Informational footprints that individuals, corporations, organizations and governments leave behind on the WWW or other open source tools, contains incredibly useful information. This information is often referred to as OSINT, and it is helpful because it can reveal actions and/or intent; and ultimately can give the holder of this information the upper hand or edge over your competition or target.
OSINT is simply Open Source + Intelligence as opposed to ‘covert or clandestine’ and includes all unclassified intelligence that is freely available. The sources where information can be located is pervasive including Web-based; Media; Public data; Academic or Professional.
Think about it, when you are doing reconnaissance, i.e., searching for answers to a question using the Internet or other available sources, be it the latest threat intelligence, a threat actor, your next employer, or background checks on potential nannies or home contractors, you are utilizing OSINT.
OSINT is one of the many INTs disciplines or intelligence gathering disciplines. The other well-known INTs include:
- HUMINT Human Intelligence gathered from a person on the ground.
- FININT Financial Intelligence gathered from analysis of monetary transactions.
- GEOINT Geospatial-Intelligence gathered from satellite, aerial photography, mapping/terrain data.
- SIGINT Signal Intelligence; Made up of COMINT Communication with individuals and ELINT Electronic communication.
OSINT can be utilized for Business Intelligence; Due Diligence; Competitor Analysis; Criminal/Legal Investigations; Background Checks; Identifying people and preferences by their IP address; e-mail; phone number(s); Operating Systems used; Software/version; and/or Geolocation.
OSINT it is not always easily found. The information is out there, but often the link-crawling search engines Google (72.48%), Bing (10.39%), and Yahoo (7.78%) [ranked by market share] will not always provide you with what you need. By some estimates, these sources represent only a minuscule portion of the total web content, 1%-5%. In contrast, other sources including the Deep Web which includes data not indexed by standard search engines; and the DarkNet using ‘The Onion Router‘ known as TOR may provide you with too much information creating frustration. When it comes to making use of information, simply collecting it, is not enough. The best research/intelligence is unusable if it cannot be delivered in an easily understood format, presenting a compelling narrative and completed in a timely fashion.
OSINT can be a cumbersome task to navigate without the proper tools. As humans, we process colors, shapes, and connections. OSINT Tools allows for easier spotting of patterns, out of place things, or hidden items; As a result, conveying critical information faster and more accurately. If you want to transform information into ‘actionable intelligence,’ you need to learn the tools.
OSINT Tools (These are not all of them, but they provide a good starting point.)
Creepy is an incredibly useful tool for investigators written in Python, i.e. Cree.py. It allows the user to extract location Metadata (EXIF) from the photos on Twitter and Flickr social media accounts, and all you need is a username. After entering the username, you will get a list (right-click), and Google maps will open, giving the targets exact location plus other features.
To find out just how Creepy, Cree.py is, check out I know where you are….
There is nothing more frustrating than hitting a dead end in your information search because the website you were looking for no longer exists. The Wayback Machine (archive.org) website can help with this.
Who.is provides lots of information about the domain, the IP it sits on, the domain owner data, what other domains reside on the same server space and loads of other statistics.
Maltego is an open source intelligence and forensics application developed by Paterva. Maltego uses Java, so it runs on Windows, Mac, and Linux and is quick and easy to install. This application provides a graphical interface that makes seeing relationships, even if they are three or four degrees of separation away, instant and accurate.
Shodan is the search engine for IoT or internet-connected devices. Shodan has servers located around the world that crawl the Internet 24/7 to provide the latest Internet intelligence. Who buys Smart TVs? What companies are affected by Heartbleed? To name just a fraction of what Shodan can provide.
Creates on-hover tooltips for every website for IPv4, MD5, SHA2, CVE or add your own threat intel IOC. Designed to work with any API. Customization is encouraged. It is the called the ‘infosec threat and OSINT swiss army knife for your browser.’
Cybersecurity is a shared responsibility. Stop. Think. Connect.
Hacking The Human 