Semi-automatic OSINT framework and package manager

Overview

sn0int Build Status crates.io Documentation Status irc.hackint.org:6697/#sn0int @sn0int @sn0int@chaos.social registry status

sn0int (pronounced /snoɪnt/) is a semi-automatic OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. sn0int is enumerating attack surface by semi-automatically processing public information and mapping the results in a unified format for followup investigations.

Among other things, sn0int is currently able to:

  • Harvest subdomains from certificate transparency logs and passive dns
  • Enrich ip addresses with asn and geoip info
  • Harvest emails from pgp keyservers and whois
  • Discover compromised logins in breaches
  • Find somebody's profiles across the internet
  • Enumerate local networks with unique techniques like passive arp
  • Gather information about phonenumbers
  • Attempt to bypass cloudflare with shodan
  • Harvest data and images from instagram profiles
  • Scan images for nudity

sn0int is heavily inspired by recon-ng and maltego, but remains more flexible and is fully opensource. None of the investigations listed above are hardcoded in the source, instead those are provided by modules that are executed in a sandbox. You can easily extend sn0int by writing your own modules and share them with other users by publishing them to the sn0int registry. This allows you to ship updates for your modules on your own since you don't need to send a pull request.

For questions and support join us on IRC: irc.hackint.org:6697/#sn0int

asciicast

Installation

Archlinux

pacman -S sn0int

Mac OSX

brew install sn0int

Debian/Ubuntu/Kali

There are prebuilt packages signed by a debian maintainer. We can import the key for this repository out of the debian keyring.

apt install debian-keyring
gpg -a --export --keyring /usr/share/keyrings/debian-maintainers.gpg [email protected] | apt-key add -
apt-key adv --keyserver keyserver.ubuntu.com --refresh-keys [email protected]
echo deb http://apt.vulns.sexy stable main > /etc/apt/sources.list.d/apt-vulns-sexy.list
apt update
apt install sn0int

Docker

docker run --rm --init -it -v "$PWD/.cache:/cache" -v "$PWD/.data:/data" kpcyrd/sn0int

Alpine

apk add sn0int

OpenBSD

pkg_add sn0int

Gentoo

layman -a pentoo
emerge --ask net-analyzer/sn0int

NixOS

nix-env -i sn0int

For everything else please have a look at the detailed list.

Getting started

Rationale

This tool was written for companies to help them understand their attack surface from a blackbox point of view. It's often difficult to understand that something is easier to discover than some people assume, putting them at risk of false security.

It's also designed to be useful for red team assessments and bug bounties, which also help companies to identify weaknesses that could result in a compromise.

Some functionality was written to do the same thing for individuals to raise awareness about personal attack surface, privacy and how much data is publicly available. These issues are often out of scope in bug bounties and sometimes by design. We believe that blaming the user is the wrong approach and these issues should be addressed at the root cause by the people designing those systems.

License

GPLv3+

Comments
  • error: cargo install: diesel: unable to get packages from source

    error: cargo install: diesel: unable to get packages from source

    Could this be a transient connectivity issue?

     Downloading diesel v1.4.1                                                                                                                
    error: failed to compile `sn0int v0.9.0 (/[redacted]/sn0int)`, intermediate artifacts can be found at `[redacted]/sn0int/target`
    
    Caused by:
      unable to get packages from source
    
    Caused by:
      failed to parse manifest at `/home/[redacted]/.cargo/registry/src/github.com-1ecc6299db9ec823/diesel-1.4.1/Cargo.toml`
    
    Caused by:
      feature `rename-dependency` is required
    
    consider adding `cargo-features = ["rename-dependency"]` to the manifest
    
    
    opened by roycewilliams 11
  • Error: EOF while parsing a value at line 1 column 0

    Error: EOF while parsing a value at line 1 column 0

    Hello, Following your tutorial, I get the following Error: [sn0int][example][kpcyrd/ctlogs] > select domains [sn0int][example][kpcyrd/ctlogs] > add domain [?] Domain: example.com [sn0int][example][kpcyrd/ctlogs] > run [-] Failed "example.com": EOF while parsing a value at line 1 column 0 [+] Finished kpcyrd/ctlogs (1 errors)

    opened by csak-9604 7
  • Broken path ?

    Broken path ?

    Hey ... is this due to a bug or file/directory permissions ?

