OSRFramework — Open Source Research Framework
OSRFramework is an awesome open-source OSINT tool. This is a set of libraries to perform Open Source Intelligence tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regular expressions extraction, and many others. This is a very good information gathering framework for gathering information against corporate sectors as well as an individual.
Introduction & Installation
OSRFramework didn’t comes pre-installed on our Kali Linux system but we can install it easily with Kali Linux repository. To install it we need to run following command on our Kali Linux terminal, sudo apt install osrframework. But this osrframework is the older version, some things not properly works.
The newer version is available on PyPI, to use this we need to use pip install command.
Before installing, let us know some details about this framework. OSRFramework have some tool set, we can use them in order to collect information from various sources. They are following:
- Domainfy: Checks whether domain names that use words and extensions are available.
- Mailfy: Gets information about emails taken as a reference either a nickname (to generate a list of possible emails) or the email list.
- Chechfy: Guesses possible emails based on a list of candidate nicknames and a pattern.
- Phonefy: Recovers information about mobile phones linked to known spam practices.
- Searchfy: Finds profiles linked to a full name.
- Usufy: Identifies social media profiles using a given nickname.
- Alais_generator: Find a person from all over the internet.
So first of all we need to update our system by using following command:
Then we need to install python3-pip and python-setuptoools by using followinng command:
Now we are ready to install OSRFramework. To install it we run following command on our terminal:
The above command will clone OSRFramework on our system as we can see on the following screenshot:
This command will start installing OSRFramework, it might take couple of minutes to finish it depending on our internet connection speed.
Now we are ready to run it. We can check help of every component or modules by putting the module name with -h flag on our terminal. For an example for checkfy help we can type checkfy.py -h on our terminal to check checkfy’s help.
In this detailed article we are going to cover all these modules on OSRFramework. Let’s start.
Domainfy
By using domainfy we can gain information about domains. This framework will begin querying whois and provide the results in a table format after a few seconds. In our example, we have used the following command:
On the following screenshot we can see the information table of domain called “google”.
We also can use -t option to check all the domain extension for a domain name. For an example if we want to look for websites available for “kali” name.
We need to use following command:
On the following screenshot we can see that all the domains available with this name.
Usufy
If we know an username of someone then we can search it on everywhere (all over the social media sites) by using usufy module. For an example we know an username “KaliLinux_in”, so we need to run following command on our terminal to hunt this username:
Then it will start searching this username on more than 200 social media sites. In our case it took more then 4 minutes (Sherlock might be faster then usufy). In the following screenshot we can see it got our Twitter (follow to get updated) handle.
It also saves the output file on our home directory.
Mailfy
we can attempt to obtain the email addresses of a given search string. In this example, we are attempting to discover email addresses that contain the “kalilinux” string, which has been used on various websites on the internet. We can begin by using the following command:
In the following screenshot we can see that mailfy havegot some email address on the internet:
It also check the founded mails on social media platforms.
Searchfy
By using the Searchfy module on OSRFramework we can check for a string all over the OSRFramework, a name, a domain, social media profile etc. We need to use it with -q flag. For an example we search for “Elon Musk” by using following command:
On the following screenshot we can see lots of results comes in:
Here one thing, Elon Musk is famous personality we may encounter with many fake profiles on the internet.
Phonefy
We can check telephone number leakage is simple with Phonefy in OSRFramework. We can run it by using following command:
In the following screenshot we can see that here is some results as link about this phone number.
But personally we think WhitePages are batter then this for searching a phone number.
Alias_Generator
Alias_generator is a module that tries to generate possible user names based on personal information. It works in interactive mode (no need flags), so lets run it by using following command:
Then it will ask us some information about our target like,
- Name.
- First surname.
- Second surname.
- A Year (ex Birthyear).
- Insert a city.
- Country.
- Some extra words.
If we leave a point blank we need to just press enter to skip it. In the following screenshot we have searched for someone’s username:
On the above screenshot we have a list with possible usernames. We can search this usernames on social media using Sherlock or usufy.
Final Talks
We need to have latest Python and pip installed on our system to run OSRFramework. To upgrade this framework we need to run following command:
As we have seen, OSRFramework is another very powerful tool within the Kali Linux platform. Using a tool such as this can save us a lot of time during our information-gathering process.
Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.