search

DataSploit / datasploit

An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
GNU General Public License v3.0
2.96k stars 426 forks source link

Locate senstive files for a domain on search engines like Google, Yahoo etc. #120

Open konarkmodi opened 7 years ago

konarkmodi commented 7 years ago

@upgoingstar : Would be nice to try and list files being indexed by search engines. Eg: insite:domain.com filetype:csv.

Can take this up if needed.

Chan9390 commented 7 years ago

You mean a separate module for Google dorks ?

upgoingstar commented 7 years ago

@Chan9390 - we can make Google dork as a separate area, but listing files from google dork will surely be a nice module to have. We had discussions around it earlier but the code written at that time very messed up. With this module, we can also do further OSINT on downloaded files (once we have user's consent to download the files).

Such OSINT will include:

  1. Fetching meta data from a file.
  2. Check sha hashes and verify file integrity from virus total, etc.
  3. File grep to highlight sensitive data within the file.
  4. Extract Author name and relate it to their linkedin profiles.

This post file OSINT module will be a different module which we are already doing. @konarkmodi - It will be great if you pick this module to list sensitive files for a domain from search engines, preferably google, bing and Yandex.

Also please let us know which extensions are you targeting. I guess .swf, .pdf, .docx, .conf, .tar and .csv should be enough for now. Anyway adding an extension later should not be a problem.

Please let us know if you need any assistance from my end.