Why am I starting this project?
Ever since I was a computer science undergraduate, I wasn't the type to enjoy writing code.
If there is a part that does not run as expected after planning how to write the program, I lacked the patience to follow the code line by line and look back at the flow of execution above all else, and implicitly, I am not active in increasing my coding skills because I think that I will make a living by Cyber security rather than software development.
Ironically, now that I'm in the cyber security industries, I am studying little by little again because I need and interesting the knowledge I neglected to do as an undergraduate.
Of course, I was relatively uninterested in coding, but I actively participated in assignments and projects, and most of them had good results. What I realized at that time was that I felt more pleasure in making my own by combining the things that someone had already put great effort into, rather than designing a program and crafting an algorithm myself.
If you find something that others can't find on Google, understand their code roughly, and connect it here and there, the content is what makes a pretty plausible program.
It's a bit embarrassing, but anyway, so far, there have been no major problems with this method. Of course, there is no big problem with my current role in my company.
But these days, while doing CTF, which I am having fun again, I finally thought, "Oh, I need to improve my coding skills somehow." Whether it's forensics or reverse engineering, which I'm mainly in charge of, there are many issues that need to be scripted from time to time, but CTFs usually reflect the latest trends, so there are fewer references to mid-to-higher levels. I always feels a wall in problems where he has to script with references. Even after the competition was over, I looked at the write-up and thought that it was not a problem that I could solve with my own skills.
So I decided to do a personal project.
You'll get used to writing more scripts, and you'll be able to handle Git a little more proficiently, and of course it's also related to security.
I had a lot of ideas, but finally decided to develop an OSINT tool. It is because the OSINT challenges of HackTheBox that I solved most recently were quite fun, because they are closely related to my main job, and above all, it did not seem too difficult.
First Stage
First of all, I wanted to make a comprehensive tool that can mainly track personal information among OSINTs. And I named this tool "Detective Chimp" after a comics character.
At first, inspired by HackTheBox, I tried to create a function that retrieves photo album and Google Maps information by getting personID that can be known through the response value of Google Hangouts. However, there was a problem when I made it, because that interface only appeared when I was logged in to Google. Of course, you can log in by entering the email and password, but the initial idea was that I wanted to display the results immediately after entering the email of the target. And Google blocked login from framework like Selenium, so I have to find bypass.
We put this on hold because we wanted to put features that were easier to create first, rather than spending time solving the login problem.
Then I discovered that Twitter doesn't require a separate login to search. Not only that, but coordinate values and dates could also be retrieved with the GET method. I thought it would not be too difficult, so I decided to create a function that retrieves the Exif data of an image and searches it on Twitter.
Of course, the function was simple, but it went through trial and error. How to do the user input interface, how to split functions, and how to display output values.
At first, I tried to get the tweet content and output it to the terminal, but it was difficult to make it look good and the image could not be displayed. After trying around, I ended up opening the site itself where the search results came out. In the end, the Twitter homepage was the best way to display Twitter data. Once I realized the function I had initially thought of, I decided to be satisfied with it. I decided to update it when I have other ideas in the future.
After testing and refining it several times, finally has a somewhat tidy appearance. After creating the Git repository and writing the ReadMe file, I felt quite proud. It was a really insignificant feature, but I had quite a bit of fun making the tool, and various ideas keep coming to mind. I'll try to make it a little bit more consistently so that it can become the tool I want to use on my own.
Download :
'참치공장 > OSINT' 카테고리의 다른 글
| 유튜브, 인스타그램, 트위터 정확한 시간 알아내기 (0) | 2022.02.09 |
|---|---|
| Shorten URL 정보 확인하기 (0) | 2022.02.04 |
| 유저 아이디로 사용자 추적하기 - maigret, maltego (0) | 2022.01.30 |
| [오늘의 OSINT] 개인정보 유출 urlscan.io , pimeyes (0) | 2021.10.17 |
| [개발일지] 사진의 위치 데이터로 해당 위치의 트윗 찾기 - 1 (0) | 2021.10.12 |
