changedetection.io-osint-processor 0.0.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. changedetection_io_osint_processor-0.0.1.dist-info/METADATA +274 -0
  2. changedetection_io_osint_processor-0.0.1.dist-info/RECORD +29 -0
  3. changedetection_io_osint_processor-0.0.1.dist-info/WHEEL +5 -0
  4. changedetection_io_osint_processor-0.0.1.dist-info/entry_points.txt +2 -0
  5. changedetection_io_osint_processor-0.0.1.dist-info/licenses/LICENSE +661 -0
  6. changedetection_io_osint_processor-0.0.1.dist-info/top_level.txt +1 -0
  7. changedetectionio_osint/__init__.py +22 -0
  8. changedetectionio_osint/forms.py +289 -0
  9. changedetectionio_osint/plugin.py +37 -0
  10. changedetectionio_osint/processor.py +655 -0
  11. changedetectionio_osint/steps/__init__.py +4 -0
  12. changedetectionio_osint/steps/base.py +76 -0
  13. changedetectionio_osint/steps/bgp.py +88 -0
  14. changedetectionio_osint/steps/dns.py +147 -0
  15. changedetectionio_osint/steps/dns_scan.py +88 -0
  16. changedetectionio_osint/steps/dnssec.py +260 -0
  17. changedetectionio_osint/steps/email_security.py +236 -0
  18. changedetectionio_osint/steps/http_fingerprint.py +359 -0
  19. changedetectionio_osint/steps/http_scan.py +31 -0
  20. changedetectionio_osint/steps/mac_lookup.py +209 -0
  21. changedetectionio_osint/steps/os_detection.py +245 -0
  22. changedetectionio_osint/steps/portscan.py +113 -0
  23. changedetectionio_osint/steps/registry.py +49 -0
  24. changedetectionio_osint/steps/smtp_fingerprint.py +517 -0
  25. changedetectionio_osint/steps/ssh_fingerprint.py +310 -0
  26. changedetectionio_osint/steps/tls_analysis.py +332 -0
  27. changedetectionio_osint/steps/traceroute.py +127 -0
  28. changedetectionio_osint/steps/whois_lookup.py +125 -0
  29. changedetectionio_osint/steps/whois_scan.py +123 -0
changedetection_io_osint_processor-0.0.1.dist-info/METADATA ADDED
@@ -0,0 +1,274 @@
1
+ Metadata-Version: 2.4
2
+ Name: changedetection.io-osint-processor
3
+ Version: 0.0.1
4
+ Summary: OSINT Reconnaissance Processor for changedetection.io with Email Security, DNSSEC, SSH & SMTP
5
+ Home-page: https://github.com/dgtlmoon/changedetection.io
6
+ Author: changedetection.io contributors
7
+ License: AGPL-3.0
8
+ Keywords: osint reconnaissance dns dnssec spf dmarc dkim whois ssl tls ssh smtp port-scan changedetection monitoring email-security
9
+ Classifier: Development Status :: 5 - Production/Stable
10
+ Classifier: Intended Audience :: System Administrators
11
+ Classifier: Intended Audience :: Information Technology
12
+ Classifier: Topic :: Internet :: WWW/HTTP :: Site Management
13
+ Classifier: Topic :: System :: Monitoring
14
+ Classifier: Topic :: System :: Networking :: Monitoring
15
+ Classifier: License :: OSI Approved :: GNU Affero General Public License v3
16
+ Classifier: Programming Language :: Python :: 3
17
+ Classifier: Programming Language :: Python :: 3.10
18
+ Classifier: Programming Language :: Python :: 3.11
19
+ Classifier: Programming Language :: Python :: 3.12
20
+ Requires-Python: >=3.10
21
+ Description-Content-Type: text/markdown
22
+ License-File: LICENSE
23
+ Requires-Dist: dnspython>=2.0.0
24
+ Requires-Dist: python-whois>=0.8.0
25
+ Requires-Dist: sslyze>=6.0.0
26
+ Requires-Dist: requests>=2.26.0
27
+ Requires-Dist: mac-vendor-lookup>=0.1.12
28
+ Requires-Dist: cryptography<45,>=43
29
+ Requires-Dist: python-socks[asyncio]>=2.0.0
30
+ Dynamic: author
31
+ Dynamic: classifier
32
+ Dynamic: description
33
+ Dynamic: description-content-type
34
+ Dynamic: home-page
35
+ Dynamic: keywords
36
+ Dynamic: license
37
+ Dynamic: license-file
38
+ Dynamic: requires-dist
39
+ Dynamic: requires-python
40
+ Dynamic: summary
41
+
42
+ # πŸ” OSINT Reconnaissance Changedetection.io Processor Agent
43
+
44
+ > **Comprehensive network intelligence and security monitoring leveraging changedetection.io**
45
+
46
+ **Monitor your infrastructure for unexpected changes.** Detect unauthorized modifications to SSL/TLS certificates, DNS records, BGP routing, open ports, WHOIS registration details, HTTP security headers, and TLS cipher configurations. Perfect for security teams, DevOps engineers, SRE teams, and OSINT practitioners who need continuous visibility into their infrastructure's security posture. Get instant notifications when certificates are about to expire, DNS records change, new vulnerabilities appear, or network paths are reroutedβ€”before they become security incidents or outages.
