CON-3040 Create osint-master project

subjects/cybersecurity/osint-master/README.md

@@ -0,0 +1,183 @@
+## OSINT-Master
+
+<center>
+<img src="./resources/osint-meme.png?raw=true" style = "width: 673px !important; height: 439px !important;"/>
+</center>
+
+### Introduction:
+
+Open-source intelligence (OSINT) is a key component of cybersecurity, providing valuable insights into potential vulnerabilities and security risks. This project involves creating a tool that performs comprehensive passive reconnaissance using publicly available data.
+
+### Objective:
+
+The goal is to build a multi-functional tool using a programming language of your choice, The tool is capable of retrieving detailed information based on user inputs such as `Full names`, `IP addresses`, `usernames`, and `domains`. This project will enhance your skills in data analysis, ethical considerations, and the use of various cybersecurity tools and APIs.
+
+By completing this project, You will:
+
+- Develop an understanding of OSINT techniques and their applications.
+- Gain practical experience in programming, API integration, and data handling.
+- Learn to identify and mitigate security risks, including subdomain takeovers.
+- Understand the ethical and legal implications of cybersecurity practices.
+
+### Resources
+
+Some useful resources:
+
+- [Open-source intelligence](https://en.wikipedia.org/wiki/Open-source_intelligence)
+- [Doxing](https://en.wikipedia.org/wiki/Doxing)
+- [Kali Tools - Recon](https://en.kali.tools/all/?category=recon)
+- [OSINT Tools on GitHub](https://github.com/topics/osint-tools)
+
+Before asking for help, ask yourself if you have really thought about all the possibilities.
+
+### Role play
+
+To enhance the learning experience and assess your knowledge, a role play question session will be included as part of this project.
+This section will involve answering a series of questions in a simulated real-world scenario where you assume the role of a Cyber Security Expert explaining how to protect information from OSINT techniques to a team or stakeholder.
+
+The goal of the role play question session is to:
+
+- Assess your understanding of OSINT risks and mitigation strategies.
+- Test your ability to communicate effectively and explain security measures related to this project.
+- Challenge you to think critically about the importance of information security and consider alternative approaches.
+- Explain what subdomain takeovers are.
+
+Prepare for a role play question session in the audit.
+
+### Project Requirements
+
+#### Input Handling:
+
+The tool should accept the following inputs: `Full Name`, `IP Address`, `Username`, and `Domain`.
+
+#### Information Retrieval:
+
+- Full Name:
+  Parse the input to extract "First Name" and "Last Name".
+  Look up associated information such as phone numbers, addresses, and social media profiles using directory APIs or web scraping.
+
+- IP Address:
+  Retrieve geolocation data, ISP details, and check for any historical data associated with the IP (e.g., from abuse databases).
+
+- Username:
+  Check for the presence of the username on at least five known social networks and public repositories.
+  Retrieve public profile information, such as profile bio, activity status, and follower count.
+
+- Domain and Subdomain Enumeration:
+  Enumerate subdomains and gather information including IP addresses, SSL certificate details, and potential vulnerabilities.
+  Identify potential subdomain takeover risks by analyzing DNS records and associated resources.
+
+> You are responsible for choosing the way you want to find the data and for using the API's. be aware of the API's `Terms of Use` and `Cost` before use!
+
+#### Output Management:
+
+Store the results in a well-organized file format.
+
+### Usage Examples
+
+#### Command Line Interface:
+
+```sh
+$> osintmaster --help
+
+Welcome to osintmaster multi-function Tool
+
+OPTIONS:
+    -n  "Full Name"        Search information by full name
+    -i  "IP Address"       Search information by IP address
+    -u  "Username"         Search information by username
+    -d  "Domain"           Enumerate subdomains and check for takeover risks
+    -o  "FileName"         File name to save output
+```
+
+#### Example Outputs:
+
+```sh
+$> osintmaster -n "FNAME LNAME" -o result1.txt
+First name: FNAME
+Last name: LNAME
+Phone Number: +1234567890
+Address: Address123, CITY, COUNTRY-CODE
+LinkedIn: linkedin.com/in/XX.XX
+Facebook: facebook.com/XX.XX
+Data Saved in result1.txt
+```
+
+#### IP Address:
+
+```sh
+$> osintmaster -i 8.8.8.8 -o result2.txt
+ISP: Google LLC
+City: Mountain View
+Country: COUNTRY
+ASN: 15169
+Known Issues: No reported abuse
+Data Saved in result2.txt
+```
+
+#### Username:
+
+```sh
+$> osintmaster -u "@username" -o result3.txt
+Facebook: Found
+Twitter: Found
+LinkedIn: Found
+Instagram: Not Found
+GitHub: Found
+Recent Activity: Active on GitHub, last post 1 days ago
+Data Saved in result3.txt
+```
+
+#### Domain and Subdomain Enumeration:
+
+```sh
+$> osintmaster -d "example.com" -o result4.txt
+Main Domain: example.com
+
+Subdomains found: 3
+  - www.example.com (IP: 123.123.123.123)
+    SSL Certificate: Valid until 2030-03-01
+  - mail.example.com (IP: 123.123.123.123)
+    SSL Certificate: Valid until 2030-03-01
+  - test.example.com (IP: 123.123.123.123)
+    SSL Certificate: Not found
+
+Potential Subdomain Takeover Risks:
+  - Subdomain: test.example.com
+    CNAME record points to a non-existent AWS S3 bucket
+    Recommended Action: Remove or update the DNS record to prevent potential misuse
+
+Data saved in result4.txt
+```
+
+### Bonus
+
+If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
+
+- User Interface: Develop a graphical user interface (GUI) for better user accessibility.
+- PDF Generation: Add a feature to generate your OSINT result as PDF files.
+
+Challenge yourself!
+
+### Documentation
+
+Create a `README.md` file that provides comprehensive documentation for your tool (prerequisites, setup, configuration, usage, ...). This file must be submitted as part of the solution for the project.
+Add clear guidelines and warnings about the ethical and legal use of the tool to your documentation.
+
+### Ethical and Legal Considerations
+
+- Get Permission: Always obtain explicit permission before gathering information.
+- Respect Privacy: Collect only necessary data and store it securely.
+- Follow Laws: Adhere to relevant laws such as GDPR and CFAA.
+- Report Responsibly: Privately notify affected parties of any vulnerabilities.
+- Educational Use Only: Use this tool and techniques solely for learning and improving security.
+
+> ⚠️ Disclaimer: This project is for educational purposes only. Ensure all activities comply with legal and ethical standards. The institution is not responsible for misuse of the techniques and tools demonstrated.
+
+### Submission and audit
+
+Upon completing this project, you should submit the following:
+
+- Your documentation in the `README.md` file.
+- The Source code of your tool.
+- Any required files to run your tool.

