In our daily life, we search for a lot of information on the Internet. If we don’t find the expected results, we usually quit!
But have you ever imagined what lies in these hundreds of pages? “Information”!
This can only be possible by using different tools. Tools play an important role in finding information, but without knowing the importance and use of the tools, they will be useless to users. Before we get started with the tools, let’s get to grips with OSINT .
OSINT (Open Source INTelligence) is an intelligence discipline that includes the search, selection and collection of intelligence information from public sources, as well as its analysis.
Why do we need these tools?
Let’s consider one situation or scenario in which we need to find information related to a topic on the Internet. To do this, you need to first search and analyze until you get accurate results, this is time consuming. This is the main reason we need open source tools because the above process can be done in a few seconds using these tools.
So let’s dive into some of the best OSINT tools.
Google is the most used search engine for all users, while Shodan is a fantastic gold mine search engine that allows hackers to see open resources.
Compared to other search engines, Shodan provides you with results that make more sense and are related to cybersecurity. Basically, this is information related to devices that are connected to the network. These include: laptops, traffic signals, computers and smart home devices (IoT). It is an open source tool that mainly helps a security analyst identify a target and test it for various vulnerabilities, passwords, services, ports, etc.
What’s more, it provides users with the most flexible community searches.
For example, let’s consider a situation in which one user can see connected network cameras, webcams, traffic lights, and so on. We’ll look at some of the use cases for Shodan:
- Testing “default passwords”
- Resources with VNC Viewer
- Using an RDP port open to test available resources
Google Dorks has been around since 2002, and it delivers effective results with great performance. It is an open source query-based tool primarily designed and built to help users navigate the index or search results correctly and efficiently.
Google Dorks provides a flexible way to search for information with the help of some operators, and possibly also called Google Hacking. These operators make it easier to search for information retrieval. Below are some of the operators or indexing options provided by Google Docker, namely:
- Filetype : This operator is mainly used to find file types or to find a specific string
- Intext : This indexing option is used to search for specific text on a specific page.
- Ext : Used to find a specific extension in a file.
- Inurl : Used to find a specific string or word in a URL
- Intitle : To search for the title or words mentioned above in the URL
Maltego is designed and developed by Paterva and is one of the Kali Linux embedded tools. This open source tool is mainly used to do research for various purposes with a few built-in transforms (and also provides the ability to write your own).
Maltego is written in Java and built into Kali Linux. Registration is required to use this tool. Registration is free and the user must register on the paterva website . Once the registration process is complete, users can use this tool to create and design effective target-specific digital fingerprints on the Internet.
TheHarvester is an amazing tool to find emails, subdomains, IPs, etc. From various publicly available data. TheHarvester is also available on Kali Linux.
Recon-ng is an effective tool for performing reconnaissance on a target.
The whole power of this tool lies entirely in the modular approach. The power of modular tools can be understood by those using Metasploit. Recon-ng has various built-in modules that are used for targeting mainly when retrieving information according to the user’s needs. We can use the Recon-ng modules by simply adding domains to the workspace.
Workspaces are mainly created to perform operations within it. Users will be redirected to the workspace as soon as it is created. Within a workspace, a domain can be specified specifically using add domain <domainname>. Recon-ng modules are used to retrieve information about a specific domain after they (domains) are added to reconnaissance.
Some of the excellent modules like google-site-web and bing-domain-web are used to find other domains associated with the first initial target domain. The result of these domains will be all indexed domains for search engines. Another catchy module is bing_linkedin_cache, which is mainly used to retrieve information about email addresses associated with a domain. This module can also be used to implement social engineering.
SpiderFoot is an open source intelligence tool available for Linux and Windows. It is developed using the highly configurable Python language and runs on almost any platform. It integrates with a simple and interactive GUI with a powerful command line interface.
It automatically enables queries from over 100 OSINT sources to collect information about emails, names, IP addresses, domain names, etc. It collects extensive target information such as network blocks, emails, web servers. and much more. Using Spiderfoot, you can customize the targeting according to your requirements, as it will collect data by understanding how it relates to each other.
The data collected from SpiderFoot will provide a wide range of information about your specific target. It provides a clear understanding of possible hacker threats that lead to vulnerabilities, data leaks and other important information. Thus, this information will help to use the penetration test and increase the intelligence level of the threat to prevent it before it is attacked or stolen.
Creepy is an open source geolocation exploration tool. It collects geolocation information through various social networks and image posting services that have already been published elsewhere. Creepy presents reports on a map using a search filter based on exact location and date. These reports are available in CSV or KML format for export for additional analysis.
The main functionality in Creepy is divided into two main tabs, namely. Tabs “Objectives” and “View of the map”.
Creepy is written in python and also comes with packaged binaries for Linux distributions such as Debian, Backtrack, Ubuntu, and Microsoft Windows.