    [-] Failed "<domain.tld>": No such file or directory (os error 2) the domain is visible when select domain where value like q% is used

    also for new workspace and newly added domain ... same error


    Versions

    • **rustc --version: 1.40.0
    • **cargo --version: 1.39.0
    • **sn0int --version: 0.18.0
    • uname -a:

    Environment

    • **Operating System/Distro: Debian
    • **Installed from (source/apt/pacman/brew/docker): gzip unpacked
    opened by commandline-be 5
  • Failed to download GeoIP database

    Failed to download GeoIP database

    I tried to run snoint by running ./snoint and it gets stuck on 'Downloading "GeoLite2-City.mmdb"...' says there is an error in the connection and specifically spews out the following:

    Error: Failed to download GeoIP database
    Because: http request failed
    Because: error trying to connect: Connection timed out (os error 110)
    

    Is it related to this? https://blog.maxmind.com/2019/04/12/important-updates-about-tls-v1-0-v1-1-unencrypted-http-requests-and-the-legacy-minfraud-soap-api/

    Versions

    • rustc --version: rustc 1.38.0
    • cargo --version: cargo 1.38.0
    • sn0int --version: 0.13.0
    • uname -a: Linux ubuntu 4.15.0-65-generic #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

    Environment

    • Operating System/Distro: Ubuntu 18.04 LTS on vmware workstation 15
    • Installed from (source/apt/pacman/brew/docker): apt
    opened by DRiberoP 5
  • renaming imports with `_` is unstable (see issue #48216)

    renaming imports with `_` is unstable (see issue #48216)

    Hi

    When I install sn0int: "cargo install sn0int" I get this error

    error[E0658]: renaming imports with _ is unstable (see issue #48216) --> /usr/cargo/registry/src/github.com-1ecc6299db9ec823/nude-0.1.0/src/lib.rs:16:5 | 16 | use image::Pixel as _; | ^^^^^^^^^^^^^^^^^ error: aborting due to previous error For more information about this error, try rustc --explain E0658. error: Could not compile nude. warning: build failed, waiting for other jobs to finish... error: failed to compile sn0int v0.11.0, intermediate artifacts can be found at /tmp/user/0/cargo-installZwAGFZ Caused by: build failed

    Is there anyway to solve the 'nude' build issue ?

    opened by ghost 5
  • Failed building of sn0int

    Failed building of sn0int

    Type of error

    I am trying to reinstall Sn0int, when i type cargo install -f --path .

    It returns the error displayed in the picture.

    sn0int_error

    I installed rust+cargo via rustup as indicated in the guide and I checked if cargo was already installed via packet manager but it doesn't seems installed. I tried to type:

    apt-get remove cargo

    It returned

    Package 'cargo' is not installed, so not removed

    Versions

    • **rustc --version: rustc 1.42.0
    • **cargo --version: cargo 1.42.0
    • **sn0int --version: trying to install sn0int v0.18.2
    • **uname -a: Linux kali 5.4.0-kali4-amd64 #1 SMP Debian 5.4.19-1kali1 (2020-02-17) x86_64 GNU/Linux
    opened by DanieleCalzetti 4
  • EOF while parsing a value at line 1 column 0

    EOF while parsing a value at line 1 column 0

    Hello!

    I just installed the sn0int package in Ubuntu but when i use a pkg to search about subdomain , I get an error ' EOF while parsing a value at line 1 column 0'

    Anyone can lead me to how to solve it

    Thanks in-advance

    opened by AbdallaIbrahemMahmoud 3
  • Bump tokio from 0.1.22 to 1.8.4

    Bump tokio from 0.1.22 to 1.8.4

    Bumps tokio from 0.1.22 to 1.8.4.

    Release notes

    Sourced from tokio's releases.

    Tokio v1.8.4

    1.8.4 (November 15, 2021)

    This release backports a bugfix for a data race when sending and receiving on a closed oneshot channel ([RUSTSEC-2021-0124]) from v1.13.1.

    Fixed

    • sync: fix a data race between oneshot::Sender::send and awaiting a oneshot::Receiver when the oneshot has been closed (#4226)

    Tokio v1.8.3

    1.8.3 (July 22, 2021)

    This release backports two fixes from 1.9.0

    Fixed

    • Fix leak if output of future panics on drop (#3967)
    • Fix leak in LocalSet (#3978)

    #3967: tokio-rs/tokio#3967 #3978: tokio-rs/tokio#3978

    Tokio 1.8.2

    Fixes a missed edge case from 1.8.1.

    Fixed

    • runtime: drop canceled future on next poll (#3965)

    Tokio 1.8.1

    Forward ports 1.5.1 fixes.

