gOSINT: OSINT Swiss Army Knife

gOSINT

OSINT framework in Go

you probably want to take a look at the develop branch for more updates.

Introduction

gOSINT is a small OSINT framework in Golang, if you want, feel free to contribute!

What gOSINT can do

•  Find emails from git repository
•  Find Dumps for mail address
•  Search for mail address linked to domain/mail address in PGP keyring
•  Retrieve Info from domain whois (waiting to be implemented)
•  Search for mail address in source code
•  Retrieve Telegram Public Groups History

Building

You can use the building script, just clone the directory and execute it

git clone https://github.com/Nhoya/gOSINT
./build.sh

The package will be installed in /usr/local/bin

You can then call gOSINT from command line

$ gOSINT –help

Manual Building

Dependencies

Before building gOSINT manually you need to solve the dependencies:

go get “github.com/deckarep/golang-set”
go get “github.com/nhoya/goPwned”
go get “github.com/jessevdk/go-flags”
go get “gopkg.in/src-d/go-git.v4”
go get “github.com/jaytaylor/html2text”
git clone https://github.com/Nhoya/gOSINT && cd gOSINT && go build

Modules

Currently gOSINT is still an early version and few modules are supported

•  git support for mail retrieving (using github API, bitbucket API or RAW clone and search)
•  Search for mails in PGP Server
•  https://haveibeenpwned.com/ search for mail-in databreach
•  Retrieve Telegram Public Group Messages
•  Search for mail address in the source
•  https://shodan.io search

Usage

Usage:

  gOSINT [OPTIONS]



Application Options:

  -m, --module=[pgp|pwnd|git|plainSearch] Specify module

      --url=                              Specify target URL

      --gitAPI=[github|bitbucket]         Specify git website API to use (for git module,optional)

      --mail=                             Specify mail target (for pgp and pwnd module)

  -p, --path=                             Specify target path (for plainSearch module)

  -f, --full                              Make deep search using linked modules

  -c, --clone                             Enable clone function for plainSearch module (need to specify repo URL)

      --ask-confirmation                  Ask confirmation before adding mail to set (for plainSearch module)

  -v, --version                           Print version



Help Options:

  -h, --help                              Show this help message

Examples
Currently, gOSINT supports the following actions

gOSINT -m git –url=[RepoURL] –gitAPI [github|bitbucket] (optional)

retrieve mail from git commits

gOSINT -m git –url [RepoURL] –gitAPI [github|bitbucket] (optional) -f

pass the result to pgp search and pwnd module

gOSINT -m pwnd –mail [targetMail]

search for breaches where targetMail is preset

gOSINT -m pgp –mail [targetMail]

search for others mail in PGP Server

gOSINT -m pgp –mail [targetMail] -f

pass the result to haveibeenpwn module

gOSINT -m sourceSerch –path [targetDirectory]

search for mails in the source code (recursively)

gOSINT -m sourceSearh –path [targetDirectory] –ask-confirmation

ask confirmation before adding mail to search results

gOSINT -m sourceSearch –path [targetDirectory] -f

pass the result to pgp search and haveibeenpwnd modules

gOSINT -m sourceSearch –clone –url [targetRepository]

clone and search mail in the repository source

gOSINT -m sourceSearch –clone –url [targetRepository] -f

pass the result to pgp search and haveibeenpwnd modules

gOSINT -m sourceSearch –clone –url [targetRepository] –ask-confirmation

ask confirmation before adding mail to search results

gOSINT -m telegram –target [PublicGroupName]

retrieve message history for telegram public group

gOSINT -m telegram –target [PublicGroupName] –dumpfile

the output will be stored in a file, if the file is already populated it will resume from the last ID

gOSINT Copyright (C) 2018 Nhoya

Source: https://github.com/Nhoya/