Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to use Scylla to collect OSINT information". In daily operation, I believe many people have doubts about how to use Scylla to collect OSINT information. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to use Scylla to collect OSINT information". Next, please follow the editor to study!

About Scylla

Scylla is an OSINT tool based on Python 3.6.The Scylla can help researchers perform advanced searches on Instagram and Twitter accounts, websites / web servers, phone numbers and names. In addition, Scylla allows researchers to find all social media profiles associated with a particular user name (which supports mainstream platforms). It is worth mentioning that Scylla also supports the Shodan engine, so we can also use Scylla to search for Internet of things devices, and it also has a very professional geolocation function. Scylla comes with a finance-related module that helps researchers check whether credit / debit card numbers were leaked during data breaches and return information on credit card / bank identification codes.

Tool installation

The majority of researchers can use the following commands to clone the project source code locally and complete the dependent component configuration of the tool:

Git clone https://www.github.com/DoubleThreatSecurity/Scyllacd Scyllasudo python3-m pip install-r requirments.txtpython3 scylla.py-use of the help tool

The following command returns account information for the specified Instagram and Twitter accounts:

Python3 scylla.py-instagram davesmith-twitter davesmith

The following command returns all social media account information related to the specified user name (mainstream platforms are supported):

Python3 scylla.py-username johndoe

The following command repeats the second command, but it also performs a deep Google search (the-l argument). Note that when searching for a query with spaces, be sure to add an equal sign in quotation marks followed by a query statement. If you don't add spaces, you should search like this:

Python3 scylla.py-- username johndoe-l query

The following command returns key WHOIS information about the Web server / website:

Python3 scylla.py-info google.com

The following command will export information about the specified mobile phone number (including carrier and geographic location, etc.):

Python3 scylla.py-r + 1416777777777

The following command exports the IP addresses of all Apache servers that Shodan can search for, where the API key is required:

Python3 scylla.py-s apache

The following command exports the IP addresses and ports of all open webcams on the Internet, which shodan can obtain based on your API key. You can also use only webcam queries, but using webcamxp will return more detailed results:

Python3 scylla.py-s webcamxp

The following command gives geolocation information for the specified IP address, which returns longitude and latitude, city, state, country, postal code, and region information:

Python3 scylla.py-g 1.1.1.1

The following command retrieves the IIN information of the entered credit / debit card number and checks whether the credit / debit card number was leaked in the data breach event. Scylla will return the card brand, card scheme, card type, currency, country, and bank information for the IIN. Note: if you want to see if there is a leak, please enter the full card number. If you only want to check the first 6-8 digits (i.e. bank identification code / PIN), just enter the first 6, 7 or 8 digits of your credit / debit card number. Finally, all this information generated is public because it is an OSINT tool and cannot generate any information that reveals details. This prevents malicious use:

Python3 scylla.py-c 123456789123456 tool run menu usage: scylla.py [- h] [- v] [- ig INSTAGRAM] [- tw TWITTER] [- u USERNAME] [--info INFO] [- r REVERSE_PHONE_LOOKUP] [- l LOOKUP] [- s SHODAN_QUERY] [- g GEO] [- c CARD_INFO] optional arguments:-h,-- help show this help message and exit-v -version returns scyla's version-ig INSTAGRAM,-- instagram INSTAGRAM return the information associated with specified instagram account-tw TWITTER,-- twitter TWITTER return the information associated with specified twitter account-u USERNAME -- username USERNAME find social media profiles (main platforms) associated with given username-- info INFO return information about the specified website (WHOIS) w / geolocation-r REVERSE_PHONE_LOOKUP -- reverse_phone_lookup REVERSE_PHONE_LOOKUP return information about the specified phone number (reverse lookup)-l LOOKUP,-- lookup LOOKUP performs a google search of the 35 top items for the argument given-s SHODAN_QUERY -- shodan_query SHODAN_QUERY performs an an in-depth shodan search on any simple query (i.e, 'webcamxp',' voip', 'printer',' apache')-g GEO,-- geo GEO geolocates a given IP address. Provides: longitude, latitude, city, country, zipcode, district, etc.-c CARD_INFO,-- card_info CARD_INFO check if the credit/debit card number has been pasted in a breach...dumps sites. Also returns bank information on the IINAPI correlation

The API included in the project for reverse phone number lookup only supports a maximum of 250 requests, and the free version is sure to run out. If you want to continue generating API keys, visit https://www.numverify.com and choose a free scheme after creating an account. At this point, you need to open the scylla.py file and replace the original API key in it.

License agreement

The development and release of this project follows the MIT open source license agreement.

Project address

Scylla: https://github.com/DoubleThreatSecurity/Scylla

At this point, the study on "how to use Scylla to collect OSINT information" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.