none028

Virtualize Selenium ( 셀레니움 가상화 )

오늘 포스트는 도커, 파이썬을 활용해서 셀레니움을 가상화할 수 있도록 지원해주는 오픈소스 툴에 대한 정리입니다.

docker option 설명 [인용]

-p, --publish=[]: 호스트에 연결된 컨테이너의 특정 포트를 외부에 노출합니다. 보통 웹 서버의 포트를 노출할 때 주로 사용합니다.

• <호스트 포트>:<컨테이너 포트> 예) -p 80:80
• <IP 주소>:<호스트 포트>:<컨테이너 포트> 호스트에 네트워크 인터페이스가 여러 개이거나 IP 주소가 여러 개 일 때 사용합니다. 예) -p 192.168.0.10:80:80
• <IP 주소>::<컨테이너 포트> 호스트 포트를 설정하지 않으면 호스트의 포트 번호가 무작위로 설정됩니다. 예) -p 192.168.0.10::80
• <컨테이너 포트> 컨테이너 포트만 설정하면 호스트의 포트 번호가 무작위로 설정됩니다. 예) -p 80

[1] firefox-headless-selenium-python

https://github.com/juusechec/docker-firefox-headless-selenium-python

Dockerfile

FROM ubuntu:17.10
ENV LC_ALL C
ENV DEBIAN_FRONTEND noninteractive
ENV DEBCONF_NONINTERACTIVE_SEEN true

MAINTAINER Jorge Useche <juusechec@gmail.com>
USER root
# Install dependencies
RUN apt-get -qqy update
RUN apt-get -qqy --no-install-recommends install \
  wget \
  firefox \
  x11vnc \
  xvfb \
  xfonts-100dpi \
  xfonts-75dpi \
  xfonts-scalable \
  xfonts-cyrillic \
  openjdk-8-jre-headless \
  python3-pip \
  curl \
  && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
RUN pip3 install selenium
# Create user for use selenium-server-standalone
RUN useradd -d /home/seleuser -m seleuser
RUN mkdir -p /home/seleuser/chrome
RUN chown -R seleuser /home/seleuser
RUN chgrp -R seleuser /home/seleuser

RUN wget https://selenium-release.storage.googleapis.com/3.6/selenium-server-standalone-3.6.0.jar \
  && mv selenium-server-standalone-*.jar /home/seleuser/selenium-server-standalone.jar
RUN wget https://github.com/mozilla/geckodriver/releases/download/v0.19.0/geckodriver-v0.19.0-linux64.tar.gz -O /tmp/geckodriver.tar.gz \
  && tar -xzf /tmp/geckodriver.tar.gz -C /usr/bin && rm -rf /tmp/geckodriver.tar.gz

# Run at begin
ADD ./scripts/ /home/root/scripts
EXPOSE 4444 5999
CMD ["sh", "/home/root/scripts/start.sh"]

[2] dockselpy

https://github.com/dimmg/dockselpy

Dockerfile - dockselpy

FROM ubuntu:bionic

RUN apt-get update && apt-get install -y \
    python3 python3-pip \
    fonts-liberation libappindicator3-1 libasound2 libatk-bridge2.0-0 \
    libnspr4 libnss3 lsb-release xdg-utils libxss1 libdbus-glib-1-2 \
    curl unzip wget \
    xvfb


# install geckodriver and firefox

RUN GECKODRIVER_VERSION=`curl https://github.com/mozilla/geckodriver/releases/latest | grep -Po 'v[0-9]+.[0-9]+.[0-9]+'` && \
    wget https://github.com/mozilla/geckodriver/releases/download/$GECKODRIVER_VERSION/geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz && \
    tar -zxf geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz -C /usr/local/bin && \
    chmod +x /usr/local/bin/geckodriver && \
    rm geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz

RUN FIREFOX_SETUP=firefox-setup.tar.bz2 && \
    apt-get purge firefox && \
    wget -O $FIREFOX_SETUP "https://download.mozilla.org/?product=firefox-latest&os=linux64" && \
    tar xjf $FIREFOX_SETUP -C /opt/ && \
    ln -s /opt/firefox/firefox /usr/bin/firefox && \
    rm $FIREFOX_SETUP


# install chromedriver and google-chrome

RUN CHROMEDRIVER_VERSION=`curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE` && \
    wget https://chromedriver.storage.googleapis.com/$CHROMEDRIVER_VERSION/chromedriver_linux64.zip && \
    unzip chromedriver_linux64.zip -d /usr/bin && \
    chmod +x /usr/bin/chromedriver && \
    rm chromedriver_linux64.zip

RUN CHROME_SETUP=google-chrome.deb && \
    wget -O $CHROME_SETUP "https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb" && \
    dpkg -i $CHROME_SETUP && \
    apt-get install -y -f && \
    rm $CHROME_SETUP


