Browse Source

moved from https://github.com/epsylon/orb

psy 5 years ago
parent
commit
a53273dd6c

+ 363 - 2
README.md

@@ -1,3 +1,364 @@
-# orb
+=================================================================== 
 
-Orb is a massive footprinting tool.
+![orb](https://orb.03c8.net/orb/orb.png)
+
+----------
+
+Orb: footprinting tool - by psy 
+
+========================
+
+  Orb - is a massive footprinting tool.
+
+  It will use passive/active -automated- methods to provides you real information about
+  a target. You only need to set a 'concept' to start to gather information. 
+
+  Orb uses this methods:
+
+     + Passive:
+          - crawlering on search engines for public information (deep web included)
+          - searching for registered domains
+          - extracting whois info (owners, dates)
+          - discovering subdomains
+          - searching for machines running services
+          - searching for DNS records (A, NS, MX, TXT)
+          - extracting CVE and CVS records (vulnerabilities)
+
+     + Active:
+          - scanning for open ports (tcp/udp)(1-65535)
+          - fingerprinting banners (states, vendors, OS, versions, CPE)
+
+  After this tasks... Orb will provide you some fancy reports.
+
+
+### License
+
+  Orb is free software, and may be redistributed under [GPL v3].
+
+
+### Installing Orb:
+
+  Orb runs on many platforms.  It requires Python (2.x.y) and the following libraries:
+
+       python-whois - Python module for retrieving WHOIS information - Python 2
+       python-dnspython - DNS toolkit for Python
+       python-nmap - Python interface to the Nmap port scanner
+
+  On Debian-based systems (ex: Ubuntu), run: 
+
+       sudo apt-get install python-whois python-dnspython python-nmap
+
+  Source libs:
+
+       * Python: https://www.python.org/downloads/
+       * Pypi-whois: https://pypi.python.org/pypi/whois
+       * Pydnspython: https://pypi.python.org/pypi/dnspython
+       * python-nmap: https://pypi.python.org/pypi/python-nmap
+
+
+### Examples
+
+  You can use:
+
+    ./orb --update
+    ./orb --check-tor
+    ./orb --gui (for Web interface)
+
+  Or:
+
+    ./orb --spell='target'
+
+  Ex (massive):
+
+    ./orb --spell='target' --ext='.com,.net,.org' --sa
+
+## Options and features:
+
+```
+ ./orb --help
+
+Usage: Orb.py [options]
+
+Options:
+  --version             show program's version number and exit
+  -h, --help            show this help message and exit
+  -v, --verbose         active verbose on requests
+  --check-tor           check to see if Tor is used properly
+  --update              check for latest stable version
+  --spell=TARGET        start complete footprinting on this target
+  --gui                 run GUI (Orb Web Interface)
+
+  *Methods*:
+    These options can be used to set some footprinting interaction
+    restrictions with target(s). You only can set one:
+
+    --passive           use only -passive- methods
+    --active            use only -active- methods
+
+  *Search Engines*:
+    These options can be used to specify which search engines use to
+    extract information:
+
+    --se=ENGINE         set search engine (default: Yahoo)
+    --se-ext=ENGINELOC  set location for search engine (ex: 'fr')
+    --sa                search massively using all search engines
+
+  *Public*:
+    Orb will search for interesting public records. You can choose
+    multiple:
+
+    --no-public         disable search for public records
+    --no-deep           disable deep web records
+    --no-financial      disable financial records
+    --no-social         disable social records
+    --social-f=SOCIALF  set a list of social sources from file
+    --no-news           disable news records
+    --news-f=NEWSF      set a list of news sources from file
+
+  *Domains*:
+    Orb will search on different databases for registered domains using
+    IANA supported by default. You only can set one:
+
+    --ext=EXT           set extensions manually (ex: --ext='.com,.net,.es')
+    --ext-f=EXTFILE     set a list of extensions from file
+
+  *Whois*:
+    Orb will search on 'Whois' records for registrant information:
+
+    --no-whois          disable extract whois information
+
+  *Subdomains*:
+    Orb will try to discover info about subdomains:
+
+    --no-subs           disable try to discover subdomains
+
+  *DNS*:
+    Orb will try to discover info about DNS records and machines running
+    them. You can choose multiple:
+
+    --no-dns            disable try to discover DNS records
+    --resolver=RESOLV   specify custom DNS servers (ex: '8.8.8.8,8.8.8.4')
+
+  *Port Scanning*:
+    These options can be used to specify how to perfom port scanning
+    tasks. You can choose multiple:
+
+    --no-scanner        disable scanner
+    --no-scan-dns       disable scan DNS machines
+    --no-scan-ns        disable scan NS records
+    --no-scan-mx        disable scan MX records
+    --scan-tcp          set scanning protocol to only TCP (default TCP+UDP)
+    --scan-ports=PORTS  set range of ports to scan (default 1-65535)
+    --show-filtered     show 'filtered' ports on results
+
+  *Banner grabbing*:
+    Orb will try to extract interesting information about services running
+    on machines discovered (ex: OS, vendor, version, cpe, cvs):
+
+    --no-banner         disable extract banners from services
+    --no-cve            disable extract vulnerabilities from CVE
+    --no-cvs            disable extract CVS description
+
+  *Reporting*:
+    These options can be used to specify exporting methods for your
+    results. You can choose multiple:
+
+    --no-log            disable generate reports
+    --json=JSON         generate json report (ex: --json='foo.json')
