Merge pull request #20 from sundowndev/develop

v1.0.0-rc4 merge
2019-01-31 13:58:36 +01:00 · 2019-01-31 13:58:36 +01:00 · e108c1e36c
parent 2a6ecf15dd 9872168db6
commit e108c1e36c
4 changed files with 16 additions and 188 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 # PhoneInfoga
 [![Build Status](https://travis-ci.org/sundowndev/PhoneInfoga.svg?branch=master)](https://travis-ci.org/sundowndev/PhoneInfoga)
-![](https://img.shields.io/badge/python-3-blue.svg)
+![](https://img.shields.io/badge/python-3.6-blue.svg)
 ![](https://img.shields.io/github/tag/SundownDEV/PhoneInfoga.svg)
 ![](https://img.shields.io/badge/license-MIT-blue.svg)
@ -25,19 +25,6 @@ One of the most advanced tools to scan phone numbers using only free resources.
 The tool only accepts E164 and International formats as input.
 - E164: +3396360XXXX
 - International: +33 9 63 60 XX XX
 - National: 09 63 60 XX XX
 - RFC3966: tel:+33-9-63-60-XX-XX
 - Out-of-country format from US: 011 33 9 63 60 XX XX
 ## Available scanners
 Use `any` to disable this feature. Default value: `all`
 - numverify
 - ovh
 ## Installation
 ```bash
@ -48,6 +35,8 @@ python3 -m pip install -r requirements.txt
 ## Usage
 ### [The full usage documentation has been moved to the wiki](https://github.com/sundowndev/PhoneInfoga/wiki)
 ```
 usage: phoneinfoga.py -n <number> [options]
@ -69,80 +58,6 @@ optional arguments:
  -u, --update          Update the tool & databases
 ```
 Example (quotes are optional, use it when typing special formats) :
 ```
 python3 phoneinfoga.py -n "(+42)837544833"
 ```
 Check for a number range on OVH :
 ```
 python3 phoneinfoga.py -n +42837544833 -s ovh
 ```
 Check several numbers at once :
 ```
 python3 phoneinfoga.py -i numbers.txt -o results.txt
 ```
 **Note: `--osint` is not compatible with `--output` option.**
 Use all scanners and run OSINT reconnaissance :
 ```
 python3 phoneinfoga.py -n +42837544833 -s all --osint
 ```
 ## Formatting
 E.164 formatting for phone numbers entails the following:
 - A + (plus) sign
 - International Country Calling code
 - Local Area code
 - Local Phone number
 For example, here’s a US-based number in standard local formatting: (415) 555-2671
 ![](https://i.imgur.com/0e2SMdL.png)
 Here’s the same phone number in E.164 formatting: +14155552671
 ![](https://i.imgur.com/KfrvacR.png)
 In the UK, and many other countries internationally, local dialing may require the addition of a '0' in front of the subscriber number. With E.164 formatting, this '0' must usually be removed.
 For example, here’s a UK-based number in standard local formatting: 020 7183 8750
 Here’s the same phone number in E.164 formatting: +442071838750
 ## Dealing with Google captcha
 PhoneInfo use a workaround to handle Google bot detection. When running OSINT scan, you will usually be blacklisted very easily by Google, which will ask the tool to complete a captcha.
 >When you search on Google using custom requests (Google Dorks), you get very easily blacklisted. So Google shows up a page where you have to complete a captcha to continue. As soon as the captcha is completed, Google create a cookie named "GOOGLE_ABUSE_EXEMPTION" which is used to whitelist your browser and IP address for some minutes. This temporary whitelist is enough to let you gather a lot of information from many sources. So I decided to add a simple user manipulation to bypass this bot detection. [...] So I'll just try make requests and wait until I get a 503 error, which means I got blacklisted. Then I ask the user to follow an URL to manually complete the captcha and copy the whitelist token to paste it in the CLI. The tool is now able to continue to scan!
 ![](https://i.imgur.com/qbFZa1m.png)
 ### How to handle captcha
 - Follow the URL
 - Complete the captcha if needed
 - Open the dev tool (F12 on most browsers)
 - Go to **Storage**, then **Cookies**
 - Copy the value of the *GOOGLE_ABUSE_EXEMPTION* cookie and simply paste it in the CLI
 ![](https://i.imgur.com/KkE1EM5.png)
 ### Troubleshooting
 The cookie should be created after you complete the captcha. If there's no captcha and *GOOGLE_ABUSE_EXEMPTION* cookie, try pressing F5 to refresh the page. The cookie should've been created. If refreshing the page does not help, change the query to something different (change the number or add text). Google will not necessarily ask you to complete a captcha if your request is the exact same as the previous one, because it'll usually be cached.
 ## Custom formatting
 Sometimes the phone number has footprints but is used with a different formatting. This is a problem because for example if we search for "+15417543010", we'll not find web pages that write it that way : "(541) 754–3010". So the tool use a (optional) custom formatting given by the user to find further and more accurate results. To use this feature properly and make the results more valuable, try to use a format that someone of the number' country would usually use to share the phone number online. For example, French people usually write numbers that way online : *06.20.30.40.50*, *06 20 30 40 50*.