47
+
48
+ Use the existing text filters built into [changedetection.io](https://github.com/dgtlmoon/changedetection.io) to trim out information you don't need and keep only what's relevant to you. Easily connect change alerts to Discord, Slack, email, and 90+ other notification backends, leveraging the awesomeness of changedetection.io's powerful notification system.
49
+
50
+ ## ✨ Features
51
+
52
+ **Network Intelligence**
53
+ - DNS Records (A, AAAA, MX, NS, TXT, SOA, CAA)
54
+ - DNSSEC Validation (cryptographic signatures, chain of trust)
55
+ - WHOIS Lookup (registration, nameservers, expiry)
56
+ - BGP/ASN Info (ISP, network ownership)
57
+ - Traceroute (network path analysis)
58
+ - MAC Address (vendor identification via IEEE OUI)
59
+
60
+ **Email Security**
61
+ - SPF Records (Sender Policy Framework anti-spoofing)
62
+ - DMARC Records (email authentication policy)
63
+ - DKIM Records (email signature verification)
64
+ - Email security posture assessment
65
+
66
+ **Security Analysis**
67
+ - SSL/TLS Certificates (subject, issuer, validity, SANs)
68
+ - Cipher Suites (SSL 2.0 β†’ TLS 1.3)
69
+ - Vulnerability Scanning (Heartbleed, ROBOT, CCS Injection, CRIME, etc.)
70
+ - HTTP Security Headers (HSTS)
71
+ - SSH Fingerprinting (banner, version, host keys, algorithms)
72
+ - SMTP Security (encryption, authentication methods)
73
+
74
+ **Application Layer**
75
+ - HTTP Fingerprinting (headers, cookies, redirects, CDN/WAF detection)
76
+ - Port Scanning (common service ports)
77
+ - OS Detection (TTL-based fingerprinting)
78
+ - SSH Server Analysis (port 22)
79
+ - SMTP Server Analysis (ports 25, 587, 465)
80
+
81
+ **Performance**
82
+ - Parallel Mode (4-5x faster scans)
83
+ - Serial Mode (safer, easier to debug)
84
+ - Configurable modules (enable/disable any scan)
85
+ - Real-time status updates
86
+
87
+ _Example settings_
88
+
89
+ <img src="docs/osint-changedetection-settings.png" style="max-width: 500px;" alt="OSINT changedetection.io settings page example" title="OSINT changedetection.io settings page example">
90
+
91
+ #### Pro-tips:
92
+ - Use the _"Only trigger when unique lines appear in all history"_ text filter setting to limit to new events
93
+ that has not been seen before (ignores text moving around like IP addresses in a pool).
94
+
95
+
96
+ ## πŸ“¦ Installation
97
+
98
+ This processor agent is only used with changedetection.io
99
+
100
+ ### `docker-compose.yml` based installations.
101
+
102
+ Uncomment and/or add this package to the `EXTRA_PACKAGES` var in `docker-compose.yml` of your changedetection.io installation.
103
+
104
+ ```
105
+ environment:
106
+ - EXTRA_PACKAGES=changedetection.io-osint-processor
107
+ ```
108
+
109
+ `EXTRA_PACKAGES` is a space-separated list of extra packages to add at startup time to changedetection.io.
110
+
111
+ ### Standalone pip3 installations.
112
+
113
+ ```bash
114
+ pip3 install changedetection.io-osint
115
+ ```
116
+
117
+ **⚠️ Note:** Requires `cryptography>=43,<45` for sslyze compatibility.
118
+
119
+ ### πŸ”’ SOCKS5 Proxy Support
120
+
121
+ The OSINT processor supports **SOCKS5 proxies** for enhanced privacy and anonymity. This is perfect for:
122
+ - πŸ§… **Tor onion routing** (`socks5h://127.0.0.1:9050`)
123
+ - πŸ›‘οΈ **Anonymous reconnaissance** without exposing your IP
124
+ - 🌍 **Geolocation bypass** via SOCKS5 proxy servers
125
+ - πŸ” **Privacy-focused monitoring** of sensitive targets
126
+
127
+ #### ⚠️ **CRITICAL SECURITY WARNING: DNS Leaks**
128
+
129
+ **Always use `socks5h://` (not `socks5://`) to prevent DNS leaks!**
130
+
131
+ - βœ… `socks5h://127.0.0.1:9050` - Remote DNS resolution (secure)
132
+ - ❌ `socks5://127.0.0.1:9050` - Local DNS resolution (**LEAKS YOUR QUERIES**)
133
+
134
+ The `h` in `socks5h://` forces hostname resolution through the SOCKS5 proxy, preventing your DNS queries from leaking to your local DNS server.
135
+
136
+ **What we do to prevent leaks:**
137
+ - DNS scans use TCP (port 53) through SOCKS5 - **no local DNS**
138
+ - HTTP scans skip local DNS resolution when proxy is configured
139
+ - SSH/SMTP pass hostnames to proxy - **remote DNS only**
140
+ - If SOCKS5 connection fails, we **block the request** (no fallback to direct connection)
141
+
142
+ **Without these protections**, your real IP and DNS queries would be exposed even when using a proxy!
143
+
144
+ **Supported Steps**:
145
+
146
+ | Step | SOCKS5 Support | Notes |
147
+ |------|----------------|-------|
148
+ | DNS Records | βœ… Supported | Uses DNS-over-TCP (port 53) through SOCKS5 |
149
+ | HTTP Fingerprinting | βœ… Supported | Full proxy support via requests library |
150
+ | SSH Fingerprinting | βœ… Supported | TCP connections proxied via python-socks |
151
+ | SMTP Fingerprinting | βœ… Supported | MX server scans through SOCKS5 proxy |
152
+ | DNSSEC Validation | ⚠️ Partial | DNS-over-TCP possible (not yet implemented) |
153
+ | Email Security (SPF/DMARC/DKIM) | ⚠️ Partial | DNS-over-TCP possible (not yet implemented) |
154
+ | WHOIS Lookup | ⚠️ Partial | TCP port 43 compatible (library limitation) |
155
+ | TLS Analysis | ⚠️ Partial | TCP-based but SSLyze doesn't support SOCKS5 |
156
+ | Port Scanning | ❌ Not supported | Raw socket connections |
157
+ | Traceroute | ❌ Not supported | ICMP/UDP packets incompatible |
158
+ | BGP/ASN Info | ❌ Not supported | API lookups (not yet implemented) |
159
+ | OS Detection | ❌ Not supported | Raw socket fingerprinting |
160
+ | MAC Address Lookup | ❌ Not supported | Layer 2 local network only |
161
+
162
+ **Note**: When a SOCKS5 proxy is configured, unsupported steps are automatically skipped and listed in the scan output.
163
+
164
+ **⚠️ Important**: Only SOCKS5 proxies are supported. HTTP/HTTPS proxies will be rejected with an error message.
165
+
166
+ ## πŸš€ Quick Start
167
+ <img src="docs/osint-use.png" style="max-width: 500px;">
168
+
169
+ 1. Create a watch with URL: `https://example.com`
170
+ 2. Select processor: **OSINT Reconnaissance**
171
+ 3. Configure OSINT Settings (optional):
172
+ - DNS Server: 8.8.8.8 (or 1.1.1.1, 9.9.9.9)
173
+ - Scan Mode: Serial or Parallel
174
+ - Enable/Disable modules as needed
175
+
176
+ ## πŸ“Š Sample Output
177
+
178
+
179
+ <img src="docs/osint-example-difference.png" style="max-width: 500px;" alt="Difference detected to IP address, routers, DNS etc" title="Difference detected to IP address, routers, DNS etc">
180
+
181
+ ```
182
+ Target: https://example.com
183
+ Hostname: example.com
184
+ IP Address: 93.184.216.34
185
+ Reverse DNS: example.com.
186
+
187
+ === BGP / ASN Information ===
188
+ ASN: 15133
189
+ Organization: Edgecast Inc.
190
+ Country: US
191
+
192
+ === DNS Records ===
193
+ A Records: 93.184.216.34
194
+ AAAA Records: 2606:2800:220:1:248:1893:25c8:1946
195
+ NS Records: a.iana-servers.net., b.iana-servers.net.