subjects/cybersecurity/osint-master/audit/README.md

@@ -0,0 +1,107 @@
+#### General
+
+##### Check the Repo content.
+
+Files that must be inside the repository:
+
+- Detailed documentation in the `README.md` file.
+- Source code for the OSINT-Master tool.
+- Any required configuration files and scripts for running the tool.
+
+###### Are all the required files present?
+
+##### Play the role of a stakeholder
+
+Organize a simulated scenario where the student take on the role of Cyber Security Experts and explain their solution and knowledge to a team or stakeholder. Evaluate their grasp of the concepts and technologies used in the project, their communication efficacy, and their critical thinking about their solution and knowledge behind this project.
+Suggested role play questions include:
+
+- What is OSINT and why is it significant in cybersecurity?
+- What types of information can be gathered using OSINT techniques?
+- Explain what subdomain takeovers are, and how to protect against it?
+- How does the OSINT-Master tool help identify sensitive information?
+- What challenges did you face while developing the OSINT-Master tool and how did you address them?
+- How can we protect our crytical information from OSINT techniques?
+- How can this tool help in a defensive approach?
+
+###### Were the student able to answer all the questions?
+
+###### Did the student demonstrate a thorough understanding of the concepts and technologies used in the project?
+
+###### Were the students able to communicate effectively and justify their decisions and explain the knowledge behind this project?
+
+###### Was the student able to evaluate the value of this project in real-life scenarios?
+
+###### Did the students demonstrate an understanding of ethical and legal considerations related to OSINT?
+
+##### Check the Student Documentation in the `README.md` File
+
+###### Does the `README.md` file contain all the necessary information about the tool (prerequisites, setup, configuration, usage, ...)?
+
+###### Does the `README.md` file contain clear guidelines and warnings about the ethical and legal use of the tool?
+
+##### Review the Tool's Design and Implementation
+
+1. **Help Command:**
+
+```sh
+$> osintmaster --help
+```
+
+###### Does the output include explanation how to use the tool?
+
+2. **Full Name Option:**
+
+```sh
+$> osintmaster -n "Full Name" -o filename
+```
+
+###### Does the output include accurate details such as phone numbers, addresses, and social media profiles?
+
+###### Does the output stored to the file specified in the output parameter?
+
+3. **IP Adress Option:**
+
+```sh
+$> osintmaster -i "IP Address" -o filename
+```
+
+###### Does the output include geolocation data, ISP details, and historical data?
+
+###### Does the output stored to the file specified in the output parameter?
+
+4. **Username Option:**
+
+```sh
+$> osintmaster -u "Username" -o filename
+```
+
+###### Does the output check the presence of the username on multiple social networks and public repositories?
+
+###### Does the output stored to the file specified in the output parameter?
+
+5. **Domain Option:**
+
+```sh
+$> osintmaster -d "Domain" -o filename
+```
+
+###### Does the output enumerate subdomains, gather relevant information, and identify potential subdomain takeover risks?
+
+###### Does the output stored to the file specified in the output parameter?
+
+##### Ensure that the student submission meets the project requirements:
+
+1. **Functionality:** Does the tool retrieve detailed information based on the given inputs (Full Name, IP Address, Username, and Domain)?
+2. **Data Accuracy:** Is the retrieved information accurate and relevant?
+3. **Ethical Considerations:** Are there clear guidelines and warnings about the ethical and legal use of the tool?
+4. **Usability:** Is the tool user-friendly and well-documented?
+
+###### Did the tool design and implementation align with all the project requirements above?
+
+###### Were the students able to implement a functional and reliable tool that meets the project requirements?
+
+#### Bonus
+
+###### + Did the student implement additional valuable features?
+
+###### + Is this project an outstanding project that exceeds the basic requirements?