Hey folks, searching for OSINT guide? Here is the perfect guide specially made for OSINT for beginners.
Open source intelligence or OSINT for short is the practice of collecting publicly available information using a variety of different sources. For an attacker that is beginning to plan out their attack. OSINT tools and techniques are the first step in their journey.
In this article we’re going to cover the OSINT framework, OSINT methodology, OSINT techniques and OSINT tools we could use during this portion of the attack. So without any further ado, let’s get started.
Table of Contents
What is OSINT
OSINT or open source intelligence provides a framework of tools and techniques that ee can use to gather information about our target using publicly available resources. OSINT is really about the practice of using public information as reconnaissance on our target.
In our case we’re interested in anything that can be used for later attacks such as information on network equipment, employee email addresses or social media pages.
OSINT Methodology and Process
The OSINT starts with something you know about the target, something as simple as a company name can be used as a starting point from which we work from to acquire something else that could be leveraged.
We then define what kind of information we’re after like we’re after user credentials. We know that we need to acquire an email address and possibly social media accounts before we can send a targeted spear phishing campaign.
The third step is where we use tools. We’ll discuss here shortly to collect information about our target as we’ll see different tools have different purposes. So knowing how to obtain the information you’re after is key to the investigation. Next we analyze the data we collected and in some cases use what we found as a starting point for further analysis.
For this article we’re going to focus on the OSINT tools and OSINT resources that we can use to collect and analyze public data.
READ ALSO : How to Become Red Team Operator
Now let’s talk about some useful and powerful OSINT Tools.
Maltego is a powerful data mining OSINT tool that can be used to search thousands of online sources to find connections between pieces of information. This is accomplished using a series of transform steps that essentially automate the lookup process while providing you a visual layout of the information as it’s learned.
For example we can start off by typing in the domain name of an organization and right clicking to select the transform or task we would like to run on the object. We then moved to the next transform task based off of that piece of information.
Maltego’s power is in the visualizations and connections to pieces of information as it’s obtained. This is extremely useful as we move on the later steps in the kill train in plotting out these areas that we want to focus on for our attacks.
It also provides third-party plugins to support queries of other data feeds like shodan that you can use as a transform action.
theHarvester is a slightly different kind of tool because it focuses on popular ocean search engines like Google, LinkedIn and shodan as the main source of data.
However this insanely yet powerful tool can be quite useful in finding out valuable data about our target. You can use google hacking techniques as part of your search query and even use the dash option to query shodan on a discovered host for even more data.
Another powerful but lesser known OSINT tools is Spiderfoot which consolidates hundreds of data feeds into a single search. Unlike maltego where you have to specify the specific action you want to run on a given target.
Spiderfoot is like a google search that queries nearly all the publicly available ocean sources available. Spiderfoot does not come included in kali but here is a GitHub link with instructions for loading this up in minutes.
Using spiderfoot it’s as easy as typing in what we know about the target such as a username or a company website and then selecting the type of scan that we want to run with hundreds of modules and API connections to various OS and recourses.
They also make it easy by grouping them based on the kind of information that you’d like to obtain. Well I found spiderfoot to be much more intuitive than maltego. It doesn’t visualize the data anywhere near as good.
READ ALSO : CTF Complete Guide
Other OSINT Tools
Different tools may be needed for different things so here’s a brief overview of some of the other tools in our ocean disposal.
It is a multi language search tool that can span across many resources in different languages. This is particularly useful when you’re researching targets that may be in a different country or use a different language.
It is more of a development tool based on python that allows you to develop the kind of searches you want to use based on modules. The benefit here for developers is the ability to automate the OSINT process into your applications by leveraging the recon-ng framework.
It is meant to extract meta data from public documents. This is extremely useful for researching things like business owner information or finding open documents that were not secured correctly.
Of course no ocean research is complete without mentioning traditional sources like google hacking, shodan, the wayback machine and netcraft. The reality is that there’s simply not enough time to cover all of those in great detail but they are worthy of having in your OSINT research toolbox.
I’d also encourage you to check out and bookmark oceanframework.com. As this provides an excellent visualization and updated list of links that can come in handy during your investigation.
We’ll find here a massive list of ocean links that are categorised and subcategories for easy lookups. Each category you see expand to show the subcategories and their corresponding tools.
Conclusion : OSINT Tools & Methodology
Reconnaissance is the first step of the cyber security kill chain and the foundation to a successful attack. Open source intelligence or OSINT is the practice of collecting publicly available information about a target.
In this article we covered what OSINT is, the framework and methodology for an OSINT investigation and some of the top OSINT tools in data investigation. Have any doubt related to OSINT? Don’t worry just comment below and clear it.