sn0int
Getting Started
# Documentation
https://github.com/kpcyrd/sn0int
https://sn0int.readthedocs.io
# Registry
https://sn0int.com/
# Default, no modules installed
# Quick install
> pkg quickstart
> pkg --help
# Scopes
> workspace demo
> add domain
Domain : domain.com
# Confirm
> select domains
> select domains where id=1
> select domains where value like %.com
> select domains where ( value like e% and value like %m ) or false
# Modules
# Informations gathered by modules can be picked up by others
> pkg list
# Certificate transparency
> use ctlogs
> run
# DNS
> use dns-resolve
> run
# Scan for discovered URLs
> use url-scan
> target
> target where resolvable
> run
> select urls
Unscoping entities
# Unscopping entities
# Modules are greedy and add inscope things you don't want
# You can delete it, but it can still be picked up by other modules
# Or you can set specific flags on that entity
> target
> noscope domains where value=google.com
> target
# Reverse behavior
> scope domains where true
# Autonoscope
# You can define rules to auto-unscope items
[sn0int][demo] > # add the domain first
[sn0int][demo] > # this is necessary because we only want to partially unscope example.com
[sn0int][demo] > add domain example.com
[sn0int][demo] >
[sn0int][demo] > # automatically noscope all subdomains
[sn0int][demo] > autonoscope add domain example.com
[sn0int][demo] > # except subdomains of prod.example.com
[sn0int][demo] > autoscope add domain prod.example.com
[sn0int][demo] >
[sn0int][demo] > autonoscope list
scope domain "prod.example.com"
noscope domain "example.com"
[sn0int][demo] >
[sn0int][demo] > # this is going to be out-of-scope
[sn0int][demo] > add subdomain www.example.com
[sn0int][demo] > # this is going to be in-scope
[sn0int][demo] > add subdomain db.prod.example.com
[sn0int][demo] >
[sn0int][demo] > select subdomains
#1, "www.example.com"
#2, "db.prod.example.com"
[sn0int][demo] > select subdomains where unscoped=0
#2, "db.prod.example.com"
[sn0int][demo] > select subdomains where unscoped=1
#1, "www.example.com"
[sn0int][demo] >
# Autonoscope rules for domains are applied to domains, subdomains, urls
# Autonoscope rules for IPs are applied to ipaddrs, netblocks, ports
# Autonoscope rules for URLs are applied only to urls
Keyring
# Keyring
[sn0int][default] > keyring add aws:AKIAIOSFODNN7EXAMPLE
Secretkey: keep-this-secret
[sn0int][default] > keyring list
aws:AKIAIOSFODNN7EXAMPLE
[sn0int][default] >
[sn0int][default] > keyring list aws
aws:AKIAIOSFODNN7EXAMPLE
[sn0int][default] > keyring list instagram
[sn0int][default] >
[sn0int][default] > keyring get aws:AKIAIOSFODNN7EXAMPLE
Namespace: "aws"
Access Key: "AKIAIOSFODNN7EXAMPLE"
Secret: "keep-this-secret"
[sn0int][default] >
Structs
| Structure | Attributes |
|---|---|
| Domains | value |
| Subdomains | value, domain_id, resolvable |
| IP | value, family, continent, continent_code, country, city, latitude, longitude, asn, as_org, description, reverse_dns |
| URLs | subdomain_id, value, status, body, online, title, redirect |
| Emails | value, displayname, valid |
| Phonenumbers | value, name, valid, last_online, country, carrier, line, is_ported, last_ported, caller_name, caller_type |
| Devices | value, name, hostname, vendor, last_seen |
| Networks | value, latitude, longitude, description |
| Accounts | service, username, displayname, email, url, last_seen, birthday, phonenumber, profile_pic |
| Breaches | value |
| Images | value, filename, mime, width, height, created, latitude, longitude, nudity, ahash, dhash, phash |
| Ports | ip_addr_id, ip_addr, port, status, banner, service, version |
| Netblocks | family, value, asn, as_org, description |
| CryptoAddrs | value, currency, denominator, balance, received, first_seen, last_withdrawal, description |
Modules
# Registry contains all modules
https://sn0int.com/
# Searching
> pkg search patreon
kpcyrd/patreon (0.1.0) - 17 downloads
Collect information from patreon profiles
# Install
> pkg install kpcyrd/patreon
[+] Installing kpcyrd/patreon
[+] Loaded 51 modules