Open-source intelligence (OSINT) refers to information gathered from publicly available sources including social media sites, traditional media, maps, government reports, and academic papers. OSINT tools are used to gather intelligence from these sources through activities like searching metadata, websites, and databases. Common OSINT tools mentioned are Maltego for relationships, Google Hacking Database for search operators, Metagoofil for document metadata, Shodan for devices, Spiderfoot for automation, TheHarvester for online profiles, and FOCA for hidden information. While useful, OSINT has limitations like information overload and potential false positives.
2. DEFINITION
Open-source intelligence (OSINT) is information gathered from publicly available
sources, including:
•Web-based communities and user-generated content: social-networking sites, video sharing sites,
wikis and blogs.
•Traditional mass media: newspapers, magazines, radio, television, and computer-based
information.
•Geospatial information (e.g. maps and commercial imagery products)
•Public data: government reports, official data such as budgets, demographics, hearings, legislative
debates, press conferences, speeches, marine and aeronautical safety warnings, environmental
impact statements and contract awards.
•Professional and academic: conferences, professional associations, academic papers, and subject
matter experts.
7. OSINT COMMUNITY
Business Intelligence
•Executive and Employee Background Checks
•Due Diligence on Potential Clients and
Competitors
•Corporate Self Analysis
•Competitor Analysis
Government Intelligence
•Products needed for Military Applications and
Non-Military Applications
Media and Other intelligence
•For finding people by name, email, address,
and phone.
9. MALTEGO
Maltego is a forensics and data mining
application. It is capable of querying various
public data sources and graphically depicting
the relationships between entities such as
people, companies, web sites, and documents.
10. GOOGLE HACKING DATABASE
(GHDB)
• The Google Hacking Database (GHDB) is an
authoritative source for querying the ever-
widening reach of the Google search engine.
• Google hacking involves using advanced
operators in the Google search engine to
locate specific strings of text within search
results
Operator Purpose
Mixes with
Other
Operators?
Can be used
Alone?
Web Images Groups News
intitle
Search page
Title
yes yes yes yes yes yes
allintitle
Search page
title
no yes yes yes yes yes
inurl Search URL yes yes yes yes not really like intitle
allinurl Search URL no yes yes yes yes like intitle
filetype specific files yes no yes yes no not really
allintext
Search text of
page only
not really yes yes yes yes yes
site
Search specific
site
yes yes yes yes no not really
link
Search for links
to pages
no yes yes no no not really
inanchor
Search link
anchor text
yes yes yes yes not really yes
numrange Locate number yes yes yes no no not really
daterange
Search in data
range
yes no yes not really not really not really
author
Group author
search
yes yes no no yes not really
group
Group name
search
not really yes no no yes not really
insubject
Group subject
search
yes yes like intitle like intitle yes like intitle
msgid
Group msgid
search
no yes not really not really yes not really
11. METAGOOFIL
Metagoofil is an information gathering tool
designed for extracting metadata of public
documents (pdf,doc,xls,ppt,docx,pptx,xlsx)
belonging to a target company.
12. SHODAN
Sentient Hyper Optimized Data Access
Network (Shodan) is a search engine that lets
the user find specific types of computers
devices (routers, servers, etc.) connected to the
internet using a variety of filters.
13. SPIDERFOOT
SpiderFoot is an open source intelligence
automation tool, that is used to automate the
process of gathering intelligence about a given
target, which may be an IP address, domain
name, hostname or network subnet and more.
14. THEHARVESTER
• TheHarvester is used to gather emails,
subdomains, hosts, employee names, open
ports and banners from different public
sources like search engines, PGP key servers
and SHODAN computer database.
• This tool is intended to help Penetration
testers in the early stages of the penetration
test in order to understand the customer
footprint on the Internet.
• It is also useful for anyone that wants to know
what an attacker can see about their
organization.
15. FOCA
• FOCA (Fingerprinting Organizations with
Collected Archives) is a tool used mainly to
find metadata and hidden information in the
documents its scans.
• FOCA includes a server discovery module,
whose purpose is to automate the servers
search process (web search, DNS search, IP
resolution, PTR scanning, Network analysis,
DNS snooping, juicy files, proxies search &
etc) using recursively interconnected
routines.
16. LIMITATION
• Information overload- Information provided by OSINT Tools is huge in
amount, filtering or harvesting of data is quit time consuming.
• False Positive- Result given by OSINT tools may be right or may be
wrong. There is no guarantee that the result provided by OSINT tools
is totally right.
17. CONCLUSION
As technology increases day by day the need of fast and specific
information gathering arises. OSINT has always been an integral
component in intelligence. An organization with an appreciation for
OSINT’s value and potential will be the most effective in the future.