# install phantomjs

RUN wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 && \
    tar -jxf phantomjs-2.1.1-linux-x86_64.tar.bz2 && \
    cp phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin/phantomjs && \
    rm phantomjs-2.1.1-linux-x86_64.tar.bz2


RUN pip3 install selenium
RUN pip3 install pyvirtualdisplay

ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
ENV PYTHONUNBUFFERED=1

ENV APP_HOME /usr/src/app
WORKDIR /$APP_HOME

COPY . $APP_HOME/

CMD tail -f /dev/null
# CMD python3 example.py

Dockerfile - dockselpy for firefox

FROM ubuntu:bionic

RUN apt-get update && apt-get install -y \
    python3 python3-pip \
    fonts-liberation libappindicator3-1 libasound2 libatk-bridge2.0-0 \
    libnspr4 libnss3 lsb-release xdg-utils libxss1 libdbus-glib-1-2 \
    curl unzip wget \
    xvfb


# install geckodriver and firefox

RUN GECKODRIVER_VERSION=`curl https://github.com/mozilla/geckodriver/releases/latest | grep -Po 'v[0-9]+.[0-9]+.[0-9]+'` && \
    wget https://github.com/mozilla/geckodriver/releases/download/$GECKODRIVER_VERSION/geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz && \
    tar -zxf geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz -C /usr/local/bin && \
    chmod +x /usr/local/bin/geckodriver && \
    rm geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz

RUN FIREFOX_SETUP=firefox-setup.tar.bz2 && \
    apt-get purge firefox && \
    wget -O $FIREFOX_SETUP "https://download.mozilla.org/?product=firefox-latest&os=linux64" && \
    tar xjf $FIREFOX_SETUP -C /opt/ && \
    ln -s /opt/firefox/firefox /usr/bin/firefox && \
    rm $FIREFOX_SETUP

RUN pip3 install selenium
RUN pip3 install pyvirtualdisplay

ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
ENV PYTHONUNBUFFERED=1

ENV APP_HOME /usr/src/app
WORKDIR /$APP_HOME

COPY . $APP_HOME/

CMD tail -f /dev/null
# CMD python3 example.py (실행하고자 하는 python 파일명)

[공유] Peerlyst - Some useful Open Source Intelligence (OSINT) tools by David Dunmore

해당 포스트는 Peerlyst - Some useful Open Source Intelligence (OSINT) tools by David Dunmore 포스트에 있는 OSINT 도구들에 대한 내용만 발췌한 포스트입니다.

Maltego

The aim of Maltego is to analyze real world relationships between people, web pages and sites, groups, domains, network infrastructure, Social Networks, and indeed anything else that is discoverable on the internet. Maltego can then present these results in a variety of graphical formats.

It is mainly used in Open Source Intelligence, and digital forensics

If you want to see the differences between the various versions of Maltego, have a look at this page

The Community edition can be downloaded from Paterva's downloads page, and is available for Windows, Linux (.deb and .rpm, and .zip) and for Mac. The downloads page detects your OS and offers the relevant format for the download.

Here’s Maltego’s UI from my installation (On PCLinuxOS using the rpm packaged installation file), showing the default transforms, and a couple of useful free (As in free Beer) that I’ve found to be useful.

I wrote a short series of two posts about Maltego’s free Community edition a while ago called ‘How to use Maltego’ Part 1 and Part 2.

Shodan

On the Home page, Shodan describes itself as ‘The search engine for the Internet Of Things’. It not a free Open Source resource, rather Shodan has several subscription plans, which are on a monthly rolling basis, so you can subscribe for just one month to evaluate its usefulness. The main difference between them is the number of IP addresses per month you can access.

Shodan also has an API, use of which is included with all the subscription options, but you have to register separately to access the API. The documentation for Shodan’s REST API is available here.

NOTE: All the API methods are limited to 1 request per second. This may or may not be a limitation you can live with. For development purposes it’s unlikely to be an issue, but I can see this being a bottleneck in some investigative scenarios.

Shodan can be integrated with a number of application, including Maltego, Nmap, Metasploit and many others here’s the full list.

Google Dorks

Despite the overtly nerdy, techy name, there’s really nothing mysterious going on here. Simply put, Google Dorks are just smarter / more advanced ways to search using Google for more specific results. Once you’re familiar with some of these techniques, you will (genuinely) wonder how you searched previously.

Here are a few that I find useful, here is a list of more of them.

“Double quotes” - (“”) search specifically for the exact words inside the double quotes

Being a British Railway nerd, I searched for “Bulleid Pacific Clan Line” which returned 102 results specific to that particular locomotive which was built in the 1940s for British Railways Southern Region.

