In this section, we are sharing some OSINT methods which can be used into gathering useful information on a granular basis. This reconnaissance techniques enable analyst to categorize threat level , to get specific host / IP geolocation and specific information.
Deep dive into People Investigations
Gathering recon at personal level seems to offensive but it depends if you are conducting to trace Hacker / malicious entity. Most of the times during analysis, we encountered with some specific usernames, email addresses encoded in the malware payload which demands if we try to recon some patterns. Below mentioned websites, search engines are being used by intelligence agencies for years for tracing activities.
Usernames search on internet
Username search analysis can be helpful in tracing personal activities into various social campaigns and determining individual’s behaviour trend analysis. Just to mention User Behaviour Analysis is now being considered as a important crtiteria by various corporate organisations in tracing out insiders threat.
E-mail Search services
This section focuses mostly on preventive basis as compaired to offensive one. Most of the times, we are getting news like some millions usernames got hacked and suggested to change passwords. Some of these techniques used to locate if individual’s email is inside Hacked Database. Also on the other side, it is also valuable in tracing malware author activities.
Pastebin – Trolling pastes from hacker groups
Pastebin always helpful whenever any new cyberattack comes into light. Lots of hackers, geeks who try to spread knowledge on the terms of anonymity posts valuable traces on pastebin.
OSINT Tools and Frameworks which can be used for customised Hacks
A web app where journalists can chain together tools to get data (via scrapers and APIs), filter/extract from documents, analyze documents, and generate visualizations all without coding.
- [ ICWATCH-Data ]
Consists of resumes of people in the intelligence community and some tools for analysis
- [ Datasploit ]
A tool to perform various OSINT techniques, aggregate all the raw data, visualize it on a dashboard, and facilitate alerting and monitoring on the data.
A powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
- [ theHarvester ]
A tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).
- [ TAPIR framework ]
Designed to make it easy to discover data about entities – organizations, users, computers, and networks – on the web, using common (and not so common) OSINT techniques.
- [ OSINTstalker ]
fbStalker – OSINT tool for Facebook – Based on Facebook Graph and other stuff
geoStalker – OSINT tool for Geolocation related sources – Flickr, Instagram, Twitter, Wigle.
The userIDs found is used to find social media accounts across other networks like Facebook, Youtube, Instagram, Google+, Linkedin and Google Search.
- [ OpenRefine ]
A power tool that allows to load data, understand it, clean it up, reconcile it, and augment it with data coming from the web.