Sudhanshu Chauhan, profile picture
Uploaded bySudhanshu Chauhan
PPTX, PDF24,403 views

Tools for Open Source Intelligence (OSINT)

This document introduces tools for open source intelligence (OSINT) including Shodan, Recon-ng, FOCA, and Maltego. It provides an overview of each tool, including their purpose and basic usage. Shodan is an internet search engine that allows searching devices connected over the internet. Recon-ng is a web reconnaissance framework for OSINT. FOCA extracts metadata from files. Maltego is an OSINT application that extracts and visually represents relationships in extracted data through entities, transforms, and machines. The document demonstrates features of each tool and provides resources for OSINT.

Embed presentation

Downloaded 666 times
TOOLS FOR OPEN SOURCE INTELLIGENCE
#WHOAMI Sudhanshu Chauhan(@Sudhanshu_c) sudhanshu@octogence.com Director OctoGence Technologies OSINT Enthusiast Co-Author: Hacking Web Intelligence https://github.com/SudhanshuC Real World Existence: Avid Reader, Cook, Traveller Nutan Kumar Panda (@TheOsintGuy) osintguy@gmail.com InfoSec Engineer eBay.inc OSINT Enthusiast Co-Author: Hacking Web Intelligence https://github.com/nkpanda Real World Existence: Gamer, Rider, Keyboard Player
WHAT IS OSINT? • Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. In contrast to traditional intelligence methods, OSINT utilizes overt channels for gathering information. • The added benefit is that there is no direct interaction with the target which substantially reduces the chances of being caught or raising any red flags.
WHY OSINT? • Internet is not limited to Google Searches. • Not even limited to search engines, social media and blogs • Huge number of sensational hacks in recent times Organizations getting hacked even after using so called "sophisticated" defense mechanisms. • Basic recon usually ignored during security assessments. • If you SECRET is out there in the open, someone WILL find it. • It's just data until you leverage it to create intelligence.
TRADITIONAL METHODS • Using search engines. E.g. Google, Yahoo etc. • News sites. E.g. CNN, BBC etc. • Corporate Websites • Government Websites • Blogs
MODERN RESOURCES • Advanced search engines • Social Media sites • APIs • Deepweb/Darkweb • Advanced tools
TOOLS THAT WE ARE GOING TO TALK ABOUT • Shodan- Internet Search Engine • Recon-ng- Web Reconnaissance framework • Foca- Metadata Extraction • Maltego- Open Source Intelligence and Forensics application
SHODAN • Shodan allows us to search devices connected over internet and collects the banners. • https://www.shodan.io/
EXPLORE SHODAN • https://www.shodan.io/explore
• SHODAN DEMO
RECON-NG • A full-featured Web Reconnaissance framework written in Python. • Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion. • https://bitbucket.org/LaNMaSteR53/recon-ng
• RECON-NG DEMO
FOCA • Metadata extraction from files • https://www.elevenpaths.com/labstools/foca/index.html
• FOCA DEMO
MALTEGO • An Open Source Intelligence application, which provides a platform to not only extract data but also to represent that data in a format which is easy to understand as well as analyze. • https://www.paterva.com/web6/
BASIC BLOCKS • Entity: An entity is a piece of data which is taken as an input to extract further information. E.g. domain name xyz.com • Transform: A piece of code which takes an entity (or a group of entities) as an input and extracts data in the form of entity (or entities) based upon the relationship. • Machine: A machine is basically a set of transforms linked programmatically. https://www.youtube.com/channel/UCThOLpqhLFFQN0nStdkyGLg
ENTITIES
TRANSFORMS
MACHINES
• MALTEGO LOCAL TRANSFORM DEMO http://www.paterva.com/web6/documentation/m3g uidetransforms.pdf
• MALTEGO MACHINE DEMO http://www.paterva.com/msl.pdf
OTHER RESOURCES/TOOLS • Google Advanced Search: https://www.google.com/advanced_search • Internet Search Engine: http://zoomeye.org • Jeffrey's Exif Viewer: http://regex.info/exif.cgi • TinEye Reverse Image Search: https://www.tineye.com/ • Pipl People Search Engine: https://pipl.com/ • Internet Archive: http://archive.org/web/web.php • Domain tool: https://w3dt.net/ • Social Media Search: http://socialmention.com/
GREETS #FREEHUGS • Assi Barak- Software Group Manager BIU • John Matherly- Shodan • Tim Tomes & Open Source Community- Recon-ng • ElevenPaths Team- FOCA • Paterva Team- Maltego
• Q/A

