OPEN SOURCE INTELLIGENCE (OSINT)

According to US Public Law, Open Source Intelligence (OSINT) is

a. produced from publicly available information

b. collected, analyzed and disseminated in a timely manner to an appropriate audience.

c. address specific intelligence requirement

The collection and correlation of information accessed from publicly available sources is what is referred to as OSINT. OSINT includes all publicly accessible sources of information. This could be found online and offline. These include:

The Internet: forums, blogs, social networking sites, Wikis, Whois record of registered domain names, metadata and digital files, darkweb resources, geolocation data, IP addresses – basically anything that could be found online.

Traditional Mass Media: Television, radio, newspaper, books, magazines etc

Academic Publications: Specialized Journals, dissertations, company news, employee profiles & resumes.

Photos and Videos including meta-data

Geospatial Information for instance maps and commercial imagery products.

Social media websites like Facebook, Twitter and LinkedIn holds alot of user data.

OSINT is used extensively by hackers and pentesters to gather intelligence about a specific target online. It is also considered a valuable tool to assist in carrying out Social Engineering Attacks. Reconnaissance is the first stage of any pentesting exercise.

Ordinary people can also benefit from OSINT by knowing their online exposure level to close any security gap and delete any private data that may have been published inadvertently.

Learn how to conduct OSINT. Enroll in our Open Source Inteligence (OSINT) course.

Popular OSINT tools include:

Maltego: Maltego collects information from various sources and uses various transforms to generate graphical results.
Shodan: Shodan is the search engine for hackers whose search results makes more sense to a security professional. It helps security analysts to identify targets and test it for various vulnerabilities, default settings or passwords, available ports and banner services, etc.

Google Dorks: Also called Google hacking can help a user to target the search or index the results in a better and more efficient way.
The Harvester: This is a tool used for getting email and domain related information.
Recon-ng: This is a modular tool like Metasploit with different modules that can be used to gather information on a target.
Check Usernames: This search for the presence of a particular username on more than 150 websites. The users can check for the presence of a target on a particular website so as to make the attack more targeted. There is also a related site: https://knowem.com/

TinEye: Is used to perform an image related search on the web. You can search if an image has been available online and where that image has appeared. It uses neural networks, machine learning and pattern recognition to get the results. It uses image matching, watermark identification, signature matching and various other parameters to match the image rather than keyword matching.

SearchCode: It offers you a feature to search for a line of code which could have been present in various code sharing websites like Github etc. Users can search for functions or methods, variables, operations, security flaws and anything that can constitute a code segment.