OSINT (Open Source Intelligence)
Last modified: 2023-03-02
Open-soruce intelligence is the collection and analysis of data gathered from open sources to produce actionable intelligence.
Frameworks
Comprehensive Tools
-
A search engine for the global cyberspace.
-
An advanced threat detection and prevention platform.
-
A search engine that lets users search for various types of servers connected to the internet using a variety of filters.
-
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
python3 sf.py -l 127.0.0.1:5001
Then access to
http://127.0.0.1:5001
in browser. -
Find detailed information about a host and its underlying infrastructure in seconds through the Threat Intelligence Platform web interface.
-
It provides Reverse IP Lookup, finds WHOIS records, so on. Checks other domains on the same IP.
Websites
-
One of the largest commercial threat intelligence teams in the world.
-
Get a list of websites that use certain source (HTML/Javascript source code e.g. Googla Analytics code).
-
Scan websites.
-
URL and website scanner.
-
A project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.
It identifies technologies on websites.
-
It provides archived web pages.
-
Research Old Information
-
robots.txt, sitemap.xml, and other interesting files.
-
Directories
-
URL parameters
-
API keys
-
-
Useful Tools
-
Fetch all URLs that the Wayback Machine knows about for a domain.
-
-
IP Address
-
A project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.
-
It provides information of specific IP addresses and domains.
-
Up to date Internet trends and insight.
MAC Address
-
It provides you information about any MAC Address of a networking card installed into your computer or any other device.
Malware
-
A community driven public malware repository that works to provide free access to malware samples and tooling to the infomation.
-
A project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.
Indicators of Compromise (IOCs)
-
A platform from abuse.ch with the goal of sharing indicators of compromise (IOCs) associated with malware with the infosec community, AV vendors and threat intelligence providers.
Botnet
-
A project of abuse.ch with the goal of sharing botnet C&C servers associated with Dridex, Emotet (aka Heodo), TrickBot, QakBot (aka QuakBot / Qbot) and BazarLoader (aka BazarBackdoor).
SSL
-
This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.
-
A project of abuse.ch with the goal of detecting malicious SSL connections, by identifying and blacklisting SSL certificates used by botnet C&C servers. In addition, SSLBL identifies JA3 fingerprints that helps you to detect & block malware botnet C&C communication on the TCP layer.
Email Address
Adversary Tactics
MITRE
-
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.