More Related Content

PPTX
OSINT: Open Source Intelligence gathering
byJeremiah Tillman
 
PPT
Open source intelligence
bybalakumaran779
 
PPTX
Osint {open source intelligence }
byAkshayJha40
 
PDF
OSINT for Attack and Defense
byAndrew McNicol
 
PDF
Open Source Intelligence (OSINT)
byfestival ICT 2016
 
PPTX
OpenSourceIntelligence-OSINT.pptx
byanonymousanonymous428352
 
PDF
Offensive OSINT
byChristian Martorella
 
PPTX
osint - open source Intelligence
byOsama Ellahi
 
OSINT: Open Source Intelligence gathering
byJeremiah Tillman
 
Open source intelligence
bybalakumaran779
 
Osint {open source intelligence }
byAkshayJha40
 
OSINT for Attack and Defense
byAndrew McNicol
 
Open Source Intelligence (OSINT)
byfestival ICT 2016
 
OpenSourceIntelligence-OSINT.pptx
byanonymousanonymous428352
 
Offensive OSINT
byChristian Martorella
 
osint - open source Intelligence
byOsama Ellahi
 

What's hot

PDF
Osint presentation nov 2019
byPriyanka Aash
 
PDF
OSINT - Open Source Intelligence
byc0c0n - International Cyber Security and Policing Conference
 
PDF
OSINT- Leveraging data into intelligence
byDeep Shankar Yadav
 
PPTX
OSINT
byApurv Singh Gautam
 
PPTX
How to Use Open Source Intelligence (OSINT) in Investigations
byCase IQ
 
PDF
Open source intelligence information gathering (OSINT)
byphexcom1
 
PDF
From OSINT to Phishing presentation
byJesse Ratcliffe, OSCP
 
PDF
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
byFalgun Rathod
 
PDF
Osint
byKamal Rathaur
 
PDF
What is Open Source Intelligence (OSINT)
byMolfar
 
PDF
OSINT with Practical: Real Life Examples
bySyedAmoz
 
PPTX
Investigating Using the Dark Web
byCase IQ
 
PPTX
Getting started with using the Dark Web for OSINT investigations
byOlakanmi Oluwole
 
PPTX
Social engineering
byMaulik Kotak
 
PPTX
Social Engineering
byCyber Agency
 
PDF
Social engineering
byRobert Hood
 
PDF
Footprinting
byDuah John
 
PPTX
Google Dorks
byAdhoura Academy
 
PPTX
The Deep Web, TOR Network and Internet Anonymity
byAbhimanyu Singh
 
PPTX
Social engineering
byVîñàý Pãtêl
 
Osint presentation nov 2019
byPriyanka Aash
 
OSINT - Open Source Intelligence
byc0c0n - International Cyber Security and Policing Conference
 
OSINT- Leveraging data into intelligence
byDeep Shankar Yadav
 
OSINT
byApurv Singh Gautam
 
How to Use Open Source Intelligence (OSINT) in Investigations
byCase IQ
 
Open source intelligence information gathering (OSINT)
byphexcom1
 
From OSINT to Phishing presentation
byJesse Ratcliffe, OSCP
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
byFalgun Rathod
 
Osint
byKamal Rathaur
 
What is Open Source Intelligence (OSINT)
byMolfar
 
OSINT with Practical: Real Life Examples
bySyedAmoz
 
Investigating Using the Dark Web
byCase IQ
 
Getting started with using the Dark Web for OSINT investigations
byOlakanmi Oluwole
 
