Exploit Notes

OSINT (Open Source Intelligence)

Last modified: 2023-03-02

Network OSINT Reconnaissance Web

Open-soruce intelligence is the collection and analysis of data gathered from open sources to produce actionable intelligence.

Frameworks


Comprehensive Tools

  • DeHashed

  • FOFA

    A search engine for the global cyberspace.

  • Have I Been Pwned

  • MetaDefender Cloud

    An advanced threat detection and prevention platform.

  • OSINT Tools

  • Shodan

    A search engine that lets users search for various types of servers connected to the internet using a variety of filters.

  • Spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    python3 sf.py -l 127.0.0.1:5001
    

    Then access to http://127.0.0.1:5001 in browser.

  • Threat Intelligence Platform

    Find detailed information about a host and its underlying infrastructure in seconds through the Threat Intelligence Platform web interface.

  • ViewDNS.info

    It provides Reverse IP Lookup, finds WHOIS records, so on. Checks other domains on the same IP.


Websites

  • Cisco Talos

    One of the largest commercial threat intelligence teams in the world.

  • NerdyData

    Get a list of websites that use certain source (HTML/Javascript source code e.g. Googla Analytics code).

  • Security Headers

    Scan websites.

  • urlscan.io

    URL and website scanner.

  • URLhaus

    A project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.

  • Wappalyzer

It identifies technologies on websites.

  • Wayback Machine

    It provides archived web pages.

    • Research Old Information

      1. robots.txt, sitemap.xml, and other interesting files.

      2. Directories

      3. URL parameters

      4. API keys

    • Useful Tools

      • Waybackurls

        Fetch all URLs that the Wayback Machine knows about for a domain.


IP Address

  • AbuseIPDB

    A project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.

  • Censys Search

    It provides information of specific IP addresses and domains.

  • Cloudflare Radar

    Up to date Internet trends and insight.


MAC Address

  • MAC Address Lookup

    It provides you information about any MAC Address of a networking card installed into your computer or any other device.


Malware

  • MalShare

    A community driven public malware repository that works to provide free access to malware samples and tooling to the infomation.

  • MalwareBazaar

    A project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.


Indicators of Compromise (IOCs)

  • ThreatFox

    A platform from abuse.ch with the goal of sharing indicators of compromise (IOCs) associated with malware with the infosec community, AV vendors and threat intelligence providers.


Botnet

  • Feodo Tracker

    A project of abuse.ch with the goal of sharing botnet C&C servers associated with Dridex, Emotet (aka Heodo), TrickBot, QakBot (aka QuakBot / Qbot) and BazarLoader (aka BazarBackdoor).


SSL

  • Qualys

    This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.

  • SSLBL

    A project of abuse.ch with the goal of detecting malicious SSL connections, by identifying and blacklisting SSL certificates used by botnet C&C servers. In addition, SSLBL identifies JA3 fingerprints that helps you to detect & block malware botnet C&C communication on the TCP layer.


Email Address


Adversary Tactics

MITRE

Tools by HDKS

Fuzzagotchi

Automatic web fuzzer.

aut0rec0n

Auto reconnaissance CLI.

Hash Cracker

Hash identifier.