Affichage des articles dont le libellé est OSINT. Afficher tous les articles
Affichage des articles dont le libellé est OSINT. Afficher tous les articles

Open Source OSINT Assistant: DataSploit

The various Open Source Intelligence (OSINT) tools used to capture data, gives the user all the relevant information about the domain / email / phone number / person, etc. It allows us to expand our attack/defense surface by collecting relevant information about the target.

DataSploit simply requires the minimum data (such as domain name, email ID, person name, etc. It is developed by using different programming languages that are popular among the field, that are Python, MongoDb and Django. Once the data is collected, firstly the noise is removed, after which data is correlated and after multiple iterations it is stored locally in a database which could be easily visualized on the UI provided. The sources provided are picked after complete analysis and are known to be providing reliable information.



Features:

  • Performs automated OSINT on a domain / email / username / phone and find out relevant information from different sources.
  • Useful for Pen-testers, Cyber Investigators, Product companies, defensive security professionals, etc.
  • Correlates and collaborate the results, show them in a consolidated manner.
  • Tries to find out credentials, api-keys, tokens, sub domains, domain history, legacy portals, etc. related to the target.
  • Available as single consolidating tool as well as standalone scripts.
  • Available in both GUI and Console.
Requirements:

  • MongoDb, Django, Celery and RabbitMq
  • Bunch of python libraries
    • amqp==1.4.9
    • anyjson==0.3.3
    • BeautifulSoup==3.2.1
    • beautifulsoup4==4.4.1
    • billiard==3.3.0.23
    • bs4==0.0.1
    • celery==3.1.23
    • clearbit==0.1.4
    • config==0.3.9
    • Django==1.9.8
    • django-celery==3.1.17
    • dnspython==1.14.0
    • future==0.15.2
    • idna==2.1
    • json2html==1.0.1
    • kombu==3.0.35
    • lxml==3.6.0
    • piplapis-python==5.1.0
    • pyinotify==0.9.6
    • pymongo==3.3.0
    • python-Wappalyzer==0.2.2
    • python-whois==0.6.2
    • pytz==2016.6.1
    • requests==2.10.0
    • requests-file==1.4
    • simplejson==3.8.2
    • six==1.10.0
    • tldextract==2.0.1
    • tqdm==4.7.6
    • termcolor
Download:


Read more

by Malik korrich ~ mardi 20 septembre 2016 0 commentaires

Oryon C Portable - Open Source Intelligence Framework

Open source intelligence is the process-oriented terminology that simply means to collect information from publicly available sources. OSINT (Open source intelligence) is viable to gather information about the target from the sources that can be easily accessible, but the actual art is to turn the gather data into meaningful information. Consider an example, where you have a deadly weapon but you don't how to and when to use it, then this important weapon is useless for you; same is the case with the information which is available but you have to turn it into a weapon against your target.

There are many tools and techniques to collect and organize the information and Oryon C Portable is one of them.

Oryon C Portable




Oryon C Portable is a web browser designed to assist researchers in conducting Open Source Intelligence investigations. Oryon comes with dozens of pre-installed tools and a select set of links cataloged by category – including those that can be found in the OI Shared Resources.




Specification:
  • Based on SRWare Iron version 31.0.1700.0 (Chromium)
  • More than 70 pre-installed tools to support investigators in their everyday work
  • More than 600 links to specialized sources of information and online investigative tools
  • Additional privacy protection features
  • A ready to use opml file containing a sorted collection of information sources in the fields such as: OSINT, Intelligence, InfoSec, defense, and more.












    Download
Read more

by Malik korrich ~ samedi 13 décembre 2014 0 commentaires

Searching Shodan For Fun And Profit

SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners.

Web search engines, such as Google and Bing, are great for finding websites. But what if you're interested in finding computers running a certain piece of software (such as Apache)? Or if you want to know which version of Microsoft IIS is the most popular? Or you want to see how many anonymous FTP servers there are? Maybe a new vulnerability came out and you want to see how many hosts it could infect? Traditional web search engines don't let you answer those questions.

So what does SHODAN index then? Good question. The bulk of the data is taken from 'banners', which are meta-data the server sends back to the client. This can be information about the server software, what options the service supports, a welcome message or anything else that the client would like to know before interacting with the server.


The following paper has been written by Sajal Verma, that covers the important aspect of shodan and it also includes the tutorial to use shodan via metasploit and Maltego.



