Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
TOOLS FOR OPEN SOURCE
INTELLIGENCE
#WHOAMI
Sudhanshu Chauhan(@Sudhanshu_c)
sudhanshu@octogence.com
Director OctoGence Technologies
OSINT Enthusiast
Co-Author...
WHAT IS OSINT?
• Open Source Intelligence is the art of collecting information
which is scattered on publicly available so...
WHY OSINT?
• Internet is not limited to Google Searches.
• Not even limited to search engines, social media and blogs
• Hu...
TRADITIONAL METHODS
• Using search engines. E.g. Google, Yahoo etc.
• News sites. E.g. CNN, BBC etc.
• Corporate Websites
...
MODERN RESOURCES
• Advanced search engines
• Social Media sites
• APIs
• Deepweb/Darkweb
• Advanced tools
TOOLS THAT WE ARE GOING TO TALK ABOUT
• Shodan- Internet Search Engine
• Recon-ng- Web Reconnaissance framework
• Foca- Me...
SHODAN
• Shodan allows us to search devices connected over internet
and collects the banners.
• https://www.shodan.io/
EXPLORE SHODAN
• https://www.shodan.io/explore
• SHODAN DEMO
RECON-NG
• A full-featured Web Reconnaissance framework written in
Python.
• Complete with independent modules, database i...
• RECON-NG DEMO
FOCA
• Metadata extraction from files
• https://www.elevenpaths.com/labstools/foca/index.html
• FOCA DEMO
MALTEGO
• An Open Source Intelligence application, which provides a
platform to not only extract data but also to represen...
BASIC BLOCKS
• Entity: An entity is a piece of data which is taken as an input to
extract further information. E.g. domain...
ENTITIES
TRANSFORMS
MACHINES
• MALTEGO LOCAL TRANSFORM DEMO
http://www.paterva.com/web6/documentation/m3g
uidetransforms.pdf
• MALTEGO MACHINE DEMO
http://www.paterva.com/msl.pdf
OTHER RESOURCES/TOOLS
• Google Advanced Search:
https://www.google.com/advanced_search
• Internet Search Engine: http://zo...
GREETS #FREEHUGS
• Assi Barak- Software Group Manager BIU
• John Matherly- Shodan
• Tim Tomes & Open Source Community- Rec...
• Q/A
Próxima SlideShare
Cargando en…5
×

Tools for Open Source Intelligence (OSINT)

17.903 visualizaciones

Publicado el

#Maltego
#Recon-ng
#FOCA
#Shodan

Publicado en: Software
  • Sé el primero en comentar

Tools for Open Source Intelligence (OSINT)

  1. 1. TOOLS FOR OPEN SOURCE INTELLIGENCE
  2. 2. #WHOAMI Sudhanshu Chauhan(@Sudhanshu_c) sudhanshu@octogence.com Director OctoGence Technologies OSINT Enthusiast Co-Author: Hacking Web Intelligence https://github.com/SudhanshuC Real World Existence: Avid Reader, Cook, Traveller Nutan Kumar Panda (@TheOsintGuy) osintguy@gmail.com InfoSec Engineer eBay.inc OSINT Enthusiast Co-Author: Hacking Web Intelligence https://github.com/nkpanda Real World Existence: Gamer, Rider, Keyboard Player
  3. 3. WHAT IS OSINT? • Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. In contrast to traditional intelligence methods, OSINT utilizes overt channels for gathering information. • The added benefit is that there is no direct interaction with the target which substantially reduces the chances of being caught or raising any red flags.
  4. 4. WHY OSINT? • Internet is not limited to Google Searches. • Not even limited to search engines, social media and blogs • Huge number of sensational hacks in recent times Organizations getting hacked even after using so called "sophisticated" defense mechanisms. • Basic recon usually ignored during security assessments. • If you SECRET is out there in the open, someone WILL find it. • It's just data until you leverage it to create intelligence.
  5. 5. TRADITIONAL METHODS • Using search engines. E.g. Google, Yahoo etc. • News sites. E.g. CNN, BBC etc. • Corporate Websites • Government Websites • Blogs
  6. 6. MODERN RESOURCES • Advanced search engines • Social Media sites • APIs • Deepweb/Darkweb • Advanced tools
  7. 7. TOOLS THAT WE ARE GOING TO TALK ABOUT • Shodan- Internet Search Engine • Recon-ng- Web Reconnaissance framework • Foca- Metadata Extraction • Maltego- Open Source Intelligence and Forensics application
  8. 8. SHODAN • Shodan allows us to search devices connected over internet and collects the banners. • https://www.shodan.io/
  9. 9. EXPLORE SHODAN • https://www.shodan.io/explore
  10. 10. • SHODAN DEMO
  11. 11. RECON-NG • A full-featured Web Reconnaissance framework written in Python. • Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion. • https://bitbucket.org/LaNMaSteR53/recon-ng
  12. 12. • RECON-NG DEMO
  13. 13. FOCA • Metadata extraction from files • https://www.elevenpaths.com/labstools/foca/index.html
  14. 14. • FOCA DEMO
  15. 15. MALTEGO • An Open Source Intelligence application, which provides a platform to not only extract data but also to represent that data in a format which is easy to understand as well as analyze. • https://www.paterva.com/web6/
  16. 16. BASIC BLOCKS • Entity: An entity is a piece of data which is taken as an input to extract further information. E.g. domain name xyz.com • Transform: A piece of code which takes an entity (or a group of entities) as an input and extracts data in the form of entity (or entities) based upon the relationship. • Machine: A machine is basically a set of transforms linked programmatically. https://www.youtube.com/channel/UCThOLpqhLFFQN0nStdkyGLg
  17. 17. ENTITIES
  18. 18. TRANSFORMS
  19. 19. MACHINES
  20. 20. • MALTEGO LOCAL TRANSFORM DEMO http://www.paterva.com/web6/documentation/m3g uidetransforms.pdf
  21. 21. • MALTEGO MACHINE DEMO http://www.paterva.com/msl.pdf
  22. 22. OTHER RESOURCES/TOOLS • Google Advanced Search: https://www.google.com/advanced_search • Internet Search Engine: http://zoomeye.org • Jeffrey's Exif Viewer: http://regex.info/exif.cgi • TinEye Reverse Image Search: https://www.tineye.com/ • Pipl People Search Engine: https://pipl.com/ • Internet Archive: http://archive.org/web/web.php • Domain tool: https://w3dt.net/ • Social Media Search: http://socialmention.com/
  23. 23. GREETS #FREEHUGS • Assi Barak- Software Group Manager BIU • John Matherly- Shodan • Tim Tomes & Open Source Community- Recon-ng • ElevenPaths Team- FOCA • Paterva Team- Maltego
  24. 24. • Q/A

×