 Well, good morning. Thank you for coming from my presentation. My name is José Manuel Ortega. I come from Spain. This is my first time here in Fosdem. This tool is oriented for security researchers, analysis that are interested in noticing open source intelligence with FACPEN. Well, this tool is a complement that was made for the European Python last year. The link is available in my personal site. This tool that was made last year is oriented to pen testing with Python, the main tools that we have in Python, and what are the main modules that we can use for develop our own pen testing tool. Well, some of the samples that I will comment in this presentation are available in my personal jihad repository. Well, I comment some of these samples, like the Shodan, starting metadata from images and documents, and for example, the obtained information from jihad repositories for a specific user or company. Well, this is the main tool. The main points I will talk. I will make a little introduction to what is OSEAN or definition. Later, I will comment what are the main sites that provide server information, public information that is available on the internet, and services like census and so on provide and recover all the information that is servers, operating systems and so on. Later, I will comment what are the main tools that we can find in Python ecosystem for OSEAN. And later, some samples for obtained geolocation, starting metadata from documents, and other tools for footprinting. What is OSEAN? Basically, OSEAN is the acronym of Open Source Intelligent, and with OSEAN we can extract in general information from social networks and in general public sources that are available on the internet. We can obtain technical data from servers, service, software operating systems, all other information related with social media, emails, photos from social networks, IP addresses, footprinting information from services, and other information related with network and operational intelligence. Good information we can extract with OSEAN techniques. For example, the geolocation of a server or a service, the IP address, email address of a person, the telephone number of a specific company or user, user names in social network profiles. Also, we can obtain extract metadata information from images and documents, and finally, obtain in general server information and extract, obtain vulnerabilities in the service. Well, I'm starting with Censis. Censis basically provides a lot of information about Censis internally. What is that? It's crawling the web, obtaining information about IP addresses, how it serves, and so on. And save this information in other ways. Basically, it provides a decent 600 gigabytes and all information about IP addresses, certificates, location of the servers, and so on. In an easy way with Censis, Censis provides a recipe for obtaining information. For example, if we want to obtain the information from an IP address or domain, we can use this recipe. In this example, we can see that from a specific domain, we can obtain the geolocation of the domain. Information related with certificates about the site, subdomains. Also, we can obtain this kind of information. Sodan is another service like Censis. Sodan provides another database for recovering all this information that is available on the internet. All this information is fully. And Sodan also provides this. With Sodan, we can find more in Python. We have a Sodan module that we can use for searching in Sodan API with Python. We need to register in Sodan site and obtain a Sodan API key. And with this API key, we can make a search by host, by IP address, and so on. And in general, all information we can obtain if we can obtain the organization, the operating system, and in general, all partners, servers that provide this site. For example, if we try to look for the domain, we obtain the organization, the operating system, where the server is executing. And for each port, if it's open, the port detects the banner of the port. The server, the operating system, and so on. All this information about Sodan is available also if we search in Sodan.io, is that host. We can check the data, this data with passing the IP address. And the information is the same. We show that also we can detect vulnerabilities that are available in the common vulnerability and exposure that there is. Also, we can check, we can obtain this information. For example, if the server is executing an open SSL version that has vulnerabilities with this script, with this simple script, we can check this kind of vulnerability. Sodan also provides a developer API. Instead of using the Python module, we can use a classical recipe for making the request. For example, if we want to obtain the last search that users made in Sodan services, we can use that specific recipe called query search that retours all the requests that users are executing in Sodan. Well, the next tool that we come in, well, this is the first tool that we come in that is developing in Python. ReconNG, ReconNG is one of the most known open source intelligence. It is very maintained. It's available in feedback repository. And internally, the architecture of this tool is based in modules. And recollect all information in database. This tool is developed in Python 2 and the main modules that it's using. We can highlight, for example, Dennis Python, LSML for passing the information. Also other tools like Metcanize, PyPathetic, for extracting metadata from PDFs, documents, and SQLite for persisting the data. Well, the architectural record of this tool is based in modules. If we type in the console showModules, it shows information what are the modules available in this tool. We have modules for discovery information, for exploit, for exploit also. Other tools, other modules that we have are, for example, contacts, obtain credentials, obtain domains, or obtain some domains for a specific target. Recollect contacts for a specific email address, for example. In this example, we can see that with the Freo J-O-E-P module, we can extract the geolocation of the forced-end.org domain. Basically what this module provides are options. They are default options. But, for example, if we want to extract information for a specific domain, we need to set the server URL parameter. Also, we can extract some domains for a specific domain. In this case, it's using the api.hacker.target.slaghost.search. The idea is to obtain all two domains that are in the main domain that we are analyzing. Also, this tool is integrated with Shodan API. With Shodan API, we can also obtain the subdomains for a specific domain. In this example, we can see that extracts subdomains, other hosts that we were in the site, IP addresses in version four and six. Another interesting tool for starting with those in tennis in Python is the Harvester. The Harvester is one of the main tools for obtaining, for example, information about email addresses, subdomains, and so on. Basically, the Harvester tool is developed in a modular way. We can find modules, we can find files for making