A new tool designed for pen testers and investigators could also offer cyber-criminals an easy way to socially engineer their victims, highlighting the fine line between legitimate and black hat activity.
Datasploit, which was showcased at the Black Hat Arsenal event, utilizes Open Source Intelligence (OSINT) to uncover personal info about a target, correlates the raw data and presents it to the user.
The tool, which was built with Python, MongoDb and Django, only requires the user to know a single piece of information on a target such as their email address or phone number.
It will then go out and mine the rest, filter out the noise, correlate it and then repeat the process several times before storing it in a database.
The sources used by Datasploit’s developers – NotSoSecure’s Shubham Mittal, eBay’s Nutan Kumar Panda, and Sudhanshu Chauhan of Octogence – are all ‘hand-picked’ and are known to be reliable, they said.
A brief explanation of the tool continued:
“It allows you to collect relevant information about a target which can expand your attack/defense surface very quickly. Sometimes it might even pluck the low hanging fruits for you without even touching the target and give you quick wins. Of course, a user can pick a single small job (which do not correlate obviously [sic]), or can pick up the parent search which will launch a bunch of queries, call other required scripts recursively, correlate the data and give you all juicy information in one go.”
The product is marketed at “pen-testers, cyber investigators, product companies, defensive security professionals etc,” according to its developers.
However, Ronnie Tokazowski, senior researcher at PhishMe, warned that it could quite easily be abused by black hats to gain the credentials needed to breach systems.
“Datasploit takes data gathering a step further than similar tools such as recon-ng and SET by adding automation, providing another example of how hackers are evolving their techniques to gain access to specific assets within a network,” he added.
“Datasploit allows criminals to easily gather information that can be used to penetrate any network or database linked to that particular person in order to steal business assets.”
It’s yet another reason for IT security teams to be vigilant and to stay informed of the changing threat landscape, Tokazowski concluded.