    Fixed

    • runtime: remotely abort tasks on JoinHandle::abort (#3934)

    #3934: tokio-rs/tokio#3934

    tokio-1.8.0

    1.8.0 (July 2, 2021)

    Added

    • io: add get_{ref,mut} methods to AsyncFdReadyGuard and AsyncFdReadyMutGuard (#3807)
    • io: efficient implementation of vectored writes for BufWriter (#3163)
    • net: add ready/try methods to NamedPipe{Client,Server} (#3866, #3899)
    • sync: add watch::Receiver::borrow_and_update (#3813)
    • sync: implement From<T> for OnceCell<T> (#3877)

    ... (truncated)

    Commits
    • 2273eb1 chore: fix CI on master (#4008)
    • 249f05c chore: fix output of macro after new rustc release (#4189)
    • 2bf6132 macros: fix type resolution error in #[tokio::main] (#4176)
    • c9228bf macros: make tokio-macros attributes more IDE friendly (#4162)
    • 441427c macros: fix wrong error messages (#4067)
    • cc7d9e1 chore: explicitly relaxed clippy lint for runtime entry macro (#4030)
    • f49b7fc tokio-macros: compat with clippy::unwrap_used (#3926)
    • ea87e4e net: fix the uds_datagram tests with the latest nightly stdlib (#3952)
    • e2e7b5e examples: replace time crate with httpdate (#4169)
    • 9a58f7f tests: update Nix to 0.22.0 (#3951)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 3
  • Error: No nameserver configured

    Error: No nameserver configured

    No Nameserver

    Upon attempting to install modules with pkg quickstart, I am given the following error.

    [-] error trying to connect: No nameserver configured
    

    Dnscrypt-proxy is my DNS resolution provider which runs on localhost and listens on port 53, so nothing out of the ordinary.


    Generating zsh completions

    It would be nice to generate the zsh completions for sn0int, and the command sn0int completions zsh does generate them successfully and then dumps output on the command line. I just don't know where I am suppose to place them or how to properly set them up in .zshrc.


    Versions

    • rustc --version: 1.52.1
    • cargo --version: 1.52.0
    • sn0int --version: 0.21.1
    • uname -a: OpenBSD My.Host 6.9 GENERIC.MP#72 amd64

    Environment

    • Operating System/Distro: OpenBSD CURRENT
    • Installed from (source/apt/pacman/brew/docker): Both OpenBSD pkg, then source
    opened by anoduck 3
  • Add install details for Fedora/RH based systems

    Add install details for Fedora/RH based systems

    Added notes from my install onto Fedora (23). This is not a fresh distro install and so there is some assumption that I've needed to install @development-tools & publicsuffix-list.

    opened by 0x646e78 3
  • OpenBSD support

    OpenBSD support

    So far everything seems to work with some minor modifications to support rustc v1.29.2.

    Related issues:

    • [X] ~~https://github.com/jgallagher/rusqlite/issues/429 - forces us to set SQLITE3_LIB_DIR=/usr/local/lib explicitly~~
    • [x] https://github.com/tailhook/resolv-conf/pull/16 - by default sn0int errors on openbsd and we need to modify /etc/resolv.conf to remove the lookup directive
    opened by kpcyrd 3
  • DoS: Crash when loading crafted images

    DoS: Crash when loading crafted images

    I set up some simple fuzzing for sn0int in my fork, targeting image loading, and found a few issues you may find security relevant.

    crashes.tar.gz

    crash-16* and oom-47* cause allocation failure which immediately terminates the process, while crash-32* is an integer overflow. These issues should be fixed by the latest image crate version, so hopefully a dependency upgrade is simple.

    oom-96* seems to be the same root cause as https://github.com/image-rs/image/issues/1748 with mitigations added in this merge: https://github.com/image-rs/image-png/pull/353, but I think sn0int will need to use the Limits api for that to take effect.


