As far as I know there are lots of OSINT(Open-source Intelligent) tools out there ready to be used for different information
gathering purposes. Some can be used on the web online or others can be installed and used on your PC,
some to the same thing, while others slightly do different things all in all they can't be used to gather information from the web.
Perhaps you have heard of theHarvester and Datasploit All are OSINT tools written in one programming language Python.
Today am going to show some basic difference between this tool popular OSINT tool.
Today am going to show some basic difference between this tool popular OSINT tool.
theHarvester
theHarvester is a very simple, yet effective tool designed to be used in the early stages of a penetration test. It can be used
for open source intelligence gathering and helping to determine a company's external threat landscape on the internet.
Some of the features of theharvester include;
for open source intelligence gathering and helping to determine a company's external threat landscape on the internet.
Some of the features of theharvester include;
- Email finder
- Subdomain finder
- Basic port scanner
- Social profile finder
- Virtual host finder
Datasploit
A tool to perform various OSINT techniques, aggregate all the raw data, visualize it on a dashboard, and facilitate
alerting and monitoring on the data.
alerting and monitoring on the data.
Public source comparison
Integrations
Many python tools can easily integrate with other tools written and designed for python, now we
want to look into the simplicity of integration for both theharvester and datasploit.
want to look into the simplicity of integration for both theharvester and datasploit.
One of the things hindering datasploit integration is it support for an old version of python that is
python2, we all know that python2 is coming to it’s end of life(EOL) in january of 2020.
As for theharvester it is written in python 3 and it supports all latest python3 features that’s a
win win for theharvester
Using theharvester in other python3 scripts
import theHarvester
from theHarvester.discovery import baidusearch
from theHarvester.discovery import bingsearch
from theHarvester.discovery import dnsdumpster
from theHarvester.discovery import googlesearch
#....and more....
# or
# from theHarvester.discovery import *
baidu = baidusearch.SearchBaidu("nmmapper.com", 100)
baidu.do_search()
# Each discovery engine has it's own method
# not all have get_emails
emails = baidu.get_emails()
hostnames = baidu.get_hostnames()
# That's how you can use theHarvester in any other python3 module.
That is how we managed to integrate theharvester online It’s really easy to integrate it with any
python3 scripts for automation
python3 scripts for automation
Using datasploit in other python2.7 script
import datasploit
data = datasploit.username.username_gitscrape.main(“latest-release”)
datasploit.username.username_gitscrape.output(data)
It has support for python2 we want to integrate this tool also on our online service,
at https://www.nmmapper.com As you can see the difference, they can both support integration
with other python scripts in appropriate python versions.
Both tools can be used as stand alone scripts, in fact that’s their main design to be used in stand
alone instead of integration like modules.
alone instead of integration like modules.
Notable features of Datasploit
There are unique features that datasploit has, that theharvester does not seem to have.
With datasploit you can scrounge the following information unique to itself;
With datasploit you can scrounge the following information unique to itself;
- Phone number
- Bitcoin addresses
This is unique to datasploit alone, this makes it stand out from there OSINT tool competition.
As an addition, you can even generate reports in HTML and JSON format along with text files.
In conclusion it seems that theharvester has an upper hand because of it’s latest support for python3
Comments
Post a Comment