Uma ferramenta OSINT para procurar contas por nome de usuário em redes sociais
Blackbird - Uma ferramenta OSINT para procurar contas por nome de usuário em redes sociais
O Lockheed SR-71 "Blackbird" é uma aeronave de reconhecimento estratégico de longo alcance e alta altitude, com velocidade Mach 3+, desenvolvida e fabricada pela empresa aeroespacial americana Lockheed Corporation.
https://github.com/p1ngul1n0/blackbird
Isenção de responsabilidade
This or previous program is for educational purposes ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that me (P1ngul1n0) is not liable for any damages caused by direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these programs is not P1ngul1n0's responsibility.
Configurar
Clonar o repositório
git clone https://github.com/p1ngul1n0/blackbird
cd blackbirdInstall requirements
pip install -r requirements.txtUsage
Search by username
python blackbird.py -u usernameRun WebServer
python blackbird.py --webAccess https://127.0.0.1:5000 on the browser
Read results file
python blackbird.py -f username.jsonList supportted sites
python blackbird.py --list-sitesExport Report
The results can be exported as a PDF Report.
Metadata Extraction
When possible Blackbird will extract the user's metadata, bringing data such as name, bio, location and profile picture.
Random UserAgent
Each time Blackbird does a username search it will use a random UserAgent from a list of 1000 UserAgents to prevent blocking.
Supersonic speed 
Blackbird sends async HTTP requests, allowing a lot more speed when discovering user accounts.
JSON Template
Blackbird uses JSON as a template to store and read data.
The data.json file store all sites that blackbird verify.
Params
- app - Site name
- url
- valid - Python expression that returns True when user exists
- id - Unique numeric ID
- method - HTTP method
- json - JSON body POST (needs to be escaped, use this
https://codebeautify.org/json-escape-unescape) - {username} - Username place (URL or Body)
- response.status - HTTP response status
- responseContent - Raw response body
- soup - Beautifulsoup parsed response body
- jsonData - JSON response body
- metadada - a list of objects to be scraped
Examples
GET
{
"app": "ExampleAPP1",
"url": "https://www.example.com/{username}",
"valid": "response.status == 200",
"id": 1,
"method": "GET"
}POST JSON
{
"app": "ExampleAPP2",
"url": "https://www.example.com/user",
"valid": "jsonData['message']['found'] == True",
"json": "{{\"type\": \"username\",\"input\": \"{username}\"}}",
"id": 2,
"method": "POST"
}GET with Metadata extraction
{
"app": "Twitter",
"id": 3,
"method": "GET",
"url": "https://nitter.net/{username}",
"valid": "response.status == 200",
"metadata": [
{
"type": "generic-data",
"key": "Name",
"value": "soup.find('a', class_='profile-card-fullname')['title']"
},
{
"type": "generic-data",
"key": "Bio",
"value": "soup.find('div',class_='profile-bio').string"
},
{
"type": "generic-data",
"key": "Site",
"value": "soup.find('div',class_='profile-website').text.strip('\\t\\r\\n')"
},
{
"type": "generic-data",
"key": "Member since",
"value": "soup.find('div',class_='profile-joindate').find('span')['title']"
},
{
"type": "image",
"key": "picture",
"value": "'https://nitter.net'+soup.find('a', class_='profile-card-avatar')['href']"
},
{
"type": "location",
"key": "location",
"value": "soup.select_one('.profile-location:nth-of-type(2)').text.strip('\\t\\r\\n')"
}
]
}If you have any suggestion of a site to be included in the search, make a pull request following the template.
Planned features
- Implement Flask Web Server to optimize UX
- Export results in PDF
- Export results in CSV
- Reach at least 300 sites until August 2022
- Implement metadata extraction
- Deploy on Cloud
Contact
Feel free to contact me on Twitter
Comentários
Postar um comentário