+
+```
+
+#### Methods
+
+  - You can select a set of options organized by footprinting method. 
+
+    For this release:
+
+     + Passive:
+       - Search for public records
+       - Search for financial records
+       - Search for deep web records
+       - Search for social records
+       - Search for news records
+       - Extract whois information
+       - Discover subdomains (using non intrusive methods)
+       - Not scan ports on machines
+       - Not scan DNS records
+       - Not scan NS records
+       - Not scan MX records
+       - Not banner grabbing
+
+       *Ex: ./orb --spell 'target' --passive
+
+     + Active:
+       - Opposite to 'Passive' method.
+
+       *Ex: ./orb --spell='target' --active
+
+
+#### Search Engines
+
+  - You can set different search engines to gather public records from the Internet.
+
+    For this release (by default: Yahoo):
+
+     + Supported:
+       - Yahoo (yahoo.com) [28/03/2018]
+       - Bing (bing.com) [28/03/2018]
+       - Torch! (deep web) [28/03/2018]
+
+       *Ex: ./orb --spell='target' --se='yahoo'
+
+  - Also you can set the location for search engine to retrieve more accurate information
+    about your target.
+
+    For example, if is located in Spain you can try to use 'yahoo.es' servers:
+
+       *Ex: ./orb --spell='target' --se='yahoo' --se-ext='es' (france=fr, italy=it, etc...)
+
+  - You can search massively using all search engines with:
+
+       *Ex: ./orb --spell='target' --sa
+
+    These options can be combined:
+
+       *Ex: ./orb --spell='target' --sa --se-ext='nl'
+
+
+#### Public Records
+
+  - Orb will search on the WWW for interesting public records. 
+ 
+    But is important to set what is "interesting" for you. For that you can create a list of sources
+    organized by some non variable categories: social and news.
+
+    It is added to the tool an example folder for Spain to see how works:
+
+       *Ex: ./orb --spell='target' --social-f='core/sources/spain/social.txt' --news-f='core/sources/spain/news.txt'
+
+    You should try to build your own sources. 
+
+    By default it is using most ranked Alexa.com services short by category. So you will have a nice global scope from
+    the beginning.
+
+
+#### Domains
+
+  - You can set which domain extensions do you want to use to perform footprinting tasks.
+
+    By default, Orb will use IANA supported domains. But you can set your own manually:
+
+       *Ex: ./orb --spell='target' --ext='.com,.net,.org'
+
+    Or directly set a list from a file (examples provided):
+     
+       *Ex: ./orb --spell='target' --ext-f='core/sources/user-exts.txt'
+
+
+####  Whois
+
+  - Orb will search on 'Whois' records for registrant information.
+
+```
+       *Output example*:
+       -----------------
+       -Domain: microsoft.com
+       -Registrant: MARKMONITOR INC.
+       -Creation date: 1991-05-02 00:00:00
+       -Expiration: 2021-05-03 00:00:00
+       -Last update: 2014-10-09 00:00:00
+       -----------------
+```
+
+####  Subdomains
+
+  - Orb will try to discover info about subdomains.
+
+    For this release it is using a passive method with search engines (not bruteforcing).
+
+
+####  DNS
+
+  - Orb will try to discover info about DNS records and machines running them.
+
+    You can set which DNS resolvers (Google used by default) do you want to use for that tasks:
+      
+       *Ex: ./orb --spell='target' --resolver='8.8.8.8,8.8.8.4'
+
+
+####  Port Scanning
+
+  - Orb will use Nmap -python lib wrapper- to perform port scanning tasks.
+
+    You can set protocol type to only TCP (UDP+TCP by default) with:
+
+       *Ex: ./orb --spell='target' --scan-tcp
+
+    Or select which ports do you want to try with:
+
+       *Ex: ./orb --spell='target' --scan-ports='21-443'
+
+    ** Port scanner will show you only 'Open' ports on machines. 
+
+    You can see also 'Filtered' ports with:
+
+       *Ex: ./orb --spell='target' --scan-ports='21-443' --show-filtered
+
+
+####  Banner Grabbing
+
+  - Orb will try to extract interesting information about services running
+    on machines discovered (ex: OS, vendor, version, cpe, cve, cvs):
+
+```
+       *Output example*:
+       -----------------
+       - IP: XXX.XXX.XXX.XXX
+         * State : up
+          - Protocol : tcp
+            + Port: 80 ( open ) - IBM WebSEAL reverse http proxy  |  http-proxy  
+              + CVE-2014-0963 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0963
+                -----
+                Last updated: 3/27/2016 2:37:25 PM
+                CVE Publication rate: 11.13
+                The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages.
+       -----------------
+```
+
+####  Reporting
+
+  - Orb will log all tasks and results organizing them by target on a folder: 'reports/'. 
+
+    You can launch the tool without any log adding:
+
+        *Ex: ./orb --spell='target' --no-log
+
+  - For verbose output you can use:
+
+        *Ex: ./orb --spell='target' -v
+
+  - Also you can generate a JSON report only with valid data gathered with:
+
+        *Ex: ./orb --spell='target' --json='target.json'
+
+
+### Contribute: 
+
+  If you want to contribute to Orb development, reporting a bug, providing a patch, commenting 
+  on the code base or simply need to find help to run it, please go to:
+
+      irc.freenode.net / channel: #Orb
+
+  If nobody gets back to you, then drop an e-mail.
+
+  To make donations use the following hashes:
+  
+      - Bitcoin: 1Q63KtiLGzXiYA8XkWFPnWo7nKPWFr3nrc
+      - Ecoin: ETtSteMWxjY7RKWZGMNSkX7eC3BJ21VYXE
+
+
+### Contact
+
+  Please report any problems you encounter using/installing Orb to:
+
+      - psy (epsylon@riseup.net)