Read more

by Malik korrich ~ lundi 1 décembre 2014 0 commentaires

tinfoleak - Information gathering Over Twitter

Information gathering, the first and the most important step of penetration testing/ ethical hacking; the more you know about your target, more the chances of success you have. Social media specially Facebook and Twitter have loads on information about any person or business, and hackers also using these platform to get the information of the target; whatever the purpose is, you need information or simply you need to get information by using intelligence gathering techniques. There are many services and products are available in the market, but what if I tell you that there are many OSINT (open source intelligence tools) are available for free of cost, tinfoleak is one of them.

tinfoleak can gather information of any Twitter account, it is a simple Python script that allow to obtain:
  • basic information about a Twitter user (name, picture, location, followers, etc.)
  • devices and operating systems used by the Twitter user
  • applications and social networks used by the Twitter user
  • place and geolocation coordinates to generate a tracking map of locations visited
  • show user tweets in Google Earth!
  • download all pics from a Twitter user
  • hashtags used by the Twitter user and when are used (date and time)
  • user mentions by the the Twitter user and when are occurred (date and time)
  • topics used by the Twitter user

You can filter all the information by:
  • start date / time
  • end date / time
  • keywords
Download and learn more
Read more

by Malik korrich ~ jeudi 25 septembre 2014 0 commentaires

Social Media Monitoring Tool as an OSINT Platform for Intelligence


http://www.ehacking.net/2014/02/social-media-monitoring-tool-as-osint.html
Conducting OSINT for wider intelligence, counter-terrorism and risk management work has become a complex and increasingly resource intensive task for both Government and Defence Intelligence agencies and the commercial risk management sector alike. The paper share by talkwalker to ehacking covers some of the challenges involved in the collection and processing of OSINT and how a social media monitoring tool can exponentially enhance those processes when implemented as an OSINT platform. 



Read more

by Malik korrich ~ mardi 25 février 2014 0 commentaires

OSINT Tools Worth Sharing

http://www.ehacking.net/2014/02/osint-tools-worth-sharing.html
Open source intelligence is the next big thing, it will change the processes and systems of current intelligence structure. By looking at broader perspective, we can easily find the application of OSINT from business intelligence to security agencies, in short marketing firms, media houses, hackers, security and military agencies blah blah blah can get benefits out of from OSINT. But how, when and where to use OSINT ? This is actually a topic to discuss because if you have a weapon but you don't know how, when and where to use, then believe me this weapon is useless.
The answer of how to use open source intelligence is hidden on the tools and techniques, so in this article we will cover some great tools that are available in the market; and you can utilize them to make your hacking practice efficient (if you know what I mean). Some of the tools listed below are available on Kali Linux (the successor of backtrack) but if you are using any other distribution or even Windows OS then you can download and use them.


Maltego

Maltego is the tool that can gather information (believe me, it can gather). Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure. 


SHODAN

SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners.


theHarvester

theHarvester is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.


Now we want to know about your favorite tool, it might be possible that you would not find your tool in the list aforementioned list; but it is not a big deal because it is not a final list. You can share the best tools other than mentioned one. I personally like and enjoy thehavester and maltego, what do you like most ?
Read more

by Malik korrich ~ samedi 15 février 2014 0 commentaires

Open Source Intelligence (OSINT) - Practicle Approach


http://www.ehacking.net/2014/02/open-source-intelligence-osint.html
Information is a processed data that contains some meaning, data is any raw facts and figure but when you arrange or process data to make it meaningful it becomes information. Information is the key of success for many operation specially Intelligence operation; consider 9/11 scenario what was the weakness of security agencies ? Obviously they did not have the information regarding the attack (remember information). So lack of information could be a weakness, but at the same if you have the right information then it might become your strength. Hacking & penetration testing process is also depends on the information that you collect from information gathering process, the more information that you have the more chances of success are.


Question arises regarding the techniques and sources from where the information can be gathered, Govt has its own way to gather information and intelligence agencies also has their own. But what about a common man ? Yes infosec and business community have worked in this direction now we have enough sources and techniques to gather required information.

What is OSINT ?


Open source INTelligence (OSINT) is the process to collect information from publicly available sources. Here open source does not mean the open-source software or community, open-source in OSINT means publicly available sources.

Usage of OSINT

  • Business intelligence
  • Govt intelligence
  • Individual intelligence

Business intelligence is required set of information acquired through multiple sources, on the basis of this data business decisions used to be made. Since the decisions are based on the collected information so the process should be fair enough to gather the right information. Competitor analysis and self corporate analysis can be done on the basis of publicly available information.

Govt can use the information (available publicly) for various purposes, for example the can read/understand public opinion regarding the Govt policies. In election they can understand public needs so that they can deliver what public want (clever move :P)

Individual intelligence; if you really want to know about yourself, I mean you know yourself but in some cases you want to know that what other people think about you. So you can gather information about yourself and then you can analysis your reputation, marketer and public speakers are doing it to manipulate the information available. Besides your own information you can look into the life of other person (cyber stalking) ohh yes.

Conclusion

So far we have discussed the basis of open source intelligence but this is not enough, the tools and techniques to gather information need to be discussed. We have previously discussed many tools and their usage to find information from different sources, in the next article of this series we will discuss the tools (free tools) that can be used to gather information from Internet.
Read more

by Malik korrich ~ mercredi 5 février 2014 0 commentaires

« Articles plus anciens