OSINT Tool: Photon
Reading Time: 2 Minutes
Description
Photon by s0md3v is an advanced web crawler and osint tool for thorough website analysis. It’s capable of scanning websites comprehensively to uncover valuable information. It has the ability to identify endpoints, collect potential vulnerabilities, and gather sensitive data efficiently.
It can help you whether you’re conducting security assessments, bug bounty hunting, or simply exploring a website’s hidden corners.
See Also: So you want to be a hacker?
Offensive Security Course
Key Features
Data Extraction
Photon can extract the following data while crawling:
- URLs (in-scope & out-of-scope)
- URLs with parameters (example.com/gallery.php?id=2)
- Intel (emails, social media accounts, amazon buckets etc.)
- Files (pdf, png, xml etc.)
- Secret keys (auth/API keys & hashes)
- JavaScript files & Endpoints present in them
- Strings matching custom regex pattern
- Subdomains & DNS related data
The extracted information is saved in an organized manner or can be exported as json.
See Also: OSINT Tool: Blackbird
Flexible
Control timeout, delay, add seeds, exclude URLs matching a regex pattern and other cool stuff. The extensive range of options provided by Photon lets you crawl the web exactly the way you want.
Genius
Photon’s smart thread management and refined logic gives you top notch performance.
Still, crawling can be resource intensive but Photon has some tricks up it’s sleeves. You can fetch URLs archived by archive.org to be used as seeds by using –wayback option.
Plugins
Docker
Photon can be launched using a lightweight Python-Alpine (103 MB) Docker image.
$ git clone https://github.com/s0md3v/Photon.git
$ cd Photon
$ docker build -t photon .
$ docker run -it --name photon photon:latest -u google.com
To view results, you can either head over to the local docker volume, which you can find by running docker inspect photon or by mounting the target loot folder:
$ docker run -it --name photon -v "$PWD:/Photon/google.com" photon:latest -u google.com
Clone the repo from here: GitHub Link