In this post, we are going to explore the TOP 20 Open-Source Intelligence (OSINT) tools you should know in 2020.
Shodan is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client. This can be information about the server software, what options the service supports, a welcome message or anything else that the client can find out before interacting with the server
You can use it by visiting the official website: www.shodan.io
To learn more about it:
Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context. Recon-ng is a must-have OSINT tool. It was written in Python by lanmaster53 with many integrated modules and features. It contains 4 different categories of modules: Reconnaissance, Discovery, Reporting and experimental modules.
You can download it from here: https://github.com/lanmaster53/recon-ng
The Harvester is a tool for gathering email accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers). It is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company on the Internet.
Maltego is another OSINT tool. It is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet. Maltego uses the idea of transforms to automate the process of querying different data sources. It was developed by Paterva. It provides you with transforms to help you gather information and visualize them. You can download the free edition from here: https://www.paterva.com/downloads.php
Sometimes files contain many juicy pieces of information. Many users are not aware of them. These pieces of information are represented as Metadata that can be extracted using many tools. One of the most popular tools to extract metadata from images is Exiftool. This tool is free and open-source. It was developed by Phil Harvey and it supports many operating systems including Windows, Mac OS and Linux
You can download it from here: https://exiftool.org
Global Terrorism Database
During many OSINT missions, you will be dealing with terrorism threats. Thus, it is essential to collect many pieces of information about terrorism online. One of the most used services is the “Global Terrorism Database”. The project is managed by the National Consortium for the Study of Terrorism and Responses to Terrorism (START) and it contains information about more than 190,000 terrorist attacks.
Its official website is: https://www.start.umd.edu/gtd/access/
The deep web, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by standard web search engines for any reason. The opposite term to the deep web is the surface web, which is accessible to anyone using the Internet. Computer scientist Michael K. Bergman is credited with coining the term deep web in 2001 as a search indexing term. OnionScan is a free and open-source tool that is used in investigating the Dark web.
Its official website is: https://onionscan.org
Another powerful OSINT tool is DataSploit. This tool is a free and open-source. It gives you the ability to search for information about Companies, People, Phone Number, Bitcoin Addresses and so on. Once it collects the data it will generate reports as different formats such as HTML and JSON. It was written in python and It runs from the command line.