Open-Source Intelligence (OSINT)

Posted on October 11, 2018 by Wentz Wu

• OSINT through World Wide Web
  • Find Domain and Sub-domains of the target
    • nmap –script dns-brute sample-domain.com
    • https://www.netcraft.com
    • Information gathering using theharvester and Sublist3r
  • Find the Similar or Parallel Domain Names
    • urlcrazy
  • Refine Your Web Searches using Advanced Operators
    • Web/Image/Groups/Directory/News/Product Search
    • site:microsoft.com -site:www.microsoft.com
    • Google Hacking Database (GHDB)
  • Footprint the Target using Shodan
    • Cyber Weapons Lab – Intro to Shodan and the true nature of the internet
    • Shodan Search Engine Tutorial – Access Routers,Servers,Webcams + Install CLI
  • Find the Geographic Location of a Company
    • nmap -sn –script ip-geolocation-* http://www.microsoft.com
  • List Employees and their Email Addresses
  • Identify the Key Email Addresses through Email Harvesting
    • theharvester (apt install theharvester)
    • https://www.phishingfrenzy.com
  • List Key Personnel of the Company
    • https://www.dice.com
    • https://www.monster.com.hk
  • Use People Search Online Services to Collect the Information
    • https://pipl.com
    • https://www.spokeo.com
    • https://www.peoplefinder.com
  • Browse Social Network Websites to Find Information about the Company and Employees
  • Use the Web Investigation Tools to Extract Sensitive Data about the Company
    • http://www.webinvestigatorservice.com
  • Identify the Type of Network Devices used in Organization
    • Job Search Engines
  • Look for the Sensitive Information in Email Headers
  • Look for Valuable Information in the NNTP USENET Newsgroups
• OSINT through Website Analysis
  • https://builtwith.com
  • https://archive.org
  • Website-Watcher (https://www.aignes.com)
  • https://www.ultratools.com/whois
  • https://www.yougetsignal.com/
  • nslookup
  • dnsrecon
  • dnsenum
  • dig
  • Network Diagram
    • traceroute
    • nmap –traceroute –script traceroute-geolocation sample-domain.com
• OSINT through DNS Interrogation
  • whois (apt install whois)
  • nmap -sn –script whois-* sample-domain.com
• Automating your OSINT Effort using Tools/Frameworks/Scripts
  • Maltego
  • FOCA (Fingerprinting Organizations with Collected Archives)
  • fsociety (github)
  • pentmenu

Share this:

• Click to email a link to a friend (Opens in new window)
• Click to share on Facebook (Opens in new window)
• Click to share on LinkedIn (Opens in new window)
• Click to share on Twitter (Opens in new window)

Like this:

Like Loading...

Related