Danger Zone

General Informations


⇒ HORRIBLE SETUP #FuckingGoogleSearchApiModule

# Correlate data between domains, ips and email addresses, present it as a graph
# And store everything into Elasticsearch and JSON files

# You have to edit the settings.json file in order to provide your API keys and Elestic database info

# Golden Rule → Don't jump to conclusions too fast


python danger-zone.py -h
usage: dangerzone.py [-h] [--email EMAIL] [--address ADDRESS] [--domain DOMAIN]

Correlate data between domains, ips and email addresses and present it as a

optional arguments:
  -h, --help         show this help message and exit
  --email EMAIL      Email address
  --address ADDRESS  IP address
  --domain DOMAIN    Domain name
  --elasticsearch    Elasticsearch output
 # Example domain check
 python danger-zone.py --domain example.net --elastic


- Email
   → Trumail - Validation email address (https://trumail.io/)
   → Whoxy - Reverse Whois service (https://whoxy.com/) KEY NEEDED
   → haveIbeenPwned - Dumps (https://haveibeenpwned.com/)
   → Username check - Check username, based on email address, across social media sites (https://username-availability.herokuapp.com/)
   → Google - Query Google
- IP
   → Geolocation - Geolocate IP (https://extreme-ip-lookup.com/)
   → Threatcrowd - Information about IP (https://github.com/AlienVault-OTX/ApiV2)
   → VirusTotal - Information about IP (https://www.virustotal.com/) Key needed
- Domain
   → TLD - Get sponsor of particular Top Level Domain (https://raw.githubusercontent.com/mikewesthad/tld-data/master/data/tlds.json)
   → Threatcrowd - Information about domain (https://github.com/AlienVault-OTX/ApiV2)
   → Whoxy - Whois service (https://whoxy.com/)
   → Whois history - Historical data about domain (https://whoxy.com/)
   → Wayback Machine - Archive version of website (http://archive.org/)
   → VirusTotal - Information about domain (https://www.virustotal.com/)