sn0int是一款功能强大的半自动化OSINT框架和包管理工具,可以帮助广大研究人员快速完成网络安全测试阶段的OSINT任务。
sn0int(发音为/snoɪnt/),允许IT 安全专业人员、漏洞赏金猎人、执法机构和安全意识培训使用它来收集有关特定目标或您自己的情报。sn0int 通过半自动处理公共信息并以统一格式映射结果以供后续调查,从而枚举攻击面,以提升应用安全性。
1、从证书透明日志和被动 DNS 中获取子域名;
2、批量解析收集的子域名并扫描 http 或 https 服务;
3、使用 asn 和 geoip 信息丰富 ip 地址;
4、从 pgp 密钥服务器和 whois 中获取电子邮件;
5、发现违规行为中的受损登录信息;
6、在互联网上查找某人的个人资料;
7、使用被动 arp 等独特技术枚举本地网络;
8、收集有关电话号码的信息;
9、从社交媒体资料中收集活动和图像;
10、基本图像处理;
Archlinux
Mac OSX
Debian >= bookwork, Ubuntu >= 22.10, Kali
$ sudo apt install curl sq
$ curl -sSf https://apt.vulns.sexy/kpcyrd.pgp | sq keyring filter -B --handle 64B13F7117D6E07D661BBCE0FE763A64F5E54FD6 | sudo tee /etc/apt/trusted.gpg.d/apt-vulns-sexy.gpg > /dev/null
$ echo deb http://apt.vulns.sexy stable main | sudo tee /etc/apt/sources.list.d/apt-vulns-sexy.list
$ apt update
$ apt install sn0int
Docker
$ docker run --rm --init -it -v "$PWD/.cache:/cache" -v "$PWD/.data:/data" kpcyrd/sn0int
Alpine
OpenBSD
Gentoo
$ layman -a pentoo
$ emerge --ask net-analyzer/sn0int
NixOS
Windows
$ git clone https://github.com/kpcyrd/sn0int.git
$ cd sn0int
$ cargo install -f --path .
安装默认模块:
$ sn0int
___/ .
____ , __ .' /\ ` , __ _/_
( |' `. | / | | |' `. |
`--. | | |,' | | | | |
\___.' / | /`---' / / | \__/
osint | recon | security
irc.hackint.org:6697/#sn0int
[+] Connecting to database
[+] Downloading public suffix list
[+] Downloading "GeoLite2-City.mmdb"
[+] Downloading "GeoLite2-ASN.mmdb"
[+] Loaded 0 modules
[*] No modules found, run pkg quickstart to install default modules
[sn0int][default] >
获取功能模块:
[sn0int][default] > pkg quickstart
[+] Installing kpcyrd/asn
[+] Installing kpcyrd/ctlogs
[+] Installing kpcyrd/dns-resolve
[+] Installing kpcyrd/geoip
[+] Installing kpcyrd/hackertarget-subdomains
[+] Installing kpcyrd/otx-subdomains
[+] Installing kpcyrd/passive-spider
[+] Installing kpcyrd/pgp-keyserver
[+] Installing kpcyrd/threatminer-ipaddr
[+] Installing kpcyrd/threatminer-subdomains
[+] Installing kpcyrd/url-scan
[+] Installing kpcyrd/waybackurls
[+] Loaded 12 modules
[sn0int][default] >
运行模块并获取结果:
[sn0int][demo][kpcyrd/ctlogs] > use dns-resolve
[sn0int][demo][kpcyrd/dns-resolve] > run
[*] "www.example.com" : Updating "www.example.com" (resolvable => true)
[*] "www.example.com" : IpAddr: 93.184.216.34
[*] "www.example.com" : "www.example.com" -> 93.184.216.34
[*] "m.example.com" : Updating "m.example.com" (resolvable => false)
[*] "dev.example.com" : Updating "dev.example.com" (resolvable => false)
[*] "products.example.com" : Updating "products.example.com" (resolvable => false)
[*] "support.example.com" : Updating "support.example.com" (resolvable => false)
[+] Finished kpcyrd/dns-resolve
[sn0int][demo][kpcyrd/dns-resolve] >[sn0int][demo][kpcyrd/dns-resolve] > use url-scan
[sn0int][demo][kpcyrd/url-scan] > target
#1, "www.example.com"
93.184.216.34
#2, "m.example.com"
#3, "dev.example.com"
#4, "products.example.com"
#5, "support.example.com"
[sn0int][demo][kpcyrd/url-scan] > target where resolvable
[+] 1 entities selected
[sn0int][demo][kpcyrd/url-scan] > target
#1, "www.example.com"
93.184.216.34
[sn0int][demo][kpcyrd/url-scan] >
本项目的开发与发布遵循
GPL-3.0
开源许可协议。
sn0int
:
https://github.com/kpcyrd/sn0int
https://webirc.hackint.org/#irc:/irc.hackint.org/%23sn0int
