Merge pull request #4 from Nhoya/develop

v0.4

.travis.yml

@@ -1,7 +1,6 @@
 language: go
 
 go:
-  - 1.8.x
   - master
 
 os:

README.md

@@ -1,22 +1,25 @@
 # gOSINT [![Build Status](https://travis-ci.org/Nhoya/gOSINT.svg?branch=master)](https://travis-ci.org/Nhoya/gOSINT) [![GitHub stars](https://img.shields.io/github/stars/Nhoya/gOSINT.svg)](https://github.com/Nhoya/gOSINT/stargazers) [![GitHub forks](https://img.shields.io/github/forks/Nhoya/gOSINT.svg)](https://github.com/Nhoya/gOSINT/network) [![Twitter](https://img.shields.io/twitter/url/https/github.com/Nhoya/gOSINT.svg?style=social&style=plastic)](https://twitter.com/intent/tweet?text=Wow:&url=https%3A%2F%2Fgit.luolix.top%2FNhoya%2FgOSINT)
 OSINT framework in Go
 
-**current version**: 0.2
+**current version**: 0.4
 
-**develop version**: 0.3d
+**develop version**: 0.4
 
 you probably want to take a look at the develop branch for more updates.
 
 ## Introduction
-gOSINT is a small OSINT framework in golang, it's actually in development and still not ready for production if you want, feel free to contribute!
+
+gOSINT is a small OSINT framework in Golang, it's actually in development and still not ready for production if you want, feel free to contribute!
+
 
 ## What gOSINT can do
 
 - [x] Find mails from git repository
 - [x] Find Dumps for mail address
 - [x] Search for  mail address linked to domain/mail address in PGP keyring
 - [x] Retrive Info from domain whois (waiting to be implemented)
-- [x] Search for mail address in source code (waiting to be implemented)
+- [x] Search for mail address in source code
+- [x] Retrive Telegram Public Groups History
 
 ## Building
 
@@ -44,6 +47,7 @@ go get "github.com/deckarep/golang-set"
 go get "github.com/nhoya/goPwned"
 go get "github.com/jessevdk/go-flags"
 go get "gopkg.in/src-d/go-git.v4"
+go get "github.com/jaytaylor/html2text"
 ```
 
 `git clone https://github.com/Nhoya/gOSINT && cd gOSINT && go build`
@@ -52,11 +56,12 @@ go get "gopkg.in/src-d/go-git.v4"
 
 Currently `gOSINT` is still an early version and few modules are supported
 
-- [x] git support for mail retriving (using github API, bitbucket API or RAW clone and search)
+- [x] git support for mail retriving (using github API, bitbucket API or RAW clone and search) *Now with Pagination*!
 - [x] Search for mails in PGP Server
 - [x] [https://haveibeenpwned.com/](http://haveibeenpwned.com/) search for mail in databreach
+- [x] Retrive Telegram Public Group Messages
 - [ ] WHOIS support (the module is ready but has to be integrated)
-- [ ] Search for mail address in source (module ready, needs to be integrated)
+- [x] Search for mail address in source
 - [ ] [https://shodan.io](https://shodan.io) search
 - [ ] Social Media search
 - [ ] Search Engine search
@@ -68,15 +73,18 @@ Usage:
   gOSINT [OPTIONS]
 
 Application Options:
-  -m, --module=[pgp|pwnd|git]     Specify module
-      --url=                      Specify target URL
-      --gitAPI=[github|bitbucket] Specify git website API to use (optional)
-      --mail=                     Specify mail target
-  -f, --full                      Make deep search using linked modules
-  -v, --version                   Print version
+  -m, --module=[pgp|pwnd|git|plainSearch] Specify module
+      --url=                              Specify target URL
+      --gitAPI=[github|bitbucket]         Specify git website API to use (for git module,optional)
+      --mail=                             Specify mail target (for pgp and pwnd module)
+  -p, --path=                             Specify target path (for plainSearch module)
+  -f, --full                              Make deep search using linked modules
+  -c, --clone                             Enable clone function for plainSearch module (need to specify repo URL)
+      --ask-confirmation                  Ask confirmation before adding mail to set (for plainSearch module)
+  -v, --version                           Print version
 
 Help Options:
-  -h, --help                      Show this help message
+  -h, --help                              Show this help message
 ```
 