Social engineering
byMaulik Kotak
 
Social Engineering
byCyber Agency
 
Social engineering
byRobert Hood
 
Footprinting
byDuah John
 
Google Dorks
byAdhoura Academy
 
The Deep Web, TOR Network and Internet Anonymity
byAbhimanyu Singh
 
Social engineering
byVîñàý Pãtêl
 

Similar to Tools for Open Source Intelligence (OSINT)

PDF
OSINT: Open Source Intelligence - Rohan Braganza
byNSConclave
 
PPTX
hacking techniques and intrusion techniques useful in OSINT.pptx
bysconalbg
 
PDF
Tools and Techniques Used in Open Source Intelligence.pdf
byCyberPro Magazine
 
PPTX
Basics of Maltego
byYash Diwakar
 
PDF
Osint ashish mistry
byn|u - The Open Security Community
 
PDF
How to Use OSINT and Web Scraping for Data Collection.pdf
byStefan Smiljkovic
 
PPTX
Maltego
bypenetration Tester
 
PDF
Top 10 OSINT Tools for Information Gathering.pdf
bymanisha06650
 
PDF
ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detect...
byAnastasija Nikiforova
 
PPTX
osintopensourceintelligence-211219120844 (1).pptx
bymedamineBoudia
 
PPTX
Automated tools for penetration testing
bydevanshdubey7
 
PPT
Owasp osint presentation - by adam nurudini
byAdam Nurudini
 
PDF
Passive Intelligence Gathering and Analytics - It's All Just Metadata!
byCTruncer
 
PPTX
gfbdsfsdfhbsfbadsfdfdfsdhfdfhdfdsfdsfhdsfhadsdhf
byBhojarajTheking
 
PDF
Mapping french open data actors on the web with common crawl
bydata publica
 
PDF
OWASP_OSINT_Presentation.pdf
bynetisBin
 
PDF
Null HYD Playing with shodan null
byRaghunath G
 
PDF
OpenFest 2012 : Leveraging the public internet
bytkisason
 
PPTX
Let’s hunt the target using OSINT
byChandrapal Badshah
 
PPTX
Nmapper theHarvester OSINT Tool explanation
byWangolo Joel
 
OSINT: Open Source Intelligence - Rohan Braganza
byNSConclave
 
hacking techniques and intrusion techniques useful in OSINT.pptx
bysconalbg
 
Tools and Techniques Used in Open Source Intelligence.pdf
byCyberPro Magazine
 
Basics of Maltego
byYash Diwakar
 
Osint ashish mistry
byn|u - The Open Security Community
 
How to Use OSINT and Web Scraping for Data Collection.pdf
byStefan Smiljkovic
 
Maltego
bypenetration Tester
 
Top 10 OSINT Tools for Information Gathering.pdf
bymanisha06650
 
ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detect...
byAnastasija Nikiforova
 
osintopensourceintelligence-211219120844 (1).pptx
bymedamineBoudia
 
Automated tools for penetration testing
bydevanshdubey7
 
Owasp osint presentation - by adam nurudini
byAdam Nurudini
 
Passive Intelligence Gathering and Analytics - It's All Just Metadata!
byCTruncer
 
gfbdsfsdfhbsfbadsfdfdfsdhfdfhdfdsfdsfhdsfhadsdhf
byBhojarajTheking
 
Mapping french open data actors on the web with common crawl
bydata publica
 
OWASP_OSINT_Presentation.pdf
bynetisBin
 
Null HYD Playing with shodan null
byRaghunath G
 
OpenFest 2012 : Leveraging the public internet
bytkisason
 
Let’s hunt the target using OSINT
byChandrapal Badshah
 
Nmapper theHarvester OSINT Tool explanation
byWangolo Joel
 

Recently uploaded

PDF
Gojek Clone Business Strategy: From Launch to Scale
byV3CUBE TECHNOLABS
 
PDF
Salesforce Data Migration Services.pdf
byRobert Mark
 
PDF
Cloud Automotive Software: Cost, Speed & Scalability
byShiv Technolabs Pvt. Ltd.
 