Camera:£350 This one does not give exactly the result you might expect. It does return one result for cameras under £350, but also several results for cameras that feature the number 350 in their names. Under the default ‘All’ search, search using the ‘shopping’ tab does indeed return a large number of results for cameras under £350, including some IP cameras and CCTV ones as well.

To be a bit more flexible, try camera £100..£300 for cameras in that price range. Again for best results, choose the ‘shopping’ tab.

You can use AND. OR to combine results. e.g. camera AND film to exclude digital cameras.

To search social media, use the @ operator e.g. @Facebook or @twitter

intext:Mars Rover Finds web pages that include ‘Mars Rover’ in their text (57.5 million results when I tried this one).

Site:autotrader.co.uk Limits the search to the specified site

for more, there’s the link above, but there are many more, just search for ‘Google Dorks’ and be amazed!

While not Dorks per se, Google have a number of other useful resources, including images and maps. One I have found to be very handy is Google Correlate

Here’s a simple example, I used the term ‘Diet and Exercise’

CheckUserNames

This is potentially a very useful site, the aim is to see whether a given username is available on any of more than 160 social networking sites. The homepage is Check User Names, If you enter a username, the site will highlight which sites have the name available. It’s a handy way of seeing whether a given username is registered on social media. The site also has a link to their new site knowem.com, which claims to check more than 500 social media sites I tried some of my social media usernames, and the site (CheckUserNames) did correctly identify the sites where the names have been registered.

The FOCA

Fingerprinting Organizations with Collected Archives to expand on the (possibly devised to fit the tool’s functionality) acronym.

The main purpose of this tool is to find metadata and other hidden data contained in a variety of documents and some image files and to show relationships, for example, that some documents may have been produced by the same person or team.

FOCA is a Windows application that requires an instance of SQL Server to be available for it to store its search results, which may produce a large volume of data.

The FOCA is open source, released under the GNU Public License (GPL), and is available for download from this GitHub page.

Eleven Paths, who are the authors, also have a FOCA market page where you can download several plugins to expand on FOCA’s functionality.

There are several video Tutorials on YouTube, this link will find them.

While thinking about what useful information can be found in metadata, another very useful tool is

Metagoofil,

written by Christian Martorella of Edge Security, here’s Metagoofil’s page It’s written for Linux and can be downloaded as a .tar.gz file from Google Code Archive here. It’s not been updated since Feb 10 2013, but that may not matter, provided the functionality is correct. Metagoofil ins included in Buscador below, where it can be found in Software → Domains, which opens a small box titled ‘Domains: Choose tool, which contains radio buttons to choose a tool:

Clicking OK opens another small message with an input field for a URL to search. enter a URL, and

Metagoofil will go off and do its thing. Returning its findings in the form of an html page in its own folder.

Metagoofil is also included in Kali Linux.

Spiderfoot

Is an automated OSINT tool that gathers freely available information from more than 100 public sources, the type of information that Spiderfoot can gather includes IP addresses, Email addresses, names, and quite a lot more. It can present the information that it finds in a variery of graphical formats

Spiderfoot is available for Linux,BSD, Solaris and Windows. The Windows version is a freestanding executable (.exe file) that appears to be portable as the website says that it comes pre-packaged will all dependencies.

If you don’t want to compile Spiderfoot for Linux, it is also available packaged for Docker.

For further information on Spiderfoot, here’s a link: Spiderfoot's home page

If you use Kali Linux, you’ll know that Spiderfoot is not included in the default Kali distribution, but it can be installed Here's a link to a tutorial blog post. Note that some browsers may flag this as a site that has been reported as containing harmful software. That’s because it contains links to download Spiderfoot.

There are quite a few video tutorials on YouTube, this link will find them.

Buscador Investigative Operating System

This is a Linux distro loaded with OSINT tools, available as a Virtual Machine (VM)image for both VirtualBox and VMWare. It is developed and maintained by David Westcott and Michael Bazzell, and hosed on Google Drive The link for the download, and a list of included OSINT applications are available from IntelTechniques on their Buscador page, which also has a helpful list of installation notes, and some helpful notes on using the image in a virtual machine.

This may be the subject of a future post (or short series of posts) in some detail – watch this space!

There are several video tutorials on YouTube, this link will find them.

Kali Linux

Although this is intended primarily as a Penetration tester’s toolkit, it aims to be the pentester’s ‘Swiss Army Knife), Kali does contain several tools of interest to the OSINT investigator, including Metagoofil and The Harvester, which is a tool used to gather email accounts and sub-domains from publicly available sources, and a number of other tools. If you've not considered Kali for its OSINT tools, do have a kook, there’s a good amount of video tutorials on YouTube, this link will find them.

There are a good number of Video tutorials for metagoofil on YouTube, this link will find them.

