Skip to content

aaiknn/beth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits

avionics

avionics

 
 

modules

modules

 
 

phrases

phrases

 
 

sessions

sessions

 
 

src

src

 
 

trough

trough

 
 

utils

utils

 
 

.env.example

.env.example

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

beth.py

beth.py

 
 

Repository files navigation

BETH!

A tool that supports people busting some bottoms.

Check Module

Verify things.

Alias: -C

Email

Finds a verdict on the legitimacy of a given email address, and provides details about on what grounds the verdict is decided.

check --email <EMAIL_ADDRESS>

Example:

beth check --email test@test.com

Lookup Module

DNS data related lookup stuff.

Alias: -L

DNS

Retrieves DNS records for the name from your DNS server.

lookup --dns <DOMAINNAME>

Example:

beth lookup --dns dontasktoask.com

Options

-F      Instead of using one domain name from the command-line, read input from
        a file of domain names that are separated by new lines.

Example:

beth lookup --dns myfilename.txt -F

Reverse IP

Note: This feature needs a SecurityTrails API key in order to work.

Note: Result output is currently capped after listing a max amount of 20 entries. While that isn't a great solution, it saves your terminal from certain spam for the time being. Reverse IP output is soon going to be more detailed, and options are going to be added to the command.

lookup --reverse <IP>

Example:

beth lookup --reverse 8.8.8.8

Whois

Retrieves Whois entries for a given domain.

Note: This feature needs either a Whoxy or a WhoisXMLAPI API key in order to work. You can choose and set the service that you prefer using in your .env file.

lookup --whois <DOMAIN_NAME>

Example:

beth lookup --whois test.com

Reverse Whois

Retrieves current and historic domain name entries for a given target.

Note: This feature needs a WhoisXMLAPI API key in order to work.

lookup --rwhois <SEARCH_TERM>

Default is querying current records.

Search terms are case insensitive.

Results output is capped after a default max amount of 50 entries. You can choose to either remove the cap or override the default value in your .env file.

Example:

beth lookup --rwhois test@test.com

Options

-H                Historic search
--after, -A       Query for records created after a given date
--before, -B      Query for records created before a given date
--between, -X     Query for records created between two given dates
--mode, -M        'preview' to retrieve only the amount of results. Will not consume
                    any Domain Research Suite (DRS) credits.
                  'default' to retrieve result entries. Consumes 1 DRS credit.

Examples:

beth lookup --rwhois test@test.com -H
beth lookup --rwhois Google --after 2022-03-20
beth lookup --rwhois Google --before 1990-01-01
beth lookup --rwhois Google -X 2022-01-01 2022-01-01
beth lookup --rwhois 'A very unique term that probably hardly finds any results whatsoever' -M 'preview'

Search Operators

Seaches can be made more specific using AND.

Terms can be excluded from results using NOT.

Example:

beth lookup --rwhois "things AND stuff AND everything NOT desperation NOT exhaustion"

WhoisXMLAPI accepts a maximum amount of 4 entries for each included and excluded search terms. Therefore, additional terms will be dropped from searches and thus from results.

Query Module

Ask around the internet for advice.

Alias: -Q

Urlscan

Finds scan result entries on Urlscan.

Note: This feature needs a urlscan.io API key in order to work.

query --urlscan <QUERY_STRING> [RESULTS_AMOUNT]

For information on query string formatting, see Urlscan Search API Docs.

Example:

beth query --urlscan page.domain:dontasktoask.com

Note: A default value of the amount of results that are retrieved can be set in your .env file.

Options

-R      Repeatedly run the specified query without ever stopping.

Note: The amount of seconds that pass before the next query is sent can be set in your .env file.

Investigate Module

More in-depth investigation.

Alias: -I

Scan

Submits a scan of the target webpage to urlscan.io.

Note: This feature needs a urlscan.io API key in order to work.

investigate --scan <URL>

Example:

beth investigate --scan http://www.catb.org/~esr/faqs/smart-questions.html

Tags

You can choose to add one or more tags to your scan. These can be set in your .env file in the following format:

["tag1", "tag2", "tag3"]

Full Scan

Submits a scan of the target webpage to urlscan.io and then retrieves its results.

Note: This feature needs a urlscan.io API key in order to work.

investigate --full <URL>

Example:

beth investigate --full http://www.catb.org/~esr/faqs/smart-questions.html

Tags

You can choose to add one or more tags to your scan. These can be set in your .env file in the following format:

["tag1", "tag2", "tag3"]

Shodan

Retrieves information on the target IP from Shodan.

investigate --shodan <IP>

Example:

beth investigate --shodan 4.4.4.4

Test Module: HTTP Utilities

Some stuff about checking out the HTTP plumbing.

Alias: -T

Up

Is a domain up?

test --up <URL>

Example:

beth test --up dontasktoask.com

Options

-F      Instead of using one domain name from the command-line, read input from
        a file of domain names that are separated by new lines.

Example:

beth test --up myfilename.txt -F

Status

What's the response status from a request to a domain?

test --status <URL>

Example:

beth test --status dontasktoask.com

Options

-F      Instead of using one domain name from the command-line, read input from
        a file of domain names that are separated by new lines.

Example:

beth test --status myfilename.txt -F

About

A researcher's best plumed friend.

Topics

dns osint discovery querying security-tools investigation reconnaissance

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages