What is OSINT?

Hackers use open source data to hack systems. You can use OSINT tools to find out what information of yours has been exposed.

Open source intelligence tools find freely available information. Criminal hackers can use the tools to their advantage unless you beat them to it.

The 1980s saw a paradigm shift in the military and intelligence community. Classic activities such as intercepting letters and wiretapping were replaced by a new trend of secret espionage: agents focused on using freely available or officially published information for their own purposes.

It was a different world that had to make do without social media. Instead, newspapers and public databases were the main sources of interesting and/or useful information.

OSINT Concept Overview

It sounds simple, but in practice it required a high level of combinatorial skills to reliably connect the necessary information and create a picture of the situation from it. This type of espionage was called Open Source Intelligence (OSINT).

OSINT tactics can now be applied to information security. Most companies and organizations have a large, largely public infrastructure that includes various networks, technologies, hosting services, and namespaces.

The information or data can reside on a variety of devices — employee computers, local servers, private employee devices (in the “bring your own device” sense), cloud instances, or even live application source code.

In fact, in practice, the IT department of large companies almost never knows about all the company's assets - regardless of whether they are publicly available or not. Added to this is the fact that most companies also indirectly manage various additional assets, such as their social media accounts. This area, in particular, often stores information that could become dangerous if it falls into the wrong hands.

This is where the current generation of open source analytics tools come into play. OSINT tools essentially perform three functions:

1. Discovery of publicly available assets.

The most common function of OSINT tools is to help IT teams discover public assets and the information they contain. In particular, we are talking about data that could potentially be used to develop attack vectors. Any OSINT tool could contribute.

However, this does not mean identifying security holes or penetration testing - it is only about information that is accessible without the use of hacking techniques.

2. Discovery of relevant information outside the organization.

Another function of open source analytics tools is to search for information located outside of your organization, such as social media platforms or domains.

This feature should be of particular interest to large companies that are acquiring new companies. Given the rapid growth of social media platforms, verifying sensitive information across corporate boundaries makes sense for every organization.

3. Processing of collected information in a convenient way for use.

Some OSINT tools are capable of summarizing collected information and data into an easy-to-use form. For a large company, an OSINT scan can produce hundreds of thousands of results, especially if both internal and external sources are included. Structuring data and solving the most pressing problems first is not only useful in these cases.

By providing OSINT tools with information about your company, employees, your IT assets, or other sensitive data that could be exploited by attackers, appropriate open source intelligence tools can help improve your IT security from phishing to denial-of-service attacks. service".

OSINT tools are often designed to identify connections between people, companies, domains, and publicly available information on the World Wide Web. OSINT tools visualize results in attractive graphs and charts that can include a large number of data points.

OSINT tools automatically search a variety of publicly available data sources with the click of a button. These include DNS queries, search engines and social networks. The tools are compatible with virtually any data source that has a publicly accessible interface.

Once the information collection is completed, the OSINT tool links the data and provides information about hidden connections between names, email addresses, companies, websites and other information.

OSINT tools are often modular in design with numerous integrated functions. These include, for example, common tasks such as standardizing output, interacting with databases, running web requests, or managing API keys. Instead of painstaking programming, developers simply select the features they need and assemble an automated module in just a few minutes.

Sometimes an OSINT tool is a special search engine that provides information about devices, such as Internet of Things devices, that have already been used millions of times. The OSINT tool can also be used to find open ports or vulnerabilities in specific systems. Several other open source intelligence tools use OSINT tools as a data source.

Some OSINT tools also include operational technologies (OT) in their analysis, such as those used in industrial control systems in power plants or factories.

Also, the OSINT tool is a highly specialized search engine that scans the source code in search of interesting data. This allows software developers to identify and fix problems before the associated software is deployed.

Of course, every tool that works with source code requires a little more know-how than a simple Google search - but the creator of the search code has gone to great lengths to make the interface of his OSINT tool as simple as possible.

The user enters their search query, and the search code provides results in the form of corresponding tags in the source code. For example, usernames, security vulnerabilities, unwanted active features (such as recompilation), or special characters that can be used for code injection attacks may be identified.

An OSINT tool can be a type of Metasploit framework in open source intelligence: you set the tool to an IP address, domain, email address, username, subnet or ASN and specify the modules to use, run it and get a wealth of information.

The relevant information does not have to be in English or German - the information you need can also be in Chinese or Spanish.

This is where the multilingual OSINT tool comes into play, searching the public web, including blogs, social media platforms and message boards, as well as the dark and deep web. The tool can also determine the source of the information found and perform text analysis to produce relevant results. Currently, the tools can support about 200 different languages.

The use cases for the multilingual OSINT tool are numerous: if, for example, there are global ransomware attacks, target detection trends can be quickly identified. The tool can also reveal whether a company's intellectual property is being offered for sale on third-party websites.

Often the OSINT platform is cloud-based in nature and also allows users to add their own data sources. Typically, the tool also has a local version, although it lacks some features (such as deep web search).

Some OSINT tools are available as a Chrome extension or Firefox add-on. They provide you with the ability to search your browser for IP addresses, domains, URLs, hashes, ASNs, Bitcoin wallet addresses, and many other indicators of compromise. Six different search engines can be enabled.

Conveniently, the tool can also serve as a shortcut to numerous online databases that can be searched with one click.

OSINT tools can also reveal what popular websites were built on (WordPress, Joomla, Drupal, etc.) and reveal additional information. This includes, for example, a list of JavaScript/CSS libraries that the website uses. In addition, plugins, platforms, server, analytics and tracking information can also be obtained.

This way, you can view information about a website's technology stack quite simply.

Close the gaps with OSINT!

Not every hacker attack needs to be a sophisticated persistent threat or use particularly sophisticated techniques. Criminal hackers also prefer to take the path of least resistance. After all, it would be pointless to spend months compromising systems when all the necessary information is available in public channels.

OSINT tools can help companies discover what information about their networks, data, and users is publicly available. The most important thing is to find this data as quickly as possible before it can be used.

Mainton Company - custom software development and testing, DevOps and SRE, SEO and online advertising since 2004.