By Motasem Hamdan — 17 Apr 2024

Open Source Intelligence Tools & Techniques Explained With Case Studies

We briefly explained and discussed OSINT techniques and tools using practical scenarios that involve extracting public information from…

Open Source Intelligence Tools & Techniques

We briefly explained and discussed OSINT techniques and tools using practical scenarios that involve extracting public information from Domain names, social media websites (LinkedIn, Reddit,etc) and even location information using Google hangouts and Foursquare.

Highlights

What is OSINT?

OSINT is the process of gathering information about the target’s system, network and defenses using passive methods. OSINT includes collecting and gathering data from publicly available sources, such as DNS registrars, web searches, security-centric search engines like Shodan and Censys, Social media websites such as Facebook, Instagram,Reddit,Linkedin,etc.

Another type of open source intelligence is information about vulnerabilities and other security flaws, including sources like the Common Vulnerabilities and Exposures (CVE) and
Common Weakness Enumeration (CWE) resources.

Examples of information that can be gathered using OSINT

Domain names and subdomains
IP Address ranges
Email addresses
Physical locations
Staff list and organization chart.
Documents’ meta data.
Social media information
Technologies and infrastructure.

OSINT Tools

Recon-ng is a example framework that helps automate the OSINT work.
OSINT Framework
Maltego

Commands used in DNS enuemration

nslookup -type=text secure-startup.com

nslookup -type=txt_dmarc.secure-startup.comdig secure-startup.com ANY

In the third case, the location of the email owner was found opening Google hangouts, inspecting the page and looking for “jsdata” till the pattern of numbers was found.