+ 11 - 0
orb/core/__init__.py

@@ -0,0 +1,11 @@
+#!/usr/bin/env python 
+# -*- coding: utf-8 -*-"
+"""
+This file is part of the orb project, https://orb.03c8.net
+
+Orb - 2016/2017/2018 - by psy (epsylon@riseup.net)
+
+You should have received a copy of the GNU General Public License along
+with RedSquat; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""

File diff suppressed because it is too large
+ 1085 - 0
orb/core/main.py


+ 108 - 0
orb/core/options.py

@@ -0,0 +1,108 @@
+#!/usr/bin/env python 
+# -*- coding: utf-8 -*-"
+"""
+This file is part of the orb project, https://orb.03c8.net
+
+Orb - 2016/2017/2018 - by psy (epsylon@riseup.net))
+
+You should have received a copy of the GNU General Public License along
+with RedSquat; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+import optparse
+
+class OrbOptions(optparse.OptionParser):
+    def __init__(self, *args):
+        optparse.OptionParser.__init__(self, 
+                           description='\nOrb: footprinting tool - by psy',
+                           prog='Orb.py',
+                           version='\nVersion: v0.2 - "Green Orb"\n')
+        self.add_option("-v", "--verbose", action="store_true", dest="verbose", help="active verbose on requests")
+        self.add_option("--check-tor", action="store_true", dest="checktor", help="check to see if Tor is used properly")
+        self.add_option("--update", action="store_true", dest="update", help="check for latest stable version")
+        self.add_option("--spell", action="store", dest="target", help="start complete footprinting on this target")
+        self.add_option("--gui", action="store_true", dest="gui", help="run GUI (Orb Web Interface)")
+
+        group10 = optparse.OptionGroup(self, "*Methods*",
+        "These options can be used to set some footprinting interaction restrictions with target(s). You only can set one:")
+        group10.add_option("--passive", action="store_true", dest="passive", help="use only -passive- methods")
+        group10.add_option("--active", action="store_true", dest="active", help="use only -active- methods")
+        self.add_option_group(group10)
+
+        group1 = optparse.OptionGroup(self, "*Search Engines*",
+        "These options can be used to specify which search engines use to extract information:")
+        group1.add_option("--se", action="store", dest="engine", help="set search engine (default: Yahoo)")
+        group1.add_option("--se-ext", action="store", dest="engineloc", help="set location for search engine (ex: 'fr')")
+        group1.add_option("--sa", action="store_true", dest="allengines", help="search massively using all search engines")
+        self.add_option_group(group1)
+
+        group2 = optparse.OptionGroup(self, "*Public*", 
+        "Orb will search for interesting public records. You can choose multiple:")
+        group2.add_option("--no-public", action="store_true", dest="public", help="disable search for public records")
+        group2.add_option("--no-deep", action="store_true", dest="deep", help="disable deep web records") 
+        group2.add_option("--no-financial", action="store_true", dest="financial", help="disable financial records")
+        group2.add_option("--no-social", action="store_true", dest="social", help="disable social records")
+        group2.add_option("--social-f", action="store", dest="socialf", help="set a list of social sources from file")
+        group2.add_option("--no-news", action="store_true", dest="news", help="disable news records")
+        group2.add_option("--news-f", action="store", dest="newsf", help="set a list of news sources from file")
+        self.add_option_group(group2)
+
+        group3 = optparse.OptionGroup(self, "*Domains*",
+        "Orb will search on different databases for registered domains using IANA supported by default. You only can set one:")  
+        group3.add_option("--ext", action="store", dest="ext", help="set extensions manually (ex: --ext='.com,.net,.es')")
+        group3.add_option("--ext-f", action="store", dest="extfile", help="set a list of extensions from file")
+        self.add_option_group(group3)
+
+        group4 = optparse.OptionGroup(self, "*Whois*",
+        "Orb will search on 'Whois' records for registrant information:")            
+        group4.add_option("--no-whois", action="store_true", dest="whois", help="disable extract whois information")
+        self.add_option_group(group4)
+
+        group5 = optparse.OptionGroup(self, "*Subdomains*",
+        "Orb will try to discover info about subdomains:")   
+        group5.add_option("--no-subs", action="store_true", dest="subs", help="disable try to discover subdomains")
+        self.add_option_group(group5)
+
+        group6 = optparse.OptionGroup(self, "*DNS*",
+        "Orb will try to discover info about DNS records and machines running them. You can choose multiple:")
+        group6.add_option("--no-dns", action="store_true", dest="dns", help="disable try to discover DNS records")
+        group6.add_option("--resolver", action="store", dest="resolv", help="specify custom DNS servers (ex: '8.8.8.8,8.8.8.4')")
+        self.add_option_group(group6)
+
+        group7 = optparse.OptionGroup(self, "*Port Scanning*",
+        "These options can be used to specify how to perfom port scanning tasks. You can choose multiple:")
+        group7.add_option("--no-scanner", action="store_true", dest="scanner", help="disable scanner")
+        group7.add_option("--no-scan-dns", action="store_true", dest="scandns", help="disable scan DNS machines")
+        group7.add_option("--no-scan-ns", action="store_true", dest="scanns", help="disable scan NS records")
+        group7.add_option("--no-scan-mx", action="store_true", dest="scanmx", help="disable scan MX records")
+        group7.add_option("--scan-tcp", action="store_true", dest="proto", help="set scanning protocol to only TCP (default TCP+UDP)")
+        group7.add_option("--scan-ports", action="store", dest="ports", help="set range of ports to scan (default 1-65535)")
+        group7.add_option("--show-filtered", action="store_true", dest="filtered", help="show 'filtered' ports on results")
+        self.add_option_group(group7)
+
+        group8 = optparse.OptionGroup(self, "*Banner grabbing*",
+        "Orb will try to extract interesting information about services running on machines discovered (ex: OS, vendor, version, cpe, cvs):")
+        group8.add_option("--no-banner", action="store_true", dest="banner", help="disable extract banners from services")
+        group8.add_option("--no-cve", action="store_true", dest="cve", help="disable extract vulnerabilities from CVE")
+        group8.add_option("--no-cvs", action="store_true", dest="cvs", help="disable extract CVS description")
+        self.add_option_group(group8)
+
+        group9 = optparse.OptionGroup(self, "*Reporting*",
+        "These options can be used to specify exporting methods for your results. You can choose multiple:")
+        group9.add_option("--no-log", action="store_true", dest="nolog", help="disable generate reports")
+        group9.add_option("--json", action="store", dest="json", help="generate json report (ex: --json='foo.json')")
+        self.add_option_group(group9)
+
+    def get_options(self, user_args=None):
+        (options, args) = self.parse_args(user_args)
+        if (not options.checktor and not options.target and not options.gui and not options.update):
+            print '='*75, "\n"
+            print "  _|_|              _|        "
+            print "_|    _|  _|  _|_|  _|_|_|    "
+            print "_|    _|  _|_|      _|    _|  "
+            print "_|    _|  _|        _|    _|  "
+            print "  _|_|    _|        _|_|_|    "
+            print self.description, "\n"
+            print '='*75, "\n"
+            return False
+        return options

