GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → utkusen → Shotlooter

utkusen / Shotlooter

Licence: bsd-3-clause
a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc

Programming Languages

python
139335 projects - #7 most used programming language

Labels

screenshotreconnaissancerecon

Projects that are alternatives of or similar to Shotlooter

goverview
goverview - Get an overview of the list of URLs
Stars: ✭ 93 (-79.38%)
Mutual labels:  screenshot, recon
querytool
Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.
Stars: ✭ 104 (-76.94%)
Mutual labels:  recon, reconnaissance
Sub-Drill
A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-84.48%)
Mutual labels:  recon, reconnaissance
apkizer
apkizer is a mass downloader for android applications for all available versions.
Stars: ✭ 40 (-91.13%)
Mutual labels:  recon, reconnaissance
Recon Pipeline
An automated target reconnaissance pipeline.
Stars: ✭ 278 (-38.36%)
Mutual labels:  reconnaissance, recon
webrecon
Automated Web Recon Shell Scripts
Stars: ✭ 48 (-89.36%)
Mutual labels:  recon, reconnaissance
Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (-62.97%)
Mutual labels:  recon, reconnaissance
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-68.51%)
Mutual labels:  recon, reconnaissance
Recon My Way
This repository created for personal use and added tools from my latest blog post.
Stars: ✭ 271 (-39.91%)
Mutual labels:  reconnaissance, recon
Megplus
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Stars: ✭ 268 (-40.58%)
Mutual labels:  reconnaissance, recon
Maryam
Maryam: Open-source Intelligence(OSINT) Framework
Stars: ✭ 371 (-17.74%)
Mutual labels:  reconnaissance, recon
Natlas
Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.
Stars: ✭ 333 (-26.16%)
Mutual labels:  reconnaissance, recon
XposedOrNot
XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.
Stars: ✭ 120 (-73.39%)
Mutual labels:  recon, reconnaissance
easyrecon
Tool to automate recon
Stars: ✭ 37 (-91.8%)
Mutual labels:  recon, reconnaissance
flydns
Related subdomains finder
Stars: ✭ 29 (-93.57%)
Mutual labels:  recon, reconnaissance
mailcat
Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬
Stars: ✭ 219 (-51.44%)
Mutual labels:  recon, reconnaissance
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+662.53%)
Mutual labels:  reconnaissance, recon
Ntlmrecon
Enumerate information from NTLM authentication enabled web endpoints 🔎
Stars: ✭ 252 (-44.12%)
Mutual labels:  reconnaissance, recon
targets
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
Stars: ✭ 85 (-81.15%)
Mutual labels:  recon, reconnaissance
Lazyrecon
An automated approach to performing recon for bug bounty hunting and penetration testing.
Stars: ✭ 282 (-37.47%)
Mutual labels:  reconnaissance, recon
View All Similar Projects ➔

Introduction

Shotlooter tool is developed to find sensitive data inside the screenshots which are uploaded to https://prnt.sc/ (via the LightShot software) by applying OCR and image processing methods.

                                                              +-------------------+
    IMAGE FILE                                                |#!/usr/bin/python  |
+--------------------+                                        |                   +----->SENSITIVE
|prnt.sc/sjgmm5      |                                        |Search for:        |
+--------------------+                                        |                   |
|      _             |      CONVERTS          STRING          |sensitive keywords |
|  .-.-.=\-          |      +-------+     +------------+      |                   |
|  (_)=='(_)         |      |       |     |            |      |high entropy       |
|              .._\  +----->+  OCR  +---->+ TEXTTEXTT  +----->+                   |
|             (o)(o) |      |       |     |            |      |credit card pattern+----->NOT SENSITIVE
|   TEXTTEXTTEX      |      +-------+     +------------+      |                   |
|                    |                                        +-------------------+
+--------------+------+
               |                 +-----------------------+
               v                 |#!/usr/bin/python      |
SMALLER         IMAGES           |                       +------>SENSITIVE
+-------------+ +------------+   |Image processing:      |
|    _        | |    .._\    |   |                       |
| .-.-.=\-    | |   (o)(o)   +-->+ Does it contain:      |
| (_)=='(_)   | |            |   |   ~~O                 |
+-------------+ +------------+   |    /\,                |
                                 |   -|~(*)              +------>NOT SENSITIVE
                                 |  (*)                  |
                                 +-----------------------+

How it Works?

  1. Starting from the given image id, Shotlooter iterates through images (yes, image ids are not random) and downloads them locally.
  2. Converts the text inside the image by using tesseract OCR library.
  3. Searches for predefined keywords on the image (private_key,smtp_pass,access key,mongodb+srv etc.)
  4. Searches strings with high entropy (API keys usually have high entropy)
  5. Searches small images (e.g Lastpass logo) inside the downloaded image (Template Matching) with OpenCV.
  6. Saves the results to a CSV file
  7. Saves images that contain sensitive data to the output folder

Installation

Shotlooter requires Python3, pip3 to work and tested on macOS and Debian based Linux systems.

Installing Dependencies for macOS: brew install tesseract

Installing Dependencies for Debian Based Linux: sudo apt install libsm6 libxext6 libxrender-dev tesseract-ocr -y

Clone the repository:

git clone https://github.com/utkusen/shotlooter.git

Go inside the folder

cd shotlooter

Install required libraries

pip3 install -r requirements.txt

Usage

Basic Usage: python3 shotlooter.py --code PRNT.SC_ID

It searches for matching keywords (located in keywords.txt), high entropy strings and credit card numbers. You can find an id by uploading an image to https://prnt.sc/ . For example python3 shotlooter.py --code sjgmm5

It will check the ids by incrementing them one by one:

sjgmm6
sjgmm7
sjgmm8
sjgmm9
sjgmma
sjgmmb
...

Image Search: python3 shotlooter.py --code sjgmm5 --imagedir IMAGE_FOLDER_PATH

It will search for the items covered in basic usage + will search for provided small images in the bigger screenshots. If you are planning to use this feature, put your small images inside the img folder.

Exclude Search: You can exclude any search type by providing related argument: --no-cc, --no-entropy, --no-keyword

For example: python3 shotlooter.py --code sjgmm5 --no-entropy. Shotlooter will skip high entropy string checking.

A Note For The False Positives

Shotlooter has high false-positive rates for high entropy string and credit card matching. Actually, they are not false positives but may not be the items that you are looking for. It detects high entropy strings to catch API keys, private keys etc. However, any non-sensitive random string will have a high entropy too and Shotlooter will detect them. The same goes for the credit card.

If you don't want to deal with false positives, exclude entropy and credit card searches.

What You Should Expect to Find?

I run Shotlooter for 2 weeks and identified 300+ images that contain various of sensitive data. You can check the findings that I encountered more than others below:

Postman Requests

Contains useful session IDs, access tokens etc.

Cloud API Keys (Google, AWS)

Screenshots are taken from the cloud's console or from a desktop client

Session ID on the URL

We all know that it's not good to pass the session ID with a GET request for different reasons. This is one of them.

Credentials on Excel Sheets

Some people love to use the Excel as a password manager.

Bitcoin Private Keys (This is Terrible)

Bitcoin wallets allow you to export your private key so that you can import it into somewhere else. But if you publish the screenshot of your private key, your whole wallet can be compromised.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].