reveal origins behind reverse proxies & hidden services ๐ ๐ง ๐ป
License: GNU General Public License v3.0
hi, i'm josh
i do security (research|investigations) and share some of the tools I make along the way here.
you may find me (volunteering|contributing|building) around;
in addition to shodan for external lookups, allow for queries to the binaryedge.io dataset
in addition to shodan for external lookups, allow for queries to the censys.io dataset
continue analysis against matches when sub-processors return findings
an idea - needs to be fleshed out.. some confidence-scoring system will likely required before aimlessly probing potential matches
this could include things such as;
discover hidden paths through bruteforcing and other tricks.
see joshhighet/kerchow/sbin/http-scanner, gobuster & dirsearch
if a Last-Modified header value exists, span out a search for it across any supported search services (shodan etc)
Lines 147 to 155 in b22e665
per below service.onion apparently matches conditions for all of the checks. in reality - it's not detecting the catchall and these are incorrect.
Lines 15 to 21 in b22e665
INFO 127:configcheck.py fetch found 200 at http://service.onion/sitemap.xml
INFO 127:configcheck.py fetch found 200 at http://service.onion/admin
INFO 127:configcheck.py fetch found 200 at http://service.onion/administrator
INFO 127:configcheck.py fetch found 200 at http://service.onion/wp-admin
INFO 127:configcheck.py fetch found 200 at http://service.onion/.env
INFO 127:configcheck.py fetch found 200 at http://service.onion/WEB-INF/web.xml
avoiding potential false flags i.e service.onion below
โ bebop git:(main) โ uuidgen
C27362AF-4A1C-4E82-918F-FB6CC89E6EB8
โ bebop git:(main) โ curl --socks5-hostname telemetry.dark:9050 -X GET -I http://service.onion/C27362AF-4A1C-4E82-918F-FB6CC89E6EB8
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 03 Aug 2023 10:25:03 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 423
Last-Modified: Wed, 02 Aug 2023 10:18:39 GMT
Connection: keep-alive
Accept-Ranges: bytesadd fofa as an available engine to the collection of search processors
I give the api keys of shodan, zoomeye and other sites but it didn't accepted ......if you could tell me the correct way to sync them it would a big help for me...
scan libraries and correlate to known outdated libraries and provide further context.
see retire.js
provide an option to leverage an alternative to the python requests library that supports DOM rendering
if a site is serving a certificate, leverage said elements against subprocessors
also consider jarm
use
then validate resolution
potentially encoding related
โ app git:(main) โ python3 subprocessors.py
DEBUG:__main__:zoomeye: querying title:'Fox Trot'
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.zoomeye.org:443
DEBUG:urllib3.connectionpool:https://api.zoomeye.org:443 "GET /host/search?query=title%3A%27Fox+Trot%27 HTTP/1.1" 500 94
ERROR:__main__:zoomeye: api error: 500 Server Error: Internal Server Error for url: https://api.zoomeye.org/host/search?query=title%3A%27Fox+Trot%27
โ app git:(main) โ curl -vv \
'https://api.zoomeye.org/host/search?query=title:"Fox%20Trot"' -H "API-KEY:[stripped]"
* Trying 160.116.186.18:443...
* Connected to api.zoomeye.org (160.116.186.18) port 443 (#0)
[stripped]
>
< HTTP/1.1 500 Internal Server Error
[stripped]
<
* Connection #0 to host api.zoomeye.org left intact
{"error": "internal_error", "message": "internal error", "url": "https://www.zoomeye.org/api"}% alongside nmap's service identification, gain a better understanding of frameworks and technologies on a site.
see wappalyzer
in addition to shodan for external lookups, allow for queries to the zoomeye.org dataset
Zoomeye is using the old API endpoints. The new HK URLโs should be used
once enough confidence is gained that the method of identifying 'rare' headers is functional, consider searching said values against the likes of shodan
provide the ability to return screenshots of paged which have undergone review
something like the playwright implementation seen here ransomwatch/screenshotter.py
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.