File diff suppressed because it is too large
+ 461 - 0
orb/core/orb.py


+ 21 - 0
orb/core/sources/README

@@ -0,0 +1,21 @@
+===================================================================
+
+  _|_|              _|
+_|    _|  _|  _|_|  _|_|_|
+_|    _|  _|_|      _|    _|
+_|    _|  _|        _|    _|
+  _|_|    _|        _|_|_|
+
+Orb: footprinting tool - by psy
+
+----------
+
+ + Web:  http://orb.03c8.net
+
+===============
+
+You can add records to this files when required.
+
+This is important to gather more specific information about your target.
+
+List provided by default is extracted from: www.alexa.com/topsites/

+ 254 - 0
orb/core/sources/iana-exts.txt

@@ -0,0 +1,254 @@
+.com
+.org
+.net
+.ac
+.ad
+.ae
+.af
+.ag
+.ai
+.al
+.am
+.an
+.ao
+.aq
+.ar
+.as
+.at
+.au
+.aw
+.ax
+.az
+.ba
+.bb
+.bd
+.be
+.bf
+.bg
+.bh
+.bi
+.bj
+.bm
+.bn
+.bo
+.br
+.bs
+.bt
+.bv
+.bw
+.by
+.bz
+.ca
+.cc
+.cd
+.cf
+.cg
+.ch
+.ci
+.ck
+.cl
+.cm
+.cn
+.co
+.cr
+.cs
+.cu
+.cv
+.cx
+.cy
+.cz
+.dd
+.de
+.dj
+.dk
+.dm
+.do
+.dz
+.ec
+.ee
+.eg
+.eh
+.er
+.es
+.et
+.eu
+.fi
+.fj
+.fk
+.fm
+.fo
+.fr
+.ga
+.gb
+.gd
+.ge
+.gf
+.gg
+.gh
+.gi
+.gl
+.gm
+.gn
+.gp
+.gq
+.gr
+.gs
+.gt
+.gu
+.gw
+.gy
+.hk
+.hm
+.hn
+.hr
+.ht
+.hu
+.id
+.ie
+.il
+.im
+.in
+.io
+.iq
+.ir
+.is
+.it
+.je
+.jm
+.jo
+.jp
+.ke
+.kg
+.kh
+.ki
+.km
+.kn
+.kp
+.kr
+.kw
+.ky
+.kz
+.la
+.lb
+.lc
+.li
+.lk
+.lr
+.ls
+.lt
+.lu
+.lv
+.ly
+.ma
+.mc
+.md
+.me
+.mg
+.mh
+.mk
+.ml
+.mm
+.mn
+.mo
+.mp
+.mq
+.mr
+.ms
+.mt
+.mu
+.mv
+.mw
+.mx
+.my
+.mz
+.na
+.nc
+.ne
+.nf
+.ng
+.ni
+.nl
+.no
+.np
+.nr
+.nu
+.nz
+.nz
+.om
+.pa
+.pe
+.pf
+.pg
+.ph
+.pk
+.pl
+.pm
+.pn
+.pr
+.ps
+.pt
+.pw
+.py
+.qa
+.re
+.ro
+.rs
+.ru
+.rw
+.sa
+.sb
+.sc
+.sd
+.se
+.sg
+.sh
+.si
+.sj
+.sk
+.sl
+.sm
+.sn
+.so
+.sr
+.st
+.su
+.sv
+.sy
+.sz
+.tc
+.td
+.tf
+.tg
+.th
+.tj
+.tk
+.tl
+.tm
+.tn
+.to
+.tp
+.tr
+.tt
+.tv
+.tw
+.tz
+.ua
+.ug
+.uk
+.us
+.uy
+.uz
+.va
+.vc
+.ve
+.vg
+.vi
+.vn
+.vu
+.wf
+.ws
+.ye
+.yt
+.za
+.zm
+.zw

+ 55 - 0
orb/core/sources/news.txt

@@ -0,0 +1,55 @@
+reddit.com
+cnn.com
+nytimes.com
+news.yahoo.com
+huffingtonpost.com
+news.google.com
+weather.com
+theguardian.com
+foxnews.com
+forbes.com
+timesofindia.indiatimes.com
+bbc.co.uk
+shutterstock.com
+usatoday.com
+accuweather.com
+bloomberg.com
+wsj.com
+reuters.com
+nbcnews.com
+economictimes.indiatimes.com
+wunderground.com
+money.cnn.com
+indianexpress.com
+drudgereport.com
+cbsnews.com
+abcnews.go.com
+latimes.com
+time.com
+nypost.com
+thehindu.com
+chron.com
+cnbc.com
+my.yahoo.com
+weather.gov
+theatlantic.com
+breitbart.com
+sfgate.com
+navbharattimes.indiatimes.com
+usnews.com
+hindustantimes.com
+hollywoodreporter.com
+topix.com
+bankrate.com
+chicagotribune.com
+theguardian.com
+fortune.com
+news.com.au
+eenadu.net
+nationalgeographic.com
+manoramaonline.com
+rt.com
+salesforce.com
+vanityfair.com
+networkworld.com
+mashpedia.com

+ 62 - 0
orb/core/sources/social.txt

@@ -0,0 +1,62 @@
+facebook.com
+yahoo.com
+youtube.com
+blogger.com
+mypace.com
+twitter.com
+wordpress.com
+rapidshare.com
+flickr.com
+linkedin.com
+aol.com
+photobucket.com
+orkut.com
+hi5.com
+conduit.com
+mediafire.com
+imageshack.us
+4shared.com
+livejournal.com
+digg.com
+wetransfer.com 
+filestube.com
+tagged.com
+ning.com
+tumblr.com
+vine.com
+vk.com
+ivoox.com
+meetup.com
+tagged.com
+ask.com
+meetme.com
+encyclopedia.kids.net.au
+mediafire.com
+github.com
+pinterest.com
+plus.google.com
+baidu.com
+amazon.com 
+qq.com
+msn.com
+bing.com
+ebay.com
+imgur.com 
+paypal.com
+wikimedia.org
+netflix.com
+stackoverflow.com
+office.com
+dropbox.com
+wikia.com
+cnet.com
+slideshare.net
+scribd.com
+answers.com
+thocp.net
+lurkmore.co
+newworldencyclopedia.org
+thefreedictionary.com
+dictionary.reference.com
+wiktionary.org
+alexa.com

