Skip to content
/ thoth Public
forked from r1cksec/corptrace

Automate recon for red team assessments.

License

Notifications You must be signed in to change notification settings

PfiatDe/thoth

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Thoth

Thoth is a modular framewok that automates the execution of tools during a reconnaissance assessment. Using multithreading, several tasks are executed simultaneously. The use of different modules can be adapted on the fly by using module names or risk level as a filter. I wrote this tool primarily to automate my workflow, so I'm sure it's still buggy for some corner cases.

Note that running thoth repetitively in a short amount of time can lead to blocking of the IP address used, as thoth can query multiple APIs at the same time.

The core is the modules.json file, which contains the syntax of the executable commands. Variables can also be stored in this configuration file, which are automatically included in the arguments of Argparse.

Install

The setup script will install tool dependencies and insert the absolute path to the scripts into the modules.json file (only tested on kali).

sudo bash setup.sh

There is no update feature. To update thoth, remove the old repository, git clone the current version and re-run the setup.sh file.

Configuration

The modules.json file contains all modules that can be executed by thoth.
A single module has the following structure:

{
    "name": "nameOfModule",
    "riskLevel": "riskLevelFrom1To4",
    "syntax": "commandSyntax <variable> > <outputFile> 2>&1",
},

name, risklevel

The configuration can be extended as desired.
However, it should be noted that the modules cannot have the same name.

Each module requires a risk level between 1 to 4.
The higher the level, the higher the probability that the module can cause damage or .

syntax - variables

Strings inside <...> are interpreted as variables.
The syntax must always end with an > <outputFile> 2>&1 so that the output can be written to a file.

It is possible to include custom variables.
Custom variables are added to the arguments of Argparse.
Camelcase notation sets the abbreviations for the Argparse's arguments.

Modules are only executed if all <variables> occurring in the syntax are given by the user.
For example, the following module would add the value domain (-d) to the Argparse's arguments.

{
    "name": "amass-intel-domain",
    "riskLevel": "2",
    "syntax": "amass intel -d <domain> > <outputFile> 2>&1"
},

Help

usage: thoth.py [-h] -o OUTPUT [-e] [-v] [-t TIMEOUT] [-rl RISKLEVEL] [-ta THREADAMOUNT] [-em [EXCLUDEMODULES ...]] [-im [INCLUDEMODULES ...]] [-an ASNUMBER] [-cn COMPANYNAME] [-cr COPYRIGHT] [-d DOMAIN] [-df DOMAINFILE]
                [-gf GITHUBFILE] [-gr GITHUBREPOSITORY] [-gu GITHUBUSER] [-gid GOOGLEID] [-ir IPRANGE]

Automatic reconaissance.
Use at your own risk.
I do not take any responsibility for your actions!

Basic usage:
Print matching modules for a given domain:
./thoth.py -o /tmp/output -d example.com

Execute modules for given domain:
./thoth.py -o /tmp/output -d example.com -e

Only execute modules that contains at least one of the given substring in their name:
./thoth.py -o /tmp/output -d example.com -im amass -ir 192.168.1.3-9 -e

Execute modules up to risk level 4, use 8 threads and increase timeout to 35 minutes:
./thoth.py -o /tmp/output -d example.com -rl 4 -ta 8 -t 2100 -an AS8560

options:
  -h, --help            show this help message and exit
  -o OUTPUT, --output OUTPUT
                        path to output directory
  -e, --execute         execute matching commands
  -v, --verbose         print full command
  -t TIMEOUT, --timeout TIMEOUT
                        maximal time that a single thread is allowed to run in seconds (default 1200)
  -rl RISKLEVEL, --riskLevel RISKLEVEL
                        set maximal riskLevel for modules (possible values 1-4, 2 is default)
  -ta THREADAMOUNT, --threadAmount THREADAMOUNT
                        the amount of parallel running threads (default 5)
  -em [EXCLUDEMODULES ...], --exludeModules [EXCLUDEMODULES ...]
                        modules that will be excluded (exclude ovewrites include)
  -im [INCLUDEMODULES ...], --includeModules [INCLUDEMODULES ...]
                        modules that will be included
  -an ASNUMBER, --asNumber ASNUMBER
  -cn COMPANYNAME, --companyName COMPANYNAME
  -cr COPYRIGHT, --copyRight COPYRIGHT
  -d DOMAIN, --domain DOMAIN
  -df DOMAINFILE, --domainFile DOMAINFILE
  -gf GITHUBFILE, --githubFile GITHUBFILE
  -gr GITHUBREPOSITORY, --githubRepository GITHUBREPOSITORY
  -gu GITHUBUSER, --githubUser GITHUBUSER
  -gid GOOGLEID, --googleID GOOGLEID
  -ir IPRANGE, --ipRange IPRANGE

Demo (old)

Result Structure (old)

out
├── csprecon
│   └── csprecon_example.com
├── get-asn
│   └── get-asn_example.com
├── get-dns-records
│   └── get-dns-records_example.com
├── get-mails
│   └── get-mails_example.com
├── letItGo
│   └── letItGo_example.com
└── subfinder
    └── subfinder_example.com

Currently included Modules

Sources

https://en.wikipedia.org/wiki/Thoth

About

Automate recon for red team assessments.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 87.8%
  • Shell 12.2%