The first step in a targeted attack – or Red Team penetration testing – is to gather valuable information about the target. While there are many ways and means to do this secretly, intelligence gathering usually begins with gathering information from publicly available sources, collectively known as open source intelligence or intelligence. OSINT. Now that there are countless ways OSINT can be legitimately obtained thanks to social media and the prevalence of online activities, this may be all it takes to give attackers everything they need to profile an organization or individual.
| Join the channel Telegram of the AnonyViet 👉 Link 👈 |
In this article, I will help you learn all about OSINT and how you can learn how to use OSINT tools to better understand how hackers gather information.
What is OSINT?
If you’ve heard this name but are still wondering what it means, OSINT stands for open source intelligence, refers to any information that can be lawfully obtained from free, public sources about an individual or entity. In practice, that means information found on the internet, but technically any public information falls under OSINT whether it’s a book or report, press article, or statement in the press release.
OSINT also includes information that can be found in different media types. Although we often think of it as text-based, information in images, videos, webinars, speeches, and conferences all fall under OSINT.
What is OSINT used for?
By gathering publicly available sources of information about a particular target, an attacker – or penetration tester You can profile an audience to better understand their characteristics and narrow down the areas to look for. An attacker can use the information obtained to develop an attack plan. Targeted cyberattacks, like military attacks, begin with reconnaissance, and the first stage of digital reconnaissance is passive information gathering without compromising the target.
Collecting OSINT about yourself or your own business is also a way to check what information you are leaking from publicly available sources. Once you know what information can be gathered from public sources, you can use it to help you or your security team develop better defense strategies. What vulnerabilities can your public information infer? What ways could an attacker use?
What is OSINT Framework?
Gathering information from a variety of sources is a very time-consuming task, but there are many tools that can make gathering information simpler. While you may have heard of tools like Shodan and port scanning tools like Nmap and Zenmap, those tools are far from complete. Fortunately, the security researchers themselves have documented the tools available. Or use the free OSINT tool was introduced by AnonnyViet.
A pretty good place to start is OSINT Framework compiled by Justin Nordine. The framework provides options for a wide range of tasks from collecting email addresses to searching on social media or the dark web.
In many articles about OSINT tools, you will see one or two tools available in Kali Linux, such as theHarvester or Maltegobut for a complete overview of the OSINT tools available in Kali, see the list Kali tool this page gives you both the tools and examples of how to use them.
Tools like Nmap and Recon-ng are all hacker’s favorite tools. The Nmap tool allows you to find system information through IP addresses such as open ports, security holes, devices using that IP, etc.
Recon-Ng is a tool written in Python by Tim Tomes for web scouting. You can use it to do things like list subdomains with a given domain, but there are dozens of modules that let you connect to things like the internet search engine Shodan, Github, Jigsaw, Virustotal and others, when you add API keys. Modules are classified in groups such as Recon, Reporting and Discovery modules.
OSINT tools, techniques and other resources
Of course, one of the best tools to use in intelligence gathering are search engines like Google, Bing, etc. Actually, there are dozens of search engines and some of them can. returns better results than other tools for specific types of queries. The problem is, how can you query these many tools efficiently?
A great tool that solves this problem and makes web queries more efficient is Searx. Searx is a metasearch engine that allows you to anonymously and simultaneously collect results from more than 70 search services. Searx is free and you can even host your own version for maximum privacy. Users are neither tracked nor profiled and cookies are disabled by default. Searx can also be used on Tor for online anonymity.
Many public versions of Searx are modded for those of you who don’t want to use the existing platform. To watch Searx wiki for more list.
A great place to stay up to date with anything on the Internet is to follow people on Twitter. However, keeping track of everything on Twitter can be difficult. Luckily, there’s also an OSINT tool for that, called Twint.
Twint is a Twitter crawler tool written in Python that makes it easy for you to anonymously collect and search information on Twitter without signing up for Twitter or using an API key like you have to with other tools. like Recon-ng. With Twint, no authentication or API usage is required. Just install the tool and get started. You can search by user, geographic location, and time range, these are just some of Twint’s options.
So how to use Twint to help you keep up with new technologies evolving in OSINT? Since Twint allows you to specify preferences, you can find new tweets tagged with #OSINT daily. You can automate that script and send the results to the database for more convenient viewing using the option --database of Twint to save in SQLite format.
twint -s '#osint' --since 2019-07-17
There have been 58 posts as of July 17, 2019.
Another great tool you can use to collect public information is Metagoofil. This tool uses Google search engine to retrieve public PDF, Word, Powerpoint and Excel files from a given domain. It can then automatically extract data from these documents to generate a report that lists information such as user name, software version, server, and hostname.
Conclusion
In this article, I have introduced the most basic concept of OSINT and why it is useful. I have provided you with the tools and instructions on how to use them. There are also websites that learn about OSINT.
For anyone entering the cybersecurity field, understanding how OSINT is collected is an important skill. Whether you’re protecting a corporate network or testing a network’s weaknesses, the more information you have, the better able you are to see vulnerabilities. Armed with that knowledge, you can continue to develop better defensive strategies.