+ 41 - 0
orb/core/sources/spain/news.txt

@@ -0,0 +1,41 @@
+boe.es
+seg-social.es
+marca.com
+elpais.com
+elmundo.es
+milanuncios.com
+as.com
+abc.es
+idealista.com
+elconfidencial.com
+lavanguardia.com
+20minutos.es
+eltiempo.es
+rtve.es
+eleconomista.es
+expansion.com
+eldiario.es
+libertaddigital.com
+huffingtonpost.es
+publico.es
+lavozdegalicia.es
+elperiodico.com
+telecinco.com
+antena3.com
+cuatro.com
+lasexta.com
+paginasamarillas.es
+cadenaser.com
+europapress.es
+elcorreo.com
+elespanol.com
+okdiario.com
+cincodias.com
+pcbolsa.com
+vozpopuli.com
+periodistadigital.com
+burbuja.info
+rankia.com
+bolsamania.com
+computerhoy.com
+jotdown.es

+ 10 - 0
orb/core/sources/spain/social.txt

@@ -0,0 +1,10 @@
+taringa.net
+forocoches.com
+infojobs.net
+elotrolado.net
+meaneme.net
+barrapunto.com
+change.org
+adslzone.net
+elhacker.net
+quitter.se

+ 95 - 0
orb/core/sources/user-agents.txt

@@ -0,0 +1,95 @@
+Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
+Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.811.0 Safari/535.1
+Mozilla/5.0 (X11; CrOS i686 12.433.109) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.93 Safari/534.30
+Mozilla/5.0 (Macintosh; U; Mac OS X 10_6_1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/ Safari/530.5
+Mozilla/5.0 (Linux; U; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1
+Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130401 Firefox/21.0
+Mozilla/6.0 (Windows; U; Windows NT 7.0; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.9 (.NET CLR 3.5.30729)
+Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.9) Gecko/2009042114 Ubuntu/9.04 (jaunty) Firefox/3.0.9
+Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2
+Mozilla/5.0 (Windows; U; Windows NT5.1; en; rv:1.7.10) Gecko/20050716 Firefox/1.0.5
+Mozilla/5.0 (Windows; U; Win98; fr-FR; rv:1.7.6) Gecko/20050226 Firefox/1.0.1
+Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.6) Gecko/20040207 Firefox/0.8
+Mozilla/5.0 (X11) KHTML/4.9.1 (like Gecko) Konqueror/4.9
+Mozilla/5.0 (compatible; Konqueror/4.5; FreeBSD) KHTML/4.5.4 (like Gecko)
+Mozilla/5.0 (compatible; Konqueror/3.5; NetBSD 4.0_RC3; X11) KHTML/3.5.7 (like Gecko)
+Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
+Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
+Mozilla/4.0(compatible; MSIE 7.0b; Windows NT 6.0)
+Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 7.0; InfoPath.3; .NET CLR 3.1.40767; Trident/6.0; en-IN)
+Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
+Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
+Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)
+Mozilla/5.0 (compatible; MSIE 10.0; Macintosh; Intel Mac OS X 10_7_3; Trident/6.0)
+Mozilla/4.0 (Compatible; MSIE 8.0; Windows NT 5.2; Trident/6.0)
+Mozilla/1.22 (compatible; MSIE 10.0; Windows 3.1)
+Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0
+Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8)
+Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322; Zango 10.1.181.0)
+Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.5; AOLBuild 4337.35; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
+Mozilla/4.0 (compatible; MSIE 6.0; AOL 8.0; Windows NT 5.1; SV1)
+Mozilla/5.0 (X11; Ubuntu; Linux armv7l; rv:17.0) Gecko/20100101 Firefox/17.0
+Mozilla/2.02E (Win95; U)
+Mozilla/5.0 (iPhone; U; CPU iOS 2_0 like Mac OS X; en-us)
+Mozilla/5.0 (Linux; U; Android 0.5; en-us)
+Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
+Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
+Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.29 Safari/525.13
+Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
+Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (FM Scene 4.6.1)
+Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) (Prevx 3.0.5)
+Mozilla/5.0 (compatible; Konqueror/4.5; FreeBSD) KHTML/4.5.4 (like Gecko)
+Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:5.0) Whistler/20110021 myibrow/5.0.0.0
+Mozilla/4.08 [en] (WinNT; I ;Nav)
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Oupeng/10.2.1.86910 Safari/534.30
+Mozilla/5.0 (SMART-TV; Linux; Tizen 2.3) AppleWebkit/538.1 (KHTML, like Gecko) SamsungBrowser/1.0 Safari/538.1
+myibrow/2.2 (Windows; U; Windows NT 5.1; cs; rv:1.8.1.14) Gecko/20080001 My Internet Browser/2.2.0.0 20080913235045
+Opera/9.25 (Windows NT 6.0; U; en)
+Privoxy/1.0
+CERN-LineMode/2.15
+cg-eye interactive
+China Local Browser 2.6
+ClariaBot/1.0
+Comos/0.9_(robot@xyleme.com)
+Crawler@alexa.com
+DonutP; Windows98SE
+Dr.Web (R) online scanner: http://online.drweb.com/
+Dragonfly File Reader
+Eurobot/1.0 (http://www.ayell.eu)
+FARK.com link verifier
+FavIconizer
+Feliz - Mixcat Crawler (+http://mixcat.com)
+TwitterBot (http://www.twitter.com)
+DataCha0s/2.0
+EvaalSE - bot@evaal.com
+Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)
+archive.org_bot
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50
+Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393
+Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
+Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
+Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
+Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
+Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
+Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
+Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
+Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
+Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0
+Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
+Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0