search in Google Search, in Bing, in other social networks like LinkedIn, Twitter, Shodan. The main modules that are used for developing this tool are HTTP live, socket requests, and so on. In this example, we can see that, for example, emails for a specific domain, and other subdomains, or hosts, or other IP addresses. For example, with the v-parameter, we can specify the search engine that we want to use. In this case, we are using the Google search engine over the domain Python.org, and with the l-parameter, we can specify the limit of the results. In this example, we can see that in a nice way we can extract all information of the domain. Another tool in the rest team, well, this tool is developed by a group of people, of research people in Spain, in a group of security researchers. This tool is available in GitHub repository, and we can install this tool with PIP. It's developed in Python 2.7, and integrates with Maltego transfers for obtaining more information with the target that we are analyzing. The main modules that this tool is using are, for example, a beautiful suit for passing the data of the web, requests, mechanize, Python s, Python who is for recording information, who is information about the specific domain, Tweetpy for connecting with Twitter, Skype for Py for connecting with Skype. Another, for example, Python in my life for checking email addresses. This tool has some scripts that we can execute. These scripts can execute separately each one of them. For example, if we want to obtain, we have the search.py script. If we want to, we need to extract the information about specific user or specific domain. You can use the P-parameter with Twitter for searching all the accounts that match with the first name. And retouch all the accounts in Twitter that match with the Twitter account. We have another script related with the previous script that we find with the first name. It retouches all the other network profiles, other social network profiles that match with this name. This tool has the capacity to connect with more than 2,000 platforms in general, social networks. And it has the capacity to find all this information, to find this information in a lot of platforms. Well, this tool I'm commenting now is developed also in Python 2.7. Python 4 is oriented to tax footprinting tax for discovering subdomains. Another information related with the target that we are analyzing. Internally, it's using beautiful suit and spy tones, sockets, cherry pie for building the website. And another model, for example, NetAdress or PyPE for extracting metadata from previous documents. This tool has the capacity to connect with many data source for extracting all data. It has the capacity to connect with many data source and match relation of all results in a graphical way. For example, if we want to extract, we want to share, for example, all the repositories related with the domain that we are analyzing. We can use this tool for obtaining these kind of results. In this example, we are obtaining Jihad repositories related with the domain that we are analyzing. And also in a graphical way, we can obtain, we can see the relation between FOSDEM.org domain and other subdomains, social networks, social profile networks. For example, if we want to extract information about a specific author in a Jihad repository, we can use the api.jihad.com or slash users, and in an easy way we can obtain information like this. For example, if we want to share by FOSDEM domain, we can see the results by this. We obtain user URL, deployment URL, and other URLs related with the target way that we are analyzing. For starting Metadata, well, basically we can extract Metadata where we are analyzing or researching in obtaining Metadata. We have two modules, one PPF2 and PDFminer for starting Metadata from PDFs and for starting Metadata from Image, we have some modules. For example, we have PILO and PES6-2 in Python 2.7. And if we need to go to Python 3, we have GX6-2. In this example, we can see that we are extracting Metadata from Image and obtaining, for example, the GPS info with the latitude and longitude values and other information that is stored in the image inside. For obtaining J-location, also we have the JOP2 module. Basically with this module, we can specify the IP address and in return, all the J-location of these IP addresses. In return, city, country, a lot of information related with J-location. Internal age is needed to use a file called geolittlecity.mmdb. This is like a database that has a lot of information with the relation between IP addresses and the geolocation of these IP addresses. Well, until now, all tools that I have seen are developed in Python 2. But the question is, is it possible to develop a tool of this kind in Python 3? Yes, the question is yes, it's possible. We have a beautiful tool for passing word information. We have a request or a URL for synchronous request. We have a SYNCHIO or IHTP for asynchronous. We have a Scrappy for webcrowling or Robo-Broser. We have a BOGP for geolocation. We have another modules for connecting with social networks like P2N Twitter or Tweetpy. All these modules are compatible with Python 3. And the answer is yes. This is one of the tools that I have seen that are developed in Python 3. It's called Web of Information Gather. And it's a very simple tool that what it does is recovering all basic information about a specific website. Indec.dex, the operating system, the version of the server that is executing, subdomains of the site and struct more information related with this site. And finally, we want to extract information for Twitter. For example, we have TeamFolik. TeamFolik is developed by a Spanish security researcher. And it provides many parameters. For example, we can filter the result by star or end date. We can find information about specific user account like hashtags, mentors, metadata information from image and media. Well, for finishing, for using this tool, we need to configure this a little file for where we need to put the typical information about a consumer key as a stock end that we can find in the developer Twitter API. Also, we can extract your location. If the user is the account of the user is activated, the location of the user is activated in user accounts. We can obtain this coordination, location, latitude, longitude. And finally, the full content API provides another way of extract information about a person from an email address. In an easy way, we can, for example, obtain all the information about the specific email, the employees of this person, other social networks, other social profile networks of this person. Also, this API, we can use this API for extracting information from a specific domain. In this case, we are extracting what are the social networks that match with this domain. Well, all these tools, some of the tools that I comment are available in Kalininux, like, for example, we can find ReconNG, the harvester, are available in Kalininux. And that's all. These are the references and the books. Thank you. Some questions? No?