OSINT Tool: Photon

Reading Time: 2 Minutes

Description

Photon by s0md3v is an advanced web crawler and osint tool for thorough website analysis. It’s capable of scanning websites comprehensively to uncover valuable information. It has the ability to identify endpoints, collect potential vulnerabilities, and gather sensitive data efficiently.

It can help you whether you’re conducting security assessments, bug bounty hunting, or simply exploring a website’s hidden corners.

Key Features

Data Extraction

Photon can extract the following data while crawling:

• URLs (in-scope & out-of-scope)
• URLs with parameters (example.com/gallery.php?id=2)
• Intel (emails, social media accounts, amazon buckets etc.)
• Files (pdf, png, xml etc.)
• Secret keys (auth/API keys & hashes)
• JavaScript files & Endpoints present in them
• Strings matching custom regex pattern
• Subdomains & DNS related data

The extracted information is saved in an organized manner or can be exported as json.

Flexible

Control timeout, delay, add seeds, exclude URLs matching a regex pattern and other cool stuff. The extensive range of options provided by Photon lets you crawl the web exactly the way you want.

Genius

Photon’s smart thread management and refined logic gives you top notch performance.

Still, crawling can be resource intensive but Photon has some tricks up it’s sleeves. You can fetch URLs archived by archive.org to be used as seeds by using –wayback option.

Plugins

• wayback
• dnsdumpster
• Exporter

Docker

Photon can be launched using a lightweight Python-Alpine (103 MB) Docker image.

$ git clone https://github.com/s0md3v/Photon.git

$ cd Photon

$ docker build -t photon .

$ docker run -it --name photon photon:latest -u google.com

To view results, you can either head over to the local docker volume, which you can find by running docker inspect photon or by mounting the target loot folder:

$ docker run -it --name photon -v "$PWD:/Photon/google.com" photon:latest -u google.com

Clone the repo from here: GitHub Link