Introducing WikiLeaker — An OSINT Tool for Searching WikiLeaks

I have been teaching virtual and in-person OSINT courses for about the last 6 months as The OSINTion. When going through the tools, I have…


I have been teaching virtual and in-person OSINT courses for about the last 6 months as The OSINTion. When going through the tools, I have always gone out of my way to provide credit where it is due to the tool developers and researchers behind the tools. One tool in particular that stuck out to me is Datasploit. The tool is written by Shubham Mittal and his team at RedHunt Labs. I have been an adherent of the tool since I learned that OSINT was, well…OSINT (h/t to Justin Seitz for that). I am also a huge fan of Tim TomesRecon-ng.

Why am I giving this back story?

Well, as many of you know, I am trying to improve my Python skills. I am working on a disinformation and deception tool, tentatively called DECEPTICON, as well as some other cool tools. All of this is part of my hobby-time Infosec and not part of my day job.

After having a bad training session — nothing went right. I set out to write some new scripts and provide my own datasets to students instead of relying on outside entities — I know, I should've been doing that already. Anyways, I wrote a parser for some data types in some quasi-authentic files. Take my NEW and IMPROVED REGEX course (next classes are 4/25 and 5/2 — use WOSEC15, SAFEESCAPE15 or TRACELABS15 for 15% off) for access to the tool. :-)

After I finished that (and learned a thing or two, thanks to Kelso), I got to thinking about ways to help give back to the Infosec/Hacker and OSINT communities. I decided that I would write a tool with similar functionality to the module of Datasploit, but I would write it in Python3 and follow Micah Hoffman’s approach to creating a tool and a Recon-ng module that is near identical.

Back to the tooling, the reason I continue to teach about Datasploit despite some of the features not working is that aside from Spiderfoot, to date, Datasploit is the only OSINT tool (to my knowledge) that queries WikiLeaks. Perhaps, I could write a tool and module that replicate the functionality of the Datasploit module. I did a few manual queries on WikiLeaks and then took a look at the code of Datasploit and confirmed that the URLs were the same.

Where I am putting my own twist to the code is my use of Pandas to handle the various data points that I am collecting. It may be because of the research I am doing with Data Science, but I find Pandas to make referencing data as well as importing/exporting structured data to be simple.

So, here we are. This is the release of WikiLeaker. Here is the GitHub repo. Installation instructions are on the README page of the repo. Simplying execute the script and pass a domain as an argument and anything containing that domain on WikiLeaks will populate to your screen.

I also included the Recon-ng module in the GitHub repo. The difference in Recon-ng is that you get all the functionality above, but it also writes the output to the Contacts database, as it parses email addresses using XPaths instead of re and pandas. It is available in the Recon-ng Marketplace.

In conclusion, seek forth and conquer. Use this tool to your heart’s content, but be safe (Safety Third) and do not do anything illegal/stupid.