Osintgram
IPRotate_Burp_Extension
Osintgram | IPRotate_Burp_Extension | |
---|---|---|
32 | 2 | |
8,746 | 768 | |
- | 1.4% | |
1.6 | 5.8 | |
8 days ago | 3 months ago | |
Python | Python | |
GNU General Public License v3.0 only | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Osintgram
-
facebook hack
If the tattoo studios aren't necessary to have been from facebook specifically, Osintgram is a pretty effective tool for scraping shit from Instagram really quickly that could theoretically be used to achieve this, if not perhaps in a roundabout sort of way like starting from one business you know and getting shit from their friends' info and so on. I could swear that I had known about a similar tool for facebook, but I'm drawing a blank right now...
-
Historical usernames on Instagram
Doing this manually has many advantages, but you can, of course, use Osintgram for speedy results.
- Phone numbers or emails behind social media accounts
-
I am teaching High School students about online privacy/security. What tools could I use to simulate a "this is what other people could find out about you" scenario.
Github: https://github.com/Datalux/Osintgram
-
Is there a way to bulk download photos and videos from an Instagram profile?
If I remember correctly Osintgram can achieve this
- Finding email of a guy
- Finding Social media accounts with a persons email
-
InstAgent
Since the original version is more or less inactive, I took the initiative to continue with the developments.
- Does someone have a solution Osintgram
- Noob question. On step number 6 how do I incorporate what is says onto terminal?
IPRotate_Burp_Extension
-
Let's Talk About Two-Factor Auth
I rank Yubikey #1 because it is the easiest item to keep safe without sacrificing usability. Most people do not carry their Yubikey around with them everywhere so it can stay protected in your home. TOTP on the other hand is only as hardened as your cell phone is if it gets stolen from you. I once had a friend who knew I was a "hacker" ask me to hack her phone and she handed it to me. I assumed I'd open it, attempt to guess her pin and hand it back as we were eating dinner and I don't carry my laptop everywhere, but she didn't even have a lock on her phone. I went to her also unprotected Venmo app and showed her how easy it would be to send myself money. Now this was years ago and I'd say most people are smart enough to lock their devices but not all methods of device locking are created equal either so know that if you do choose to use TOTP it is only as secure as your phone is. Additionally, most TOTP codes are short (6 digits) whereas Yubikey's code is fairly verbose. If the application does not implement rate limiting in theory a savvy attacker could brute force TOTP. An application that only rate limits by IP could be beaten by someone using a tool like this: https://github.com/RhinoSecurityLabs/IPRotate_Burp_Extension.
-
Created a Python library to bypass IP-based rate limiting: python-requests-rotator :)
- Setting up RhinoSecurity's IPRotate Burp extension and then using Burp as your upstream proxy
What are some alternatives?
osmedeus - A Workflow Engine for Offensive Security
requests-ip-rotator - A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
instaloader - Download pictures (or videos) along with their captions and other metadata from Instagram.
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
holehe - holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
fireprox - AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
ignorant - ignorant allows you to check if a phone number is used on different sites like snapchat, instagram.
dirsearch - Web path scanner
instagram-scraper - Scrapes an instagram user's photos and videos
burp-copy-as-ffuf - Burp Extension that copies a request and builds a FFUF skeleton
social-analyzer - API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
HackBar - HackBar plugin for Burpsuite