One OSINT Tool to Rule Them All

Slides:



Advertisements
Similar presentations
Fox Scientific, Inc. ONLINE ORDERING 101. Welcome to our website On our main page you can find current promotions, the vendors we offer, technical references.
Advertisements

Let’s Weeble…. Weebly: Features user-friendly drag and drop features Is versatile: you can blog, do slideshows and upload docs Is free Allows you to have.
Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.
This is Google Drive. It stores all the documents you have made here.
It’s a Blog. It’s a Website. It’s Marketing… It’s WordPress! A beginner’s guide on why to use and how to use WordPress Dr. Richard F. Gaspar, Professor.
Quick Reference Guide Welcome TEST USER Version_NSU_ HELP RETIREMENT MANAGER DEMO FEEDBACK.
Federal Student Aid Identification username and password – this is how students and parents will sign the FAFSA application. The FSA ID process replaced.
CCG Ordering Information 2014 For Questions, contact the Communications Analyst Alexandra Lazar
Toastmasterclub.org Website A) Top Tips B) Retrieving Your Password C) Confirming Attendance at a Meeting D) Signing up for a Meeting Role E) Requesting.
Go to your school’s web locker site school name.schoolweblockers.com) Your user name is the first letter of your first name, the first 4.
For the “Walk and Roll” Events, each team represents an individual worksite event. Follow along for information on how to register your team/event, customize.
Last week we discussed 7 steps of research: 1)Identify research topic/theme 2) Narrow it down (focus) 3) Create a research/essential question. 4)Pull.
From the home page go to the Podcast Publisher box since you will be the publisher of the podcast. That’s the darker green one on the top left. Click.
Sight Words.
Automated Security Testing Using The ZAP API. About Me My name is Michael Haselhurst. I work for Sage as a Test Analyst. This is the first OWASP meeting.
Testing External Survey Automatic Credit Granting Shepherd University Department of Psychology.
THE “COLLEGES I AM THINKING ABOUT” LIST IN YOUR FAMILY CONNECTIONS ACCOUNT.
How to create an educational wiki. Laurie Roberts 2010.
The Front Range’s Largest AppSec Conference is BACK February 18, 2016 Details & registration at Keynote by Jeremiah Grossman.
Session 2.  Recap of Services We Provide  Refund Policy  Selling Tools Demo(s)  CRM Demo  Commission/Bonus Recap  Teen to show how to configure.
TechKnowlogy Conference August 2, 2011 Using GoogleDocs for Collaboration.
With Weebly.com. What hoop do I have to jump through to create my own site? Is it expensive? Is it time consuming? Do I have to be tech savvy? Will it.
Fox Scientific, Inc. ONLINE ORDERING 101. Welcome to our website On our main page you can find current promotions, the vendors we offer, technical references.
Communicating with G-mail EDUC 360 Melissa Knowles.
Adding Students in EbD-BUZZ
Creating your Social Image
My Learning Journal Parent Workshop Friday 28th April 2017.
Frequently asked questions
Using Wikis to Facilitate Collaborative Research Projects
Welcome to “Moodle Part Deux”
Welcome! Back To School for Families.
Hi, this slide show is going to take you through OMS to help you get familiar with some of the most common features of OMS. The first.
Your Proposed Company Name Here
01 Registration & My Profile
FREE TRAFFIC STRATEGIES
Session 3: Angling Evidence to Support Specific Points
Service Provider Best Practices
Fast Action Links extension A love letter to CiviCRM
TRAINING OF FOCAL POINTS on the CountrySTAT SYSTEM based on FENIX
Naviance: Do What You Are Personality Survey
Lippincott Procedures Training Tour for HealthStream Users
SOCIAL MEDIA MARKETING
Collaboration with Google Docs
Information is at the heart of any University, and Harvard is no exception. We create it, analyze it, share it, and apply it. As you would imagine, we.
Setting Up Your Personal Representative Profile
Midwest NASCOE Tutorial
Adding Students in EbD-BUZZ
Part 2 Setting up a web server the easy way
Partner Search System ETNA2020 the Network of the Horizon 2020 National Contact Points for ‘Smart, Green and Integrated Transport’
01 Registration & My Profile
Meeting, training & teaching in the interactive iWorld
This page is intentionally left blank.
How to Login to NAVUG.com
Welcome to Naviance at Lowell High School
Part 2 Setting up a web server the easy way
First Class In-Service
Data Updates.
Intern Placement Tracking (IPT) Tutorial for Preceptors
Climate Surveys.
Lippincott’s Nursing Procedures and Skills
Corporate Lodging Hotel Program Insituform Technologies
Inside a PMI Online Course
Important Resources These resources will help you be successful in US History Class. We’ve used some of them at school, but I’m also asking you to access.
Easy-Speak How easy is it?
First Class In-Service
What it is:The Website for NT Volunteers
What is it for? Where to find it How to use the forum
MyASQ myASQ is a centralized, online community that provides timely, relevant, and personalized engagement for members of ASQ, allowing members to make.
Concord Products Online
By: Quaneasha Ward & Fadeke Goncalvez
Presentation transcript:

One OSINT Tool to Rule Them All by: Émilie St-Pierre BSidesLV Proving Ground, July 24th 2017

