┌─────────────────────────────────────────────────────────────────┐ │ │ │ 88888888ba 888888888888 │ │ 88 "8b 88 │ │ 88 ,8P 88 │ │ 88aaaaaa8P' ,adPPYba, 88 8b,dPPYba, ,adPPYYba, 8b,dPPYba, │ │ 88""""88' a8P 88 88 88P' "Y8 "" Y8 88P' "8a │ │ 88 `8b 8PP""""""" 88 88 ,adPPPPP88 88 d8 │ │ 88 `8b "8b, ,aa 88 88 88, ,88 88b, ,a8" │ │ 88 `8b `"Ybbd8" 88 88 `"8bbdP"Y8 88`YbbdP" │ │ 88 │ │ 88 │ │ │ └─────────────────────────────────────────────────────────────────┘
- Make sure docker and docker-compose is installed on your system.
- And run it with
docker-compose upafter the setup is complete, it should be running on http://0.0.0.0:8989
You can find an executable that supports your OS from the following links:
make sure to unzip the file, and run the executable from the
terminalorcmd.exe
- on Windows you'll have to start the
cmd.exeas an Administrator.- on MacOS you'll have to go to
System preferences > Security > And allow the retrap-macos executable
- From the source (Tested on Linux and Window Git Bash):
- Install dependencies
npm i . - Build assets and compile TypeScript
npm run build - Start the server
npm start - Package it into binaries
nvm use && ./package.sh
- To run linting and style check
npm run lint - To run tests
npm run test
Open-Source intelligence OSINT tracking and analysis tool.
Usage
$ /home/user/Downloads/retrap/retrap-linux [option]
Options Default
--ip-address, -i IP address to stream server on (127.0.0.1)
--port, -p Port to stream server through (8989)
--logging, -l Display http requests logs (true)
--ngrok-token, -a Ngrok account authentication token
--help displays this message
Example
$ retrap --port 8080 -l false
Exposes the local server to the internet with Ngrok secure tunnel. Get a free token from Ngrok and use it as shown in the demo.
The authentication token can be persistent and saved as a default in ./collections/settings.db with "ngrokAuthToken": "your token".
Demo:
IP address, location, languages, battery left, internet speed... As well as detecting and storing the active login sessions for facebook, gmail, instagram... The captured user's data are stored locally and can be accessed via:
http://127.0.0.1:8989/api/guests/an API endpoint that returns information of all the captured users.http://127.0.0.1:8989/api-dochas a full documentation of the returned user's details and active sessions.
Demo:
List of all captured information:
```yaml
Guest:
type: object
properties:
ip:
type: string
description: guest's registered IP address
online:
type: boolean
description: guest's current web session status
sessionId:
type: string
description: guest's socket.io session's id
os:
type: string
description: guest's detected operating system
browser:
type: string
description: guest's detected web browser
browserEngine:
type: string
description: guest's detected browser's engine
cpuArch:
type: string
description: guest's detected CPU's architecture
charging:
type: boolean
description: guest's detected battery charging status
chargeLeft:
type: string
description: guest's detect battery charge left in percentage
doNotTrack:
type: string
description: guest's browser "Do Not Track" status
java:
type: boolean
description: guest's browser Java support
flash:
type: boolean
description: guest's browser Flash support
language:
type: string
description: guest's browser default language
languages:
type: array
description: guest's browser supported languages
items:
type: string
touch:
type: boolean
description: guest's device support for touchscreen
usbDevices:
type: array
description: guest's connected USB devices
items:
type: string
resolution:
type: string
description: guest's detected screen resolution
posts:
type: array
description: logs of guest's performed POST requests
items:
$ref: '#/definitions/Post'
logs:
type: array
description: logs of guest's perform GET requests
items:
type: string
screenshots:
type: array
description: guest's captured screenshots in Base64 format
items:
type: string
keyLogs:
type: array
description: guest's captured key logs
items:
$ref: '#/definitions/KeyLog'
sessions:
description: guest's social media and websites active sessions
$ref: '#/definitions/Sessions'
country:
type: string
description: guest's detected country
countryCode:
type: string
description: guest's detected country-code
regionName:
type: string
description: guest's detected region
city:
type: string
description: guest's detected city
zip:
type: string
description: guest's detected zip code
lat:
type: number
description: guest's detected location latitude
lon:
type: number
description: guest's detected location longitude
timezone:
type: string
description: guest's detected timezone
isp:
type: string
description: guest's detected internet service provider
networkSpeed:
description: guest's detected internet speed
$ref: '#/definitions/NetworkSpeed'
```
Injecting JavaScript, sending alerts, text-to-speech notifications and redirecting to different locations... In the following example a console.log() is injected to an active web-session:
Demo:
The same hooking script that's used to control the mirrored web sessions, can be used externally within any .html or .js file.
The following example demonstrating using the hook script within a local .html page and capturing a login form data:
Demo:
Demo:
This tool is experimental in its Alpha phase. It's developed and published as a small building block of a master's thesis research. So use it for educational purposes only and at your own discretion, the author cannot be held responsible for any damages caused.
The tool relies on injecting any web resources with a JavaScript hook that allows us to perform verity of intrusive actions remotely. There are many useful browser extensions and plugins that detect and block such intrusive scripts:
- Fix up the docker containers setup
- Add token based authorization to the Admin REST API
- Add
Settingsmodel CRUD endpoints to Admin REST API - Add an admin user-interface based on the REST API and/or Socket.io client. (Preferably in React/Vue)
- Improve hook's
getScreenshotand add it to the Sockets and REST API - Maybe add a push notification hook 🤔 (Needs research)
- Add more integration tests and increase coverage