Search
Open Source Intelligence (OSINT) resources
Posted on

Open Source Intelligence (OSINT) resources

Ted Kaminski's Picture
Ted Kaminski

What is open source intelligence?

Open source threat intelligence is utilizing information to detect security threats from publically available resources that traditional methods and technologies may not be capable of finding.

Why is it important?

One of the first steps in a pentest is gathering as much information as possible about the target. A great place to start reconnaissance is searching company assets without resorting to hacking. Relevant information stored outside the company can be grouped together into actionable intelligence. Piecing internal enterprise information together can be helpful to eliminate sensitive endpoints from exposing critical flaws.

OSINT Resources:

Shodan

osint1

Shodan is a search engine used to search publically accessible IoT devices. These devices are unknowingly exposed to the internet and shodan makes it possible to monitor, filter, scan, and keep track of exposed systems.

recon-ng

osint2

Recon-ng is a modular reconaissance framework with an easy to use style similar to Metasploit. Recon-ng focuses solely on intelligence obtained from web sources. It automates the more labourous sides of OSINT such as copying and pasting, reporting, and collection of resources. Recon-ng comes with many built in functionalities such as making web requests, database interaction, and managing APIs.

theHarvester

osint3

Striping social media metadata is made easy with theHarvester. It leverages popular search engines such as Bing and Google as well as DNSdumpster, dogpile, and Exalead meta data engine. It’s great for gathering emails, subdomains, facebook/instagram/linkedin profiles, names, IPs, and URLS.

Spiderfoot

osint4

Spiderfoot is an OSINT search tool that analyzes multiple data sources to find CIDR ranges, addresses, phone numbers, names, usernames, BTC addresses, and emails. It dsiaplys output nicely through CUI or a web interface. Spiderfoot is customizable with over 20 different modules making it a great red teaming resource.

Intelligence X

osint5

Intelligence X is an archival service capable of searching webpages that are no longer available due to legal reasons or reportable content. This service is similar to WayBackMachine, but differs in terms of perserved content. All content no matter how objectionable is archived.

Conclusion

Attackers will often take the path of least resistance. Not every intrusion needs an APT in order to do damage. Attackers looking for an entrypoint into an organization’s system can leverage sensitive public facing documents to get material for social engineering or even information on the infrastructure itself.