Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mrf345/retrap
(OSINT) Open-Source intelligence tracking and analysis tool.
https://github.com/mrf345/retrap
analysis osint pentesting tools tracking
Last synced: 17 days ago
JSON representation
(OSINT) Open-Source intelligence tracking and analysis tool.
- Host: GitHub
- URL: https://github.com/mrf345/retrap
- Owner: mrf345
- License: gpl-3.0
- Created: 2020-05-20T17:38:29.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-01-24T02:38:24.000Z (almost 2 years ago)
- Last Synced: 2024-10-11T08:26:48.277Z (about 1 month ago)
- Topics: analysis, osint, pentesting, tools, tracking
- Language: TypeScript
- Homepage:
- Size: 8.53 MB
- Stars: 3
- Watchers: 3
- Forks: 0
- Open Issues: 32
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
┌─────────────────────────────────────────────────────────────────┐
│ │
│ 88888888ba 888888888888 │
│ 88 "8b 88 │
│ 88 ,8P 88 │
│ 88aaaaaa8P' ,adPPYba, 88 8b,dPPYba, ,adPPYYba, 8b,dPPYba, │
│ 88""""88' a8P 88 88 88P' "Y8 "" Y8 88P' "8a │
│ 88 `8b 8PP""""""" 88 88 ,adPPPPP88 88 d8 │
│ 88 `8b "8b, ,aa 88 88 88, ,88 88b, ,a8" │
│ 88 `8b `"Ybbd8" 88 88 `"8bbdP"Y8 88`YbbdP" │
│ 88 │
│ 88 │
│ │
└─────────────────────────────────────────────────────────────────┘
(OSINT) Open-Source intelligence tracking and analysis tool. Inspired by Trape.
### Setup 🧰
##### - With docker:
- Make sure [docker](https://www.docker.com/products/docker-desktop) and [docker-compose](https://docs.docker.com/compose/install/) is installed on your system.
- And run it with `docker-compose up` after the setup is complete, it should be running on http://0.0.0.0:8989
##### - With executable:
You can find an executable that supports your OS from the following links:
- [Github](https://github.com/mrf345/retrap/releases)
- [Sourceforge](https://sourceforge.net/projects/retrap/)
> make sure to unzip the file, and run the executable from the `terminal` or `cmd.exe`
> - on **Windows** you'll have to start the `cmd.exe` as an Administrator.
> - on **MacOS** you'll have to go to `System preferences > Security > And allow the retrap-macos executable`
##### - From the source _(Tested on Linux and [Window Git Bash](https://gitforwindows.org/))_:
- Install dependencies `npm i .`
- Build assets and compile TypeScript `npm run build`
- Start the server `npm start`
- Package it into binaries `nvm use && ./package.sh`
##### - For developers:
- To run linting and style check `npm run lint`
- To run tests `npm run test`
### Options 📖
```bash
Open-Source intelligence OSINT tracking and analysis tool.
Usage
$ /home/user/Downloads/retrap/retrap-linux [option]
Options Default
--ip-address, -i IP address to stream server on (127.0.0.1)
--port, -p Port to stream server through (8989)
--logging, -l Display http requests logs (true)
--ngrok-token, -a Ngrok account authentication token
--help displays this message
Example
$ retrap --port 8080 -l false
```
### Features and Demos ✨
##### - Ngrok tunneling support
Exposes the local server to the internet with Ngrok secure tunnel. Get a free token from [Ngrok](https://ngrok.com/product) and use it as shown in the demo.
The authentication token can be persistent and saved as a default in `./collections/settings.db` with `"ngrokAuthToken": "your token"`.
Demo:
##### - Captures user's information and active sessions
IP address, location, languages, battery left, internet speed... As well as detecting and storing the active login sessions for facebook, gmail, instagram... The captured user's data are stored locally and can be accessed via:
- `http://127.0.0.1:8989/api/guests/` an API endpoint that returns information of all the captured users.
