Digital Forensics Tool: Horus

Reading Time: 2 Minutes

Horus

Horus developed by 6abd, is a comprehensive OSINT (Open-Source Intelligence) and Digital Forensics tool built in Python. From leveraging APIs to compiling data, Horus serves as your all-in-one solution for investigative assistance. Whether you’re conducting digital forensics or delving into open-source intelligence, Horus provides the tools you need to gather, analyze, and interpret data efficiently. 

Prerequisites

In order to use Horus, you will need:

Installation

To get started with this project, you will need Python installed on your device. Once it is installed, follow these steps:

1. Clone this repository.
2. cd to the ‘horus’ directory. (Make sure it isn’t the outermost folder)
3. Install dependencies using the following command: pip install -r requirements.txt
4. In the ‘horus’ directory, run python3 horus.py on Linux/MacOS, or py horus.py on Windows

Note: protonvpn-cli is a requirement for the ‘pvpn’ command

API Configuration

To configure the APIs necessary for usage of certain commands, you can either manually enter them, or use the ‘apicon’ command

To manually configure API keys, navigate to /src/modules/var/pipes/api_config.json. Enter your API keys in their corresponding entries.

Usage

Command List

The following is a list of Horus’ usable commands:

• Pvpn | Connect to a random Proton vpn.
• Shodan | Pull Shodan information from API.
• Numlook | Look up validity, carriers, names of phone numbers globally.
• Geolock | Shodan & auxiliary API based IP tracing & tracking.
• Mactrace | Type in an MAC address to get the vendor or device.
• Cryptotrace | Transaction information, & crypto-wallet tracing.
• Vt | Connect to the virus-total API to scan, or screen files, links, etc.
• Lokien/decrypt | En/decrypt a directory or file with Loki keys!
• Lokizip | Create zips further secured with Loki, & an optional password.
• Lokichain | List all known Loki keys on a system, but not their directory.
• Lokivault | Access the Loki vault over terminal, move & re-arrange, etc.

Usage involves either running python3 horus.py on Linux/MacOS, or py horus.py on Windows, then entering the name of the command desired in the prompt. You may also run commands via python3 horus.py -[command name]

On Shodan: Shodan is a paid API, so in order for your API to work you need to subscribe to them. A lot of its feature’s location-related functionality is available in ‘geolock’, but more detailed features require that API.

Clone the repo from here: GitHub Link