+ 3 - 0
orb/core/sources/user-exts.txt

@@ -0,0 +1,3 @@
+.com
+.org
+.net

+ 34 - 0
orb/core/update.py

@@ -0,0 +1,34 @@
+#!/usr/bin/env python 
+# -*- coding: utf-8 -*-"
+"""
+This file is part of the orb project, http://orb.03c8.net
+
+Orb - 2016/2017/2018 - by psy (epsylon@riseup.net)
+
+You should have received a copy of the GNU General Public License along
+with RedSquat; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+import os
+from subprocess import PIPE
+from subprocess import Popen as execute
+        
+class Updater(object):
+    """     
+    Update Orb automatically from a .git repository
+    """     
+    def __init__(self):
+        GIT_REPOSITORY = "https://github.com/epsylon/orb"
+        rootDir = os.path.abspath(os.path.join(os.path.dirname( __file__ ), '..', ''))
+        if not os.path.exists(os.path.join(rootDir, ".git")):
+            print "Not any .git repository found!\n"
+            print "="*30
+            print "\nTo have working this feature, you should clone Orb with:\n"
+            print "$ git clone %s" % GIT_REPOSITORY
+        else:
+            checkout = execute("git checkout . && git pull", shell=True, stdout=PIPE, stderr=PIPE).communicate()[0]
+            print checkout
+            if not "Already up-to-date" in checkout:
+                print "Congratulations!! Orb has been updated... ;-)\n"
+            else:
+                print "Your Orb doesn't need to be updated... ;-)\n"