    Stacktrace: oom-47988b9562c06a826c5503b6f65bc27a93f9cc62
    ==541042== ERROR: libFuzzer: out-of-memory (malloc(13083149316))
        #17 0x557368c13063 in image::image::decoder_to_vec::h7cd41838256519f3 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/image.rs:490:19
        #18 0x557368ca2bf2 in image::dynimage::decoder_to_image::h75353bc00306555d /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/dynimage.rs:1117:23
        #19 0x557368c07cac in image::dynimage::DynamicImage::from_decoder::hc2a723107ae85155 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/dynimage.rs:194:9
        #20 0x557368c07cac in image::io::free_functions::load::hfb63e77f4780b588 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/io/free_functions.rs:67:36
        #21 0x557369186442 in image::dynimage::load_from_memory_with_format::h803ad8ee200dbbfa sn0int/sn0int-std/src/gfx/mod.rs:109:17
        #22 0x557369186442 in sn0int_std::gfx::load::h5df31f821b037c62 sn0int/sn0int-std/src/gfx/mod.rs:109:17
        #23 0x5573684218cc in rust_fuzzer_test_input sn0int/sn0int-std/fuzz/fuzz_targets/image_load.rs:8:13
    
    Stacktrace: crash-16e09653a6ced483db6215e4a922a061b580846d
    ==550165==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x7544fa0000 bytes
        #7 0x560d2c1dcc4f in alloc::vec::from_elem::hbf6ab617103d0739 /rustc/9067d5277d10f0f32a49ec9c125a33828e26a32b/library/alloc/src/vec/mod.rs:2457:5
        #8 0x560d2c1dcc4f in image::image::decoder_to_vec::h62f36f795519b5f5 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/image.rs:490:19
        #9 0x560d2c279014 in image::dynimage::decoder_to_image::hc52467439a01cf50 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/dynimage.rs:1112:23
        #10 0x560d2c1d380f in image::dynimage::DynamicImage::from_decoder::h6775414ccbd6e795 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/dynimage.rs:194:9
        #11 0x560d2c1d380f in image::io::free_functions::load::hfb63e77f4780b588 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/io/free_functions.rs:79:36
        #12 0x560d2c752442 in image::dynimage::load_from_memory_with_format::h803ad8ee200dbbfa sn0int/sn0int-std/src/gfx/mod.rs:109:17
        #13 0x560d2c752442 in sn0int_std::gfx::load::h5df31f821b037c62 sn0int/sn0int-std/src/gfx/mod.rs:109:17
        #14 0x560d2b9ed8cc in rust_fuzzer_test_input sn0int/sn0int-std/fuzz/fuzz_targets/image_load.rs:11:13
    
    Stacktrace: crash-32aed9132fadd27014d0d5f43ae9376f9b3f9cd7
    thread '<unnamed>' panicked at 'attempt to add with overflow', /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/codecs/webp/decoder.rs:114:25
    note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
    ==550494== ERROR: libFuzzer: deadly signal
        #17 0x56256aacf0da in image::codecs::webp::decoder::WebPDecoder$LT$R$GT$::read_vp8_header::h77b76337098a5ab0 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/codecs/webp/decoder.rs:114:25
        #18 0x56256aad065a in image::codecs::webp::decoder::WebPDecoder$LT$R$GT$::read_metadata::h65b39a062aa3a0c6 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/codecs/webp/decoder.rs:138:23
        #19 0x56256aad065a in image::codecs::webp::decoder::WebPDecoder$LT$R$GT$::new::hbf1af4ab5a6d4d10 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/codecs/webp/decoder.rs:70:9
        #20 0x56256aa46b80 in image::io::free_functions::load::hfb63e77f4780b588 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/io/free_functions.rs:71:64
        #21 0x56256afc6442 in image::dynimage::load_from_memory_with_format::h803ad8ee200dbbfa sn0int/sn0int-std/src/gfx/mod.rs:109:17
        #22 0x56256afc6442 in sn0int_std::gfx::load::h5df31f821b037c62 sn0int/sn0int-std/src/gfx/mod.rs:109:17
        #23 0x56256a2618cc in rust_fuzzer_test_input sn0int/sn0int-std/fuzz/fuzz_targets/image_load.rs:11:13
    
