Upload
balakumaran779
View
803
Download
9
Embed Size (px)
Citation preview
OPEN SOURCE INTELLIGENCE (OSINT)
DEFINITIONOpen-source intelligence (OSINT) is information gathered from publicly available sources, including:•Web-based communities and user-generated content: social-networking sites, video sharing sites, wikis and blogs.•Traditional mass media: newspapers, magazines, radio, television, and computer-based information. •Geospatial information (e.g. maps and commercial imagery products)•Public data: government reports, official data such as budgets, demographics, hearings, legislative debates, press conferences, speeches, marine and aeronautical safety warnings, environmental impact statements and contract awards.•Professional and academic: conferences, professional associations, academic papers, and subject matter experts.
Information collected from Web communities, mass media & etc.,
HISTORY OF OSINT
OSINT COMMUNITYBusiness Intelligence•Executive and Employee Background Checks•Due Diligence on Potential Clients and Competitors•Corporate Self Analysis•Competitor Analysis Government Intelligence•Products needed for Military Applications and Non-Military Applications Media and Other intelligence•For finding people by name, email, address, and phone.
TOOLS USED
MALTEGOMaltego is a forensics and data mining application. It is capable of querying various public data sources and graphically depicting the relationships between entities such as people, companies, web sites, and documents.
GOOGLE HACKING DATABASE (GHDB)• The Google Hacking Database (GHDB) is an
authoritative source for querying the ever-widening reach of the Google search engine.
• Google hacking involves using advanced operators in the Google search engine to locate specific strings of text within search results
Operator PurposeMixes with
Other Operators?
Can be used Alone? Web Images Groups News
intitle Search page Title yes yes yes yes yes yes
allintitle Search page title no yes yes yes yes yes
inurl Search URL yes yes yes yes not really like intitle
allinurl Search URL no yes yes yes yes like intitle
filetype specific files yes no yes yes no not really
allintext Search text of page only not really yes yes yes yes yes
site Search specific site yes yes yes yes no not really
link Search for links to pages no yes yes no no not really
inanchor Search link anchor text yes yes yes yes not really yes
numrange Locate number yes yes yes no no not really
daterange Search in data range yes no yes not really not really not really
author Group author search yes yes no no yes not really
group Group name search not really yes no no yes not really
insubject Group subject search yes yes like intitle like intitle yes like intitle
msgid Group msgid search no yes not really not really yes not really
METAGOOFILMetagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.
SHODANSentient Hyper Optimized Data Access Network (Shodan) is a search engine that lets the user find specific types of computers devices (routers, servers, etc.) connected to the internet using a variety of filters.
SPIDERFOOTSpiderFoot is an open source intelligence automation tool, that is used to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname or network subnet and more.
THEHARVESTER• TheHarvester is used to gather emails,
subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
• This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet.
• It is also useful for anyone that wants to know what an attacker can see about their organization.
FOCA• FOCA (Fingerprinting Organizations with
Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans.
• FOCA includes a server discovery module, whose purpose is to automate the servers search process (web search, DNS search, IP resolution, PTR scanning, Network analysis, DNS snooping, juicy files, proxies search & etc) using recursively interconnected routines.
LIMITATION• Information overload- Information provided by OSINT Tools is huge in
amount, filtering or harvesting of data is quit time consuming.• False Positive- Result given by OSINT tools may be right or may be
wrong. There is no guarantee that the result provided by OSINT tools is totally right.
CONCLUSIONAs technology increases day by day the need of fast and specific information gathering arises. OSINT has always been an integral component in intelligence. An organization with an appreciation for OSINT’s value and potential will be the most effective in the future.
REFERENCE• https://en.wikipedia.org/wiki/Open-source_intelligence
• http://www.onstrat.com/osint/
• https://www.paterva.com/web6/products/maltego.php
• https://en.wikipedia.org/wiki/Google_hacking
• http://www.edge-security.com/metagoofil.php
• https://www.shodan.io/
• http://www.spiderfoot.net/
• https://code.google.com/p/theharvester/
• https://www.elevenpaths.com/labstools/foca/index.html
THANK YOU