InactiveImmortal/osint-script
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
11 commits 1 branch 0 tags 46 KiB
Find a file
Exact
InactiveImmortal 63bc0b96ca Adjust the extension to support markdown
2025-10-11 18:27:31 -05:00
app.py Enhance News Aggregator GUI with font styling, improved source removal functionality, and refined result display 2025-10-11 18:20:59 -05:00
readme.md Adjust the extension to support markdown 2025-10-11 18:27:31 -05:00

readme.md

OSINT Automation Script: Technical Report

Author: Owen Collins
Date: October 11, 2025

1. Introduction

In the field of cybersecurity, timely and accurate information is a critical asset. Security professionals must constantly monitor a wide array of sources—from technical blogs to news sites—to stay ahead of emerging threats, new vulnerabilities, and evolving adversary tactics. Manually tracking these sources is inefficient, time-consuming, and prone to human error.

The purpose of this project was to develop a script that automates the collection and aggregation of open-source intelligence (OSINT) from various internet sources. The script, equipped with a simple Graphical User Interface (GUI), provides a centralized platform for users to add, manage, and fetch recent articles, effectively streamlining the initial phase of the intelligence lifecycle. Its intended use is for cybersecurity analysts, researchers, or students who need an efficient way to monitor multiple information feeds simultaneously.

2. Methodology

To achieve the project's goals, a combination of established and versatile technologies was selected. The script was developed using Python 3, chosen for its clear syntax, cross-platform compatibility, and an extensive ecosystem of powerful third-party libraries.

The core technologies and libraries used include:

  • Python: The primary programming language for all logic and orchestration.
  • Requests Library: Used to perform HTTP requests to fetch raw content from target URLs. It provides a simple and reliable interface for handling web connections, headers, and status codes.
  • BeautifulSoup4 Library: The primary engine for parsing web content. It excels at navigating and searching through semi-structured data, making it ideal for extracting specific information from both XML feeds (RSS/Atom) and standard HTML documents.
  • LXML Library: A high-performance XML and HTML parser used by BeautifulSoup under the hood to handle the parsing of feed data.
  • Tkinter Library: Python's standard built-in GUI toolkit, used to create the application's user interface. It was chosen for its simplicity and the fact that it requires no external dependencies, ensuring the script is portable.
  • Threading Module: A crucial component for ensuring a responsive user experience. By offloading network-intensive tasks to a separate background thread, the GUI remains fully interactive and does not freeze while fetching data.

3. Implementation

The script is architected as a single-file application that integrates a GUI front-end with a web-scraping back-end. The workflow is event-driven, centered around user interactions with the GUI.

A. Graphical User Interface (GUI)
The application launches a window built with Tkinter. This interface provides:

  1. An input field to enter new source URLs.
  2. Buttons to "Add" or "Remove" sources from a managed list.
  3. A listbox displaying all currently tracked sources.
  4. A "Fetch All News" button to initiate the scraping process.
  5. A scrollable text area to display the formatted results.

B. Core Logic Flow
When the "Fetch All News" button is clicked, the following sequence is initiated:

  1. Threading: To prevent the GUI from freezing, a new daemon thread is spawned. This thread is responsible for executing the entire data-fetching and parsing pipeline.
  2. Iteration: The script iterates through each URL stored in the source listbox.
  3. Smart Parsing (parse_source function): For each URL, a multi-stage parsing strategy is attempted:
    • HTTP Request: A GET request is sent to the URL with a User-Agent header to mimic a standard web browser. The script checks the HTTP status code and will halt if it encounters an error (e.g., 404 Not Found, 502 Bad Gateway).
    • XML Feed Parsing: It first attempts to parse the response as an XML document. It searches for <entry> tags (common in Atom feeds) and, if none are found, subsequently searches for <item> tags (common in RSS feeds). If either is successful, it extracts the title and link from each entry.
    • HTML Fallback: If the XML parsing fails to find any articles, the script falls back to treating the content as a standard HTML webpage. It uses a generic selector (h2 a) to find potential headlines and links.
  4. Displaying Results: The extracted data is passed back to the main GUI thread. The results are then inserted into the display area using Tkinter's tagging system to apply distinct styles for headers, titles, and links, creating a clean and readable summary.

4. Results and Application

The script successfully automates the collection of articles from user-defined sources. The final output is a formatted, easy-to-read summary that clearly separates articles from each source. The "smart parsing" logic proved effective, allowing the tool to correctly interpret both Atom and RSS feeds without user intervention.

In a cybersecurity context, this tool has several practical applications:

  • Threat Intelligence: An analyst can populate the tool with feeds from known cybersecurity news sites (e.g., The Hacker News, Bleeping Computer) and security vendor blogs to maintain up-to-the-minute awareness of new malware campaigns, threat actor groups, and data breaches.
  • Vulnerability Management: The script can be configured to monitor sources that announce software vulnerabilities, such as the National Vulnerability Database (NVD) or project-specific security mailing lists.
  • Brand Monitoring: An organization could use the tool to monitor for mentions of its name or products in relation to security incidents.

5. Conclusion

This project was a successful exercise in applying scripting and automation to solve a practical problem in the OSINT domain. The key takeaway was the importance of building robust and resilient tools. A simple scraper can easily fail if a website changes its structure; by implementing a multi-stage parsing strategy with an XML-first approach and an HTML fallback, the script is significantly more adaptable.

Furthermore, the process highlighted the necessity of separating logic from the user interface through threading to create a functional and non-disruptive user experience. The skills learned in automating information gathering, parsing semi-structured data, and handling potential errors are directly applicable to real-world cybersecurity scenarios, where efficient and reliable data collection is a foundational element of effective defense and intelligence operations.