RE: What's coming in Cloudron 7.1

@girish said in What's coming in Cloudron 7.1:

Whatever jitsi needs

This is the coolest thing I have read all week.

@girish you and your team do amazing work and I can never thank you enough.

I would like to suggest implemententing Crowdsec as a built-in feature to a cloudron install. Assuming most of our installs (speaking on the community behalf) are internet facing, something like this, could become very powerful and beneficial as a security feature.

Any luck on a jitsi image as of yet?

Spiderfoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.

Spiderfoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It's written in Python 3 and GPL-licensed.

Already has an existing docker file

FEATURES

Web based UI or CLI
Over 200 modules (see below)
Python 3
CSV/JSON/GEXF export
API key export/import
SQLite back-end for custom querying
Highly configurable
Fully documented
Visualisations
TOR integration for dark web searching
Dockerfile for Docker-based deployments
Can call other tools like DNSTwist, Whatweb, Nmap and CMSeeK
Actively developed since 2012!

Self-hosted and focused on data collection. If your use case is focused solely on data collection on small to medium targets and you wish to run SpiderFoot within your own infrastructure that you set up, secure and maintain with support from the community, the open source version is probably the best option for you.

With the open source version, most of the modules from SpiderFoot HX are available, but the ability to navigate, visualize, monitor and investigate is not available. You'll be able to export the data from SpiderFoot in CSV, JSON or GEXF and work with the data in other tools.

The open source version is typically used by hobbyists and those new to OSINT.

Project iKy is a tool that collects information from an email and shows results in a nice visual interface.

List of features

Demo

Docker Install

Video topics

1. How to properly setup/secure your server to a high level of protection
2. Navigating logs
3. Setting up volumes
4. Setting up multi-domain and groups on cloudron
5. Backups. Backups. Backups.
6. Migration/reinstalling from a backup
7. Packaging apps

Photon is a webcrawling application. It has a Docker image already.

Key Features

Data Extraction

Photon can extract the following data while crawling:

URLs (in-scope & out-of-scope)
URLs with parameters (example.com/gallery.php?id=2)
Intel (emails, social media accounts, amazon buckets etc.)
Files (pdf, png, xml etc.)
Secret keys (auth/API keys & hashes)
JavaScript files & Endpoints present in them
Strings matching custom regex pattern
Subdomains & DNS related data

Flexible

Control timeout, delay, add seeds, exclude URLs matching a regex pattern and other cool stuff. The extensive range of options provided by Photon lets you crawl the web exactly the way you want.
Genius

Photon's smart thread management & refined logic gives you top notch performance.

Still, crawling can be resource intensive but Photon has some tricks up it's sleeves. You can fetch URLs archived by archive.org to be used as seeds by using --wayback option.

Plugins

wayback
dnsdumpster
Exporter

Thanks @girish

PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.

Docker install already exists

Features

Check if phone number exists and is possible
Gather standard informations such as country, line type and carrier
OSINT footprinting using external APIs, Google Hacking, phone books & search engines
Check for reputation reports, social media, disposable numbers and more
Scan several numbers at once
Use custom formatting for more effective OSINT reconnaissance
NEW: Serve a web client along with a REST API to run scans from the browser
NEW: Run your own web instance as a service
NEW: Programmatic usage with Go modules

Anti-features

Does not claim to provide relevant or verified data, it's just a tool !
Does not allow to "track" a phone or its owner in real time
Does not allow to get the precise phone location
Does not allow to hack a phone

Building an OSINT Reconnaissance Tool from Scratch

@ruihildt I would almost argue that even as a personal user, that bang for buck is there.

Cloudron provides data privacy and built in security, by default.

For $420/usd a year, one can have an all in one home for everything.

Creating a business structure, gathering funds, and even moving to open source likely wouldn’t be the most difficult thing.

What I foresee as difficult, is the app development and addition with the same level of detail as currently being done.

@timconsidine I am thinking there is something else wrong because even when using the website provided by operation privacy, I cant use the service.