There are also a similarly good number of video tutorials covering The Harvester on YouTube, this link will find them

Search Engines

And let’s not overlook the obvious start point for most OSINT (or indeed any other intelligence gathering) – Search engines, and Google in particular, have become so embedded in our consciousness that they may not register as the valuable tools that they undoubtedly are. If you doubt that, imagine trying to find a supplier of cheap watches in China or Japan (If you’re in Europe or the USA) without internet access and a search engine.)

Some (like Google, Bing and Yahoo) will track your searches, others, primarily DuckDuckGo make a point of NOT tracking your searches.

Some of the others, Ask for example have changed their underlying technology. Ask, at one time ‘Ask Jeeves) was for a while effectively a re branded Yahoo search (as is Swagbucks search currently), now however, Ask.com appears to be it’s own thing, and any association with another search engine is not readily apparent. Tracking these changes of ownership might be an interesting OSINT exercise.

Please feel free to do this exercise, and post your results in the comments section under this post.

Some old (And I thought long defunct) search engines are still going like Dog Pile, which used to search several other engines ad return aggregated results. This site lists several other search engines, and a number of other resources that are useful for OSINT investigations.

Have I Been Pwned

This is a very useful site, just enter an email address and the site will tell you whether the email address has been pwned (found among others in one or more breaches) try it here: Have I Been Pwned.

For a more comprehensive overview of some other OSINT tools, have a look at E Investigator's OSINT tools page.

Virus Total

If you need to check a file for known viruses, then Virus Total is the place to go, here’s their upload page where you can upload a suspect file for checking. Virus Total also have a number of API scripts allowing developers to use the Virus Checking functionality within their applications.

A variety of languages are supported, as are Maltego, in the form of a couple of transforms.

They also have and app for Android in the Play Store, desktop applications for Windows and Mac, but not specifically for Linux, although the Mac application (which uses Qt) can be compiled for you own distribution and browser extensions for Chrome, Firefox and Internet Explorer, but apparently not for Edge yet.

Forums (Fora?)

There’s any number of forums dedicated to most interests (including some that are illegal in most jurisdictions). The best way to find forums, if they’re relevant to your research, is probably to use a search engine (I prefer DuckDuckGo as it doesn’t track your activity).

It’s worth using mire than one search, using slightly different terms, as they can sometimes give differing results.

Blogs

there are a number of sites than claim to help you find blogs on any subject, but the one that works for me is The Blog Search Engine which along with blogs on the chosen subject, will also return YouTube videos and other related sites.

Useful Documents

Hiding from the internet book workbook new. Source: IntelTechniques

OSINT tools – Useful Links - new

[1] Helpers - Bulk API 

특정 사항이나  raw API를 요약하는 간단한 Helpers functions 컬렉션입니다.

특정 형식에 대한 요구 사항 및 다른 사항으로 인해 직접 사용하는 경우 번거로울 수 있으므로 Bulk API에는 여러 가지 Helpers가 있습니다.

모든 Bulk Helpers는 Elasticsearch 클래스의 인스턴스와 반복 가능한 작업을 수용합니다 (반복 가능하거나 생성자가 될 수 있음). 대량의 데이터 세트를 메모리에 로드하지 않고도 인덱싱 할 수 있습니다.

[2] 사용 예제

import json
import os
from elasticsearch import Elasticsearch
from elasticsearch import helpers

ES_HOST = '127.0.0.1'  # set es url or host
ES = Elasticsearch(hosts=ES_HOST, port=9200)
n = 10

##############################
# Bulk api 사용법
# bulk api를 활용해서 불안정한 search api 대신,
# 다량의 데이터를 한번에 전송하기 위해 작성된 예제 코드입니다.
# 코드는 아래와 같은 방식으로 구현되었습니다.
# ==========================================
# 먼저, resultList로 부터 json 포맷으로 저장된 결과들을 list형인 result_dict에 저장합니다.
# 여기서, resultDict에 있는 데이터들이 n개 이상일 경우, 엘라스틱서치에 전송됩니다.
# n개를 넘지않을 경우에는 추가 데이터를 받아오거나,
# 코드가 종료되는 시점에서 나머지 데이터를 전송하는 방향으로 처리하시면 됩니다.
# ==========================================
##############################
def collector():
  resultList = [{"target":apple, "taste":"good"}, {"target":banana, "taste": "bad"}]
  resultDict = []
  
  for data in resultList:
  	result = {"_index": ES_index, "_source": data}
  	resultDict.append(result)
    
    if len(resultDict) > n:
      helpers.bulk(ES, resultDict)
      resultDict = []
      
  helpers.bulk(ES, resultDict)

[3] 참고 자료

Python Helpers 모듈, https://elasticsearch-py.readthedocs.io/en/master/helpers.html