Kali Linux

Scrummage : The Ultimate OSINT And Threat Hunting Framework

Scrummage is an OSINT tool that centralises search functionality from powerful, yet simple OSINT sites. This project draws inspiration mainly from two other projects, including:

  • The Scumblr project, which while is now deprecated, inspired this concept.
  • The OSINT Framework project, which is a visualisation tool, depicting a range of sites that can be used to search for a variety of things.

While at first glance the web application may not look all that different when compared to Scumblr, the copious amounts of plugins this tool comes with is mainly what makes this project unique, where the provided Python/Flask web application is just a simple, lightweight, and scalable way of providing users with the ability to manage large pools of results. The other main benefit this projects brags is a much simpler installation process, which is kept up to date, compared to Scumblr which is now deprecated.

Any feedback is welcome.

An Overview Of The Web Application

Some of the Many Available Scrummage Plugins

  • Blockchain Search
  • Domain Fuzzer
  • Twitter Scraper
  • Instagram Search
  • Have I Been Pwned Search
  • Ahmia Darkweb Search
  • IP Stack Search
  • Threat Crowd Search
  • Yandex and Naver Search
  • Vkontakte Search
  • Vulners Search
  • Built With Search
  • YouTube Search
  • Many more… Refer to the wiki page here for the full list.

Dashboard

The dashboard is the home screen which the application directs a user to when they log in. It provides a high-level chart which shows the amount of each results based on their result type. It does this for each kind of finding. However, if a graph doesn’t load, this is most likely due to none of the results being in that category, I.e if there are no closed results, no graph will appear under “Overview of Closed Results”.

Events

The events page shows anything that changes within the web application, from logins, to failed login attempts, to any actions performed against a task. This assists with understanding what has recently been happening in the web app, and can assist in matters such as detecting brute-force login attempts or tracking down who altered a task.

Note: This page only loads the latest 1000 events, for optimisation of the web application.

Results

The results page, simply shows results that have been created by a task. The results table shows the basic metadata of the result, but also provides a “Details” button which can be used to investigate the result further. As mentioned all results have some kind of output file, if a result is a link the file will be a copy of the HTML of the page. Furthermore screenshot functionality is provided to assist in keeping a photographic record of a result. Both the output and screenshot file will be deleted if the result is deleted.

Note: This page only loads the latest 1000 results, for optimisation of the web application.

For optimisation purposes, the results table only displays some of the general information regarding a result, to investigate a result further, the user should use the Details button. The details page allows the user to view the soft copy of the result’s link and provides the ability for a user to generate a screenshot.

Tasks

The tasks page shows all created task, and provides the ability for the user to run each task. This page doesn’t have a limit on tasks; however, don’t go crazy creating tasks, you can always add a list to a task, rather than having the same task created multiple times for one search. So really you shouldn’t have any more than 50 tasks. Tasks have caching and logging for each which can be found in the “protected/output” directory under the tasks name, ex. Google Search is called “google”. If you need to remove the cache, you can edit/delete the appropriate cache file.

All the plugins are open-source, free to individuals, just like the rest of the code. Furthermore, feel free to use the pre-existing libraries used in other plugins. If you are creating or editting a plugin, make sure to understand that when you run it for the first time, the web app may reload to reload the python cache. This is normal.

Account Settings

This page changes according to the user’s privileges, if a user is an admin, they have the ability to change their password as well as other user’s passwords, they can block and unblock users, demote and promote users’ privileges, and of course create new users and delete existing users.
Additionally users with administrative privileges can check and edit input, output, and core configuration of the tool.
The account page looks as per below for administrative users:

The account page looks as per below for non-administrative users:

Identities

This concept was introduced in v3.6 of the Scrummage platform, this page is not to be confused with the Account Settings page. Account Settings is for managing users of the Scrummage platform itself, identities, is an entirely optional feature, where if rows are present, the information within can be used when executing tasks.
This is the main page, depicting a table with a faux identity created for documentation purposes:

Identities can be created one of three ways:

  • Individual creation (Use the “Create Identity” function.)
  • Bulk upload of identities (Use the “Bulk Upload” function.)
  • If you have an IDM system in place, you are welcome to onboard straight to the Scrummage database, under the org_identities table. This will help streamline and maintain your list of identities effectively.
R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

10 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

10 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

2 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago