepository] --ask-confirmation

ask confirmation before adding mail to search results

gOSINT -m telegram --tgroup | -g [PublicGroupName]

retrieve message history for telegram public group

gOSINT -m telegram --tgroup | -g [PublicGroupName] --dumpfile

the output will be stored in a file, if the file is already populated it will resume from the last ID

gOSINT -m telegram --tgroup | -g [PublicGroupName] --dumpfile -s [masageID] -e [messageID]

Set start and end messages for scraping

gOSINT -m shodan -t [HOST IP]

Get Shodan services report for Host

gOSINT -m shodan -t [HOST IP] --honeypot

Start Shodan service report for host and honeypot probability

gOSINT -m shodan -t [HOST IP] --newscan

Send request for new shodan scan (1 scan credit will be removed)