sn0int

Getting Started

# Documentation
https://github.com/kpcyrd/sn0int
https://sn0int.readthedocs.io

# Registry
https://sn0int.com/

# Default, no modules installed
# Quick install
> pkg quickstart
> pkg --help

# Scopes
> workspace demo
> add domain
Domain : domain.com

# Confirm
> select domains
> select domains where id=1
> select domains where value like %.com
> select domains where ( value like e% and value like %m ) or false

# Modules
# Informations gathered by modules can be picked up by others
> pkg list

# Certificate transparency
> use ctlogs
> run

# DNS
> use dns-resolve
> run

# Scan for discovered URLs
> use url-scan
> target
> target where resolvable
> run
> select urls


Unscoping entities

# Unscopping entities
# Modules are greedy and add inscope things you don't want
# You can delete it, but it can still be picked up by other modules
# Or you can set specific flags on that entity
> target
> noscope domains where value=google.com
> target

# Reverse behavior
> scope domains where true

# Autonoscope
# You can define rules to auto-unscope items
[sn0int][demo] > # add the domain first
[sn0int][demo] > # this is necessary because we only want to partially unscope example.com
[sn0int][demo] > add domain example.com
[sn0int][demo] >
[sn0int][demo] > # automatically noscope all subdomains
[sn0int][demo] > autonoscope add domain example.com
[sn0int][demo] > # except subdomains of prod.example.com
[sn0int][demo] > autoscope add domain prod.example.com
[sn0int][demo] >
[sn0int][demo] > autonoscope list
  scope domain "prod.example.com"
noscope domain "example.com"
[sn0int][demo] >
[sn0int][demo] > # this is going to be out-of-scope
[sn0int][demo] > add subdomain www.example.com
[sn0int][demo] > # this is going to be in-scope
[sn0int][demo] > add subdomain db.prod.example.com
[sn0int][demo] >
[sn0int][demo] > select subdomains
#1, "www.example.com"
#2, "db.prod.example.com"
[sn0int][demo] > select subdomains where unscoped=0
#2, "db.prod.example.com"
[sn0int][demo] > select subdomains where unscoped=1
#1, "www.example.com"
[sn0int][demo] >

# Autonoscope rules for domains are applied to domains, subdomains, urls
# Autonoscope rules for IPs are applied to ipaddrs, netblocks, ports
# Autonoscope rules for URLs are applied only to urls


Keyring

# Keyring
[sn0int][default] > keyring add aws:AKIAIOSFODNN7EXAMPLE
Secretkey: keep-this-secret
[sn0int][default] > keyring list
aws:AKIAIOSFODNN7EXAMPLE
[sn0int][default] >
[sn0int][default] > keyring list aws
aws:AKIAIOSFODNN7EXAMPLE
[sn0int][default] > keyring list instagram
[sn0int][default] >
[sn0int][default] > keyring get aws:AKIAIOSFODNN7EXAMPLE
Namespace:    "aws"
Access Key:   "AKIAIOSFODNN7EXAMPLE"
Secret:       "keep-this-secret"
[sn0int][default] >


Structs

Structure Attributes
Domains value
Subdomains value, domain_id, resolvable
IP value, family, continent, continent_code, country, city, latitude, longitude, asn, as_org, description, reverse_dns
URLs subdomain_id, value, status, body, online, title, redirect
Emails value, displayname, valid
Phonenumbers value, name, valid, last_online, country, carrier, line, is_ported, last_ported, caller_name, caller_type
Devices value, name, hostname, vendor, last_seen
Networks value, latitude, longitude, description
Accounts service, username, displayname, email, url, last_seen, birthday, phonenumber, profile_pic
Breaches value
Images value, filename, mime, width, height, created, latitude, longitude, nudity, ahash, dhash, phash
Ports ip_addr_id, ip_addr, port, status, banner, service, version
Netblocks family, value, asn, as_org, description
CryptoAddrs value, currency, denominator, balance, received, first_seen, last_withdrawal, description


Modules

# Registry contains all modules
https://sn0int.com/

# Searching
 > pkg search patreon
kpcyrd/patreon (0.1.0) - 17 downloads
    Collect information from patreon profiles

# Install
> pkg install kpcyrd/patreon
[+] Installing kpcyrd/patreon
[+] Loaded 51 modules