+ 261 - 0
orb/docs/README

@@ -0,0 +1,261 @@
+=================================================================== 
+
+  _|_|              _|        
+_|    _|  _|  _|_|  _|_|_|    
+_|    _|  _|_|      _|    _|  
+_|    _|  _|        _|    _|  
+  _|_|    _|        _|_|_|    
+
+Orb: footprinting tool - by psy 
+
+----------
+
+ + Web:  https://orb.03c8.net
+
+===============
+  Project:
+===============
+
+  Orb - is a massive footprinting tool.
+
+  It will use passive/active -automated- methods to provides you real information about
+  a target. You only need to set a 'concept' to start to gather information. 
+
+  Orb uses this methods:
+
+     + Passive:
+          - crawlering on search engines for public information (deep web included)
+          - searching for registered domains
+          - extracting whois info (owners, dates)
+          - discovering subdomains
+          - searching for machines running services
+          - searching for DNS records (A, NS, MX, TXT)
+          - extracting CVE and CVS records (vulnerabilities)
+
+     + Active:
+          - scanning for open ports (tcp/udp)(1-65535)
+          - fingerprinting banners (states, vendors, OS, versions, CPE)
+
+  After this tasks... Orb will provide you some fancy reports.
+
+===============
+  Installing:
+===============
+
+  Orb runs on many platforms.  It requires Python (2.x.y) and the following libraries:
+
+       python-whois - Python module for retrieving WHOIS information - Python 2
+       python-dnspython - DNS toolkit for Python
+       python-nmap - Python interface to the Nmap port scanner
+
+  On Debian-based systems (ex: Ubuntu), run: 
+
+       sudo apt-get install python-whois python-dnspython python-nmap
+
+  Source libs:
+
+       * Python: https://www.python.org/downloads/
+       * Pypi-whois: https://pypi.python.org/pypi/whois
+       * Pydnspython: https://pypi.python.org/pypi/dnspython
+       * python-nmap: https://pypi.python.org/pypi/python-nmap
+
+====================
+  Examples:
+====================
+   
+  You can use:
+
+    ./orb --update
+    ./orb --check-tor
+    ./orb --gui (for Web interface)
+
+  Or:
+
+    ./orb --spell 'target'
+
+  Ex (massive):
+
+    ./orb --spell='target' --ext='.com,.net,.org' --sa
+
+====================
+  Methods:
+====================
+
+  - You can select a set of options organized by footprinting method. 
+
+    For this release:
+
+     + Passive:
+       - Search for public records
+       - Search for financial records
+       - Search for deep web records
+       - Search for social records
+       - Search for news records
+       - Extract whois information
+       - Discover subdomains (using non intrusive methods)
+       - Not scan ports on machines
+       - Not scan DNS records
+       - Not scan NS records
+       - Not scan MX records
+       - Not banner grabbing
+
+       *Ex: ./orb --spell 'target' --passive
+
+     + Active:
+       - Opposite to 'Passive' method.
+
+       *Ex: ./orb --spell='target' --active
+
+====================
+  Search engines:
+====================
+
+  - You can set different search engines to gather public records from the Internet.
+
+    For this release (by default: Yahoo):
+
+     + Supported:
+       - Yahoo (yahoo.com) [28/03/2018]
+       - Bing (bing.com) [28/03/2018]
+       - Torch! (deep web) [28/03/2018]
+
+       *Ex: ./orb --spell='target' --se='yahoo'
+
+  - Also you can set the location for search engine to retrieve more accurate information
+    about your target.
+
+    For example, if is located in Spain you can try to use 'yahoo.es' servers:
+
+       *Ex: ./orb --spell='target' --se='yahoo' --se-ext='es' (france=fr, italy=it, etc...)
+
+  - You can search massively using all search engines with:
+
+       *Ex: ./orb --spell='target' --sa
+
+    These options can be combined:
+
+       *Ex: ./orb --spell='target' --sa --se-ext='nl'
+
+====================
+  Public records:
+====================
+
+  - Orb will search on the WWW for interesting public records. 
+
+    But is important to set what is "interesting" for you. For that you can create a list of sources
+    organized by some non variable categories: social and news.
+
