← back to tools

OSI_breakdown

11 files · ready for inspection

readme

# OSI_breakdown ### *Layer‑by‑Layer Recon Framework* > “We don’t just scan networks — we dissect them, one layer at a time.” ``` ██████ ███████ ██ ██████ ██████ ███████ █████ ██ ██ ██████ ██████ ██ ██ ███ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ ██ ██ ██ ███████ ██ ██████ ██████ █████ ███████ █████ ██ ██ ██ ██ ██ █ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ███ ██ ██ ██ ██ ██████ ███████ ██ ██████ ██ ██ ███████ ██ ██ ██ ██ ██████ ██████ ███ ███ ██ ████ ``` ## What Is OSI_breakdown? **OSI_breakdown** is a modular CLI tool built for **red teams and network analysts** to break down every OSI model layer from any IP or domain. Each layer runs real reconnaissance modules that map data from **Layer 1 → 7**. All results are shown live in the **terminal output** and saved to a timestamped file in `/reports/`. --- ## Installation ```bash # Clone the repo git clone https://github.com/ekomsSavior/OSI_breakdown.git cd OSI_breakdown # Install system dependencies sudo apt update sudo apt install -y nmap hping3 traceroute curl net-tools arp-scan whois # Install Python dependencies pip3 install requests beautifulsoup4 rich ``` --- ## Usage ```bash # Run interactively and follow prompts python3 osi_breakdown.py # For deeper Layer 2 analysis (ARP/MAC), run as root sudo python3 osi_breakdown.py ``` --- ## Project Structure ``` OSI_town/ ├── osi_breakdown.py # CLI entrypoint with color + banner ├── modules/ │ ├── layer1_physical.py # ISP + physical inference │ ├── layer2_datalink.py # ARP, MAC vendor, interface info │ ├── layer3_network.py # Traceroute, ASN, GeoIP │ ├── layer4_transport.py # TCP/UDP pings via hping3 │ ├── layer5_session.py # Nmap + session cookie detection │ ├── layer6_presentation.py # SSL/TLS cert + cipher analysis │ └── layer7_application.py # HTTP headers + login form scanner ├── utils/ │ └── report_writer.py └── reports/ └── <timestamped_report>.txt ``` --- ## Layer‑by‑Layer Breakdown ### **Layer 7 — Application** **File:** `modules/layer7_application.py` Scans the target’s HTTP(S) service for: * Server banners and status codes * Login forms (`<form><input type=password>`) * Web tech clues (`X‑Powered‑By`, cookies) * Favicon MD5 hash for framework fingerprinting *Uses:* `requests`, `BeautifulSoup`, `hashlib` --- ### **Layer 6 — Presentation** **File:** `modules/layer6_presentation.py` Interrogates the SSL/TLS handshake to reveal: * TLS version & cipher suite * Certificate issuer, subject, validity range * MIME type or encoding info *Uses:* `ssl`, `socket`, `urllib.parse` --- ### **Layer 5 — Session** **File:** `modules/layer5_session.py` Focuses on connection persistence and service enumeration: * Scans top 1000 ports with `nmap` * Detects session cookies via HTTP headers * Flags persistent auth tokens *Useful for spotting active service ports & sticky sessions.* --- ### **Layer 4 — Transport** **File:** `modules/layer4_transport.py` Performs low‑level protocol checks: * TCP SYN to port 80 and UDP to 53 via `hping3` * Observes TTL, flags, and packet behavior *Hints at OS fingerprinting and firewall posture.* --- ### **Layer 3 — Network** **File:** `modules/layer3_network.py` Maps routing and ownership details: * DNS resolution and public IP * `traceroute` for hop map * WHOIS ASN (origin, netname, descr) * GeoIP lookup with `ipinfo.io` *Traces where packets really travel.* --- ### **Layer 2 — Data Link** **File:** `modules/layer2_datalink.py` Collects local network information: * ARP table entries (`arp -n`) * MAC addresses from interfaces (`ifconfig`) * Optional LAN sweep with `arp‑scan --localnet` *Requires `sudo` for ARP visibility. Output shown in terminal and saved.* --- ### **Layer 1 — Physical** **File:** `modules/layer1_physical.py` Infers physical connection attributes: * ISP + org from `ipinfo.io` * Guesses link type (fiber, cable, etc.) * Notes limits of what Layer 1 can reveal *Completes the chain — from wire to app.* --- ## Tips * Always run from **Kali or Debian-based systems**. * Comment out Layer 4 & 5 in `osi_breakdown.py` for fast passive runs. * Use `sudo` for Layer 2 ARP scans. * Every scan generates a **timestamped report** in `reports/`. --- ## Ethics Disclaimer > This framework is for **authorized security research and education**. > Use only on systems you **own or have explicit permission to test**. > The authors and contributors assume no liability for misuse.

source code

files

viewer

select a file
// click a file to view source

license

MIT License Copyright (c) 2026 ek0mssavi0r Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. USE AT YOUR OWN RISK. NO WARRANTY PROVIDED.
download zip // inspect all source before execution
read the code before you run it. always.