196
+
197
+ === SSL/TLS Analysis (SSLyze) ===
198
+ Certificate: CN=www.example.org
199
+ Issuer: DigiCert TLS RSA SHA256 2020 CA1
200
+ Valid: 2024-01-30 β†’ 2025-03-01
201
+ Status: βœ“ Valid
202
+
203
+ === TLS Security Vulnerability Report ===
204
+ Status: βœ“ All checks passed
205
+ βœ“ Secure: Heartbleed (CVE-2014-0160)
206
+ βœ“ Secure: ROBOT Attack
207
+ βœ“ Secure: OpenSSL CCS Injection
208
+ βœ“ HSTS: 31536000 seconds
209
+ ```
210
+
211
+ ## 🎯 Use Cases
212
+
213
+ **Security Monitoring**
214
+ - Certificate expiry alerts
215
+ - Vulnerability detection (TLS/SSL)
216
+ - DNS hijacking detection
217
+ - TLS configuration monitoring
218
+
219
+ **Infrastructure Tracking**
220
+ - IP address changes
221
+ - Nameserver updates
222
+ - Network path changes (traceroute)
223
+ - ASN migrations
224
+
225
+ **Compliance & Audit**
226
+ - TLS standards compliance
227
+ - Security headers monitoring
228
+ - Port exposure tracking
229
+ - Certificate transparency
230
+
231
+ ## βš™οΈ Configuration
232
+
233
+ **Scan Modes**
234
+ - **Serial (Default):** Safer, easier to debug, 30-60s typical
235
+ - **Parallel:** 4-5x faster, higher resource usage, 10-20s typical
236
+
237
+ **Module Selection**
238
+ - Fast Scan (15-20s): DNS, WHOIS, HTTP, basic TLS
239
+ - Comprehensive Scan (60-90s): All modules + vulnerability + port scanning
240
+
241
+ **DNS Servers:** 8.8.8.8 (Google), 1.1.1.1 (Cloudflare), 9.9.9.9 (Quad9)
242
+
243
+ ## πŸ”§ Advanced Features
244
+
245
+ - **Auto-discovery:** Automatically includes new sslyze vulnerability checks
246
+ - **IP Detection:** Auto-detects IPv4/IPv6, skips DNS when needed
247
+ - **Real-time Status:** Live scan progress updates
248
+ - **Configurable:** Per-module enable/disable controls
249
+
250
+ ## πŸ› Troubleshooting
251
+
252
+ **Cryptography Conflicts:** `pip install 'cryptography>=43,<45'`
253
+
254
+ **TLS Scan Failures:** Normal for HTTP-only sites, IPs without TLS, or closed ports
255
+
256
+ **Slow Scans:** Use Parallel mode, disable Port Scanning or Vulnerability Scanning
257
+
258
+ ## πŸ“„ License
259
+
260
+ GNU Affero General Public License v3.0 (AGPL-3.0)
261
+
262
+ This ensures any modifications made to this software when running as a network service must be shared with users.
263
+
264
+ ## πŸ™ Credits
265
+
266
+ Built with: [changedetection.io](https://github.com/dgtlmoon/changedetection.io), [sslyze](https://github.com/nabla-c0d3/sslyze), [dnspython](https://github.com/rthalley/dnspython), [python-whois](https://github.com/richardpenman/pywhois), [mac-vendor-lookup](https://github.com/bauerj/mac_vendor_lookup)
267
+
268
+ ---
269
+
270
+ <div align="center">
271
+
272
+ Made with ❀️ for the OSINT community
273
+
274
+ </div>
changedetection_io_osint_processor-0.0.1.dist-info/RECORD ADDED
@@ -0,0 +1,29 @@
1
+ changedetection_io_osint_processor-0.0.1.dist-info/licenses/LICENSE,sha256=hIahDEOTzuHCU5J2nd07LWwkLW7Hko4UFO__ffsvB-8,34523
2
+ changedetectionio_osint/__init__.py,sha256=95GJlGSuqHWBywy6XsW-4OeirRLsUQAWR5LNuz3ZDYA,738
3
+ changedetectionio_osint/forms.py,sha256=rcJY6bg2VvKbpQjXDCPiNDsDSbz_pIUyro3M4egFpjI,10933
