OSINT is part of reconnaissance process that consists, of using any available online platform or tool, or public intelligence that can provide information about a company, organization or individuals. It’s a collection of data from public sources that is used in an intelligence context and this type of information is often missed by link crawling search engines such as Google.
As per DoD, OSINT is “produced from publicly available information that is collected, exploited and disseminated in a timely manner to an appropriate audience for addressing a specific intelligence requirement”.
What would you get from OSINT resources?
Well, what more interesting about OSINT’ing is the more you think about what to type in the search bar, the more you explore about the target or the goal.
Following are some general information you can attain with the help of OSINT.
- The social media presence of the target organization or individual.
- Overview of their headquarters, location, branches, employees, work timings.
- What type of technology the target utilizes to provide its services
- Their official websites and their subdomains
- DNS, IP addresses, metadata and statistics
Lets also remember the quality and quantity of data you can collect relies on the intention of the search. For example sensitive information like asset data, policy, procedures, military data or government documents cannot be found so easily unless the information is leaked to the public. One has use two or a combination of online/ offline tools to retrieve the information she/he wants.
What are some powerful OSINT tools of today?
- Recon-ng – a Kali Linux tool used for online surveillance. It is used in combination with Social Engineering Toolkit in order to gather any public information about anything from over the globe, with the help of numerous sources, say, public API’s, search engines or plugins.
- Maltego – This is an intelligent tool based on Java used for getting real time relationships between entities web pages or domains of organizations, people, networks, and internet infrastructure etc.
- Nmap – Nmap is a powerful scanning tool, again prepackaged with Kali linux. This tool can scan many hosts and get almost all information about a target system like OS, version, model, open ports, protocols. What is fascinating is its ability to discover your network find vulnerabilities of the hosts residing in it.
- Harvester – This is also a python-based tool incorporated in Kali Linux to dump information from search engines, PGP servers, public databases, such as addresses, sub-domains, administrators, employee names, port numbers, and flags.
- Shodan – If internet outputs data available from different online data platforms, Shodan output data of everything that is on-line. It includes power plants, air conditioners , smart TVs, webcams, traffic lights, water supplies to private jets, medical equipment, license plate readers, scanners , sensors as well as other IoT devices.
- Google Dorks– Also known as google dorking or hacking. It is a method used to modify any normal search parameter with specific keywords. This method exploits the vast Google search engine and other google apps to collect every available data on its servers matching the keyword. For example, to get pdf files related to BMW corporation created or uploaded after the year 2021, search bmw corporation filetype:pdf after:2021. Some useful parameters are, site, filetype, inurl, intitle, allintext, maps, info, related & link.
mispa, is providing world’s leading security technology solutions and a global team of experts. We at mispa are making sustainable use of digital opportunities with risk based IT-security. We believe in technology for a safer infrastructure, and We are here to support you.