OSINT TOOLS
WHAT TOOLS DO YOU NEED TO KNOW?
OSINT (Open Source Intelligence) refers to collection about a data of a target (organization or person) using publicly accessible information. This includes gathering information from social media platforms, mapping out the network infrastructure, learning about the organizations structure and even the personnel working in the organization.
To carry out this task, there are a number of tools that one can use to obtain such information. Most tools are free to use. Some have premium options for obtaining more detailed information.
1. Whois — queries regional internet registries (RIR) for information concerning IP addresses that they have allocated to individuals. RIR are reponsible for assigning internet numbers to resources in the region that they serve. The RIRs are:
◇ AFRINIC — Africa Network Information Center
◇ APNIC — Asia Pacific Network Information Center.
◇ ARIN — American Registry for Internet Numbers
◇ LACNIC — Latin America and Carribean Network Information Center.
Information obtained:
◇ Domain information
◇ Registrant contact
◇ Administrative contact
◇ Technical contact
Accessing the tool:
◇ From the terminal for Linux users — use the command sudo apt install whois to install the tool
◇ Web Platform : https://www.whois.com/whois/
2. Netcraft — provides a site report layout of the target organization based on its domain. It will provide you with all information to related to the domain and sub-domains linked with it.
Information obtained:
◇ Sub-domains registered to the domain.
◇ Background information — date of registration, primary language used on it.
◇ Network — name-server, owner of site, hosting details, IP address allocation and domain registration information.
◇ Web security — what security features have been implemented on the site.
◇ Hosting History — IP address and technology used.
Accessing the tool:
◇ Web Platform — https://sitereport.netcraft.com/
3. DNS Dumpster — an open source tool used to discover hosts that are related to a domain. The information obtained can be used in foot-printing a target organization.
Information obtained:
◇ DNS Servers IP addresses
◇ Mail Servers addresses
◇ Subdomains
◇ Hosting platforms
◇ Software versions
Accessing the tool:
◇ Web platform — https://dnsdumpster.com
4. Google Dorks — specially crafted search queries for obtaining refined information from the Google search engine. The search queries can reveal information that is not usually indexed by google. It can also help you detect if you have left unwanted information on your web application to be accessed by everyone.
Information obtained:
◇ Login pages
◇ Documents left on the internet like passwords
◇ Web Server Detection
◇ Vulnerable Servers
◇ Vulnerable Directories
◇ Various online devices
Accessing the tool:
◇ Google Hacking Database — consists of google dorks that can be used for advanced searching on Google Search Engine.
Link: https://www.exploit-db.com/google-hacking-database
5. Shodan — search engine for devices that are connected to the internet. This can be used to obtain more information from these devices that can be accessed by anyone on the internet. Information obtained can be used for enhancing network security, tracking malware by checking how many devices are affected and obtaining a list of IoT (Internet of Things) devices.
Information obtained:
◇ Devices connected to the internet
◇ Open ports and services running on them
◇ Server type
◇ Location of devices
◇ Internet Service Provider
◇ Configuration settings
Accessing the tool:
◇ Web Platform — https://www.shodan.io
6. Social Media — people share a lot on their social media platforms. Most professionals will share their work life on various platforms.
◇LinkedIn — This is a platform where professionals and organizations share their work experiences. On the platform, individuals share their career paths and organizations advertise job openings that they may have.
Information obtained:
◇ Work experience of a target
◇ People working on a given organization
◇ The organization structure (based on what roles people have)
◇ Technologies used in the organization (based on job postings)
Accessing the tool:
◇ You need to have a LinkedIn account. Register Here
◇ You can then search for someone or an organization.
About the writer:
