Open Source Intelligence (OSINT) Techniques (en)

From OnnoWiki
Jump to navigation Jump to search

Open Source Intelligence (OSINT) techniques are methods of gathering information from open and public sources. It is often used in the passive reconnaissance phase. OSINT involves using various tools, techniques, and platforms to search for public information that can help a pentester or attacker understand their target.

Here are some commonly used OSINT techniques:

Search Engine Dorking

  • Using specific queries or keywords in search engines (Google, Bing, etc.) to find sensitive information, such as incorrect server configurations, publicly available files, or internal documents.
  • Examples of tools: Google Dorks, Bing Dorking

Social Media Scraping

  • Collecting information from social media such as LinkedIn, Facebook, Twitter, etc. to find out organizational structure, employee details, email addresses, or other relevant information. Some tools can be downloaded from github.com
  • Examples of tools: Maltego, SpiderFoot

DNS and WHOIS Enumeration

  • Searching WHOIS systems and DNS records to identify details related to domains, servers used, IP addresses, and domain owner information.
  • Examples of tools: WHOIS Lookup, DNSDumpster

Email Harvesting

  • Collecting email addresses associated with a specific domain or organization through websites, forums, social media, or even publicly available email leaks.
  • Examples of tools: Hunter.io, theHarvester

Metadata Extraction

  • Extracting metadata from documents or image files available on the internet, which can provide important information such as the software version used, the user, or the location where the file was created.
  • Examples of tools: ExifTool, FOCA

Public Code Repositories

  • Accessing open source code repositories such as GitHub to find application code, technical documentation, or API keys that have not been properly hidden by developers.
  • Examples of tools: GitHub, GitLab, Bitbucket

Online Footprint Mapping

  • Mapping the target's online footprint, including websites, subdomains, servers, cloud services used, to viewing change history and service architecture.
  • Examples of tools: Shodan, Censys

Breached Database Search

  • Searching for information that may have been leaked in previous data breach incidents to obtain login credentials or other sensitive data.
  • Examples of tools: Have I Been Pwned, Dehashed

Website Scraping and Analysis

  • Retrieving data from the target website, including page structure, comments, JavaScript, or other elements that can help understand the architecture of the system or application.
  • Examples of tools: Wget, Scrapy, Burp Suite

Benefits and Risks of OSINT

Benefits

  • OSINT allows attackers or pentesters to gather information without directly disrupting the target system.
  • Information obtained from OSINT can be used to develop a more effective attack strategy.
  • This technique is legal if done within the bounds of using public information and for ethical purposes.

Risks

  • If not used carefully, OSINT can be used by attackers to facilitate real attacks.
  • Companies should be aware of how much of their public information is accessible through OSINT, so they can mitigate the risk by limiting their digital footprint.

OSINT is an important component in the process of penetration testing and cyber investigations, because it provides an initial picture of the target without leaving too obvious a digital footprint.

Interesting Links

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Open_Source_Intelligence_(OSINT)_Techniques_(en)&oldid=71156"