(OSINT) Open-Source intelligence tracking and analysis tool.
GPL-3.0 License
docker-compose up
after the setup is complete, it should be running on http://0.0.0.0:8989
You can find an executable that supports your OS from the following links:
make sure to unzip the file, and run the executable from the
terminal
orcmd.exe
- on Windows you'll have to start the
cmd.exe
as an Administrator.- on MacOS you'll have to go to
System preferences > Security > And allow the retrap-macos executable
npm i .
npm run build
npm start
nvm use && ./package.sh
npm run lint
npm run test
Open-Source intelligence OSINT tracking and analysis tool.
Usage
$ /home/user/Downloads/retrap/retrap-linux [option]
Options Default
--ip-address, -i IP address to stream server on (127.0.0.1)
--port, -p Port to stream server through (8989)
--logging, -l Display http requests logs (true)
--ngrok-token, -a Ngrok account authentication token
--help displays this message
Example
$ retrap --port 8080 -l false
Exposes the local server to the internet with Ngrok secure tunnel. Get a free token from Ngrok and use it as shown in the demo.
The authentication token can be persistent and saved as a default in ./collections/settings.db
with "ngrokAuthToken": "your token"
.
IP address, location, languages, battery left, internet speed... As well as detecting and storing the active login sessions for facebook, gmail, instagram... The captured user's data are stored locally and can be accessed via:
http://127.0.0.1:8989/api/guests/
an API endpoint that returns information of all the captured users.http://127.0.0.1:8989/api-doc
has a full documentation of the returned user's details and active sessions.```yaml
Guest:
type: object
properties:
ip:
type: string
description: guest's registered IP address
online:
type: boolean
description: guest's current web session status
sessionId:
type: string
description: guest's socket.io session's id
os:
type: string
description: guest's detected operating system
browser:
type: string
description: guest's detected web browser
browserEngine:
type: string
description: guest's detected browser's engine
cpuArch:
type: string
description: guest's detected CPU's architecture
charging:
type: boolean
description: guest's detected battery charging status
chargeLeft:
type: string
description: guest's detect battery charge left in percentage
doNotTrack:
type: string
description: guest's browser "Do Not Track" status
java:
type: boolean
description: guest's browser Java support
flash:
type: boolean
description: guest's browser Flash support
language:
type: string
description: guest's browser default language
languages:
type: array
description: guest's browser supported languages
items:
type: string
touch:
type: boolean
description: guest's device support for touchscreen
usbDevices:
type: array
description: guest's connected USB devices
items:
type: string
resolution:
type: string
description: guest's detected screen resolution
posts:
type: array
description: logs of guest's performed POST requests
items:
$ref: '#/definitions/Post'
logs:
type: array
description: logs of guest's perform GET requests
items:
type: string
screenshots:
type: array
description: guest's captured screenshots in Base64 format
items:
type: string
keyLogs:
type: array
description: guest's captured key logs
items:
$ref: '#/definitions/KeyLog'
sessions:
description: guest's social media and websites active sessions
$ref: '#/definitions/Sessions'
country:
type: string
description: guest's detected country
countryCode:
type: string
description: guest's detected country-code
regionName:
type: string
description: guest's detected region
city:
type: string
description: guest's detected city
zip:
type: string
description: guest's detected zip code
lat:
type: number
description: guest's detected location latitude
lon:
type: number
description: guest's detected location longitude
timezone:
type: string
description: guest's detected timezone
isp:
type: string
description: guest's detected internet service provider
networkSpeed:
description: guest's detected internet speed
$ref: '#/definitions/NetworkSpeed'
```
Injecting JavaScript, sending alerts, text-to-speech notifications and redirecting to different locations... In the following example a console.log()
is injected to an active web-session:
The same hooking script that's used to control the mirrored web sessions, can be used externally within any .html
or .js
file.
The following example demonstrating using the hook script within a local .html
page and capturing a login form data:
This tool is experimental in its Alpha phase. It's developed and published as a small building block of a master's thesis research. So use it for educational purposes only and at your own discretion, the author cannot be held responsible for any damages caused.
The tool relies on injecting any web resources with a JavaScript hook that allows us to perform verity of intrusive actions remotely. There are many useful browser extensions and plugins that detect and block such intrusive scripts:
Settings
model CRUD endpoints to Admin REST APIgetScreenshot
and add it to the Sockets and REST API