@necrevistonnezr
A nice symbology system, sure, but you’re capped at drive bay space.

So unless you’re able to find a 6-bay symbology system that can support 14tb drives (or larger) in each bay, that wouldn’t be worth it to me.

But at least now we are comparing apples to apples

@ruihildt I would almost argue that even as a personal user, that bang for buck is there.

Cloudron provides data privacy and built in security, by default.

For $420/usd a year, one can have an all in one home for everything.

@timconsidine

Are you getting any error messages when you attempt to update the app with the github repo?

When I do, I am getting an error message about node dependencies that I havent gotten before.

I have tried various PPAs of NodeJS and NPM and I still get

E: Unable to correct problems, you have held broken packages.

Any ideas on this one?

Project iKy is a tool that collects information from an email and shows results in a nice visual interface.

List of features

Demo

Docker Install

Photon is a webcrawling application. It has a Docker image already.

Key Features

Data Extraction

Photon can extract the following data while crawling:

URLs (in-scope & out-of-scope)
URLs with parameters (example.com/gallery.php?id=2)
Intel (emails, social media accounts, amazon buckets etc.)
Files (pdf, png, xml etc.)
Secret keys (auth/API keys & hashes)
JavaScript files & Endpoints present in them
Strings matching custom regex pattern
Subdomains & DNS related data

Flexible

Control timeout, delay, add seeds, exclude URLs matching a regex pattern and other cool stuff. The extensive range of options provided by Photon lets you crawl the web exactly the way you want.
Genius

Photon's smart thread management & refined logic gives you top notch performance.

Still, crawling can be resource intensive but Photon has some tricks up it's sleeves. You can fetch URLs archived by archive.org to be used as seeds by using --wayback option.

Plugins

wayback
dnsdumpster
Exporter

PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.

Docker install already exists

Features

Check if phone number exists and is possible
Gather standard informations such as country, line type and carrier
OSINT footprinting using external APIs, Google Hacking, phone books & search engines
Check for reputation reports, social media, disposable numbers and more
Scan several numbers at once
Use custom formatting for more effective OSINT reconnaissance
NEW: Serve a web client along with a REST API to run scans from the browser
NEW: Run your own web instance as a service
NEW: Programmatic usage with Go modules

Anti-features

Does not claim to provide relevant or verified data, it's just a tool !
Does not allow to "track" a phone or its owner in real time
Does not allow to get the precise phone location
Does not allow to hack a phone

Building an OSINT Reconnaissance Tool from Scratch

Spiderfoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.

Spiderfoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It's written in Python 3 and GPL-licensed.

Already has an existing docker file

FEATURES

Web based UI or CLI
Over 200 modules (see below)
Python 3
CSV/JSON/GEXF export
API key export/import
SQLite back-end for custom querying
Highly configurable
Fully documented
Visualisations
TOR integration for dark web searching
Dockerfile for Docker-based deployments
Can call other tools like DNSTwist, Whatweb, Nmap and CMSeeK
Actively developed since 2012!

Self-hosted and focused on data collection. If your use case is focused solely on data collection on small to medium targets and you wish to run SpiderFoot within your own infrastructure that you set up, secure and maintain with support from the community, the open source version is probably the best option for you.

With the open source version, most of the modules from SpiderFoot HX are available, but the ability to navigate, visualize, monitor and investigate is not available. You'll be able to export the data from SpiderFoot in CSV, JSON or GEXF and work with the data in other tools.

The open source version is typically used by hobbyists and those new to OSINT.

I'd like to formally request the SMS desktop app to be packaged.

The app allows you to use a number obtained from twilio or telnyx and you can use SMS, MMS, and calling features.
timconsidine has written a guide on LXC setup, and I think this would be a prod ready app.
Some features that are being worked on are

1. S3 backends for image storage
2. Admin and subuser accounts
3. in call dialpad
4. image purging customization

It has active development, and many folks are using this already.

The developer seems to be very receptive to collaboration, but doesn't have the bandwidth to package this themselves.

I'd be willing to work with someone to get this packaged into docker (never done that before).