    Stacktrace: oom-9642df99e8a487afa7c072fc46aca9a64ed13707
    ==568277== ERROR: libFuzzer: out-of-memory (malloc(3221291008))
        #15 0x563ce7fd89fc in alloc::vec::Vec$LT$T$C$A$GT$::resize::h011ee8981ffcda1b /rustc/9067d5277d10f0f32a49ec9c125a33828e26a32b/library/alloc/src/vec/mod.rs:2255:13
        #16 0x563ce7fd89fc in png::decoder::Reader$LT$R$GT$::allocate_out_buf::hf5e356b5ab2f9e6d /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/png-0.16.8/src/decoder/mod.rs:654:9
        #17 0x563ce7fdf989 in png::decoder::Reader$LT$R$GT$::init::he778edd779410d22 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/png-0.16.8/src/decoder/mod.rs:344:9
        #18 0x563ce7fe2bea in png::decoder::Decoder$LT$R$GT$::read_info::h5b0c1fa661cb8331 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/png-0.16.8/src/decoder/mod.rs:118:9
        #19 0x563ce854f9f6 in image::codecs::png::PngDecoder$LT$R$GT$::new::haba444bfcb43be3c /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/codecs/png.rs:131:31
        #20 0x563ce850091b in image::io::free_functions::load::hfb63e77f4780b588 /home/evan/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.23.14/./src/io/free_functions.rs:65:63
        #21 0x563ce8a80a72 in image::dynimage::load_from_memory_with_format::h803ad8ee200dbbfa sn0int/sn0int-std/src/gfx/mod.rs:108:17
        #22 0x563ce8a80a72 in sn0int_std::gfx::load::h5df31f821b037c62 sn0int/sn0int-std/src/gfx/mod.rs:108:17
        #23 0x563ce7d1bcab in rust_fuzzer_test_input
    
    opened by evanrichter 0
  • Display keyring info when calling pkg list

    Display keyring info when calling pkg list

    I tried implementing #184 I noticed you are using a Vec for the keyring_access variable i am assumingfor supporting multiple keys? and needs to be specified on independent lines. Im not sure about the colors though 1661720983-sshot the above shodan header looks like this (used it for testing)

    -- Description: Find IPs using certificates for target subdomains
    -- Version: 0.1.0
    -- License: GPL-3.0
    -- Stealth: passive
    -- Source: subdomains
    -- Keyring-Access: shodan
    -- Keyring-Access: hibp
    
    
    opened by T2JOESl4m2ZpNC 0
  • registry: Namespace support for orgs

    registry: Namespace support for orgs

    There's currently no way for a github org to publish in their namespace, because the sn0int registry authenticates the github username through oauth (which can't be done for orgs, even if the user owns that org).

    A github org should be able to use their namespace as well, the challenges are:

    • it's not obvious how to check if the user belongs to the org
    • even if the user belongs to the org, the org may not want to grant publish permissions to every user.

    One possible solution (if no better solution can be found) would be a repository that's fetched from 'https://github.com/ORG_NAME/sn0int-auththat lists the github users that are allowed to publish inORG_NAME`.

    This repo could also contain encrypted auth keys that don't belong to a specific user so it's possible to publish modules with github actions.

    As mentioned in sysdogs/sn0int-modules#2

    opened by kpcyrd 0
  • pkg list should show if an api token is required and if it's missing

    pkg list should show if an api token is required and if it's missing

    We already know if a module is requesting access to a given access-key/api token from:

    -- Keyring-Access: foo
    

    If we list our modules it should annotate the list of installed modules with this info, including if a key is available or missing.

    This could look like:

    abc/xyz 0.1.0 [keyring: asdf1] [passive]
        asdf
    foo/bar 0.1.0 [keyring missing: asdf2] [passive]
        asdf
    

    The missing key would be shown in red (not sure about the color if the key is present, probably blue or green).

    Related to #170.

    opened by kpcyrd 0
  • Question about API Key

    Question about API Key

    Hi,

    I would like to know how I can add api key. I want use the module "leakprobe" but I'm being asked to add API key. But where I put her ?

    Best regards

    opened by John33000 8
Releases(v0.24.3)
  • v0.24.3(Nov 13, 2022)

    • Add missing seccomp syscall (clone3)
    • Sandbox crash error message has been changed from EOF while parsing a value at line 1 column 0 to Sandbox child has crashed
    • Support compiling for RISC-V 64-bit (#234, @SpriteOvO)
    • Fixes related to path handling (#227, @stoeckmann)
    • Reduce some heap allocation

    Thanks

    We'd like to thank @SantiagoTorres, @repi and @rgacogne for their support on github sponsors.

    Source code(tar.gz)
    Source code(zip)
    sn0int-0.24.3.tar.gz.asc(850 bytes)
  • v0.24.2(Mar 29, 2022)

  • v0.24.1(Dec 5, 2021)

  • v0.24.0(Dec 5, 2021)

    image

    sn0int rescope -i

    There've been commands for {scope,noscope,autoscope,autonoscope} for a while, scope/noscope sets entities to out-of-scope which automatically excludes them from further investigations, and autoscope/autonoscope is a system to automatically set things out-of-scope with a hierarchical rule set.

    In the past there was no way to re-apply these rules to existing entities. This is now possible with the rescope command that's available both from the interactive cli and the commandline.

