TOOLS FOR OPEN SOURCE INTELLIGENCE

#WHOAMI

Sudhanshu Chauhan(@Sudhanshu_c)

sudhanshu@octogence.com

Director OctoGence Technologies

OSINT Enthusiast

Co-Author: Hacking Web Intelligence

https://github.com/SudhanshuC

Real World Existence:

Avid Reader, Cook, Traveller

Nutan Kumar Panda (@TheOsintGuy)

osintguy@gmail.com

InfoSec Engineer eBay.inc

OSINT Enthusiast

Co-Author: Hacking Web Intelligence

https://github.com/nkpanda

Real World Existence:

Gamer, Rider, Keyboard Player

WHAT IS OSINT?

• Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. In contrast to traditional intelligence methods, OSINT utilizes overt channels for gathering information.

• The added benefit is that there is no direct interaction with the target which substantially reduces the chances of being caught or raising any red flags.

WHY OSINT?

• Internet is not limited to Google Searches.

• Not even limited to search engines, social media and blogs

• Huge number of sensational hacks in recent times Organizations getting hacked even after using so called "sophisticated" defense mechanisms.

• Basic recon usually ignored during security assessments.

• If you SECRET is out there in the open, someone WILL find it.

• It's just data until you leverage it to create intelligence.

TRADITIONAL METHODS

• Using search engines. E.g. Google, Yahoo etc.

• News sites. E.g. CNN, BBC etc.

• Corporate Websites

• Government Websites

• Blogs

MODERN RESOURCES

• Advanced search engines

• Social Media sites

• APIs

• Deepweb/Darkweb

• Advanced tools

TOOLS THAT WE ARE GOING TO TALK ABOUT

• Shodan- Internet Search Engine

• Recon-ng- Web Reconnaissance framework

• Foca- Metadata Extraction

• Maltego- Open Source Intelligence and Forensics application

SHODAN

• Shodan allows us to search devices connected over internet and collects the banners.

• https://www.shodan.io/

EXPLORE SHODAN• https://www.shodan.io/explore

• SHODAN DEMO

RECON-NG

• A full-featured Web Reconnaissance framework written in Python.

• Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion.

• https://bitbucket.org/LaNMaSteR53/recon-ng

• RECON-NG DEMO

FOCA

• Metadata extraction from files

• https://www.elevenpaths.com/labstools/foca/index.html

• FOCA DEMO

MALTEGO

• An Open Source Intelligence application, which provides a platform to not only extract data but also to represent that data in a format which is easy to understand as well as analyze.

• https://www.paterva.com/web6/

BASIC BLOCKS

• Entity: An entity is a piece of data which is taken as an input to extract further information. E.g. domain name xyz.com

• Transform: A piece of code which takes an entity (or a group of entities) as an input and extracts data in the form of entity (or entities) based upon the relationship.

• Machine: A machine is basically a set of transforms linked programmatically.

https://www.youtube.com/channel/UCThOLpqhLFFQN0nStdkyGLg

ENTITIES

TRANSFORMS

MACHINES

• MALTEGO LOCAL TRANSFORM DEMO

http://www.paterva.com/web6/documentation/m3guidetransforms.pdf

• MALTEGO MACHINE DEMO

http://www.paterva.com/msl.pdf

OTHER RESOURCES/TOOLS• Google Advanced Search: https://

www.google.com/advanced_search

• Internet Search Engine: http://zoomeye.org

• Jeffrey's Exif Viewer: http://regex.info/exif.cgi

• TinEye Reverse Image Search: https://www.tineye.com/

• Pipl People Search Engine: https://pipl.com/

• Internet Archive: http://archive.org/web/web.php

• Domain tool: https://w3dt.net/

• Social Media Search: http://socialmention.com/

GREETS #FREEHUGS

• Assi Barak- Software Group Manager BIU

• John Matherly- Shodan

• Tim Tomes & Open Source Community- Recon-ng

• ElevenPaths Team- FOCA

• Paterva Team- Maltego

• Q/A