#Maltego #Recon-ng #FOCA #Shodan

1. TOOLS FOR OPEN SOURCE
INTELLIGENCE

2. #WHOAMI
Sudhanshu Chauhan(@Sudhanshu_c)
sudhanshu@octogence.com
Director OctoGence Technologies
OSINT Enthusiast
Co-Author: Hacking Web Intelligence
https://github.com/SudhanshuC
Real World Existence:
Avid Reader, Cook, Traveller
Nutan Kumar Panda (@TheOsintGuy)
osintguy@gmail.com
InfoSec Engineer eBay.inc
OSINT Enthusiast
Co-Author: Hacking Web Intelligence
https://github.com/nkpanda
Real World Existence:
Gamer, Rider, Keyboard Player

3. WHAT IS OSINT?
• Open Source Intelligence is the art of collecting information
which is scattered on publicly available sources. In contrast to
traditional intelligence methods, OSINT utilizes overt channels
for gathering information.
• The added benefit is that there is no direct interaction with the
target which substantially reduces the chances of being caught
or raising any red flags.

4. WHY OSINT?
• Internet is not limited to Google Searches.
• Not even limited to search engines, social media and blogs
• Huge number of sensational hacks in recent times
Organizations getting hacked even after using so called
"sophisticated" defense mechanisms.
• Basic recon usually ignored during security assessments.
• If you SECRET is out there in the open, someone WILL find it.
• It's just data until you leverage it to create intelligence.

5. TRADITIONAL METHODS
• Using search engines. E.g. Google, Yahoo etc.
• News sites. E.g. CNN, BBC etc.
• Corporate Websites
• Government Websites
• Blogs

6. MODERN RESOURCES
• Advanced search engines
• Social Media sites
• APIs
• Deepweb/Darkweb
• Advanced tools

7. TOOLS THAT WE ARE GOING TO TALK ABOUT
• Shodan- Internet Search Engine
• Recon-ng- Web Reconnaissance framework
• Foca- Metadata Extraction
• Maltego- Open Source Intelligence and Forensics application

8. SHODAN
• Shodan allows us to search devices connected over internet
and collects the banners.
• https://www.shodan.io/

9. EXPLORE SHODAN
• https://www.shodan.io/explore

10. • SHODAN DEMO

11. RECON-NG
• A full-featured Web Reconnaissance framework written in
Python.
• Complete with independent modules, database interaction, built
in convenience functions, interactive help, and command
completion.
• https://bitbucket.org/LaNMaSteR53/recon-ng

12. • RECON-NG DEMO

13. FOCA
• Metadata extraction from files
• https://www.elevenpaths.com/labstools/foca/index.html

14. • FOCA DEMO

15. MALTEGO
• An Open Source Intelligence application, which provides a
platform to not only extract data but also to represent that data
in a format which is easy to understand as well as analyze.
• https://www.paterva.com/web6/

16. BASIC BLOCKS
• Entity: An entity is a piece of data which is taken as an input to
extract further information. E.g. domain name xyz.com
• Transform: A piece of code which takes an entity (or a group of
entities) as an input and extracts data in the form of entity (or
entities) based upon the relationship.
• Machine: A machine is basically a set of transforms linked
programmatically.
https://www.youtube.com/channel/UCThOLpqhLFFQN0nStdkyGLg

17. ENTITIES

18. TRANSFORMS

19. MACHINES

20. • MALTEGO LOCAL TRANSFORM DEMO
http://www.paterva.com/web6/documentation/m3g
uidetransforms.pdf

21. • MALTEGO MACHINE DEMO
http://www.paterva.com/msl.pdf

22. OTHER RESOURCES/TOOLS
• Google Advanced Search:
https://www.google.com/advanced_search
• Internet Search Engine: http://zoomeye.org
• Jeffrey's Exif Viewer: http://regex.info/exif.cgi
• TinEye Reverse Image Search: https://www.tineye.com/
• Pipl People Search Engine: https://pipl.com/
• Internet Archive: http://archive.org/web/web.php
• Domain tool: https://w3dt.net/
• Social Media Search: http://socialmention.com/

23. GREETS #FREEHUGS
• Assi Barak- Software Group Manager BIU
• John Matherly- Shodan
• Tim Tomes & Open Source Community- Recon-ng
• ElevenPaths Team- FOCA
• Paterva Team- Maltego

24. • Q/A