Open Source Intelligence or popular OSINT is an essential section in cybersecurity. Every cybersecurity expert, including the white, red, and black hat, know the value of OSINT, as they continually explore exploitable vulnerabilities. And if you’re aspiring to become one or just in need of some information, better learn this.
While you may know that OSINT is the collection and analysis of data from public sources, it should be noted that it differs from Research, as the latter applies the “process of intelligence to create tailored knowledge supportive of a specific decision by a specific individual or group.”
Also, OSINT is different from open-source software, though most of the tools used in OSINT are open-source, which means freely available. It just needs to fulfill the primary IT functions of finding the public-facing assets and relevant data outside an organization and making it useful for an actionable decision.
Thus, fulfilling these specifications are the below-collated tools, which are partially free and popular in the cybersecurity space. Check out;
List of Best Open Source Intelligence (OSINT) Tools
Shodan is one of the primary tools of every security researcher for scanning the internet. It’s a robust search engine for IoT devices like the embedded security camera, sensors, databases, etc. Shodan’s search is based on the hope that organizations worldwide may publicly expose some of their infrastructures.
And this is what Shodan targets and surfaces. While security researchers use it to know the exposed devices, hackers use it to exploit them. This is more effective for black hats who can check the exposed databases, which can be found other than the official interface.
Also, Shodan lists out possible vulnerabilities of a listed IoT device, like the port it has exposed, which can be studied and tested to exploit. While you can do most with the free plan, you can try a freelancer pack costing $59 a month for deeper and better access, like with filters.
Try it here: Shodan
Besides being an extensive search engine, Maltego is applauded for its post-search support. Maltego can draw data from various sources like the whois database, DNS records, social networks, and other basic search engines like Google and Bing. After grouping them, it then connects all the data points to make the information better understandable.
Actually, this is where Maltego specializes in – as it makes out graphs with hundreds or thousands of data points. All this quickly readable data can reveal the relationships between websites, persons, companies, etc.
It has a free version called Maltego CE, which does an adequate job for basic searching and analysis, available for Linux, Windows, and macOS. And if you want more, you should pay upto $1,999 for a single search, which pretty much does everything for you, including the chart insights.
Try it here: Maltego.
Usually, all developers familiar with Python have recently crossed Java to become the most popular programming language. Recon-ng is based on Python and works on the same platform. As the name suggests, Recon-ng is mostly used for reconnaissance purposes and has its UI resembling Metasploit.
Besides searching the open materials, Recon-ng is specialized in automating most of the work like standardizing the results, API key management, and making web requests. Rather than searching for data, users should try Recon-ng for automated module processing by setting up desired functions.
Try it here: Recon-ng
If you’re an aspiring penetration tester, better start with this tool. theHarvester all search engines to pull up the data, like from Google, Bing, DNSdumpster, Exalead, etc. Also, it draws up results from the AlienVault Open Threat Exchange and Netcraft Data Mining.
Suggested for reconnaissance purposes before pentesting, it gathers information like names, emails, IPs, subdomains, and URLs. This, too, requires a Python platform (v3.6 and above) to run and is available for free from GitHub.
Try it here: theHarvester
Touted as the Metasploit in OSINT, SpiderFoot uses engines like Shodan, HaveIBeenPwnd, AlienVault, SecurityTrails, etc., to draw up an information domain name, IP address, usernames, email address, ASN, or subnet.
Integration of data is done in days, and what’s good with this tool is the offering of organized data in the form of visuals and charts like JSON, CSV, or GEXF, which can be exported. While there’s a free tool available, a full version called SpiderFoot HX should be tried for using core features.
Try it here: SpiderFoot