 ## Examples
@@ -103,3 +111,31 @@ search for others mail in PGP Server
 `gOSINT -m pgp --mail [targetMail] -f`
 
 pass the result to haveibeenpwn module
+
+`gOSINT -m sourceSerch --path [targetDirectory]`
+
+search for mails in source code (recursively)
+
+`gOSINT -m sourceSearh --path [targetDirectory] --ask-confirmation`
+
+ask confirmation before adding  mail to search results
+
+`gOSINT -m sourceSearch --path [targetDirectory] -f`
+
+pass the result to pgp search and haveibeenpwnd modules
+
+`gOSINT -m sourceSearch --clone --url [targetRepository]`
+
+clone and search mail in repository source
+
+`gOSINT -m sourceSearch --clone --url [targetRepository] -f`
+
+pass the resoult to pgp search and haveibeenpwnd modules
+
+`gOSINT -m sourceSearch --clone --url [targetRepository] --ask-confirmation`
+
+ask confirmation before adding mail to search results
+
+`gOSINT -m telegram --target [PublicGroupName]`
+
+retrive message history for telegram public group

build.sh

@@ -6,7 +6,7 @@ readonly YELLOW="\033[00;33m"
 readonly BOLD="\033[01m"
 readonly END="\033[0m"
 
-dependencies=( github.com/deckarep/golang-set github.com/nhoya/goPwned github.com/jessevdk/go-flags gopkg.in/src-d/go-git.v4)
+dependencies=( github.com/deckarep/golang-set github.com/nhoya/goPwned github.com/jessevdk/go-flags gopkg.in/src-d/go-git.v4 github.com/jaytaylor/html2text)
 
 
 echo -e "${GREEN}[+] Installing dependencies${END}"

gOSINT.go

@@ -2,19 +2,25 @@ package main
 
 import (
 	"fmt"
+	"os"
+
 	"github.com/deckarep/golang-set"
 	"github.com/jessevdk/go-flags"
-	"os"
 )
 
-const ver = "v0.2"
+const ver = "v0.4"
 
 var opts struct {
-	Module     string `short:"m" long:"module" description:"Specify module"  choice:"pgp" choice:"pwnd"  choice:"git"`
+	Module     string `short:"m" long:"module" description:"Specify module"  choice:"pgp" choice:"pwnd" choice:"git" choice:"plainSearch" choice:"telegram"`
 	Url        string `long:"url" default:"" description:"Specify target URL"`
-	GitAPIType string `long:"gitAPI" default:"" description:"Specify git website API to use (optional)" choice:"github" choice:"bitbucket"`
-	Mail       string `long:"mail" default:"" description:"Specify mail target"`
+	Target     string `short:"t" long:"target" default:"" description:"Specify target"`
+	GitAPIType string `long:"gitAPI" default:"" description:"Specify git website API to use (for git module,optional)" choice:"github" choice:"bitbucket"`
+	Mail       string `long:"mail" default:"" description:"Specify mail target (for pgp and pwnd module)"`
+	Path       string `short:"p" long:"path" description:"Specify target path (for plainSearch module)"`
+	TgGrace    int    `long:"grace" default:"15" description:"Specify telegram messages grace period"`
 	Mode       bool   `short:"f" long:"full" description:"Make deep search using linked modules"`
+	Clone      bool   `short:"c" long:"clone" description:"Enable clone function for plainSearch module (need to specify repo URL)"`
+	Confirm    bool   `long:"ask-confirmation" description:"Ask confirmation before adding mail to set (for plainSearch module)"`
 	Version    bool   `short:"v" long:"version" description:"Print version"`
 }
 
@@ -38,6 +44,9 @@ func main() {
 		fmt.Println("gOSINT " + ver)
 		os.Exit(0)
 	}
+	if opts.Url != "" {
+		isUrl(opts.Url)
+	}
 
 	switch mod := opts.Module; mod {
 	case "pwnd":
@@ -59,5 +68,29 @@ func main() {
 			mailSet = pgpSearch(mailSet)
 			pwnd(mailSet)
 		}
+	case "plainSearch":
+		if opts.Clone {
+			if opts.Url == "" {
+				fmt.Println("You must specify target URL")
+				os.Exit(1)
+			}
+			mailSet = cloneAndSearch(opts.Url, mailSet, opts.Confirm)
+		} else {
+			if opts.Path == "" {
+				fmt.Println("You must specify Path")
+				os.Exit(1)
+			}
+			mailSet = plainMailSearch(opts.Path, mailSet, opts.Confirm)
+		}
+		if opts.Mode {
+			mailSet = pgpSearch(mailSet)
+			pwnd(mailSet)
+		}
+	case "telegram":
+		if opts.Target == "" {
+			fmt.Println("You must specify target")
+			os.Exit(1)
+		}
+		getTelegramGroupHistory(opts.Target, opts.TgGrace)
 	}
 }

