┌─────────────────────────────────────────────────────────────────┐
│                                                                 │
│ 88888888ba         888888888888                                 │
│ 88      "8b             88                                      │
│ 88      ,8P             88                                      │
│ 88aaaaaa8P'  ,adPPYba,  88  8b,dPPYba,  ,adPPYYba,  8b,dPPYba,  │
│ 88""""88'   a8P     88  88  88P'   "Y8  ""      Y8  88P'    "8a │
│ 88    `8b   8PP"""""""  88  88          ,adPPPPP88  88       d8 │
│ 88     `8b  "8b,   ,aa  88  88          88,    ,88  88b,   ,a8" │
│ 88      `8b  `"Ybbd8"   88  88          `"8bbdP"Y8  88`YbbdP"   │
│                                                     88          │
│                                                     88          │
│                                                                 │
└─────────────────────────────────────────────────────────────────┘

    (OSINT) Open-Source intelligence tracking and analysis tool. Inspired by Trape.

Setup 🧰

- With docker:

• Make sure docker and docker-compose is installed on your system.
• And run it with docker-compose up after the setup is complete, it should be running on http://0.0.0.0:8989

- With executable:

You can find an executable that supports your OS from the following links:

• Github
• Sourceforge

make sure to unzip the file, and run the executable from the terminal or cmd.exe

- on Windows you'll have to start the cmd.exe as an Administrator.
- on MacOS you'll have to go to System preferences > Security > And allow the retrap-macos executable

- From the source (Tested on Linux and Window Git Bash):

• Install dependencies npm i .
• Build assets and compile TypeScript npm run build
• Start the server npm start
• Package it into binaries nvm use && ./package.sh

- For developers:

• To run linting and style check npm run lint
• To run tests npm run test

Options 📖

  Open-Source intelligence OSINT tracking and analysis tool.

  Usage

      $ retrap [option]

  Options

      --ip-address, -i IP address to stream server on        (0.0.0.0)
      --port, -p Port to stream server through               (8989)
      --logging, -o Display http requests logs               (true)
      --ngrok-token -a Ngrok account authentication token

  Example

      $ retrap --port 8080 -l

Features and Demos ✨

- Ngrok tunneling support

Exposes the local server to the internet with Ngrok secure tunnel. Get a free token from Ngrok and use it as shown in the demo.
The authentication token can be persistent and saved as a default in ./collections/settings.db with "ngrokAuthToken": "your token".

Demo:

- Captures user's information and active sessions

IP address, location, languages, battery left, internet speed... As well as detecting and storing the active login sessions for facebook, gmail, instagram... The captured user's data are stored locally and can be accessed via:

• http://127.0.0.1:8989/api/guests/ an API endpoint that returns information of all the captured users.
• http://127.0.0.1:8989/api-doc has a full documentation of the returned user's details and active sessions.

Demo:

- Realtime hooks to intercept user's active session

Injecting JavaScript, sending alerts, text-to-speech notifications and redirecting to different locations... In the following example a console.log() is injected to an active web-session:

Demo:

- Hooking script to integrate with your custom webpages

The same hooking script that's used to control the mirrored web sessions, can be used externally within any .html or .js file.
The following example demonstrating using the hook script within a local .html page and capturing a login form data:

Demo:

- RESTFul API to execute hooks, query users and integrate with other platforms

Demo:

Disclaimer and Background ❎

This tool is experimental in its Alpha phase. It's developed and published as a small building block of a master's thesis research. So use it for educational purposes only and at your own discretion, the author cannot be held responsible for any damages caused.

- How to protect yourself ?

The tool relies on injecting any web resources with a JavaScript hook that allows us to perform verity of intrusive actions remotely. There are many useful browser extensions and plugins that detect and block such intrusive scripts:

• uBlock Origin
• Privacy Badger
• NoScript
• Brave Browser

TODO ✅:

• Fix up the docker containers setup
• Add token based authorization to the Admin REST API
• Add Settings model CRUD endpoints to Admin REST API
• Add an admin user-interface based on the REST API and/or Socket.io client. (Preferably in React/Vue)
• Improve hook's getScreenshot and add it to the Sockets and REST API
• Maybe add a push notification hook 🤔 (Needs research)
• Add more integration tests and increase coverage