Hello, aspiring ethical hackers. In this blogpost, you will learn what is OSINT. In our previous articles, you learnt about the 5 phases of ethical hacking, you learnt the importance of footprinting of ethical hacking. OSINT is a part of footprinting.
What is OSINT?
OSINT stands for Open Source Intelligence. OSINT is a method of gathering information from all open sources. Open sources are those which are publicly available and are free to access. OSINT is used by hackers, pen testers and Red-Team professionals to collect information about an organization or people that can be used in gaining access or performing social engineering.
These sources of OSINT can be social media sites like Instagram, LinkedIN etc, newspapers, news sites, blogs or shopping sites, search engines, metadata, Google docs, forums, etc.
For example, LinkedIN company pages reveal information about all the employees of the organization. These employees have their job description listed in their profile. Let’s say there is an employee whose role is “Solaris admin”. From this, you can say that the particular company is using Solaris as they have an employee for that job (unless that particular company is using ADVANCED TO THE POWER OF 100 trade craft to hide the original software they are using.
Now a hacker group creates a fake profile of a company on LinkedIN, connects with this user, sends a proposal for a job with increased salary for the same role. They ask his/her email for further communication.
Top OSINT tools
Here are some of the top OSINT Tools used by Cyber security professionals.
- Maltego: Maltego is link analysis software that is used to gather real-world relationship between roles, groups, domains, email addresses, webpages, social media accounts etc. Learn more about this tool here.
- Google Dorks: Often underestimated, Google dorks also can be useful to gather more information about a person or companhy. Learn more about it here.
- Spiderfoot: Spiderfoot is an OSINT tool written in Python that queries over 100 public data sources to gather information about any IP address, domain name, names of person and email address.
- Shodan: Popularly called the hackers search engine, Shodan lets users search for various or types of servers connected to the internet using a variety of filters.
- Metagoofil: Metagoofil is tool used to extract metadata from publicly available documents like PDFs, DOC, XLS, PPTX, DOCX, PPTXS.