Open in app

Sign up

Sign in

Write

Sign up

Sign in

InfoSec Write-ups

Home

Newsletter

About

Follow publication

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties…

Follow publication

The Power of Open Source Intelligence | OSINT | CTF Newbies

Introduction:

Welcome to the world of open-source intelligence (OSINT)! In this beginner-friendly guide, we’ll explore how OSINT can empower you to gather valuable information from publicly available sources. Let’s dive in!

What is OSINT?

OSINT stands for Open Source Intelligence. It involves collecting and analyzing information from publicly accessible sources like websites, social media, and government databases. It’s like being a digital detective, using online tools and techniques to uncover insights.

Categories of OSINT:

  • Publicly Available Documents
  • Web Data
  • Network Data
  • Geospatial Data
  • Media Data

Common OSINT Tools:

  • Harvester: This tool is great for searching and collecting emails, subdomains, hosts, and employee names from search engines.
  • Shodan: Use Shodan as a search engine for Internet-connected devices like IoT devices, webcams, and servers.
  • Censys: Censys is a search engine that lets you search for and analyze Internet-connected devices and networks.
  • Maltego: Start by creating a new graph and adding entities like email addresses, domain names, or IP addresses. Maltego will then automatically gather and visualize related information, helping you see connections between different data points.

Finding email addresses:

Hunter.io:Hunter.io is a powerful email search tool that scours the web to find email addresses associated with a specific domain. It utilizes various sources, including public websites and social media platforms, to compile a list of email addresses related to your search query.

Email Verification Tools: Once you’ve compiled a list of potential email addresses, it’s essential to verify their validity. Email verification tools like Email Hunter, NeverBounce, and Verifalia help you ensure that the email addresses you’ve found are active and deliverable.

Username and Email Search:

Users can search for a specific username or email on dating sites. Some platforms allow users to verify usernames by entering them after the site’s URL.

Image Searching :

Each search engine has its capabilities Yandex is better than Google in terms of image searching as I have used it and gives better results than Google.Also, TinEye works great for reverse image searching.

Yandex: https://yandex.com

TinEye: https://tineye.com

Reverse Image Search:

This technique involves using reverse image search tools to find other online profiles associated with a particular image. It helps identify fake or duplicate profiles.

Metadata Extraction:

Metadata embedded in photos uploaded to dating sites can contain information such as the time and location the photo was taken. Tools like Exiftool can extract this information.

Profile Analysis:

Analyzing profiles on dating sites provides insights into a person’s interests, habits, and social circle, aiding in understanding their background and authenticity.

Google Dorking:

Advanced Google search techniques, known as Google Dorking, help find information not easily accessible through simple searches, potentially revealing hidden profiles or information.

Gathering mobile number information:

PhoneInfoga:

PhoneInfoga is a command-line tool used to gather information about phone numbers. It can provide details such as the carrier, location, and whether the number is associated with scams.

Scylla:

Scylla helps find all social media accounts associated with a particular username, including Instagram, Twitter, websites, phone numbers, and names.

Web Search:

Conducting web searches using search engines can reveal information associated with a phone number, including social media profiles and online accounts.

Reverse Phone Lookup Services:

Online services offer a reverse phone lookup, providing details like the owner’s name, location, and more by entering the phone number.

Exploring domain names:

Whois Lookup: A query revealing domain registration details is useful for identifying domain owners. Tools like Whois.net and DomainTools simplify this process.

DNS Lookup: Discovers DNS records associated with a domain, including A, MX, and TXT records. Dig, Nslookup, and MxToolbox are handy tools for this task.

Navigating Tor:

Tor Browser: Facilitating anonymous communication, the Tor Browser routes internet traffic through relay nodes, which is crucial for accessing the dark web.

Onion Sites: These websites are accessible only through the Tor network, providing access to information not available on the surface web.

Onion Crawling: indexes and searches onion sites, revealing hidden resources like forums or databases. Tools like Ahmia and OnionScan assist in this process.

Finding Usernames:

Username Search Engines: Pipl, UserSearch, and IntelTechniques Username searches allow users to search for usernames across multiple platforms, revealing profile information and activity.

Social Media Platforms: Platforms like Twitter, Instagram, and LinkedIn enable searching for users by their usernames, providing insights into their online presence.

Username Generators: Tools like SpinXO and UsernameGenerator help generate potential usernames based on keywords, aiding in username discovery.

By mastering these fundamental OSINT techniques and tools, beginners can unlock valuable insights from publicly available information, empowering them to navigate the digital world with confidence.

Sherlock:-

Sherlock is an open-source tool designed for digital forensic investigation and Open Source Intelligence (OSINT) gathering. It’s primarily used for collecting and analyzing information from various social media platforms, websites, and online resources to aid in investigations, threat intelligence, or reconnaissance activities.

GitHub - sherlock-project/sherlock: 🔎 Hunt down social media accounts by username across social…

🔎 Hunt down social media accounts by username across social networks - sherlock-project/sherlock

github.com

Conclusion:-

In conclusion, OSINT provides a transformative journey into uncovering hidden truths from publicly available information. With tools like Harvester and Shodan, coupled with advanced techniques such as Google Dorking and profile analysis, individuals navigate the digital realm with confidence. Collaboration and expertise enhance exploration, empowering novices to decode the complexities of the modern world. Additionally, integrating paid and ethical tools ensures comprehensive and responsible information gathering practices.

Contributions —

Daksh Bhagwani

Aditya Das

Devansh Gupta

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Sign up for free

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Try for $5/month
Osint
Ctf
Ctf Walkthrough
Htb
Cybersecurity
InfoSec Write-ups
InfoSec Write-ups
Follow

Published in InfoSec Write-ups

55K Followers
Last published 23 hours ago

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow
HackTheBox SRMIST
HackTheBox SRMIST
Follow

Written by HackTheBox SRMIST

195 Followers
2 Following

HackTheBox SRMIST focuses on training the next-gen of cyber-warriors transforming the cyber space in SRMIST and beyond. https://htbchennai.in/

Follow

Responses (1)

Write a response

What are your thoughts?