PDF
Edge AI vs Cloud AI: Why Frontend Developers Must Master On-Device Machine Le...
byWorkfall hire developers
 
PDF
Princeton RSE: Python Histograms as objects
byHenry Schreiner
 
PDF
A Complete Guide to Progressive Web App and Their Development
byMaxtra Technologies
 
PDF
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 
PDF
Postmates Clone App Delivery Service Business Solution.pdf
byV3CUBE TECHNOLABS
 
PDF
The Future of Microsoft Project Management Tools - Connecting Teams, Work, an...
byOnePlan Solutions
 
PDF
Princeton RSE: What's new in Python π (3.14)
byHenry Schreiner
 
PDF
What-Every-Tech-Leader-Needs-to-Know-About-AI-in-2025.pdf
byrishabhxbohra
 
PDF
How Fireworks AI Achieves 1TB_s+ Throughput for Model Deployment Across Multi...
byAlluxio, Inc.
 
PDF
Projectlify: Everything You Need to Get Things Done
byRafal Ksiazek
 
PDF
Shaping Your 2026 Testing Strategy | Applitools Product Pulse - January 2026
byApplitools
 
PPTX
apidays Australia 2025 | Hey man, which one will deploy much faster, API or kid?
byapidays
 
PPTX
NetworkMediaWireless (1).pptxunsnsndjdjdjjdnd
byre7022
 
PDF
Salesforce Careers in 2026_ Trends, Certifications, and Must-Have Skills
byDele Amefo
 
PPTX
wAIred_RabobankWRProducts__22012026.pptx
bySimonedeGijt
 
PDF
Princeton 2026: Tools That Help You
 Write Better Code
byHenry Schreiner
 
Gojek Clone Business Strategy: From Launch to Scale
byV3CUBE TECHNOLABS
 
Salesforce Data Migration Services.pdf
byRobert Mark
 
Cloud Automotive Software: Cost, Speed & Scalability
byShiv Technolabs Pvt. Ltd.
 
Edge AI vs Cloud AI: Why Frontend Developers Must Master On-Device Machine Le...
byWorkfall hire developers
 
Princeton RSE: Python Histograms as objects
byHenry Schreiner
 
A Complete Guide to Progressive Web App and Their Development
byMaxtra Technologies
 
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 
Postmates Clone App Delivery Service Business Solution.pdf
byV3CUBE TECHNOLABS
 
The Future of Microsoft Project Management Tools - Connecting Teams, Work, an...
byOnePlan Solutions
 
Princeton RSE: What's new in Python π (3.14)
byHenry Schreiner
 
What-Every-Tech-Leader-Needs-to-Know-About-AI-in-2025.pdf
byrishabhxbohra
 
How Fireworks AI Achieves 1TB_s+ Throughput for Model Deployment Across Multi...
byAlluxio, Inc.
 
Projectlify: Everything You Need to Get Things Done
byRafal Ksiazek
 
Shaping Your 2026 Testing Strategy | Applitools Product Pulse - January 2026
byApplitools
 
apidays Australia 2025 | Hey man, which one will deploy much faster, API or kid?
byapidays
 
NetworkMediaWireless (1).pptxunsnsndjdjdjjdnd
byre7022
 
Salesforce Careers in 2026_ Trends, Certifications, and Must-Have Skills
byDele Amefo
 
wAIred_RabobankWRProducts__22012026.pptx
bySimonedeGijt
 
Princeton 2026: Tools That Help You
 Write Better Code
byHenry Schreiner
 

Tools for Open Source Intelligence (OSINT)