4
+ changedetectionio_osint/plugin.py,sha256=zQWpvN_TNovWomRk5jP0P9ceDyMuYJ6s9ncm1jc6b9Y,1121
5
+ changedetectionio_osint/processor.py,sha256=WYpT905U6D7jIZc1kL-ADY8YmXKlymXumSRiHPm1hWs,31752
6
+ changedetectionio_osint/steps/__init__.py,sha256=XGWm1QmuPIUgGhg_OMArihag5_opZ2J2pmzmPO3rMw4,111
7
+ changedetectionio_osint/steps/base.py,sha256=nQe5dab8lgfCI-OdJAg9yrql4b2NG8BOtF-1KhBz4ss,2124
8
+ changedetectionio_osint/steps/bgp.py,sha256=IDAODWtZ_6_4zz_bI_2VbPkwYy_QJVkK4hGF3dqIvyg,2783
9
+ changedetectionio_osint/steps/dns.py,sha256=viyb-zi1vSDrpcaUfU4NXQODt_GKSkvAULDbANhmw5Q,5691
10
+ changedetectionio_osint/steps/dns_scan.py,sha256=bWB0mEIzZpg0H9LSNV1qFonkDm9oiSTLuUqJefbOofg,3319
11
+ changedetectionio_osint/steps/dnssec.py,sha256=RtRPBoiZTGdo9OCd7ieUpMIhnpfEJha6jKdY2uEF1Zs,10786
12
+ changedetectionio_osint/steps/email_security.py,sha256=a4HrHduuG0O1xdFR9bR8zrGO3GAuvhHr0db1hegDcFk,9929
13
+ changedetectionio_osint/steps/http_fingerprint.py,sha256=k94JWpot1afiHnnd0VuDAbT36o6e_s17LWcAyBy1xbI,15732
14
+ changedetectionio_osint/steps/http_scan.py,sha256=hYQA1lntOb8sdjkSuUGIJDxoxn1aaIBvHW7cfOag9wo,924
15
+ changedetectionio_osint/steps/mac_lookup.py,sha256=uwUyfIqagprI1Hgka5eyGxea606RUZsNmGyfqXv1OjI,7642
16
+ changedetectionio_osint/steps/os_detection.py,sha256=xXu3o9HznfJ70yZ_P_MlULtuIH1Cc48x0M374THfYts,7053
17
+ changedetectionio_osint/steps/portscan.py,sha256=wBb87ic-JJv45tYzIvaH-soLhg290IyFPk4kohydWAI,5098
18
+ changedetectionio_osint/steps/registry.py,sha256=cIevKfZq_5gHbMBi28V05U6C-gvJA1WX1dTaly2RgX0,1214
19
+ changedetectionio_osint/steps/smtp_fingerprint.py,sha256=5m3JcVztymUY1OC1orboj1GnaRYiSatPcN0gltqLB7c,22389
20
+ changedetectionio_osint/steps/ssh_fingerprint.py,sha256=Z2IyTn4znujqSeEBM7TVkAgtfBCJ15iF-YkeMd9L6Vg,13867
21
+ changedetectionio_osint/steps/tls_analysis.py,sha256=GQALlU7kxCYuAjwdPGyz9wZUCCu6oiGbgk_T1jWlmzE,14755
22
+ changedetectionio_osint/steps/traceroute.py,sha256=a1g200xnwnk1OsNRjM1FPkuudJyXnCU_HZCXn7zJovM,4209
23
+ changedetectionio_osint/steps/whois_lookup.py,sha256=uHqM1fe1vrjtvXkJrqmpYz1S4R45PQAOi3S_k_sEmyo,5059
24
+ changedetectionio_osint/steps/whois_scan.py,sha256=TptYnuhyBgCuwUZ-MGstxI4rkGsMgwVxINsMQJ6O90o,5237
25
+ changedetection_io_osint_processor-0.0.1.dist-info/METADATA,sha256=FFg1DZDKerv2MYi_62oghF14LQyjEuaJumQ4uD34JWQ,10951
26
+ changedetection_io_osint_processor-0.0.1.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
27
+ changedetection_io_osint_processor-0.0.1.dist-info/entry_points.txt,sha256=Y_GpLrgOwz4HfQJxwEO5VmFpgEs0K4r9WrX46Rew194,69
28
+ changedetection_io_osint_processor-0.0.1.dist-info/top_level.txt,sha256=gAdL1GiHis3p-O1HVSWoNezvs7V9F_igFm0ZmtGqieU,24
29
+ changedetection_io_osint_processor-0.0.1.dist-info/RECORD,,
changedetection_io_osint_processor-0.0.1.dist-info/WHEEL ADDED
@@ -0,0 +1,5 @@
1
+ Wheel-Version: 1.0
2
+ Generator: setuptools (80.10.2)
3
+ Root-Is-Purelib: true
4
+ Tag: py3-none-any
5
+
changedetection_io_osint_processor-0.0.1.dist-info/entry_points.txt ADDED
@@ -0,0 +1,2 @@
1
+ [changedetectionio]
2
+ osint_processor = changedetectionio_osint.plugin