- `http://127.0.0.1:8989/api-doc` has a full documentation of the returned user's details and active sessions.
Demo:
List of all captured information:
```yaml
Guest:
type: object
properties:
ip:
type: string
description: guest's registered IP address
online:
type: boolean
description: guest's current web session status
sessionId:
type: string
description: guest's socket.io session's id
os:
type: string
description: guest's detected operating system
browser:
type: string
description: guest's detected web browser
browserEngine:
type: string
description: guest's detected browser's engine
cpuArch:
type: string
description: guest's detected CPU's architecture
charging:
type: boolean
description: guest's detected battery charging status
chargeLeft:
type: string
description: guest's detect battery charge left in percentage
doNotTrack:
type: string
description: guest's browser "Do Not Track" status
java:
type: boolean
description: guest's browser Java support
flash:
type: boolean
description: guest's browser Flash support
language:
type: string
description: guest's browser default language
languages:
type: array
description: guest's browser supported languages
items:
type: string
touch:
type: boolean
description: guest's device support for touchscreen
usbDevices:
type: array
description: guest's connected USB devices
items:
type: string
resolution:
type: string
description: guest's detected screen resolution
posts:
type: array
description: logs of guest's performed POST requests
items:
$ref: '#/definitions/Post'
logs:
type: array
description: logs of guest's perform GET requests
items:
type: string
screenshots:
type: array
description: guest's captured screenshots in Base64 format
items:
type: string
keyLogs:
type: array
description: guest's captured key logs
items:
$ref: '#/definitions/KeyLog'
sessions:
description: guest's social media and websites active sessions
$ref: '#/definitions/Sessions'
country:
type: string
description: guest's detected country
countryCode:
type: string
description: guest's detected country-code
regionName:
type: string
description: guest's detected region
city:
type: string
description: guest's detected city
zip:
type: string
description: guest's detected zip code
lat:
type: number
description: guest's detected location latitude
lon:
type: number
description: guest's detected location longitude
timezone:
type: string
description: guest's detected timezone
isp:
type: string
description: guest's detected internet service provider
networkSpeed:
description: guest's detected internet speed
$ref: '#/definitions/NetworkSpeed'
```
##### - Realtime hooks to intercept user's active session
Injecting JavaScript, sending alerts, text-to-speech notifications and redirecting to different locations... In the following example a `console.log()` is injected to an active web-session:
Demo:
##### - Hooking script to integrate with your custom webpages
The same hooking script that's used to control the mirrored web sessions, can be used externally within any `.html` or `.js` file.
The following example demonstrating using the hook script within a local `.html` page and capturing a login form data:
Demo:
##### - RESTFul API to execute hooks, query users and integrate with other platforms
Demo:
### Disclaimer and Background ❎
This tool is experimental in its *Alpha* phase. It's developed and published as a small building block of a master's thesis research. So use it for *educational purposes* only and at your own discretion, the author cannot be held responsible for any damages caused.
##### - How to protect yourself ?
The tool relies on injecting any web resources with a JavaScript hook that allows us to perform verity of intrusive actions remotely. There are many useful browser extensions and plugins that detect and block such intrusive scripts:
- [uBlock Origin](https://github.com/gorhill/uBlock)
- [Privacy Badger](https://privacybadger.org/)
- [NoScript](https://noscript.net/)
- [Brave Browser](https://brave.com/)
### TODO ✅:
- [x] Fix up the docker containers setup
- [ ] Add token based authorization to the Admin REST API
- [ ] Add `Settings` model CRUD endpoints to Admin REST API
- [ ] Add an admin user-interface based on the REST API and/or Socket.io client. _(Preferably in React/Vue)_
- [ ] Improve hook's `getScreenshot` and add it to the Sockets and REST API
- [ ] Maybe add a push notification hook 🤔 _(Needs research)_
- [ ] Add more integration tests and increase coverage