 ## License
 This tool is licensed under the GNU General Public License v3.0.
--- a/RESOURCES.md
+++ b/RESOURCES.md
@ -1,93 +0,0 @@
 ### Inderstanding phone numbers
    http://whitepages.fr/phonesystem/
    https://support.twilio.com/hc/en-us/articles/223183008-Formatting-International-Phone-Numbers
    https://en.wikipedia.org/wiki/National_conventions_for_writing_telephone_numbers
 ### Open data
    https://api.ovh.com/console/#/telephony
    https://countrycode.org/
    http://www.countryareacode.net/en/
    http://directory.didww.com/area-prefixes
    http://hs3x.com/
    http://www.numinfo.net/
 # Data sources
 Both free and premium resources are included. Be careful, the listing of a data source here does not mean it has been verified or is used in the tool. Data might be false. Use it as an OSINT framework.
 ### Reputation / fraud
    scamcallfighters.com
    signal-arnaques.com
 ### Disposable numbers
    receive-sms-online.com
    receive-sms-now.com
    hs3x.com
    twilio.com
    freesmsverification.com
    freeonlinephone.org
    sms-receive.net
    smsreceivefree.com
    receive-a-sms.com
    receivefreesms.com
    freephonenum.com
    receive-smss.com
    receivetxt.com
    temp-mails.com
    receive-sms.com
    receivesmsonline.net
    receivefreesms.com
    sms-receive.net
    pinger.com (=> textnow.com)
    receive-a-sms.com
    k7.net
    kall8.com
    faxaway.com
    receivesmsonline.com
    receive-sms-online.info
    sellaite.com
    getfreesmsnumber.com
    smsreceiving.com
    smstibo.com
    catchsms.com
    freesmscode.com
    smsreceiveonline.com
    smslisten.com
    sms.sellaite.com
 ### Individuals
    Facebook
    True People
    Fast People
    Background Check
    Pipl
    Spytox
    Makelia
    IvyCall
    PhoneSearch
    411
    USPhone
    WP Plus
    Thats Them
    True Caller
    Sync.me
    WhoCallsMe
    ZabaSearch
    DexKnows
    WeLeakInfo
    OK Caller
    SearchBug
    numinfo.net
 ### Google dork examples
    `insubject:"+XXXXXXXXX" | insubject:"+XXXXX" | insubject:"XXXXX XXX XXX`
    `insubject:"XXXXXXXXX" | intitle:"XXXXXXXXX"`
    `intext:"XXXXXXXXX" ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv | ext:txt | ext:html`
    `site:"hs3x.com" intext:"+XXXXXXXXX"`
    `site:signal-arnaques.com intext:"XXXXXXXXX" intitle:" | Phone Fraud"`
--- a/osint/individuals.json
+++ b/osint/individuals.json
@ -28,5 +28,11 @@
    "request": "site:\"whycall.me\" intext:\"$n\" | intext:\"$l\"",
    "dialCode": null,
    "stop": 1
  },
  {
    "site": "locatefamily.com",
    "request": "site:locatefamily.com intext:\"$n\" | intext:\"$l\"",
    "dialCode": null,
    "stop": 1
  }
 ]
--- a/phoneinfoga.py
+++ b/phoneinfoga.py
@ -1,6 +1,6 @@
 #!/usr/bin/env python3
-__version__ = 'v1.0.0-rc3'
+__version__ = 'v1.0.0'
 try:
    import sys
@ -165,11 +165,11 @@ uagent.append(
 uagent.append(
    "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0")
-number = ''  # Full number format
+number = ''  # Full number format; e.g: 3312345678
-localNumber = ''  # Local number format
+localNumber = ''  # Local number format; e.g: 06 12 34 56 78
-internationalNumber = ''  # International number format
+internationalNumber = ''  # International number format; e.g: +33 6 12 34 56 78
-numberCountryCode = ''  # Dial code; e.g:"+33"
+numberCountryCode = ''  # Dial code; e.g: 33
-numberCountry = ''  # Country; e.g:France
+numberCountry = ''  # Country; e.g: fr
 googleAbuseToken = ''
 customFormatting = ''
@ -203,7 +203,7 @@ def search(req, stop):
        while r.status_code == 503:
            print(code_warning + 'You are temporary blacklisted from Google search. Complete the captcha at the following URL and copy/paste the content of GOOGLE_ABUSE_EXEMPTION cookie : {}'.format(URL))
            print('\n' + code_info +
-                  'Need help ? Read https://github.com/sundowndev/PhoneInfoga#dealing-with-google-captcha')
+                  'Need help ? Read https://github.com/sundowndev/PhoneInfoga/wiki')
            token = input('\nGOOGLE_ABUSE_EXEMPTION=')
            googleAbuseToken = '&google_abuse=' + token
            r = s.get(URL + googleAbuseToken, headers=headers)