Sarenka – OSINT Tool – Data From Services Like Shodan, Censys Etc. In One Place

SARENKA is an Open Source Intelligence (OSINT) tool which helps you obtaining and understanding Attack Surface.

The main goal is to gathering infromation from search engines for Internet-connected devices (https://censys.io/, https://www.shodan.io/). It scraps data about Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE) and also has database where CVEs are mapped to CWE.

It returns data about local machine – local installed softwares (from Windows Registry), local network information (python libraries, popular cmd commads).

For now application has also simple tools like hash calcualtor, shannon entropy calculator and very simple port scanner. More cryptography-math tools and reconnaissance scripts are planned.

Realtion beetwen CWE and CVE – sarenka data feeder

Generating this file takes a long time e.g: 702.5641514

all CWE Ids with description

https://raw.githubusercontent.com/pawlaczyk/sarenka_tools/master/cwe_all.json

all CVE Ids with description

In progress

get all CVE Ids by CWE Id

In progress

Installation

Description in progress

Getting started

Description in progress Sarenka is local web application for Windows.

Config

Rirst release gathers data from two search engines. example sarenka/backend/connectors/credentials.json

   
"censys":
"base_url": "https://censys.io/",
"API_ID": "<my_user>",
"Secret": "<my_api_key>",
"API_URL": "https://censys.io/api/v1"
,
"shodan":
"base_url": "https://www.shodan.io/",
"user": "<my_user>",
"api_key": "<my_api_key>"

Features

You can also:

  • calculate hashes based on user string
  • calculate shannon entropy based on user string
  • check is port open|closed (instead always use nmap if you can – it’s slow)

Database

This is tricki part, because we have 863 sqlite3 database files: default, CWE-NONE (some CVE hasn’t cwe_id eg.: CVE-2013-3621) and 861 individual for CWEs

Tech

Description in progress.

SARENKA uses a number of open source projects to work properly on:

And of course SARENKA itself is open source with a public repository on GitHub.

Planned features

  • Rewrite documentation in English (end of 2021)
  • trello/ github instead of Jira
  • Cover 100% code by tests
  • typing backend
  • document all functions and class
  • Docker
  • online demo
  • Jenkins
  • GraphQL
  • Selenium Scrapers
  • More pentesting tools
  • Google Dorks
  • Abstract Algebra calculator
  • Number Theory calculator
  • Server certificate validator
  • tests on Linux
  • NLP
  • d3js visualizations
  • alterntive pure version in command lineS

CI/CD Tools

Tests

  • Tested on Windows 10
  • Tested on Kali Linux kali-rolling 2020.2

Documentation

Till end of March, 2021 documentation will be available only in Polish! The documentation is availabe here.

Image and Article Source link

Read More on Pentesting Tools

Leave a Comment

Recent Posts

rewrite this tittle: Understanding Peer-to-Peer Crypto Trading: Benefits and Threats

Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More

2 weeks ago

Human Art Will Become More Valuable with the Help of AI

AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More

1 year ago

Report Claims UK Government to Restrict TikTok Usage on Smartphones

UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More

1 year ago

The Potential Impact of ChatGPT and Generative AI on Travel

How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More

1 year ago

Unraveling the Enigma of Pluto: Is It a Dwarf Planet, Comet, or Asteroid? Uncover the Facts.

The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More

1 year ago

A LinkedIn Connection Request From a Spy

A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More

1 year ago