Open Source Intelligence

[shadan505]

Open Source Intelligence is the activity of collecting information from hack, open search engines or open data without leaving any virtual traces on the target. In this type of intelligence, as the name suggests, information is collected from sites accessible to everyone. The information collected from here is sent to intelligence analysts, the information is evaluated and transmitted to the persons and institutions concerned with the information as a result of making meaningful results and the plan is made, but we will focus more on the cyber world.

We will discuss many methods to get to know the target system and gather information from the very bottom. Our first goal should be to detect many basic information such as Whois databases, ip databases, DNS and Domain information.

Making Whois Query:

For a site to be indexed by search engines, it must have a domain name. Results that can be obtained from Whois query; provides us with information such as who registered the target site, the e-mail address used during registration, the site administrator’s phone, full address, ip Iocation. You can use these websites to make queries:

• https://www.whois.net/ 1
• Whois Lookup, Domain Availability & IP Search - DomainTools
• https://who.is/
• https://lookup.icann.org/ 1
• https://www.ultratools.com/whois
• https://viewdns.info/reverseip/

Gathering Information By Using Search Engines:

~ Google Hacking Example~

• intitle: jdhfjdfdh.org filetype: pdf
• intitle: = Websites that contain jdhfjdfdh.org in the page title
• Filetype : pdf = search pdf extensions.

With such dork, it is possible to detect pdf, doc and even password files on the target together.

-Shodan.io-

It enables the detection of vulnerabilities of systems, devices, devices even systems such as “SCADA” that are open to the Internet, which ports are open, information such as version information of the systems used, certificate information used on the site, ip addresses. Another feature of Shodan is that it presents the results to you by sorting from device type, geographic Iocation and service information.

• net: Target IP
• net = It brings us the systems in the ip block that we have specified.

Addition: Another website that is more advanced than shoadan but works on the same logic:

• https://www.zoomeye.org/ 1

Image Search Engines:

We can use visual search engines as open source to obtain information about where the images we have are shared or about the image we have. Websites you can use for searching:

• https://images.google.com/
• https://www.tineye.com/
• https://smallseotools.com/reverse-image-search/
• https://yandex.com.tr/image/touch/
• https://www.shutterstock.com
• https://www.duplichecker.com/reverse-image-search.php
• https://images.search.yahoo.com/
• https://www.bing.com/images/discover

Finding Traces with Website History:

Sites such as Archive.org allow you to see how the target site looked in the past, how it was archived. Thus, we can obtain valuable information and extract information that was published on the target site in the past but subsequently removed.

archive.org

• Google Cached Pages of Any Website - CachedView
• Cached Pages - Get the cached page of any URL

Subdomain Detection:

We can detect other subdomains under the target site and collect information about the target from those sites.

• https://searchdns.netcraft.com/

Detection of E-mail Addresses Registered in the Name of the Target Site:

It is an effective tool for the social engineering attack that can be done on the target.

• https://mailshunt.com/ 1
• Find email addresses of companies and people - Skymem 1

Scanning Documénts :

You can obtain thousands of documénts with the keyword you enter to find information about the target site.

• https://docjax.com/
• https://www.courtlistener.com/recap/
• https://www.courtlistener.com/recap/

Gathering Information About People:

Below are the sites we can use to get more information about the information we find on the target site, such as a name, phone number, e-mail:

• https://www.spokeo.com/
• https://www.truepeoplesearch.com/
• https://www.zoominfo.com/people_directory/professional_profile/A-0-0
• https://www.zabasearch.com/
• Wink People Search - iTools 1
• How Many of Me
• https://www.searchbug.com/#pageTop
• SortedByName.com
• https://www.beenverified.com/
• https://www.theknot.com/registry/couplesearch

Make Phone Analysis:

Here, is a site where you can perform IMSI number analysis, IMEI number analysis, SIM number analysis, ISPC number analysis:

• https://www.numberingplans.com/?page=analysis 1

Browse Court and Criminal Records Worldwide:

If you want to know about “Have these people been penalized for the names identified on the target site? If so, what was the penalty?” You can find answers to your questions here.

• World Legal Information Institute (WorldLII)
• https://www.bop.gov/mobile/find_inmate/
• https://www.blackbookonline.info/criminalsearch.aspx

Finding Company Data:

If your target site is a company, you can find more information by looking at your target’s company records:

• https://opencorporates.com/
• https://www.corporationwiki.com/
• https://www.infobel.com/
• https://www.buzzfile.com/Home/Basic

Finding CV:

Sites where we can obtain the resumes of these people from the names we have identified on the target site:

• https://www.cvgadget.com/
• MarketVisual Search
• X-Ray Search LinkedIn & More. Fast & Free! ~ RecruitEm

Creating Fake Profiles:

• http://www.fakenamegenerator.com/
• http://justdelete.me/fake-identity-generator/
• https://randomuser.me/
• https://cdn.rawgit.com/Marak/faker.js/master/examples/browser/index.html

Analysing Articles:

Through these sites, we can detect situations such as joy, fear, sadness and anger in the text written on the target site.

• https://tone-analyzer-demo.ng.bluemix.net/

Analysing Dark Web:

See what information you can get about the target site or organization in the dark web information markets or search engines.

• https://iaca-darkweb-tools.com/ 1

Gathering Information On FTP :

We can get results by searching for content such as images, audio, video, files from public or forgotten ftps by keyword. We can obtain information about the target by searching.

• https://globalfilesearch.com/
• https://www.searchftps.net/
• https://www.google.com/search?q=inurl:ftp±inurl:http±inurl:https+ftpsearchterm

Conclusion:

-Open source intelligence provides the opportunity to collect information about people, persons or institutions without leaving a trace in the system.

-Very critical information can be obtained with open source intelligence.

-With open source intelligence, security vulnerabilities can be detected in the target site or server.

Click to read more...