Sarenka : OSINT Tool Data From Services Like Shodan, Censys

SARENKA is an Open Source Intelligence (OSINT) tool which helps you obtaining and understanding Attack Surface.

The main goal is to gathering infromation from search engines for Internet-connected devices (https://censys.io/, https://www.shodan.io/). It scraps data about Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE) and also has database where CVEs are mapped to CWE.

It returns data about local machine – local installed softwares (from Windows Registry), local network information (python libraries, popular cmd commads).

For now application has also simple tools like hash calcualtor, shannon entropy calculator and very simple port scanner. More cryptography-math tools and reconnaissance scripts are planned.

Look

  • Realtion beetwen CWE and CVE – sarenka data feeder
    • Generating this file takes a long time e.g: 702.5641514
  • All CWE Ids with description

https://raw.githubusercontent.com/pawlaczyk/sarenka_tools/master/cwe_all.json

  • all CVE Ids with description

In progress

  • get all CVE Ids by CWE Id

In progress

Installation

  • Getting Started

Description in progress Sarenka is local web application for Windows.

  • Config

Rirst release gathers data from two search engines. example sarenka/backend/connectors/credentials.json

{   
    "censys": {
        "base_url": "https://censys.io/",
        "API_ID": "<my_user>",
        "Secret": "<my_api_key>",
        "API_URL": "https://censys.io/api/v1"
    },
    "shodan": {
        "base_url": "https://www.shodan.io/",
        "user": "<my_user>",
        "api_key": "<my_api_key>"
    }
}

Features

  • You can also:
    • calculate hashes based on user string
    • calculate shannon entropy based on user string
    • check is port open|closed (instead always use nmap if you can – it’s slow)
  • Suggestions are welcome
    • Whant some feature, other tool, library functionality?
    • Have any idea or question?
    • Don’t hesitate to contact .

Database

This is tricki part, because we have 863 sqlite3 database files: default, CWE-NONE (some CVE hasn’t cwe_id eg.: CVE-2013-3621) and 861 individual for CWEs

Tech

It uses a number of open source projects to work properly on:

And of course SARENKA itself is open source with a public repository on GitHub.

Planned Features

  • Rewrite documentation in English (end of 2021)
  • trello/ github instead of Jira
  • Cover 100% code by tests
  • typing backend
  • document all functions and class
  • Docker
  • online demo
  • Jenkins
  • GraphQL
  • Selenium Scrapers
  • More pentesting tools
  • Google Dorks
  • Abstract Algebra calculator
  • Number Theory calculator
  • Server certificate validator
  • tests on Linux
  • NLP
  • d3js visualizations
  • alterntive pure version in command lineS

CI/CD Tools

Tests

  • Tested on Windows 10
  • Tested on Kali Linux kali-rolling 2020.2
R K

Recent Posts

cp Command: Copy Files and Directories in Linux

The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…

1 week ago

Image OSINT

Introduction In digital investigations, images often hold more information than meets the eye. With the…

1 week ago

cat Command: Read and Combine File Contents in Linux

The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…

1 week ago

Port In Networking

What is a Port? A port in networking acts like a gateway that directs data…

1 week ago

ls Command: List Directory Contents in Linux

The ls command is fundamental for anyone working with Linux. It’s used to display the files and…

1 week ago

pwd Command: Find Your Location in Linux

The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…

1 week ago