Belati is Indonesian for a dagger. Similarly in Python, it is also an open source OSINT tool that help you collect public data & documents from a targeted website or other services. It is inspired by FOCA and DataSploit, both tools that I earlier covered on the PenTestIT blog.
What is Belati?
Belati is an open source tool coded in Python that helps you to collect public data & documents from a targeted website and other services for OSINT purposes. It requires the following libraries: dnspython, requests, argparse, texttable, python-geoip-geolite2, python-geoip, dnsknife, termcolor, colorama, validators, tqdm, tldextract, fake-useragent, python-wappalyzer, future, beautifulsoup4, python-whois, futures. It starts by collecting Whois information to check the ownership of a website/domain. This data can include the domain administrators phone number, e-mail address, physical address, etc. Then, it moves on to perform HTTP banner grabbing to check the web server which helps you know the web server in use along with the HTTP headers. Belati then leverages sublist3r to find the sub-domain data along with GeoIP support.
- Whois (Indonesian TLD Support)
- Banner grabbing.
- Sub-domain enumeration.
- Service scanning for all sub-domain machines.
- Wappalyzer support.
- DNS mapping/Zone scanning.
- Mail harvester from website & search engines.
- Mail Harvester from MIT PGP public key server.
- Scrapping of public documents for the domain from search engines.
- Fake and random User-Agent.
- Proxy support for harvesting emails and documents.
- Public GIT finder in domain/sub-domain.
- Public SVN finder in domain/sub-domain.
- Robot.txt scraper in domain/sub-domain.
- Gather public company & employee information.
- SQLite3 database support for storing results.
- Setup wizard/configuration for Belati.
Though this open source script draws inspiration from other tools such as FOCA and DataSploit, in it’s current version a lot of things are hard-coded and not really dynamic in nature. But, I’m sure that since this still is a work in progress, it will get better. Infact, the author is actively looking into adding crazy load of features soon. For example, features such as automatic OSINT with username and email support, data enumeration from e-mails and sources such as LinkedIn, much needed metadata extractor, etc. are in the works. I like the addition of a Python wrapper for Wappalyzer, to uncover the technologies used on websites.
Since it is a Python application not much is needed – just a compliant *NIX system. More information about Belati v.0.2.1-dev here.