$whoami Émilie St-Pierre Security Analyst at Rapid7 Active in information security for 5 years Director at large for the SYN Shop hackerspace https://synshop.org Co-host of the weekly Greynoise podcast https://greynoi.se Twitter: @L4bF0x Since Defcon 21 SDR meetup at 6:30pm

How it all began A little under a year ago, I was working on one of my very first engagements. It was an external network penetration test, and this company had a single sign-on login page for internal access. It required 2 things: a company e-mail address and a password. I thought this was pretty straightforward: if I could find some valid company e-mail addresses, then I could try a password-guessing attack. Back then, I was still pretty green so I used a tool which was shipped with Kali Linux that is specifically made for harvesting e-mails: the Harvester. I ran the tool, entered the company’s domain, got some e-mail addresses back, also got a few from their website, made my list.... Until a few weeks later when I started reading this book by Peter Kim... There was at least 3 to 4 times the amount of e-mails on my original list. What if one of these had yielded internal access? What if there's a better tool? It got me thinking...

OSINT Tool Comparison Table Once I realized I needed to further the knowledge I had of the current tool landscape, I had an idea. What if I could compile a list of all the tools that search for publically available information and easily see the ones that will get me the kind of public information I need? Wouldn’t it be great to know which tool gets the best email lists? Which tool gets the most usernames? Which tools can get the most documents for metadata analysis? Or tools that have unique functions such as grabbing private API keys from repositories? This is where the OSINT tool comparison table comes in.

Define: OSINT Open Source Intelligence (OSINT) … is locating, and analyzing publically available sources of information … [with the] goal of producing current and relevant information that is valuable to either an attacker or competitor. http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#OSINT Remember when I was talking about grabbing that publicly available information? That’s called OSINT. OSINT is locating and analyzing publically available sources of information … [with the] goal of producing current and relevant information that is valuable to either an attacker or competitor. What's valuable to YOU. Don't need to be either to get value from OSINT data. Let me show you some examples of this

Valuable types of OSINT Usernames E-mails Technology in use Location data Corporate data Usernames: plan on password-guessing attacks E-mails: password guessing and phishing campaigns Tech in use: perhaps you can find a piece of software that has a vulnerability, find out more about their environment in preparation for the attack Location data: Now that you understand who uses OSINT, let’s get back to my project

Methodology Compiled a list of reputable, free and popular tools with a focus on organizational penetration testing: Default Kali Linux OSINT tools Tools listed in popular pentesting books Word-of-mouth OSINT tool lists (osintframework.com) For my methodology, I compiled a list of tools that focused on organizational penetration testing. By organizational, I mean tools which target companies or organizations, as opposed to individuals. The list includes Kali, tools encountered in books, word-of-mouth and OSINT tool lists like the OSINT framework. OSINTframework.com

Methodology Compared them against 3 benchmarks: Data variety Data quality Relevancy Data variety: How many types of data can be found using this tool? e-mail addresses, usernames, information on lawsuits, etc. Data quality: Is this data accurate? Is it complete? Think of my first example. Will I get back a few e-mail addresses, or 3 to 4 times more? Relevancy: Is the tool up-to-date? Is it using old resources like API’s that don’t work anymore?

Data Limitations Non-exhaustive list. Some tools contain some stand-alone tools. Some tools are hybrids that do more than OSINT. Data accuracy could be biased based on chosen sample (sample size = 42). I acknowledge there are limitations: Non-exhaustive list. New tools pop up every day, and they may not be on the list yet. Some tools contain other tools (Toolception) Some tools do more than just OSINT, I have found many to do different types of scans on top of OSINT. The fourth thing I want to bring up, I chose a small sample size, and results may differ for you depending on your target.   Which brings me to the results. (Drumroll please)

Results So using all of this data, I built MYSELF a data sheet that is really useful for engagements. Click:

Here it is! Of course I didn't make this table just for myself... On the left-hand side are the tool names, followed by columns which give the reader an overview with useful information. I know this is a small font but for those of you who have pulled up the table, you’ll be able to see… Starting with the first group of columns by categories, and talk about the categories.   At the top of the sheet I’ve added my information to contribute, etc. Pop a note in there. Help me, etc. I bet you’re asking yourself “Can you make this easy for me?”

https://bit.ly/osintcomparison I sure can. I want to emphasize how this chart isn’t just useful for penetration testers. Doing OSINT will help if you’re: Blue team Looking at competitors You’re an investor Or a lawyer

“So Émilie, which tool rules them all?” Disclaimer: These are the ones that work well for me, my customers, my engagements, etc. They may not work for you, etc.

My top picks Best e-mail lists: Recon-ng (URL) Most user-friendly: Spiderfoot Easiest metadata analysis: FOCA Is there one OSINT tool to rule them all? No, but there are some tools which shine in their own categories. WHY is this tool better than others? What did others not do? Even with that free version of FOCA, it pulls that data etc.

Thank you! Émilie St-Pierre @L4bF0x https://github.com/L4bF0x/osintco mparison OSINT Tool Comparison Table https://bit.ly/osintcomparison osintcomparison@gmail.com Positive! Check out my OSINT Tool Comparison Table. Let’s keep in touch Let’s collaborate I’m still developing this tool

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.