Building Golang OSINT Tools: Username Finder (Go | OSINT | Cybersecurity)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

have you ever heard of osen osen stands for open source intelligence which involves the collection and Analysis of data gathered from open sources to produce actionable intelligence it's basically a way of using various sources on the internet to find information about any person place or thing I was messing with some ENT stuff and I found this repo that allows me to search any username and it'll tell you pretty much everywhere that that username happens to be used the Creator basically uses this big list of uh in a Json file right and this Json file consists of objects that include URLs these URLs are used to make HTTP calls and depending on the result of that HTTP call it'll represent this username as either existing or not existing each object contains other information as well but the only fields that we'll worry about is the URI check which stands for the site we want to check and the ecode which tells us the HTTP Response Code we should look at if the account exists so I want to write some go that calls each of these sites and tells me the result I think this is a really cool project for those of you that want to learn goang be exposed to a little bit of cyber security all at the same time and if we're going to create a new project of course we need some sort of name at first I thought go- user then I thought well at first this will be a CLI project so I don't really want to type go Dash user so I removed the dash that was go user with no dash which in my head sounded like Gooser so I went with Gooser cuz it made me laugh anyway let's get into the code all right first things first let's go ahead and take a look at the Json schema of this list that we're going to be actually working with this schema was found in the contributor documentation in that core repo that I was talking about earlier anytime you get involved with the open source project for those of you that are new read their contributor documentation uh even if you don't plan on contributing it'll give you some good information about how to navigate the code and all that good stuff now these are all of the fields that are within this array of sites that's contained within this Json file we're only going to pay attention to a few of those fields we're going to pay attention to the _ check the eode and the M code the UI check is really just the site that we're going to actually check against and it contains a template string that we need to replace with our own us username then we have the ecode that we need to use to check for a good HTTP response which usually they reply with like 200 something like that and then the M code which is the bad example of the HTTP response so like 44 or whatever so let's go ahead and initialize our project we're going to make a directory called Gooser CD into that directory then run a good old go mod a knit I named it the Goosey Gooser don't ask me why name it what you want and now we are going to get into our main so we're going to be using the flag package from the standard Library uh we're not going to use any additional like Frameworks or libraries for CLI stuff I'm going try and stick with the standard library that flag package has a flag. funk function which allows you to define the flag that you want second parameter is going to be the help documentation essentially and then you pass in a function and that's where we're going to put all of our logic it's really important to do that flag. parse at the bottom if you don't do that then you know all the flags won't work and you need to do that after you register all your flags first thing we're going to do in this function is just check if the value we pass in is empty string give them a little error like hey you know you didn't pass me a value give me that sweet sweet value and I put a couple comments in here just to kind of outline what we need to do next we we want to get a list of the sites out of that Json files so we're going to like download that file and then we're going to check if the user is a part of that site and we'll make a couple functions to actually do that those functions that we're going to create is get sitemap and check sites so we're going to get that site map we're going to download it and then we're going to check all the sites against that file that we downloaded so let's go ahead and Define these functions first I want to do is site map I'm going to define a couple constant variables at the top one with a link to the actual Json file the raw version and next the name of the file which we're just going to keep the same name that was in the repo then if you look at the definition of my function you can see that I'm returning two things this what's my name data structure and an error but we haven't defined what's by name yet so let's go ahead and Define that bad boy all right so this struct was actually made from that Json schema that we talked about at the beginning and if you want to like take Json and make it into into a goang struct you can use something like the link that I have up there to do that it's pretty simple you can also work with this in an unstructured way but it just makes stuff a little harder there are some libraries out there too that kind of allow you to do some Dynamic parsing into structures and things like that but for this we're just going to predefine it which is pretty much what I see mostly people talking about anyway but I just wanted you guys to know that there are those options so if you look at the contributor documentation and you look at the Json file that we're actually downloading you'll see that this maps with those fields and values first things first we're going to create a file that we're going to store our data in I'm doing that here using os. Create next we're going to actually use the URI constant that we Define at the top to do an HTTP git on that so we can get access to the data that we want to store in our file the next thing that we're going to do is take the data that we got from making the HTTP gate call which is raw Json and we're going to copy that into the file that we created which is this out variable here after that copy is done we're going to open the file again which now contains all of our sitemap data so that we can do some stuff with it that stuff that we want to do with it is just read our file and then Marshall that Json into our data structure that we defined earlier that gives us the ability to work with this data a lot easier and by the way that iio util . readall that's actually deprecated now it's just io. readall now that we've defined that function we can go ahead and go down to our main function again inside the flag which contains our function that has all of our logic and call get sitemap and now that we have all of that side data in that result we can pass that to our check sites function which we haven't defined yet and go through and check if each site is a hit or a miss so we Define our check sites function which takes in the what's my name data structure containing our sites that we need to check and the flag that we pass in which is the username first things first let's get a little structure I'm going to create a hits slice here which is just going to contain a series of sites that gave us a good response then we're going to Loop through all of our sites run a few checks inside that Loop to see if it's a hit or miss and at the end we're going to return our hits now that we're inside our loop we're actually going to substitute that account string that's inside all of our uis if you look inside the wn- dat. Json you'll see this string and we want to replace that with our username that we're passing in via the CLI which is the next argument to the function that we're actually passing in and the final argument is just saying how how many times we want to do that and we want to do that one time now that we have our URI all configured right we're going to run a get on that URI do a normal errow handling that we always have to do and based on what response we get we will see if it's a hit or a miss and add it to our hit slice or not this is where the ecode and the M code we were talking about earlier come into play where I check my response status code against what would be expected from that site as a a hit or a Miss now all we have to do is call check sites in our flag definition and we're good to go you can check out all the code in my GitHub I have that linked below if you learn anything like subscribe all that fun stuff it really helps the channel I appreciate you and see you in the next one

Info

Channel: Gerald Yerden II

Views: 245

Rating: undefined out of 5

Keywords:

Id: NpmcvNZBKfU

Channel Id: undefined

Length: 8min 46sec (526 seconds)

Published: Thu Dec 21 2023