OSINT (Open-source intelligence)

introduction

Open-source intelligence (OSNIT) is the insight gained from processing and analyzing public data sources such as broadcast TV and radio, social media, and websites. These sources provide data in text, video, image, and audio formats.

Why OSINT?

As threats continue to grow in sophistication, it becomes harder for security teams to keep a continuous check on the entire IT infrastructure. While there are automated tools and technologies minimizing the burden, OSINT can contribute to security operations by providing information about attack tactics and techniques. While the information gathered from OSINT sources is often unstructured, security teams are expected to establish a relationship between various data points.

Some of the common reasons that we come across as to why organizations pursue OSINT are:

• Identifying unintentional leakage of sensitive data through social media networks and other publicly available platforms
• Finding insecure devices connect to the organizational network with open network ports
• Obsolete or updated software and application packages
• Leakage of highly confidential information such as trade secrets and source code

OSINT framework

NOTE: If you find sensitive information, do not use it as an illegal manner thank you.

OSINT is much less expensive compared to traditional information collecting tools. OSINT offers a potentially greater return on investment and this feature is particularly relevant for organizations with a tight intelligence budget.

OSINT has many advantages when it comes to accessing and sharing information. Information can be legally and easily shared with anyone, open sources are always available and constantly up to date on any topic.

OSINT is also not ready to use; it requires a large amount of analytical work from humans in order to distinguish valid, verified information from false, misleading or simply inaccurate news and information. OSINT must be validated.

OSINT specialist has a wide range of tools available to harvest intelligence. Some are readily available, such as public records and reverse image search tools to identify people or objects, while others, mentioned below, are more industry specific and might require training. In addition, dark web searches, leaksites, social media channels, and even physical observations are used.

NOTE: OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost.

The OSINT framework website: https://osintframework.com/  or https://map.malfrats.industries/

Google dorks

• Google hacking, also named Google dorking  is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using.

Google dork commands

• Site: searching specific website. If you use this command on google search you will only see something related to the site that you are looking four. example site:somprt.com

• Inurl: check for the keyword in different URLs, example inurl:admin
• Intitle: to search for the specified keyword in the tittle of the webpage example intitle:”webcamXP 5″
• Intext: to search for the specified keyword in the body of the webpage Example intext: cyber security
• Filetype: to search for the specific type of the file Example cybercrime filetype: ppt
• If you want you can combine two or more commands
  • intitle:”index of” inurl:ftp intext:password
  • filetype:txt inurl:”email.txt”
  • site:something.cominurl:admin  intext:password
• Link: this command will list webpages that have links pointing to other page example link:www.google.com ( finding all the webpages those have links pointing to the Google homepage
• Cache: this dork will show you the cache version of a website example cache:somprt.com
• *: the star is used to search pages that contain ‘anything’ before your word example how to * website … this will return how to…”design, create, hack, etc. “a website”
• Related: www.google.com; this command will list webpages that are similar to the Google homepage
• Info: www.google.com; this command will show information about Google homepage
• Allintittle:google search; will return only documents that have both ‘google’ and ‘search’ in the title

Google Hacking Database

Link: https://www.exploit-db.com/google-hacking-database

The Google Hacking Database (GHDB) is a categorized index of Internet search engine queries designed to uncover interesting, and usually sensitive, information made publicly available on the Internet. In most cases, this information was never meant to be made public but due to any number of factors this information was linked in a web document that was crawled by a search engine which subsequently followed that link and indexed the sensitive information.

For example: inurl:”.php?id=” “You have an error in your SQL syntax”

This dork allows us to find websites that are possibly vulnerable to SQL Injections. This Google hacking query can be used by attackers to gather security vulnerabilities in web applications.

OSINT – hacker’s first asset in targeted attacks

• Before a cybercriminal wants to engage in a targeted attack against a particular organization or individual, they’d like to know a few things first. That’s where OSINT comes into play.
• The term OSINT is short for open source intelligence – referring to any bit of information that can be gathered by attackers for free. This is normally details collected on the Internet (e.g., company and title from LinkedIn, etc.), but, technically, can include offline information. These valuable pieces of information are collected using a variety of tools and methods that, in general, do not tip off the victim of the OSINT activity in the slightest.
• The goal of any targeted attack is to make it look as legitimate as possible. This involves using as many contextual cues as are available to improve the illusion of legitimacy and lower the potential victim’s defenses. While I’ve given two examples of OSINT that can easily be collected, curiosity normally drives most security professionals to wonder what other kinds of details are relatively simple to find.

Some of the best OSINT tools

• Maltego: Maltego is software used for open-source intelligence and forensics, developed by Paterva from Pretoria, South Africa. Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining. To download: https://www.maltego.com/downloads/

intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources.

• recon-ng: Recon-ng can be used to find information about Geo-IP lookup, Banner grabbing, DNS lookup, port scanning, sub-domain information, reverse IP using WHOIS lookup https://github.com/lanmaster53/recon-ng
• Nmap: Nmap, short for Network Mapper, is a free and open source tool used for vulnerability checking, port scanning and, of course, network mapping. Despite being created back in 1997, Nmap remains the gold standard against which all other similar tools, either commercial or open source, are judged. https://nmap.org/download
• Sherlock: https://github.com/sherlock-project/sherlock
• Osintgram: https://github.com/Datalux/Osintgram
• FacebookToolkit: https://github.com/warifp/FacebookToolkit
• Telegram-osint-lib: https://github.com/Postuf/telegram-osint-lib

For more tools

• Social media resources: https://www.osinttechniques.com/osint-tools.html
• Github osint tools https://github.com/topics/osint-tools

see more … Courses, cybercrimes, our series, dark web, anonymization, kali Linux, Python, cryptography and hash, steganography, password attacks, malware, man-in-the-middle attacks, DOS attacks, SQL injection, cool tips and tricks,

---