    It defaults to non-interactive mode that shows a diff when applying the rules and asks for confirmation. -n is a dry-run to always reject the change, -y to automatically apply it and -i to interactively decide for each entity.

    Besides the obvious y and n there's also:

    • d (done) - apply the changes confirmed so far, skip the rest
    • a (always) - apply all other changes matching this specific rule: if example.com matched noscope .com and you select a, example.com would be set out-of-scope and the next-up foobar.com would be automatically set out-of-scope without asking again
    • x (never) - skip this change and all future changes matched by this rule

    Thanks

    We'd like to thank @SantiagoTorres and @repi for their support on github sponsors.

    Source code(tar.gz)
    Source code(zip)
    sn0int-0.24.0.tar.gz.asc(850 bytes)
  • v0.23.0(Oct 23, 2021)

  • v0.22.0(Sep 8, 2021)

  • v0.21.2(Jun 23, 2021)

  • v0.21.1(May 17, 2021)

  • v0.21.0(May 12, 2021)

  • v0.20.1(Mar 7, 2021)

  • v0.20.0(Dec 28, 2020)

    • Introduce stealth levels (loud, normal, silent, offline) that modules can specify and you can select which modules you want to enable based on the stealth level
    • The author and repository can be added to module metadata
    • Support inverse rules for notifications
    • Some structs can now be streamed into the database from stdin with sn0int add --stdin
    • The http functions now support redirects

    Thanks

    We'd like to thank @repi for their support on github sponsors.

    Source code(tar.gz)
    Source code(zip)
    sn0int-0.20.0.tar.gz.asc(850 bytes)
  • v0.19.1(Jun 23, 2020)

  • v0.19.0(Jun 18, 2020)

    New Feature: calendar

    Previous releases introduced activity as a new discoverable datapoint, there's now a new cal command to show a calendar that's annotated with a heat-map.

    sn0int cal 2020
    

    sn0int-cal

    It's also possible to break them down to a specific time (-T) which defaults to 12 minute slices, or group by hour instead (-H). To -C to show additional days for context (this also works in the month view):

    sn0int cal -TC3
    

    sn0int-cal-time

    New Feature: notify

    There's a new notification system that you can hook into. Notifications are also just sent with regular sn0int modules that take -- Source: notifications as input, to get the list of notification modules that are currently installed run:

    sn0int pkg list --source notifications
    

    This enables you to run sn0int automatically and unattended to monitor infrastructure. A full walk-through of how to setup notification routing can be found here:

    https://sn0int.readthedocs.io/en/latest/notifications.html

    Please note that this feature is still very much work in progress.

    Misc

    • Add deprecation notice for mod command in favor of pkg
    • Make pkg quickstart skip already installed modules
    • Make sn0int more forgiving with accidential ^C
    • Fix seccomp issues with sleep

    Thanks

    We'd like to thank @repi for their support on github sponsors.

    Source code(tar.gz)
    Source code(zip)
    sn0int-0.19.0.tar.gz.asc(850 bytes)
  • v0.18.2(Mar 23, 2020)

  • v0.18.1(Mar 23, 2020)

  • v0.18.0(Mar 7, 2020)

    • Add functions to connect to mqtt broker
    • Add decryption function for libsodium secret box
    • Add binary support in http_request/http_send
    • Fix a bug that prevented adding urls with empty body
    • Switch docker container to alpine
    • Do not error for read timeouts in sock_recvline
    • Support geoip database path used by geoipupdate
    • Replace quickstart with pkg quickstart
    • Support more advanced time references in sn0int activity, like '1h ago'
    • Change update check interval
    Source code(tar.gz)
    Source code(zip)
    sn0int-0.18.0.tar.gz.asc(850 bytes)
  • v0.17.1(Feb 22, 2020)

  • v0.17.0(Feb 21, 2020)

    • Migrate to new workspace format. Existing workspaces are migrated automatically.
    • Add pkg as a new command as a replacement for mod
    • Add geo_polygon_contains, to check if a location is inside a polygon
    • Improve sn0int select output
    • Return true if uniq activity event is already known
    • Add missing seccomp syscall (poll)
    • Add str_find, str_replace and strval
    • Add sn0int paths to show
    • Add sn0int pkg to manage modules
    Source code(tar.gz)
    Source code(zip)
    sn0int-0.17.0.tar.gz.asc(850 bytes)
  • v0.16.0(Jan 30, 2020)

  • v0.15.0(Jan 18, 2020)