  • 1.
    TOOLS FOR OPENSOURCE INTELLIGENCE
  • 2.
    #WHOAMI Sudhanshu Chauhan(@Sudhanshu_c) sudhanshu@octogence.com Director OctoGenceTechnologies OSINT Enthusiast Co-Author: Hacking Web Intelligence https://github.com/SudhanshuC Real World Existence: Avid Reader, Cook, Traveller Nutan Kumar Panda (@TheOsintGuy) osintguy@gmail.com InfoSec Engineer eBay.inc OSINT Enthusiast Co-Author: Hacking Web Intelligence https://github.com/nkpanda Real World Existence: Gamer, Rider, Keyboard Player
  • 3.
    WHAT IS OSINT? •Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. In contrast to traditional intelligence methods, OSINT utilizes overt channels for gathering information. • The added benefit is that there is no direct interaction with the target which substantially reduces the chances of being caught or raising any red flags.
  • 4.
    WHY OSINT? • Internetis not limited to Google Searches. • Not even limited to search engines, social media and blogs • Huge number of sensational hacks in recent times Organizations getting hacked even after using so called "sophisticated" defense mechanisms. • Basic recon usually ignored during security assessments. • If you SECRET is out there in the open, someone WILL find it. • It's just data until you leverage it to create intelligence.
  • 5.
    TRADITIONAL METHODS • Usingsearch engines. E.g. Google, Yahoo etc. • News sites. E.g. CNN, BBC etc. • Corporate Websites • Government Websites • Blogs
  • 6.
    MODERN RESOURCES • Advancedsearch engines • Social Media sites • APIs • Deepweb/Darkweb • Advanced tools
  • 7.
    TOOLS THAT WEARE GOING TO TALK ABOUT • Shodan- Internet Search Engine • Recon-ng- Web Reconnaissance framework • Foca- Metadata Extraction • Maltego- Open Source Intelligence and Forensics application
  • 8.
    SHODAN • Shodan allowsus to search devices connected over internet and collects the banners. • https://www.shodan.io/
  • 9.
  • 10.
  • 11.
    RECON-NG • A full-featuredWeb Reconnaissance framework written in Python. • Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion. • https://bitbucket.org/LaNMaSteR53/recon-ng
  • 12.
  • 13.
    FOCA • Metadata extractionfrom files • https://www.elevenpaths.com/labstools/foca/index.html
  • 14.
  • 15.
    MALTEGO • An OpenSource Intelligence application, which provides a platform to not only extract data but also to represent that data in a format which is easy to understand as well as analyze. • https://www.paterva.com/web6/
  • 16.
    BASIC BLOCKS • Entity:An entity is a piece of data which is taken as an input to extract further information. E.g. domain name xyz.com • Transform: A piece of code which takes an entity (or a group of entities) as an input and extracts data in the form of entity (or entities) based upon the relationship. • Machine: A machine is basically a set of transforms linked programmatically. https://www.youtube.com/channel/UCThOLpqhLFFQN0nStdkyGLg
  • 17.
  • 18.
  • 19.
  • 20.
    • MALTEGO LOCALTRANSFORM DEMO http://www.paterva.com/web6/documentation/m3g uidetransforms.pdf
  • 21.
    • MALTEGO MACHINEDEMO http://www.paterva.com/msl.pdf
  • 22.
    OTHER RESOURCES/TOOLS • GoogleAdvanced Search: https://www.google.com/advanced_search • Internet Search Engine: http://zoomeye.org • Jeffrey's Exif Viewer: http://regex.info/exif.cgi • TinEye Reverse Image Search: https://www.tineye.com/ • Pipl People Search Engine: https://pipl.com/ • Internet Archive: http://archive.org/web/web.php • Domain tool: https://w3dt.net/ • Social Media Search: http://socialmention.com/
  • 23.
    GREETS #FREEHUGS • AssiBarak- Software Group Manager BIU • John Matherly- Shodan • Tim Tomes & Open Source Community- Recon-ng • ElevenPaths Team- FOCA • Paterva Team- Maltego
  • 24.