Snoop 1.4.2, a forensic OSINT tool for searching public data for user accounts (open source intelligence), has been released. The program analyzes various websites, forums, and social networks for the desired username, allowing it to determine which websites contain a user with the specified nickname. The project was developed based on research into public data scraping. Builds are available for Linux и Windows.
The code is written in Python and distributed under a license that restricts use to personal use only. At the same time, the project is a branch of the Sherlock project code base, supplied under the MIT license (the fork was created due to the inability to expand the site database).
Snoop is included in the Russian Unified Register of Russian Programs for Electronic Computers and Databases with the declared code 26.30.11.16: "Software that ensures the execution of established actions during operational-search activities:: No. 7012 order 07.10.2020 No. 515". At the moment, Snoop tracks the presence of the user on 4752 Internet resources in the full version and on the most popular resources in the Demo version.
Major changes:
- The search base has been expanded to 4752 sites.
- Fixed calculation of "bad_raw" value when searching for multiple "username" from CLI or when running with '--userlist/-u' option.
- In version for Windows Optimization of work with HTTP libraries was carried out, which in some situations accelerated search by 20-25%.
- Improved efficiency of retrying requests when connection attempts fail.
- Optimized the search acceleration algorithm on weak single-core processors VPS and powerful multi-core systems with GNU/Linux. Changed upper limit of CPU resource utilization when overclocking search manually: for GNU/Linux и Android/Termux — the bar is raised, for Windows — the bar is lowered.
- The software has been accelerated in the '--save-page/-S' mode (searching and saving local HTML pages).
- Safe release of resources when interrupting work on systems with GNU/Linux и Android/Termux (Ctrl+c interruption now takes less than 1 second).
- In version for Android/Termux added a disk inaccessibility notification and an offer to automatically fix the error accessing the directory "/storage/emulated/0/snoop/*" (if the user missed some steps during installation from source code).
- The lower threshold for triggering Bad_raw alerts has been changed from 2.5% to 2%.
- Added a "floating" bad_zone parameter to CLI and csv reports with locations where connection errors most often occur.
- In the text report, the formatting of columns has been improved, the data "Address | Resource" has been reversed, and the "Geo" parameter has been added. In the html report, the visualization of the breakdown by country has been improved. In the csv report, the "username" column has been replaced with the "Nick" string, and a parameter for tracking sites with the status "hung" has been added.
- The functions of deleting the cache, updating the software and checking the database are looped (if you make an incorrect choice/typo, you do not exit the program, but are prompted again for input with a hint).
- A notification and recommendation on how to fix/improve the utility's operation have been added to the CLI if the user has built Snoop from the source code but has not followed the instructions specified in the documentation during the build (for example, if outdated versions of HTTP libraries and Python are used).
- The 'snoop info' block, the 'Recommended pool' section and the '--version/-v' option have been updated to include calculations of system resource requirements for normal software operation.
- Aggressive repository compaction performed. Full history backup saved. Users updating Snoop from source should re-run 'git clone'.
Source: opennet.ru