    • Fix breaking changes in geoip download. GeoIP is still supported but sn0int isn't going to try to download it anymore.
    • Activity logging: Allows modules to create events that are tied to a datetime and can have data tied to them. There's a proper frontend planned for this.
    • Added ratelimit_throttle which behaves similar to a mutex that scripts can lock to get rate limited automatically according to the limit configured by the function arguments.
    • Tab completion for sn0int repl
    • Missing add subcommands have been added for urls and ports
    • Minor improvements in the UI
    Source code(tar.gz)
    Source code(zip)
    sn0int-0.15.0.tar.gz.asc(850 bytes)
  • v0.14.0(Nov 23, 2019)

    • Added a very basic sn0int repl to make script development easier
    • Added improved support for apis hosted on .onions
    • Added crypto currency addresses as new struct
    • Added sn0int export as a command to export a workspace to json
    • The target option is now exposed on the cli to run an investigation on a subset of the structs in scope, this can be used with sn0int run -t 'where id=1' foo
    • Improved normalization when adding structs
    • Improved date functions (there are going to be deprecation warnings on the next release)
    • Added stdin_read_to_end to read all of stdin into a string
    • last_seen automatically selects the most recent date so scripts don't need to check this manually
    • Fixed pgp uid decoding issue
    • Minor bugfixes and improvements
    Source code(tar.gz)
    Source code(zip)
    v0.14.0.tar.gz.asc(833 bytes)
  • v0.13.0(Aug 26, 2019)

    • There is now an autonoscope engine that can automatically apply rules to exclude structs from scope when added
    • quickstart and mod update are now much faster
    • http_fetch and http_fetch_json have been added as a shorthand for http_send with status code validation and optionally parsing the body as json, reducing the boilerplate in a few modules
    • tls support has been added to sock_connect
    • pgp_pubkey can now return the primary key fingerprint and signatures
    • netblocks have been added as a struct
    • Modules can be listed by input source
    • base64 and base32 functions have been added, with support for custom alphabets
    • Startup time has been improve significantly
    • noscope/scope are now exposed to the cli as sn0int noscope and sn0int scope
    • set_err has been added for certain control-flow cases
    • Some fields are now automatically lowercased
    • Installed modules are now tagged with [installed] in the search results
    • The module search got a --new flag to show only modules we haven't installed yet
    Source code(tar.gz)
    Source code(zip)
    v0.13.0.tar.gz.asc(833 bytes)
  • v0.12.0(Jun 19, 2019)

    • Add models for ports
    • Add hmac and cryptographic hash functions
    • Add strftime and strptime
    • Add an xml parser and processing functions
    • Add more advanced workspace options
    • ipv4/ipv6 is now automatically detected and set for the ipaddr model
    • warn and warn_once functions have been added
    • Some seccomp bugfixes
    Source code(tar.gz)
    Source code(zip)
    v0.12.0.tar.gz.asc(833 bytes)
  • v0.11.2(May 13, 2019)

  • v0.11.1(Apr 25, 2019)

  • v0.11.0(Apr 22, 2019)

  • v0.10.0(Feb 28, 2019)

    • Added accounts structs to the database
    • Added breach structs to the database
    • Using >= and <= in queries now works correctly
    • Unknown script metadata is now non-fatal
    • Improved aarch64 support
    • seccomp bugfix (mremap)

    Note about the registry

    The registry is currently difficult to build due to an unresolved problem in Rocket, if you are interested in deploying a registry please join the #sn0int irc channel for instructions.

    Source code(tar.gz)
    Source code(zip)
    v0.10.0.tar.gz.asc(833 bytes)
  • v0.9.1(Feb 3, 2019)

  • v0.9.0(Jan 29, 2019)

    • Add socket functions to create raw tcp connections (with socks5 support)
    • Add db_add_ttl to add to the database with a timeout
    • Add datetime function to get current time+date
    • Add json output for select
    • Don't display progress indicator in some cases
    • Switch sqlite to WAL

    New modules

    • smtp-check - validate emails over smtp
    • thunderbird-autoconfig - find subdomains via thunderbird autoconfig
    • well-known-uris - test for RFC-5785 well-known uris
    • passive-arp - similar to arp-scan but fully passive, depends on sniffglue
    Source code(tar.gz)
    Source code(zip)
  • v0.8.1(Jan 13, 2019)

