chrismaddalena / Odin
Licence: bsd-3-clause
Automated network asset, email, and social media profile discovery and cataloguing.
Stars: ✭ 476
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Odin
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-10.29%)
Mutual labels: osint, reconnaissance, recon
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+622.48%)
Mutual labels: osint, reconnaissance, recon
Osint Tools
👀 Some of my favorite OSINT tools.
Stars: ✭ 155 (-67.44%)
Mutual labels: osint, reconnaissance, recon
Gitgot
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Stars: ✭ 964 (+102.52%)
Mutual labels: osint, reconnaissance, recon
XposedOrNot
XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.
Stars: ✭ 120 (-74.79%)
Mutual labels: osint, recon, reconnaissance
Awesome Asset Discovery
List of Awesome Asset Discovery Resources
Stars: ✭ 1,017 (+113.66%)
Mutual labels: osint, reconnaissance, recon
Discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+435.29%)
Mutual labels: osint, reconnaissance, recon
Theharvester
E-mails, subdomains and names Harvester - OSINT
Stars: ✭ 6,175 (+1197.27%)
Mutual labels: osint, reconnaissance, recon
Maryam
Maryam: Open-source Intelligence(OSINT) Framework
Stars: ✭ 371 (-22.06%)
Mutual labels: osint, reconnaissance, recon
Sn0int
Semi-automatic OSINT framework and package manager
Stars: ✭ 814 (+71.01%)
Mutual labels: osint, reconnaissance, recon
Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (-64.92%)
Mutual labels: osint, recon, reconnaissance
Git Hound
Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Stars: ✭ 602 (+26.47%)
Mutual labels: osint, reconnaissance, recon
Spaces Finder
A tool to hunt for publicly accessible DigitalOcean Spaces
Stars: ✭ 122 (-74.37%)
Mutual labels: osint, reconnaissance, recon
Favfreak
Making Favicon.ico based Recon Great again !
Stars: ✭ 564 (+18.49%)
Mutual labels: osint, reconnaissance, recon
Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-62.82%)
Mutual labels: osint, reconnaissance, recon
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+13.66%)
Mutual labels: osint, reconnaissance, recon
Ntlmrecon
Enumerate information from NTLM authentication enabled web endpoints 🔎
Stars: ✭ 252 (-47.06%)
Mutual labels: osint, reconnaissance, recon
mailcat
Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬
Stars: ✭ 219 (-53.99%)
Mutual labels: osint, recon, reconnaissance
querytool
Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.
Stars: ✭ 104 (-78.15%)
Mutual labels: osint, recon, reconnaissance
ODIN
Observe, Detect, and Investigate Networks
Current version: v2.0.0 "Huginn"
ODIN is Python tool for automating intelligence gathering, asset discovery, and reporting. Remember, check the dev branch for the bleeding edge, and feedback is welcome!
See the GitHub wiki for details and installation and setup instructions.
What Can ODIN Do?
ODIN aims to automate the basic recon tasks used by red teams to discover and collect data on network assets, including domains, IP addresses, and internet-facing systems. The key feature of ODIN is the data management and reporting. The data is organized in a database and then, optionally, that database can be converted into an HTML report or a Neo4j graph database for visualizing the data.
ODIN performs this in multiple phases:
Phase 1 - Asset Discovery
- Collect basic organization information from sources like the Full Contact marketing database.
- Check DNS Dumpster, Netcraft, and TLS certificates to discover subdomains for the provided domains.
- Resolve domain and subdomains to IP addresses via socket connections and DNS records.
- Collect information for all IP addresses, such as ownership and organization data, from RDAP, whois, and other data sources.
- Lookup domains and search for IP addresses on Shodan to collect additional data, such as operating systems, service banners, and open ports.
- Check for the possibility of takeovers and domain fronting with the domains and subdomains.
Phase 2 - Employee Discovery
- Harvest email addresses and employee names for the target organization.
- Link employees to social media profiles via search engines and the Twitter API.
- Cross check discovered email addresses with Troy Hunt's Have I Been Pwned.
Phase 3 - Cloud and Web Services
- Hunt for Office files and PDFs under the target domain, download them, and extract metadata.
- Search for AWS S3 buckets and Digital Ocean Spaces using keywords related to the organization.
- Take screenshots of discovered web services for a quick, early review of services.
Phase 4 - Reporting
- Save all data to a SQLite3 database to allow the data to be easily queried.
- Generate an HTML report using default SQL queries to make it simple to peruse the data in a web browser.
- Create a Neo4j graph database that ties all of the discovered entities (IP addresses, domains, subdomains, ports, and certificates) together with relationships (e.g. RESOLVES_TO, HAS_PORT).
At the end of all of this you will have multiple ways to browse and visualize the data. Even a simple Neo4j query like MATCH (n) RETURN n (display everything) can create a fascinating graph of the organization's external perimeter and make it simple to see how assets are linked. The Neo4j wiki pages contain better query examples.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].