gasmask

All in one Information gathering tool - OSINT

For a full list of our tools, please visit our website https://www.twelvesec.com/

Written by:

• maldevel (twitter)
• mikismaos
• xvass

---

Dependencies

• Python 2.x
• validators
• python-whois
• dnspython
• requests
• shodan
• censys
• mmap
• pprint

Information Gathering

• ask
• bing
• crt
• censys.io
• dns
• dnsdumpster
• dogpile
• github
• google
• googleplus
• instagram
• linkedin
• netcraft
• pgp
• reddit
• reverse dns
• shodan
• twitter
• vhosts
• virustotal
• whois
• yahoo
• yandex
• youtube

---

Dependencies

sudo pip install -r requirements.txt

---

Usage

    ______           __  ___           __ __
  / ____/___ ______/  |/  /___ ______/ //_/
 / / __/ __ `/ ___/ /|_/ / __ `/ ___/ ,<
/ /_/ / /_/ (__  ) /  / / /_/ (__  ) /| |
\____/\__,_/____/_/  /_/\__,_/____/_/ |_|

GasMasK - All in one Information gathering tool - OSINT
Ver. 1.2
Written by: @maldevel, @mikismaos, @xvass
https://www.twelvesec.com/

usage: gasmask.py [-h] [-d DOMAIN] [-s NAMESERVER] [-x PROXY] [-l LIMIT]
                  [-i MODE] [-o BASENAME] [-m MATCH] [-f FILTER] [--count]
                  [-R REPORT] [-B REPORT_BUCKET] [-1 CENSYS_API_ID]
                  [-2 CENSYS_API_SECRET] [-r] [-u] [-a ASN] [-c COUNTRY]
                  [-O CERT_ORG] [-I CERT_ISSUER] [-z CERT_HOST]
                  [-S HTTP_SERVER] [-t HTML_TITLE] [-b HTML_BODY] [-T TAGS]
                  [-L LIMIT] [-D] [-v] [-H]
                  [arguments [arguments ...]]

positional arguments:
  arguments             Censys query

optional arguments:
  -h --help,   show this help message and exit
  
  -d DOMAIN, --domain DOMAIN, Domain to search.
  
  -s NAMESERVER, --server NAMESERVER,  DNS server to use.
  
  -x PROXY, --proxy, PROXY Use a proxy server when retrieving results from search engines (eg. '-x http://127.0.0.1:8080')
  
  -l LIMIT, --limit, LIMIT  Limit the number of search engine results (default: 100).
  
  -i MODE, --info MODE  Limit information gathering (basic,whois,dns,revdns,vhosts,google,bing,yahoo,ask,dogpile,yandex,censys,linkedin,twitter,googleplus,youtube,reddit,github,instagram,crt,pgp,netcraft,virustotal,dnsdump).
  
  -o BASENAME, --output BASENAME,   Output in the four major formats at once (markdown, txt, xml and html).
  
  -k API-KEY, --shodan-key API-KEY API key to use with Shodan search (MODE="shodan")
  
  -m MATCH, --match MATCH, Highlight a string within an existing query result
  
  -f FILTER, --filter FILTER Filter the JSON keys to display for each result (use value 'help' for interesting fields)
  
  --count,  Print the count result and exit
  
  -R REPORT, --report REPORT, Stats on given field (use value 'help' for listing interesting fields)
						
  -B REPORT_BUCKET, --report_bucket REPORT_BUCKET,  Bucket length in report mode (default: 50)
						
  -1 CENSYS_API_ID, --censys_api_id CENSYS_API_ID,  Provide the authentication ID for the censys.io search engine
  
  -2 CENSYS_API_SECRET, --censys_api_secret CENSYS_API_SECRET, Provide the secret hash for the censys.io search engine
						
  -r, --read_api_keys, Read the API Keys stored in api_keys.txt file. (e.g. '-i censys -r')
  
  -u, --update_api_keys, Update the API Keys stored in api_keys.txt file. (e.g. '-i censys -u')
						
  -a ASN, --asn ASN, Filter with ASN (e.g 5408 for GR-NET AS)
  
  -c COUNTRY, --country COUNTRY, Filter with country
  
  -O CERT_ORG, --cert-org CERT_ORG, Certificate issued to organization
  
  -I CERT_ISSUER, --cert-issuer CERT_ISSUER,  Certificate issued by organization
  
  -z CERT_HOST, --cert-host CERT_HOST,  hostname Certificate is issued to
						
  -S HTTP_SERVER, --http-server HTTP_SERVER, Server header
  
  -t HTML_TITLE, --html-title HTML_TITLE, Filter on html page title
  
  -b HTML_BODY, --html-body HTML_BODY,  Filter on html body content
  
  -T TAGS, --tags TAGS,  Filter on specific tags. e.g: -T tag1,tag2,... (use keyword 'list' to list usual tags
  
  -L LIMIT, --Limit LIMIT, Limit to N results ( this is for censys.io )
  
  -D, --debug, Debug informations
  
  -v, --verbose, Print raw JSON records
  
  -H, --html,  Renders html elements in a browser

---

Modes

• Basic Mode

  • Whois lookup
  • DNS queries
  • Reverse DNS Lookup
  • Bing Virtual Hosts

• Nongoogle Mode

  • Whois lookup
  • DNS queries
  • Reverse DNS Lookup
  • Bing Virtual Hosts
  • Search in Bing
  • Search in Yahoo
  • Search in ASK
  • Search in Dogpile
  • Search in Yandex
  • Search in Crt
  • Search in DNSdumpster
  • Search in Netcraft
  • Search in VirusTotal

---

Usage Examples

python gasmask.py -d example.com -i basic

python gasmask.py -d example.com -i dnsdump

python gasmask.py -d example.com -i shodan -k xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

python gasmask.py -d example.com -i whois,dns,revdns

python gasmask.py -d example.com -i basic,yahoo,github -o myresults/example_com_search_results

censys.io usage examples

python gasmask.py -i censys --Limit 10 nessus

python gasmask.py -i censys -I SAP --report location.country.raw --report_bucket 10

python gasmask.py -i censys --html-title "Hacked By" --Limit 10 --html

python gasmask.py -i censys --tags heartbleed --report location.country.raw

python gasmask.py -i censys -S NGINX --count

python gasmask.py -i censys -d example.com

python gasmask.py -i censys -t "Internal Server Error" -S Apache -m "HTTP 500" --Limit 15

Read the API Keys usage example - e.g in censys.io

python gasmask.py -i censys -r

Update the API Keys usage example - e.g in censys.io

python gasmask.py -i censys -u

---

Credits

• EmailHarvester
• theHarvester
• Sublist3r
• gelim

---