We briefly explained and discussed OSINT techniques and tools using practical scenarios that involve extracting public information from Domain names, social media websites (LinkedIn, Reddit,etc) and even location information using Google hangouts and Foursquare.
The Complete Practical Web Application Penetration Testing Course
Highlights
What is OSINT?
OSINT is the process of gathering information about the target’s system, network and defenses using passive methods. OSINT includes collecting and gathering data from publicly available sources, such as DNS registrars, web searches, security-centric search engines like Shodan and Censys, Social media websites such as Facebook, Instagram,Reddit,Linkedin,etc.
Another type of open source intelligence is information about vulnerabilities and other security flaws, including sources like the Common Vulnerabilities and Exposures (CVE) and
Common Weakness Enumeration (CWE) resources.
Examples of information that can be gathered using OSINT
- Domain names and subdomains
- IP Address ranges
- Email addresses
- Physical locations
- Staff list and organization chart.
- Documents’ meta data.
- Social media information
- Technologies and infrastructure.
OSINT Tools
Commands used in DNS enuemration
nslookup -type=text secure-startup.com
nslookup -type=txt_dmarc.secure-startup.com
dig secure-startup.com ANY
In the third case, the location of the email owner was found opening Google hangouts, inspecting the page and looking for “jsdata” till the pattern of numbers was found.
Video Walkthrough
