OSINT (Open Source Intelligence)
Last modified: 2023-09-27
Open-soruce intelligence is the collection and analysis of data gathered from open sources to produce actionable intelligence.
Automation
OSINT is a powerful method for investigating target organizations, websites, etc. However, it's the tedious task to surfin the internet for finding desired information one by one. For that reason, it's also recommended to use automation tools.
*It might overlap a bit with recon automation tools
-
A powerful subdomain scanner and port mapper.
-
Searches accounts by username in social networks.
-
A comprehensive tool for information gathering.
-
An information gathering framework for phone numbers.
Comprehensive Tools
-
We can search anything assets but it requires subscription for seeing detailed information.
-
A search engine for the global cyberspace.
Below are search query examples.# Domain domain="example.com" # IP range ip="220.181.111.1/24" -
We can search for compromised corporate, employee, or users.
-
An advanced threat detection and prevention platform.
-
We can use it for WAF detection, subdomain finder, ping, IP lookup, IP geo location, etc.
-
A search engine that lets users search for various types of servers connected to the internet using a variety of filters.
-
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
python3 sf.py -l 127.0.0.1:5001Then access to
http://127.0.0.1:5001in browser. -
Find detailed information about a host and its underlying infrastructure in seconds through the Threat Intelligence Platform web interface.
-
It provides Reverse IP Lookup, finds WHOIS records, so on. Checks other domains on the same IP.
Websites
-
One of the largest commercial threat intelligence teams in the world.
-
Get a list of websites that use certain source (HTML/Javascript source code e.g. Googla Analytics code).
-
Scan websites.
-
URL and website scanner.
-
A project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.
It identifies technologies on websites.
-
It provides archived web pages.
-
Research Old Information
-
robots.txt, sitemap.xml, and other interesting files.
-
Directories
-
URL parameters
-
API keys
-
-
Useful Tools
-
Fetch all URLs that the Wayback Machine knows about for a domain.
-
-
Domains
-
A domain search engine.
IP Address
-
A project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.
-
It provides information of specific IP addresses and domains.
-
Up to date Internet trends and insight.
MAC Address
-
It provides you information about any MAC Address of a networking card installed into your computer or any other device.
Malware
-
A community driven public malware repository that works to provide free access to malware samples and tooling to the infomation.
-
A project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.
Indicators of Compromise (IOCs)
-
A platform from abuse.ch with the goal of sharing indicators of compromise (IOCs) associated with malware with the infosec community, AV vendors and threat intelligence providers.
Botnet
-
A project of abuse.ch with the goal of sharing botnet C&C servers associated with Dridex, Emotet (aka Heodo), TrickBot, QakBot (aka QuakBot / Qbot) and BazarLoader (aka BazarBackdoor).
SSL
-
This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.
-
A project of abuse.ch with the goal of detecting malicious SSL connections, by identifying and blacklisting SSL certificates used by botnet C&C servers. In addition, SSLBL identifies JA3 fingerprints that helps you to detect & block malware botnet C&C communication on the TCP layer.
Email Address
-
We can check if the email address is breached.