search

saeeddhqan / Maryam

Maryam: Open-source Intelligence(OSINT) Framework
GNU General Public License v3.0
1.03k stars 166 forks source link

[New Feature]Expainability of OSINT available. #156

Closed anuran-roy closed 3 years ago

anuran-roy commented 3 years ago

So what I was thinking of is a module that will explain the OSINT available on something/somebody, so that we can trace the sequence of the information flow. Blue Teams can then identify the pathways through which OSINT leaks happen.

For example, say we found info on someone / something through the following Pathway: Instagram (got real name and location) -> Yahoo People Lookup (got phone number and personal email) -> Shodan (traced ISP from phone number) -> Leaked passwords (if any, from haveibeenpwned.com)

Since we can implement templates, I think this can be easily integrated by using some flags and formatted output showing the fields found at each stage.

Also, we may further implement a module to export the generated pathway data and the data found to a structured file format (say JSON or XML). From there we can easily use other cybersecurity reporting tools to make the task of explaining OSINT gathering tage easier.

@saeeddhqan can we implement this? If yes, can I include it in my GSoC proposal? 😅

rachejazz commented 3 years ago

I have a very basic question 🤔 What is the input, And what is the corresponding output of this proposed module? (A complete example i meant)

anuran-roy commented 3 years ago

I have a very basic question What is the input, And what is the corresponding output of this proposed module? (A complete example i meant)

The module is really simple. It just stores the sequence of the modules that we are running manually or using the templates. We just need to activate it before starting our activity. It just stores the data from the fields we obtain alongwith labeling the module from which we obtained the data.

Then it parses the data into a parseable format like JSON or XML. For example, say we go like this:

-> Enable explainability module -> Start recording. -> Do the workflow as I told above. -> Stop recording. The output will be something like this:

{ 'Instagram.py' : { 'Name':'XYZ' , 'Location':'Somewhere' }, 'Yahoo! People' : { 'Phone' : 'some number' , 'E-mail' : 'something' } 'Shodan' : { 'ISP' : 'some ISP' , } 'haveibeenpwned.com' : { 'leaked passwords' : { 'username1' : 'password1', 'username2' : 'password2', ... } } }

saeeddhqan commented 3 years ago

Yes, yes