Danger-Zone – Tool to Correlate Email, IPs and Domain Data

Danger-Zone is a OSINT tool to correlate data between domains, ips and email addresses, present it as a graph and store everything into Elasticsearch and JSON files. some of the use cases with this tool are:

  • Based on given email, check for associate domains and then check these domains for other emails and IPs.
  • For domains check for IP and Emails and next look for associated domains.
  • Extract domain from IP, check domain for other IPs and email.
Danger-Zone - OSINT Tool to Correlate Domains, IPs and Email Addresses Data
Danger-Zone – OSINT Tool to Correlate Domains, IPs and Email Addresses Data

The tool support several sections with modules to collect information from external sources and pull the data in graphs. Current supported modules are:

  • Email:
    • Trumail – Validation email address
    • Whoxy – Reverse Whois service
    • haveIbeenPwned – Dumps
    • Username check – Check username, based on email address, across social media sites
    • Google – Query Google
  • IP:
    • Geolocation – Geolocate IP
    • Threatcrowd – Information about IP
    • VirusTotal – Information about IP
  • Domain:
    • TLD – Get sponsor of particular Top Level Domain
    • Threatcrowd – Information about domain
    • Whoxy – Whois service
    • Whois history – Historical data about domain
    • Wayback Machine – Archive version of website
    • VirusTotal – Information about domain

There is several API service will need to have an API key and update the configuration settings to use it. VirusTotal, provide API key upon registration. Threatcrowd is powered by AlienVault and can be found among Alienvault OTX service.

You can read more and download this tool over here: https://github.com/woj-ciech/Danger-zone

Share