git.go

@@ -0,0 +1,103 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/deckarep/golang-set"
+	"gopkg.in/src-d/go-git.v4"
+	"gopkg.in/src-d/go-git.v4/plumbing/object"
+	"gopkg.in/src-d/go-git.v4/storage/memory"
+)
+
+func gitSearch(target string, WebsiteAPI string, mailSet mapset.Set) mapset.Set {
+	// TODO: add worker for pagination
+	domain := ""
+	targetSplit := strings.Split(target, "/")
+	commits := ""
+
+	fmt.Println("==== GIT SEARCH FOR " + target + " ==== ")
+
+	//If using GitHub API
+	if strings.Contains(target, "https://github.com") || WebsiteAPI == "github" {
+		fmt.Println("[+] Using github API")
+		domain = targetSplit[0] + "//api." + targetSplit[2] + "/repos/" + targetSplit[3] + "/" + targetSplit[4] + "/commits?per_page=100"
+		//GitHub Pagination
+		lastPage := retriveLastGHPage(domain)
+		fmt.Println("[+] Looping through pages.This MAY take a while...")
+		for page := 1; page < lastPage+1; page++ {
+			fmt.Println("[+] Analyzing commits page: " + strconv.Itoa(page))
+			commits = retriveRequestBody(domain + "&page=" + strconv.Itoa(page))
+			findMailInText(commits, mailSet)
+		}
+	} else if strings.Contains(target, "https://bitbucket.org") || WebsiteAPI == "bitbucket" {
+		// If using BitBucket API
+		fmt.Println("[+] Using bitbucket API")
+		domain = targetSplit[0] + "//api." + targetSplit[2] + "/2.0/repositories/" + targetSplit[3] + "/" + targetSplit[4] + "/commits?pagelen=100"
+		//BitBucket Pagination
+		page := 1
+		fmt.Println("[+] Looping through pages.This MAY take a while...")
+		for page != 0 {
+			fmt.Println("[+] Analyzing commits page: " + strconv.Itoa(page))
+			pageDom := domain + "&page=" + strconv.Itoa(page)
+			//This is needed because we can't unluckily retrive max_page from one single request
+			pageContent := retriveRequestBody(pageDom)
+			nextPage := "\"next\": \"" + domain + "&page="
+
+			findMailInText(pageContent, mailSet)
+			if strings.Contains(pageContent, nextPage) {
+				page++
+			} else {
+				page = 0
+			}
+		}
+	} else {
+		commits = cloneAndSearchCommit(target)
+		findMailInText(commits, mailSet)
+	}
+
+	//Check if the mailset has been populated (this avoids problems with mispelled repositories too)
+	if mailSet == nil {
+		fmt.Println("[-] Nothing Found")
+		os.Exit(1)
+	}
+	fmt.Println("[+] Mails Found")
+	readFromSet(mailSet)
+	return mailSet
+}
+
+func retriveLastGHPage(domain string) int {
+	req, err := http.Get(domain)
+	if err != nil {
+		panic(err)
+	}
+	pagInfo := req.Header.Get("Link")
+	if pagInfo != "" {
+		re := regexp.MustCompile(`page=(\d+)>;\srel="last"`)
+		match := re.FindStringSubmatch(pagInfo)
+		lastPage, _ := strconv.Atoi(match[1])
+		return lastPage
+	}
+	return 1
+}
+
+func cloneAndSearchCommit(Url string) string {
+	fmt.Println("[+] Cloning Repo")
+	r, _ := git.Clone(memory.NewStorage(), nil, &git.CloneOptions{
+		URL: Url,
+	})
+	ref, _ := r.Head()
+	cIter, _ := r.Log(&git.LogOptions{From: ref.Hash()})
+
+	commits := ""
+	_ = cIter.ForEach(func(c *object.Commit) error {
+		commits += fmt.Sprintf("%s", c.Author)
+		return nil
+	})
+
+	return commits
+}

pgp.go

@@ -2,8 +2,8 @@ package main
 
 import (
 	"fmt"
+
 	"github.com/deckarep/golang-set"
-	//"regexp"
 )
 
 func pgpSearch(mailSet mapset.Set) mapset.Set {
@@ -14,7 +14,7 @@ func pgpSearch(mailSet mapset.Set) mapset.Set {
 		fmt.Println("[+] pgp search for " + mail.(string))
 		domain := "http://pgp.mit.edu/pks/lookup?search=" + mail.(string)
 		body := retriveRequestBody(domain)
-		pgpSet = findMailInText(body, pgpSet)
+		findMailInText(body, pgpSet)
 		if pgpSet != nil {
 			pgpIterator := pgpSet.Iterator()
 			for email := range pgpIterator.C {

pwnd.go

@@ -2,9 +2,10 @@ package main
 
 import (
 	"fmt"
+	"time"
+
 	"github.com/deckarep/golang-set"
 	"github.com/nhoya/goPwned"
-	"time"
 )
 
 func pwnd(mailSet mapset.Set) {