Lucene search

K
kitploitKitPloitKITPLOIT:8708017483803645203
HistorySep 21, 2019 - 12:00 p.m.

Mitaka - A Browser Extension For OSINT Search

2019-09-2112:00:00
www.kitploit.com
669
browser extension
osint search
ioc extraction
text refang
search engines
virustotal
urlscan.io
censys
shodan
supported types
ip
domain
url
email
asn
hash
cve
btc address
google adsense publisher id
google analytics tracker id
abuseipdb
archive.org
bgpview
binaryedge
bitcoinabuse
blockchain.com
blockcypher
crt.sh
dnslytics
domainbigdata
domaintools
domainwatch
emailrep
findsubdomains
fofa
fortiguard
google safe browsing
greynoise
hashdd
hybridanalysis
intelligence x
ipinfo
ipip
joe sandbox
malshare
maltiverse
nvd
oocpr
onyphe
otx
pubdb
publicwww
pulsedive
riskiq
securitytrails
shodan
sploitus
spyonweb
talos
threatconnect
threatcrowd
threatminer
tip
urlscan
viewdns
virustotal
vulmon
vulncodedb
vxcube

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.975

Percentile

100.0%

Mitaka is a browser extension for OSINT search which can:

  • Extract & refang IoC from a selected block of text.
    • E.g. example[.]com to example.com, test[at]example.com to [email protected], hxxp://example.com to http://example.com, etc.
  • Search / scan it on various engines.
    • E.g. VirusTotal, urlscan.io, Censys, Shodan, etc.

Features

Supported IOC types

name desc. e.g.
text Freetext any string(s)
ip IPv4 address 8.8.8.8
domain Domain name github.com
url URL https://github.com
email Email address [email protected]
asn ASN AS13335
hash md5 / sha1 / sha256 44d88612fea8a8f36de82e1278abb02f
cve CVE number CVE-2018-11776
btc BTC address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
gaPubID Google Adsense Publisher ID pub-9383614236930773
gaTrackID Google Analytics Tracker ID UA-67609351-1

Supported search engines

name url supported types
AbuseIPDB https://www.abuseipdb.com ip
archive.org https://archive.org url
archive.today http://archive.fo url
BGPView https://bgpview.io ip / asn
BinaryEdge https://app.binaryedge.io ip / domain
BitcoinAbuse https://www.bitcoinabuse.com btc
Blockchain.com https://www.blockchain.com btc
BlockCypher https://live.blockcypher.com btc
Censys https://censys.io ip / domain / asn / text
crt.sh https://crt.sh domain
DNSlytics https://dnslytics.com ip / domain
DomainBigData https://domainbigdata.com domain
DomainTools https://www.domaintools.com ip / domain
DomainWatch https://domainwat.ch domain / email
EmailRep https://emailrep.io email
FindSubDomains https://findsubdomains.com domain
FOFA https://fofa.so ip / domain
FortiGuard https://fortiguard.com ip / url / cve
Google Safe Browsing https://transparencyreport.google.com domain / url
GreyNoise https://viz.greynoise.io ip / domain / asn
Hashdd https://hashdd.com ip / domain / hash
HybridAnalysis https://www.hybrid-analysis.com ip / domain / hash (sha256 only)
Intelligence X https://intelx.io ip / domain / url / email / btc
IPinfo https://ipinfo.io ip / asn
IPIP https://en.ipip.net ip / asn
Joe Sandbox https://www.joesandbox.com hash
MalShare https://malshare.com hash
Maltiverse https://www.maltiverse.com domain / hash
NVD https://nvd.nist.gov cve
OOCPR https://data.occrp.org email
ONYPHE https://www.onyphe.io ip
OTX https://otx.alienvault.com ip / domain / hash
PubDB http://pub-db.com gaPubID / gaTrackID
PublicWWW https://publicwww.com text
Pulsedive https://pulsedive.com ip / domaion / url / hash
RiskIQ http://community.riskiq.com ip / domain / email / gaTrackID
SecurityTrails https://securitytrails.com ip / domain / email
Shodan https://www.shodan.io ip / domain / asn
Sploitus https://sploitus.com cve
SpyOnWeb http://spyonweb.com ip / domain / gaPubID / gaTrackID
Talos https://talosintelligence.com ip / domain
ThreatConnect https://app.threatconnect.com ip / domain / email
ThreatCrowd https://www.threatcrowd.org ip / domain / email
ThreatMiner https://www.threatminer.org ip / domain / hash
TIP https://threatintelligenceplatform.com ip / domain
Urlscan https://urlscan.io ip / domain / asn / url
ViewDNS https://viewdns.info ip / domain / email
VirusTotal https://www.virustotal.com ip / domain / url / hash
Vulmon https://vulmon.com cve
VulncodeDB https://www.vulncode-db.com cve
VxCube http://vxcube.com ip / domain / hash
WebAnalyzer https://wa-com.com domain
We Leak Info https://weleakinfo.com email
X-Force Exchange https://exchange.xforce.ibmcloud.com ip / domain / hash
ZoomEye https://www.zoomeye.org ip

Supported scan engines

name url supported types
Urlscan https://urlscan.io ip / domain / url
VirusTotal https://www.virustotal.com url

Downloads

How to use
This browser extension shows context menus based on a type of IoC you selected and then you can choose what you want to search / scan on.

Examples:

Note:
Please set your urlscan.io & VirusTotal API keys in the options page for enabling urlscan.io & VirusTotal scans.

Options
You can enable / disable a search engine on the options page based on your preference.

About Permissons
This browser extension requires the following permissions.

  • Read and change all your data on the websites you visit:
    • This extension creates context menus dynamically based on what you select on a website.
    • It means this extension requires reading all your data on the websites you visit. (This extension doesn’t change anything on the websites)
  • Display notifications:
    • This extension makes a notification when something goes wrong.

I don’t (and will never) collect any information from the users.

Alternatives or Similar Tools

  • CrowdScrape
  • Gotanda
  • Sputnik
  • ThreatConnect Integrated Chrome Extension
  • ThreatPinch Lookup
  • VTchromizer

How to build (for developers)
This browser extension is written in TypeScript and built by webpack.
TypeScript files will start out in src directory, run through the TypeScript compiler, then webpack, and end up in JavaScript files in dist directory.

git clone https://github.com/ninoseki/mitaka.git
cd mitaka
npm install
npm run test
npm run build

For loading an unpacked extension, please follow the procedures described at https://developer.chrome.com/extensions/getstarted.

Misc
Mitaka/見たか means “Have you seen it?” in Japanese.

Download Mitaka

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.975

Percentile

100.0%