Recommended
More Related Content
What's hot
What's hot (20)
Similar to Bsides Knoxville - OSINT
Similar to Bsides Knoxville - OSINT (20)
More from Adam Compton
More from Adam Compton (14)
Recently uploaded
Recently uploaded (20)
Bsides Knoxville - OSINT
- 1. Full Auto OSINT OSINT for Pentesters
- 2. Me Me Me… •Who/What am I? •Simple answer: • Father/Husband/Son/Brother • Programmer/Pentester/Researcher • Hillbilly
- 3. What is OSINT? “Open Source Intelligence, often referred to as OSINT, can mean many things to many people. Officially, it is defined as any intelligence produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement. For the CIA, it may mean information obtained from foreign broadcasts. For an attorney, it may mean data obtained from official government documents that are available to the public. For most people, it is publicly available content obtained from the internet.” --Michael Bazzell
- 4. Is it legal?
- 5. Why OSINT?
- 6. Goal oriented OSINT… •What are you after?
- 7. Goal oriented OSINT… •What are you after? • Usernames? • Passwords? • Personal details? • Locate someone?
- 8. Where/How to Gather OSINT
- 9. Where/How to Gather OSINT •Internet • Search Engines • Social Media • Online Communities • Data Sharing/Hosting • Corporate
- 10. Where/How to Gather OSINT •Internet • Search Engines • Social Media • Online Communities • Data Sharing/Hosting • Corporate •Tools • System/OS Tools • Pentester Tools • APIs
- 11. To the webs!!!!
- 12. To the webs!!!! •Search Engines •Social Media •Online Communities •Data Sharing •Corporate
- 13. Search Engines
- 14. Social Media
- 15. Demo
- 17. Data Sharing
- 18. Demo
- 19. Corporate
- 20. Demo
- 21. Time for the command line!!!
- 22. Time for the command line!!! •System Tools •Pentester Tools •APIs
- 25. Demo
- 26. APIs
- 27. Demo
- 28. MultiTools
- 29. Demo
- 31. Demo ... Not Quite Yet Sorry
- 32. Resources • https://inteltechniques.com/ • https://start.me/p/m6XQ08/osint • http://osintframework.com/ • https://github.com/Ph055a/awesome_osint
- 33. THANK YOU Questions? Comments? Thoughts? Contact Info: •adam_compton@rapid7.com •adam.compton@gmail.com •@tatanus •https://www.hillbillystorytime.com
Editor's Notes
- Me? I have been around for a while… Somewhere around 18 years or so in the InfoSec field. Over that time, I have been a programmer, researcher, and pentester (currently for Rapid7). But most of all, I am a father, husband, son, and brother.
- OSINT is intelligence produced from publicly available information
- First of all I am NOT a lawyer: By from what I understand the answer is …Maybe.. But usually yes. If you were able to collect the data by access a website or other source without breaking access controls or something similar, then you should be fine. What about password/data breaches/leaks.. Well.. It is probably best to not download/view them. I know that sometimes it can cause issues if you have a security clearance or can cause issues in court cases and such.
- pentester
- Search Engines Google, Bing, … Social Media Facebook, Twitter, LinkedIn, … Online Communities Reddit, … Data Sharing Pastebin, … Corporate www.company.com, jobs.company.com, …
- Google Bing Yandex Yahoo Baidu Duckduckgo SHODAN
- Google dorks Google SHODAN Archive.org / waybackmachine Facebook searches https://www.facebook.com/search/str/Adrian%20Sanabria/users-named/intersect https://www.facebook.com/adrian.sanabria adrian.sanabria 508092249 https://www.facebook.com/search/508092249/photos-by https://www.facebook.com/search/508092249/photos-liked https://www.facebook.com/search/508092249/photos-of https://www.facebook.com/search/508092249/apps-used https://www.facebook.com/search/508092249/events https://www.facebook.com/search/508092249/employers https://www.facebook.com/search/508092249/friends Twitter site:linkedin.com adrian sanabria
- Reddit 4chan Pintrest Ebay
- Pastebin Slideshare Scribd Gist.github.com
- https://twitter.com/checkmydump https://twitter.com/dumpmon
- www.rapid7.com careers
- www.rapid7.com careers
- System Tools dig, whois, … Pentester Tools Recon-ng, theHarvester, FOCA, … APIs Pipl, Full Contact, Have I Been Pwned, …
- System Tools dig, whois, … Pentester Tools Recon-ng, theHarvester, FOCA, … APIs Pipl, Full Contact, Have I Been Pwned, …
- Whois Dig
- theHarvester Sublist3r FOCA Recon-ng Metagoofil Fierce Spiderfoot Creepy Tinfoleak EyeWitness Instalooter
- Dig Whois metagoofil metagoofil -d apple.com -t doc,pdf -l 200 -n 10 -o applefiles -f results.html theHarvester theharvester -d rapid7.com -l 500 -b google ./datasploit.py -i adam.compton@gmail.com
- Pipl curl http://api.pipl.com/search/ -d username="sawaba" -d key=SOCIAL-DEMO-xfra8kc0zddque73a7omxtci -d match_requirements="(name and image)" Have I been pwned curl "https://haveibeenpwned.com/api/v2/breachedaccount/adam.compton@gmail.com" | python -m json.tool Hacked-emails curl "https://hacked-emails.com/api?q=adam.compton@gmail.com" | python -m json.tool Hunter.io curl “https://api.hunter.io/v2/domain-search?domain=cisco.com&api_key=efce916c389f87e8c3d2bef14a8e1b3f29e28b45”
- Pipl curl http://api.pipl.com/search/ -d username="sawaba" -d key=SOCIAL-DEMO-xfra8kc0zddque73a7omxtci -d match_requirements="(name and image)" Have I been pwned curl "https://haveibeenpwned.com/api/v2/breachedaccount/adam.compton@gmail.com" | python -m json.tool Hacked-emails curl "https://hacked-emails.com/api?q=adam.compton@gmail.com" | python -m json.tool Hunter.io curl “https://api.hunter.io/v2/domain-search?domain=cisco.com&api_key=efce916c389f87e8c3d2bef14a8e1b3f29e28b45”
- Recon-ng maltego technisette.com osintframework.com inteltechniques.com https://github.com/Ph055a/awesome_osint
- Demo osint framework Demo inteltechniques.com
- Michael Bazzell
- Now, any questions?