TOOLS FOR OPEN SOURCE INTELLIGENCE
#WHOAMI
Sudhanshu Chauhan(@Sudhanshu_c)
Director OctoGence Technologies
OSINT Enthusiast
Co-Author: Hacking Web Intelligence
https://github.com/SudhanshuC
Real World Existence:
Avid Reader, Cook, Traveller
Nutan Kumar Panda (@TheOsintGuy)
InfoSec Engineer eBay.inc
OSINT Enthusiast
Co-Author: Hacking Web Intelligence
https://github.com/nkpanda
Real World Existence:
Gamer, Rider, Keyboard Player
WHAT IS OSINT?
• Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. In contrast to traditional intelligence methods, OSINT utilizes overt channels for gathering information.
• The added benefit is that there is no direct interaction with the target which substantially reduces the chances of being caught or raising any red flags.
WHY OSINT?
• Internet is not limited to Google Searches.
• Not even limited to search engines, social media and blogs
• Huge number of sensational hacks in recent times Organizations getting hacked even after using so called "sophisticated" defense mechanisms.
• Basic recon usually ignored during security assessments.
• If you SECRET is out there in the open, someone WILL find it.
• It's just data until you leverage it to create intelligence.
TRADITIONAL METHODS
• Using search engines. E.g. Google, Yahoo etc.
• News sites. E.g. CNN, BBC etc.
• Corporate Websites
• Government Websites
• Blogs
MODERN RESOURCES
• Advanced search engines
• Social Media sites
• APIs
• Deepweb/Darkweb
• Advanced tools
TOOLS THAT WE ARE GOING TO TALK ABOUT
• Shodan- Internet Search Engine
• Recon-ng- Web Reconnaissance framework
• Foca- Metadata Extraction
• Maltego- Open Source Intelligence and Forensics application
SHODAN
• Shodan allows us to search devices connected over internet and collects the banners.
• https://www.shodan.io/
EXPLORE SHODAN• https://www.shodan.io/explore
• SHODAN DEMO
RECON-NG
• A full-featured Web Reconnaissance framework written in Python.
• Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion.
• https://bitbucket.org/LaNMaSteR53/recon-ng
• RECON-NG DEMO
FOCA
• Metadata extraction from files
• https://www.elevenpaths.com/labstools/foca/index.html
• FOCA DEMO
MALTEGO
• An Open Source Intelligence application, which provides a platform to not only extract data but also to represent that data in a format which is easy to understand as well as analyze.
• https://www.paterva.com/web6/
BASIC BLOCKS
• Entity: An entity is a piece of data which is taken as an input to extract further information. E.g. domain name xyz.com
• Transform: A piece of code which takes an entity (or a group of entities) as an input and extracts data in the form of entity (or entities) based upon the relationship.
• Machine: A machine is basically a set of transforms linked programmatically.
https://www.youtube.com/channel/UCThOLpqhLFFQN0nStdkyGLg
ENTITIES
TRANSFORMS
MACHINES
• MALTEGO LOCAL TRANSFORM DEMO
http://www.paterva.com/web6/documentation/m3guidetransforms.pdf
OTHER RESOURCES/TOOLS• Google Advanced Search: https://
www.google.com/advanced_search
• Internet Search Engine: http://zoomeye.org
• Jeffrey's Exif Viewer: http://regex.info/exif.cgi
• TinEye Reverse Image Search: https://www.tineye.com/
• Pipl People Search Engine: https://pipl.com/
• Internet Archive: http://archive.org/web/web.php
• Domain tool: https://w3dt.net/
• Social Media Search: http://socialmention.com/
GREETS #FREEHUGS
• Assi Barak- Software Group Manager BIU
• John Matherly- Shodan
• Tim Tomes & Open Source Community- Recon-ng
• ElevenPaths Team- FOCA
• Paterva Team- Maltego
• Q/A
Top Related