+    It is added to the tool an example folder for Spain to see how works:
+
+       *Ex: ./orb --spell='target' --social-f='core/sources/spain/social.txt' --news-f='core/sources/spain/news.txt'
+
+    You should try to build your own sources. 
+
+    By default it is using most ranked Alexa.com services short by category. So you will have a nice global scope from
+    the beginning.
+
+====================
+  Domains:
+====================
+
+  - You can set which domain extensions do you want to use to perform footprinting tasks.
+
+    By default, Orb will use IANA supported domains. But you can set your own manually:
+
+       *Ex: ./orb --spell='target' --ext='.com,.net,.org'
+
+    Or directly set a list from a file (examples provided):
+     
+       *Ex: ./orb --spell='target' --ext-f='core/sources/user-exts.txt'
+
+====================
+  Whois:
+====================
+
+  - Orb will search on 'Whois' records for registrant information.
+
+       *Output example*:
+       -----------------
+       -Domain: microsoft.com
+       -Registrant: MARKMONITOR INC.
+       -Creation date: 1991-05-02 00:00:00
+       -Expiration: 2021-05-03 00:00:00
+       -Last update: 2014-10-09 00:00:00
+       -----------------
+
+====================
+  Subdomains:
+====================
+
+  - Orb will try to discover info about subdomains.
+
+    For this release it is using a passive method with search engines (not bruteforcing).
+
+====================
+  DNS:
+====================
+
+  - Orb will try to discover info about DNS records and machines running them.
+ 
+    You can set which DNS resolvers (Google used by default) do you want to use for that tasks:
+      
+       *Ex: ./orb --spell='target' --resolver='8.8.8.8,8.8.8.4'
+
+====================
+  Port Scanning:
+====================
+
+  - Orb will use Nmap -python lib wrapper- to perform port scanning tasks.
+
+    You can set protocol type to only TCP (UDP+TCP by default) with:
+
+       *Ex: ./orb --spell='target' --scan-tcp
+
+    Or select which ports do you want to try with:
+
+       *Ex: ./orb --spell='target' --scan-ports='21-443'
+
+    ** Port scanner will show you only 'Open' ports on machines. 
+
+    You can see also 'Filtered' ports with:
+
+       *Ex: ./orb --spell='target' --scan-ports='21-443' --show-filtered
+
+====================
+  Banner Grabbing:
+====================
+
+  - Orb will try to extract interesting information about services running
+    on machines discovered (ex: OS, vendor, version, cpe, cve, cvs):
+
+       *Output example*:
+       -----------------
+       - IP: XXX.XXX.XXX.XXX
+         * State : up
+          - Protocol : tcp
+            + Port: 80 ( open ) - IBM WebSEAL reverse http proxy  |  http-proxy  
+              + CVE-2014-0963 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0963
+                -----
+                Last updated: 3/27/2016 2:37:25 PM
+                CVE Publication rate: 11.13
+                The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages.
+       -----------------
+
+====================
+  Reporting:
+====================
+
+  - Orb will log all tasks and results organizing them by target on a folder: 'reports/'. 
+
+    You can launch the tool without any log adding:
+
+        *Ex: ./orb --spell='target' --no-log
+
+  - For verbose output you can use:
+
+        *Ex: ./orb --spell='target' -v
+
+  - Also you can generate a JSON report only with valid data gathered with:
+
+        *Ex: ./orb --spell='target' --json='target.json'
+

+ 3 - 0
orb/docs/requeriments-macosx.txt

@@ -0,0 +1,3 @@
+python-whois
+dnspython
+python-nmap

+ 3 - 0
orb/docs/requeriments.txt

@@ -0,0 +1,3 @@
+whois==0.7-3
+dnspython==1.12.0-1
+nmap==0.5.0-1-1

+ 19 - 0
orb/orb

@@ -0,0 +1,19 @@
+#!/usr/bin/env python 
+# -*- coding: utf-8 -*-"
+"""
+This file is part of the orb project, http://orb.03c8.net
+
+Orb - 2016 - by psy (epsylon@riseup.net)
+
+You should have received a copy of the GNU General Public License along
+with RedSquat; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+from core.main import Orb
+
+if __name__ == "__main__":
+    app = Orb()
+    options = app.create_options()
+    if options:
+        app.set_options(options)
+        app.run()