SECURITY NEWS |

DataSploit Tutorial

What is DataSploit?

DataSploit is an open source intelligence collection (OSINT) tool. It is a simple way to dump data for a domain or other piece of metadata.

Running DataSploit from the command line, enter an input to search on, or choose to import search data from a text file.

DataSploit Installation

Often used with the Kali Linux penetration testing distribution, installing within Kali or Ubuntu Linux is a simple process.

Ensure you have git and pip installed.

test@ubuntu:~/$ git clone https://github.com/datasploit/datasploit
test@ubuntu:~/$ cd datasploit
test@ubuntu:~/datasploit/$ pip install -r requirements.txt
test@ubuntu:~/datasploit/$ mv config_sample.py config.py
test@ubuntu:~/datasploit/$ python datasploit.py -h
True
usage: datasploit.py [-h] [-i SINGLE_TARGET] [-f FILE_TARGET] [-a] [-q]
                     [-o OUTPUT]

  ____/ /____ _ / /_ ____ _ _____ ____   / /____   (_)/ /_
 / __  // __ `// __// __ `// ___// __ \ / // __ \ / // __/
/ /_/ // /_/ // /_ / /_/ /(__  )/ /_/ // // /_/ // // /_
\__,_/ \__,_/ \__/ \__,_//____// .___//_/ \____//_/ \__/
                              /_/

           Open Source Assistant for #OSINT
               www.datasploit.info

optional arguments:
  -h, --help            show this help message and exit
  -i SINGLE_TARGET, --input SINGLE_TARGET
                        Provide Input
  -f FILE_TARGET, --file FILE_TARGET
                        Provide Input
  -a, --active          Run Active Scan attacks
  -q, --quiet           Run scans in automated manner accepting default
                        answers
  -o OUTPUT, --output OUTPUT
                        Provide Destination Directory

              Connect at Social Media: @datasploit
                

Similar to recon-ng you will need to configure API keys to get the full value from this tool. As different Internet resources are searched, the API key will allow you get additional and more detailed data.

To add the API keys you need to add them to config.py file.

DataSploit as Python Module

A nice feature of this tool is the ability to load it as a Python module for use in your own Python tools. pip install datasploit will get you started then head over to the Help Pages for more information.

Using DataSploit

From the command line you can run the tool with an single target parameter to find information on a single domain.

Rather than selecting modules to use, this tool has a go at whatever modules are available and configured.

~/datasploit$ python datasploit.py -i microsoft.com
True

  ____/ /____ _ / /_ ____ _ _____ ____   / /____   (_)/ /_
 / __  // __ `// __// __ `// ___// __ \ / // __ \ / // __/
/ /_/ // /_/ // /_ / /_/ /(__  )/ /_/ // // /_/ // // /_
\__,_/ \__,_/ \__/ \__,_//____// .___//_/ \____//_/ \__/
                              /_/

           Open Source Assistant for #OSINT
               www.datasploit.info


Target: microsoft.com
Looks like a DOMAIN, running domainOsint...

[-] Skipping Googlepdf because it is marked as disabled.
[-] Skipping Zoomeye because it is marked as disabled.
---> Finding subdomains, will be back soon with list. 

 [+] Extracting subdomains from DNS Dumpster

 [+] Extracting subdomains Netcraft

 [+] Extracting subdomains from Certificate Transparency Reports

As you can see there is a sub domain search module for our own project DNSDumpster.

With a configured Shodan API key, we can dump subdomains for the target domain and these will then be searched for open ports and other scan data through the Shodan API.

** results snipped **
---> Wapplyzing web page of base domain:

Hitting HTTP and HTTPS:
[+] Third party libraries in Use for HTTP:
  Apache
  Google Analytics
  Google AdSense
  CentOS
[+] Third party libraries in Use for HTTPS:
  Apache
  Google Analytics
  Google AdSense
  CentOS

-----------------------------


---> Searching in Shodan:

IP: 77.xx.44.55
Hosts: [u'test.microsoft.com']
Domain: [u'test.microsoft.com']
Port: 80
Content-Type: text/html; charset=UTF-8
Location: {u'city': u'Fremont', u'region_code': u'CA', u'area_code': 510, u'longitude': -121.9829, u'country_code3': u'USA', u'country_name': u'United States', u'postal_code': u'94536', u'dma_code': 807, u'country_code': u'US', u'latitude': 37.56700000000001}

** results snipped **

While I have snipped most of the results above there are a couple of Interesting things to keep in mind.

In particular the fact that the Wapplyzing module has pulled some data on HTML/Javascript libraries of the main domain. These results have been gathered by querying the domain from your current Internet connection.

Active vs Passive vs Semi-Passive

Definitions can vary but I generally categorize these types of reconnaissance as follows:

Active involves active probes against the target, including such things as Port Scanning. That is sending traffic to the target that is not "normal". Normal being a browser viewing a legitimate web page.

Passive indicates no packets are sent to the target network. All data collection is done through third party sites. These of course may then perform the query on your behalf depending on the service.

Semi-Passive is the category I would place this tool in. That being it does send traffic to the target but it is a standard web browser request as seen in the wappalyzer results.

The key takeaway here is that if you are doing OSINT research for incident response and wish to keep your local IP address from target web server logs you should use a VPS or other layer of anonymity.

Conclusion

DataSploit is a fast and easy tool that can gather a range of data very quickly with minimal configuration.

Go and grab the latest version and start testing. A good place to start testing is various bug bounty programs. By selecting a range of bug bounty programs you will be able to test the tool against a number of varied targets and you may even stumble upon an item of interest.

If you have any suggestions for improvement or have any questions related to this DataSploit Tutorial please get in contact.

Next Level Your Technical Network Intelligence

Use Cases and More Info

  • 13 Vulnerability Scanners
  • 17 Free DNS & Network Tools
  • 4+ Billion Records of DNS / IP data