What is DataSploit?
DataSploit is an open source intelligence collection (OSINT) tool. It is a simple way to dump data for a domain or other piece of metadata.
Running DataSploit from the command line, enter an input to search on, or choose to import search data from a text file.
DataSploit Installation
Often used with the Kali Linux penetration testing distribution, installing within Kali or Ubuntu Linux is a simple process.
Ensure you have git and pip installed.
test@ubuntu:~/$ git clone https://github.com/datasploit/datasploit
test@ubuntu:~/$ cd datasploit
test@ubuntu:~/datasploit/$ pip install -r requirements.txt
test@ubuntu:~/datasploit/$ mv config_sample.py config.py
test@ubuntu:~/datasploit/$ python datasploit.py -h
True
usage: datasploit.py [-h] [-i SINGLE_TARGET] [-f FILE_TARGET] [-a] [-q]
[-o OUTPUT]
____/ /____ _ / /_ ____ _ _____ ____ / /____ (_)/ /_
/ __ // __ `// __// __ `// ___// __ \ / // __ \ / // __/
/ /_/ // /_/ // /_ / /_/ /(__ )/ /_/ // // /_/ // // /_
\__,_/ \__,_/ \__/ \__,_//____// .___//_/ \____//_/ \__/
/_/
Open Source Assistant for #OSINT
www.datasploit.info
optional arguments:
-h, --help show this help message and exit
-i SINGLE_TARGET, --input SINGLE_TARGET
Provide Input
-f FILE_TARGET, --file FILE_TARGET
Provide Input
-a, --active Run Active Scan attacks
-q, --quiet Run scans in automated manner accepting default
answers
-o OUTPUT, --output OUTPUT
Provide Destination Directory
Connect at Social Media: @datasploit
Similar to recon-ng you will need to configure API keys to get the full value from this tool. As different Internet resources are searched, the API key will allow you get additional and more detailed data.
To add the API keys you need to add them to config.py file.
DataSploit as Python Module
A nice feature of this tool is the ability to load it as a Python module for use in your own Python tools. pip install datasploit will get you started then head over to the Help Pages for more information.
Using DataSploit
From the command line you can run the tool with an single target parameter to find information on a single domain.
Rather than selecting modules to use, this tool has a go at whatever modules are available and configured.
~/datasploit$ python datasploit.py -i microsoft.com
True
____/ /____ _ / /_ ____ _ _____ ____ / /____ (_)/ /_
/ __ // __ `// __// __ `// ___// __ \ / // __ \ / // __/
/ /_/ // /_/ // /_ / /_/ /(__ )/ /_/ // // /_/ // // /_
\__,_/ \__,_/ \__/ \__,_//____// .___//_/ \____//_/ \__/
/_/
Open Source Assistant for #OSINT
www.datasploit.info
Target: microsoft.com
Looks like a DOMAIN, running domainOsint...
[-] Skipping Googlepdf because it is marked as disabled.
[-] Skipping Zoomeye because it is marked as disabled.
---> Finding subdomains, will be back soon with list.
[+] Extracting subdomains from DNS Dumpster
[+] Extracting subdomains Netcraft
[+] Extracting subdomains from Certificate Transparency Reports
As you can see there is a sub domain search module for our own project DNSDumpster.
With a configured Shodan API key, we can dump subdomains for the target domain and these will then be searched for open ports and other scan data through the Shodan API.
** results snipped **
---> Wapplyzing web page of base domain:
Hitting HTTP and HTTPS:
[+] Third party libraries in Use for HTTP:
Apache
Google Analytics
Google AdSense
CentOS
[+] Third party libraries in Use for HTTPS:
Apache
Google Analytics
Google AdSense
CentOS
-----------------------------
---> Searching in Shodan:
IP: 77.xx.44.55
Hosts: [u'test.microsoft.com']
Domain: [u'test.microsoft.com']
Port: 80
Content-Type: text/html; charset=UTF-8
Location: {u'city': u'Fremont', u'region_code': u'CA', u'area_code': 510, u'longitude': -121.9829, u'country_code3': u'USA', u'country_name': u'United States', u'postal_code': u'94536', u'dma_code': 807, u'country_code': u'US', u'latitude': 37.56700000000001}
** results snipped **
While I have snipped most of the results above there are a couple of Interesting things to keep in mind.
In particular the fact that the Wapplyzing module has pulled some data on HTML/Javascript libraries of the main domain. These results have been gathered by querying the domain from your current Internet connection.
Active vs Passive vs Semi-Passive
Definitions can vary but I generally categorize these types of reconnaissance as follows:
Active involves active probes against the target, including such things as Port Scanning. That is sending traffic to the target that is not "normal". Normal being a browser viewing a legitimate web page.
Semi-Passive is the category I would place this tool in. That being it does send traffic to the target but it is a standard web browser request as seen in the wappalyzer results.
The key takeaway here is that if you are doing OSINT research for incident response and wish to keep your local IP address from target web server logs you should use a VPS or other layer of anonymity.
Conclusion
DataSploit is a fast and easy tool that can gather a range of data very quickly with minimal configuration.
Go and grab the latest version and start testing. A good place to start testing is various bug bounty programs. By selecting a range of bug bounty programs you will be able to test the tool against a number of varied targets and you may even stumble upon an item of interest.
If you have any suggestions for improvement or have any questions related to this DataSploit Tutorial please get in contact.
Next Level Your Technical Network Intelligence
- 13 Vulnerability Scanners
- 17 Free DNS & Network Tools
- 4+ Billion Records of DNS / IP data