Attack the World

Open-source OSINT Scanner used for discovery of information and then checks for possible attack vectors.

Comment 2

Inspiration

Its nice to know what data is out there on you, and it's important to know what that data is to ensure you're safe from exploitation. Our tool is also great at fishing out identity fraud.

What it does

Using 14 Different Pipelines, collects initial user input and then gathers additional information tied to the given target. Afterwards, prepares an exploit with Metasploit. Designed to gather as many entry points as possible before exploit.

How we built it

Designed UI in FigmaMake, and then transferred it over to a local system. Started by familiarizing ourselves with our tools, then manually writing shell scripts. We then had ChatGPT rewrite the script for efficiency. Bash loops that would run the 15 tools for the number of indexes in the category that that tool could use. As knew information was discovered would run pipe the information into the appropriate tools.

Challenges we ran into

Our backend developer stayed up for 30 hours and the biggest challenge was motivation and staying awake. Properly formatting pipelines to include other pipelines. Getting into development flow with new teammates. Setting up individual tools, including finding out which are broken and fixing them (set up VM in python, and had to use two versions of python and allow them to work colinearly. Frontend developer and backend developer working on different machines with different dependencies slowed the integration process. One developer's machine was running a linux container on ChromeOS which proved very tumultuous throughout the entire process.

Accomplishments that we're proud of

It was our frontend developers first time building a front-end UI and performing frontend/backend integration. Used on an impersonator and found that they weren't based where they were advertising. Found two session tokens, real name. After running on own team, found two public keys linked to their name. Correctly Identified which email has had its information leaked from a gaming website. Found three PGP (private pretty good privacy keys) leaked under name Michael. While testrunning on a teammate.

What we learned

We learned a lot about OSINT Scanning and the many tools that we integrated. World is not as secure as you may think, and a lot of information can be found on a target.

What's next for Attack the World

Integrating phishing, idea of tricking people on clicking on link. And targeted emails. To narrow down on a person and find out more information.

Built With

  • bash
  • dig
  • domain-expansion
  • holehe
  • maigret
  • metasploit
  • nmap
  • numspy
  • osm
  • sherlock
  • spiderfoot
  • sylva
  • theharvester
  • web-probe
  • whois
+ 4 more
Share this project:

Updates