    Bugfix release

    • Fix a bug in the certificate parser for san extensions longer than 127 bytes
    • Introduce a dns cache to reduce dns traffic and avoid a bug in chrootable-https that leaks udp sockets
    • Bump dependencies to support OpenBSD
    Source code(tar.gz)
    Source code(zip)
Owner
Independent security research. Works on backdoor-resistant software distribution. Maintains packages in Arch Linux and Debian. Steals food at conferences.
null
A simple password manager written in Rust

ripasso A simple password manager written in Rust. The root crate ripasso is a library for accessing and decrypting passwords stored in pass format (G

Joakim Lundborg 548 Dec 26, 2022
link is a command and control framework written in rust

link link is a command and control framework written in rust. Currently in alpha. Table of Contents Introduction Features Feedback Build Process Ackno

null 427 Dec 24, 2022
Record and Replay Framework

Overview rr is a lightweight tool for recording, replaying and debugging execution of applications (trees of processes and threads). Debugging extends

null 7.6k Jan 1, 2023
Rust implementation of The Update Framework (TUF)

rust-tuf A Rust implementation of The Update Framework (TUF). Full documentation is hosted at docs.rs. Warning: Beta Software This is under active dev

heartsucker 152 Dec 11, 2022
A fuzzer framework built in Rust

lain This crate provides functionality one may find useful while developing a fuzzer. A recent nightly Rust build is required for the specialization f

Microsoft 469 Dec 9, 2022
Binary Analysis Framework in Rust

Welcome to Falcon Falcon is a formal binary analysis framework in Rust. Expression-based IL with strong influences from RREIL and Binary Ninja's LLIL.

Falcon Binary Analysis Framework 489 Dec 18, 2022
Bindings to the macOS Security.framework

macOS/iOS Security framework for Rust Documentation Bindings to the Apple's Security.framework. Allows use of TLS and Keychain from Rust. License Lice

Kornel 172 Jan 2, 2023
Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data sources

Kepler — Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data so

Exein.io 101 Nov 12, 2022
Steals browser passwords and cookies and sends to webhook.

Browser-Stealer Steals browser passwords and cookies and sends to webhook. Donating Educational Purposes Only This code is made so you can learn from

RadonCoding 3 Sep 27, 2021
Xori is an automation-ready disassembly and static analysis library for PE32, 32+ and shellcode

Xori - Custom disassembly framework Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and pro

ENDGAME 712 Nov 28, 2022
🕵️‍♀️ Find, locate, and query files for ops and security experts ⚡️⚡️⚡️

Recon Find, locate, and query files for ops and security experts Key Features • How To Use • Download • Contributing • License Key Features Query with

Rusty Ferris Club 11 Dec 16, 2022
A Comprehensive Web Fuzzer and Content Discovery Tool

rustbuster A Comprehensive Web Fuzzer and Content Discovery Tool Introduction Check the blog post: Introducing Rustbuster — A Comprehensive Web Fuzzer

Francesco Soncina 467 Dec 26, 2022
A simple menu to keep all your most used one-liners and scripts in one place

Dama Desktop Agnostic Menu Aggregate This program aims to be a hackable, easy to use menu that can be paired to lightweight window managers in order t

null 47 Jul 23, 2022
A simple scanner that loops through ips and checks if a minecraft server is running on port 25565

scanolotl Scanolotl is a simple scanner that loops through ips and checks if a minecraft server is running on port 25565. Scanolotl can also preform a

JustFr33z 3 Jul 28, 2022
Rust library for building and running BPF/eBPF modules

RedBPF A Rust eBPF toolchain. Overview The redbpf project is a collection of tools and libraries to build eBPF programs using Rust. It includes: redbp

foniod 1.5k Jan 1, 2023
telemetry aggregation and shipping, last up the ladder

cernan - telemetry aggregation and shipping, last up the ladder Cernan is a telemetry and logging aggregation server. It exposes multiple interfaces f

Postmates Inc. 311 Nov 21, 2022
Automated attack surface mapper and vulnerability scanner

Phaser Automated attack surface mapper and vulnerability scanner What is this? Phaser is a high-performance and automated attack surface mapper and vu

Sylvain Kerkour 74 Dec 16, 2022
unfuck is a utility and library for deobfuscating obfuscated Python 2.7 bytecode

unfuck is a utility and library for deobfuscating obfuscated Python 2.7 bytecode. It is essentially a reimplementation of the Python VM with taint tracking.

Lander Brandt 171 Dec 14, 2022
Finds matching solidity function signatures for a given 4 byte signature hash and arguments.

Finds matching solidity function signatures for a given 4 byte signature hash and arguments. Useful for finding collisions or 0x00000000 gas saving methods (though there are better techniques for saving gas on calldata)

null 73 Dec 22, 2022