Tweet
Tool or Project Name: Frack
Short Abstract:
Frack is a tool created to be an end-to-end solution to store, manage and query collected breach data. The tool has a basic workflow making it easy to use. Using a very minimal cloud footprint, Frack makes it possible to store vast amounts of data in the cloud while retaining an extremely fast query speed. Query results end up in a neat Excel sheet where all of the breaches the domain was found in, including user passwords or hashes (depending on what was leaked in the breach). The Excel sheet also gives information regarding the breach it was found in and the date the breach first appeared. Having this data at your fingertips makes it easy to show a client their exposure and to use the data as a starting point when doing external or infrastructure assessments. The tool also includes the ability to use custom parse plugins which will parse raw dumps into usable data and convert it so you can use it directly in the database.
Short Developer Bio:
William is a Security Analyst at Orange Cyberdefense's SensePost team, specialising in penetration testing. He has been an ethical hacker since 2012 working on many different types of projects for many major banks and insurance houses in South Africa and abroad. Mobile platforms are his focus as he thoroughly enjoys breaking mobile applications and figuring out how they work. He has done several radio interviews (https://iono.fm/e/892386 and https://iono.fm/e/893010) and has also presented several training courses such as the SensePost SecDevOps training. William is currently focussing on designing a Mobile Hacking course.
URL to any additional information:
The tool leverages Apache ORC as a destination file format for parsed breaches. These are uploaded to Google's Big Query for processing. See:Detailed Explanation of Tool:
The tool was written in Python and will be distributed under the GNU General Public v3 License. The tool consists of three modulesmain features; generic parsing, plugin-based parsing and database maintenance.
The parse module is used to parse a semi clean .CSV file consisting of any of the following formats:
The tool also includes a DB module where you can perform basic DB maintenance, start ingestion jobs, and see stats of the database.
Supporting Files, Code, etc:
If needed, an invitation to look at the source code beforehand can be arranged. It currently lives in a private GitHub repository.
Target Audience:
Offense, Defense, OSINT
Nothing can stop the data flow! Every day we are bombarded with news reports of another data breach that has been published on the internet. Frack provides an easy way to manage this data on Google cloud infrastructure.
Short Abstract:
Frack is a tool created to be an end-to-end solution to store, manage and query collected breach data. The tool has a basic workflow making it easy to use. Using a very minimal cloud footprint, Frack makes it possible to store vast amounts of data in the cloud while retaining an extremely fast query speed. Query results end up in a neat Excel sheet where all of the breaches the domain was found in, including user passwords or hashes (depending on what was leaked in the breach). The Excel sheet also gives information regarding the breach it was found in and the date the breach first appeared. Having this data at your fingertips makes it easy to show a client their exposure and to use the data as a starting point when doing external or infrastructure assessments. The tool also includes the ability to use custom parse plugins which will parse raw dumps into usable data and convert it so you can use it directly in the database.
Short Developer Bio:
William is a Security Analyst at Orange Cyberdefense's SensePost team, specialising in penetration testing. He has been an ethical hacker since 2012 working on many different types of projects for many major banks and insurance houses in South Africa and abroad. Mobile platforms are his focus as he thoroughly enjoys breaking mobile applications and figuring out how they work. He has done several radio interviews (https://iono.fm/e/892386 and https://iono.fm/e/893010) and has also presented several training courses such as the SensePost SecDevOps training. William is currently focussing on designing a Mobile Hacking course.
URL to any additional information:
The tool leverages Apache ORC as a destination file format for parsed breaches. These are uploaded to Google's Big Query for processing. See:Detailed Explanation of Tool:
The tool was written in Python and will be distributed under the GNU General Public v3 License. The tool consists of three modulesmain features; generic parsing, plugin-based parsing and database maintenance.
The parse module is used to parse a semi clean .CSV file consisting of any of the following formats:
- <email>,<password>
- <email>,<hash>
- <email>,<hash>,<salt>
The tool also includes a DB module where you can perform basic DB maintenance, start ingestion jobs, and see stats of the database.
Supporting Files, Code, etc:
If needed, an invitation to look at the source code beforehand can be arranged. It currently lives in a private GitHub repository.
Target Audience:
Offense, Defense, OSINT
Nothing can stop the data flow! Every day we are bombarded with news reports of another data breach that has been published on the internet. Frack provides an easy way to manage this data on Google cloud infrastructure.