The OSRF is a short form of Open Source Research Framework, an open-source intelligence collection framework based on GNU set of Python libraries. The framework is designed to automate the passive reconnaissance tasks related to domain names, email addresses, phone numbers, user profiles, and username inquiries. The main feature of OSRF is its ability to automatically find the maximum passive information about targets in the least possible time. For example, if we need to collect valid email addresses of a specific username from all the popular email service providers, the manual process can take hours to accomplish the task. On the other hand, the OSRF does the same job in a few seconds without human intervention. The framework provides the same facility for all the features it offers (domains search, phone number records, user profiles, etc.). All these tasks are performed using the following modules.
Domainfy: Domainfy module is used to find valid domains with different TLDs for a given domain-name (keyword).
Mailfy: The module is used to find valid email addresses for a given username/nickname. The module also finds useful information about the target email addresses.
Phonefy: The Phonefy module is used to find information about phone numbers that are linked to known spam activities.
Usufy: The Usufy module us very helpful in finding the profiles that contain a specific username in the link.
Besides these modules, there are some other useful modules as well, such as Searchfy, Checkfy, and alais_generator. The alais_generator module can help the penetration testers in finding the possible nicknames a target user can have based on some pre-defined information. The Checkfy module can generate a list of possible email addresses based on given nicknames and patterns. Similarly, the Searchfy can find profiles linked to a specific full name of the target. This feature is helpful in finding the user profiles that are linked to a specific phone number.
How to Install OSRFramework?
There are two methods to install the OSRFramework. The first method requires the cloning of the source files using the following command and running the setup file from the downloaded source package.
git clone https://github.com/i3visio/osrframework.git
This method also requires running the requirements.txt file to fulfill the framework’s requirements.
pip3 install –r requirements.txt
We can also install the framework by running the following command in the terminal. This method does not require any manual installation of the requirements. All the required packages are automatically installed.
pip3 install osrframework
The OSRFramework can be upgraded to the latest version using the following command.
pip3 install osrframework --upgrade
How OSRFramework Works?
The OSRF has a very simple CLI interface. The following help command gives a high-level overview of the parameters to operate the framework.
The modules’ usage information can be obtained by typing the modules’ help command in the following format.
osrf <module name> --help
Mailfy Usage Example
The Mailfy command syntax and arguments can be viewed using the following help command.
osrf mailfy --help
From the help menu, we can see that the Mailfy module accepts emails and nicknames as optional arguments. If we provide the email id, the module tries to find out the following information for the specified email address.
- Does the email exist?
- Is the email used to register on the popular job and social media sites?
- Does the email have any record in the leaked email database?
- Is the email used to register accounts on popular social media platforms?
- Is the email used to register a domain?
However, if we provide the nicknames, the module tries to find out all the existing email accounts on different email services in addition to the aforementioned tasks.
To demonstrate the Mailfy module function, let’s assume we want to check the potential email addresses and aforementioned information for the following nickname/username.
Note: We have selected the odd nickname to avoid the privacy violation of real names.
The following syntax is used to collect the desired information.
osrf mailfy –n abcdef
The framework first tries to find out the existence of email addresses at the following email services that are popular among the security and tech guys.
If the email addresses exist, the Mailfy module inquires if the discovered email addresses have been used to create accounts on the following job and social media services.
In the next phase, the module explores a list of email service providers to find the potential accounts for the given nickname. The default current list contains 39 email service providers. However, this list can be modified by editing the configuration file in the framework’s directory.
The discovered email addresses are also analyzed to see if they were used to register accounts on the aforementioned job and social media sites.
The leaked email database is explored to find out the compromised email addresses from the discovered list of emails.
In the final step, the framework tries to find domains that were registered by using any of the emails found in the process.
Usufy Usage Example
The process of using the OSRF for other modules is similar to the Mailfy module. The Usufy is another impressive OSRF module that searches nicknames/usernames on more than 200 online popular platforms to see if the specified nickname/username exists in the profile link.