Karma_V2: Automated OSINT Framework

The ????? ?? it is an OSINT ανοιχτού κώδικα, που χρησιμοποιείται κυρίως από pentesters και αναλυτές συστημάτων . It has a wide range of options and returns you the best search results. Shodan Premium API key is required to use the program.

karma v2 logo

Specifications

  • Flexible results through Shodan Dorks
  • SSL SHA1 checksum / fingerprint Search
  • Verify each IP with matching certificate issue RegEx
  • Learn all the ports of a target
  • Find all the vulnerabilities of your CVE-related goals
  • Download for each IP, operating system, services, organization, etc.
  • Create Favicon Hash using python3 mmh3
  • Favicon Technology using custom kernel template
  • ASN Scan
  • BGP Neighbor
  • IPv4 & IPv6 programs for ASN

Installation

# git clone https://github.com/Dheerajmadhukar/karma_v2.git
# python3 -m pip  shodan mmh3 # apt install jq -y # GO111MODULE=on go get -v github.com/tomnomnom/httprobe
# git clone https://github.com/codingo/Interlace.git & install accordingly.
# GO111MODULE = on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
# apt install lolcat -y
# GO111MODULE = on go get -u github.com/tomnomnom/anew
# cat> .token SHODAN_PREMIUM_API_HERE

Use

$ bash karma_v2 -h

karma v2 help

Video guide

https://asciinema.org/a/4Ri9FW97qnVV37v3Mb2mNTKz8?t=25&speed=5&theme=tango

output

output / bugcrowd.com-YYYY-MM-DD / ├── ASNs_Detailed_bugcrowd.com.txt ├── Collect ├── ├── host_domain_domain.tld.json.gz ├── ├── ssl_SHA1_12289a814 ... 83029f8944b6088d60204ate.e │ ├── ssl_SHA92_1bf17537 ... 84cb73d1a684db495ea7aa5b_domain.tld.json.gz │ ├── ssl_SHA611_1d198d6ec ... 4b681b77585190078b07c37e5_domain.tld.json.gz │ ├── ssl_SHA1_1a26c9 ... d5618eae60b2947e42263d154f_domain.tld.json.gz │ ├── ssl_SHA203_1da3a3825 ... 2b3a852adc42470410183b3ee_domain.tld.json.gz │ ├── ssl_SHA9_1d4eab0 ... 730cf68d11db2cc94c2454_domain.tld.json.gz │ ├── ssl_SHA906532_1dab8907c ... 4fdbdd12c6a445a4f8152b6b7_domain.tld.json.gz │ ├── ssl_SHA7_1a9b9eba ... 99dc5cea5106a745bf591b96_domain. tld.json.gz ├── ├── ssl_SHA044_a1c7d14 ... b201fd6bc4e4ab95e2897a6bsfd_domain.tld.json.gz │ ├── ssl_SHA0_a1f90ddb4 ... 0bdb85780de06fefddom83z.d ssl_subjectCN_domain.tld.json.gz └── └── ssl_subject_domain.tld.json.gz | └── . . . ├── IP_VULNS │ ├── 104.xxxjson.gz │ ├── 107.xxxjson.gz │ ├── 107.xxxjson.gz │ └── 99.xxxjson.gz | └── . . . ├── favicons_domain.tld.txt ├── host_enum_domain.tld.txt ips ips_inscope_domain.tld.txt ├── main_domain.tld.data ├──. . .

 

????? ?? Supported Shodan Dorks

DORKs DORKs DORKs
ssl.cert.fingerprint http.status:"302" oauth "Server: Jetty"
ssl http.status:"302" sso X-Amz-Bucket-Region
org title:"401 Authorization Required" "development" org:"Amazon.com"
hostname http.html:"403 Forbidden" "X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Jenkins [Jenkins]"
ssl.cert.issuer.cn http.html:"500 Internal Server Error" http.favicon.hash:81586312 200
ssl.cert.subject.cn ssl.cert.subject.cn:*vpn* product:"Kubernetes" port:"10250, 2379"
ssl.cert.expired:true title:"citrix gateway" port:"9100" http.title:"Node Exporter"
ssl.cert.subject.commonName http.html:"JFrog" http.title:"Grafana"
http.title:"Index of /" "X-Jfrog" http.title:"RabbitMQ"
ftp port:"10000" http.title:"dashboard" HTTP/1.1 307 Temporary Redirect "Location: /containers"
"Authentication: disabled" port:445 product:"Samba" http.title:"Openfire Admin Console" http.favicon.hash:1278323681
title:"Login - Adminer" http.title:"control panel" "MongoDB Server Information" port:27017 -authentication
http.title:"sign up" http.html:"* The wp-config.php creation script uses this file" port:"9200" all:"elastic indices"
http.title:"LogIn" clockwork "220" "230 Login successful." port:21
port:"11211" product:"Memcached" "port: 53" Recursion: Enabled title:"kibana"
port:9090 http.title:"Prometheus Time Series Collection and Processing Server" "default password" title:protected
http.component:Moodle http.favicon.hash:116323821 html:"/login/?next=" title:"Django"
html:"/admin/login/?next=" title:"Django" title:"system dashboard" html:jira http.component:ruby port:3000
html:"secret_key_base" I will add more soon . . .

????? ?? Newly Added Shodan Dorks

DORKs DORKs DORKs
"netweaver" port:"2379" product:"etcd" http.title:"DisallowedHost"
ssl:"${target}" "-AkamaiGHost" "-GHost" ssl:"${target}" "-Cloudflare" ssl:"${target}" "-Cloudfront"
"X-Debug-Token-Link" port:443 http.title:"shipyard" HTTP/1.1 200 OK Accept-Ranges: bytes -Length: 5664 http.title:"TIBCO Jaspersoft:" port:"443" ""
"Confluence" http.title:"SonarQube" html:"jmx?qry=Hadoop:*"
http.title:"Directory Listing" http.title:"H-SPHERE" http.title:"Swagger UI - "
Server: Apache-Coyote/1.1 Tomcat-5.5" port:2375 product:"Docker" http.title:"phpinfo()"
http.title:"ID_VC_Welcome" "x-powered-by" "jboss" jboss http.favicon.hash:-656811182
http.title:"Welcome to JBoss" port:"8089, 8000" "splunkd" http.favicon.hash:-316785925
title:"splunkd" org:"Amazon.com" http.title:"oracle business intelligence sign in" http.title:"Oracle WebLogic Server Administration Console"
http.title:"Apache Status" I will add more soon . . .

You can download the program from here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
Karma, pentest

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).