Unlocking the Power of OSINT
Before launching a cyberattack (or performing a penetration test) gathering as much information about target as possible is essential to enhance the possibility of exploiting the target.
This, however, needs to be done without the target’s knowledge or triggering any of the security measures in place. This means it needs to be done passively.
This can be done with scrounging through publicly available information available online. This is known as OSINT, or Open Source Intelligence. Anything of value can be used, from videos to press conferences to reports to books to even articles in the newspaper.
Purpose of OSINT :
- Investigating Potential Security Threats — So imagine you’re a system administrator at a Company. You need to know what services are running on those systems and the versions of those services. Once you know the versions, you can do OSINT and see if these are vulnerable.
- Conducting background checks on individuals and organisations — So imagine you’re hiring someone for your company. You need to perform background checks for him . Basically you’re handing him the responsibility of working in your company right? So background checks are necessary in that case.
- Identifying potential business opportunities — So imagine you have a penetration testing company. You perform pentests for different companies. You can perform a quick OSINT to see which companies are vulnerable to what and then sell them your pentesting service.
- Keeping track of emerging trends and technologies — So If you perform an OSINT, you can know what’s popular among people these days and I’m not just talking about Cybersecurity. For example, take the fashion industry right. The head of a fashion company can do a quick OSINT and see what’s in the trend nowadays and keep making similar products to profit from it.
3 Major Benefits of using OSINT :
- Less Risky — Using publicly available information has absolutely no risk. On the other hand, using humans, such as spies, to collect information is very risky.
- Less Expensive — OSINT can be done for free. But other intelligence sources, like human resources or spy satellites to collect intelligence, can become very expensive.
- Ease of Accessibility — OSINT is always available everywhere, no matter who you are. Because........ Google is always available to everyone right.
Next is OSINT tools. These are basically tools that help in performing OSINT. One of the most popular as well as powerful tool is Shodan.
Shodan
Shodan is the world’s first search engine for IOT devices (devices connected to the internet). Shodan can search for specific types of devices and industries, such as power plants, traffic lights, and hospitals. Moreover Shodan has indexed over 5 billion devices and has helped in finding security vulnerabilities in these systems. Shodan has been used by both researchers and cyber criminals.
Shodan search queries help filter out the results and enables us to find the devices we are looking for. Queries can be constructed using various filters and operators, such as keywords, IP addresses, ports, and software versions. The results of a Shodan search query can include information such as IP addresses, hostnames, operating systems, open ports, and service banners.
Shodan Search query examples -
- “webcamXP port:80"
This query will search for all devices running webcamXP software and using port 80. This could be used to find webcams that are accessible on the Internet and may have poor security configurations. The results will include information such as the IP address, operating system, and any open ports for each device.
2. “title:index of intitle:’index of /’"
This query searches for websites that have an index page that is publicly accessible, which may contain sensitive information. The results will display a list of website URLs that have "index of /" in the title, indicating that the contents of the website's directory are publicly accessible.
3. "admin panel"
Searches for administrative panels that are publicly accessible on the Internet, which could be a security risk.
4. "Minecraft server port:25565"
Searches for all Minecraft servers running on port 25565.
5. "IP camera"
Searches for all Internet Protocol (IP) cameras connected to the Internet, which can be used for surveillance but also pose privacy risks if not properly secured.
6."apache struts2"
Searches for devices that are running the Apache Struts2 web application framework, which has been the target of several high-profile security breaches in the past.
OSINT Framework
Like Shodan, many OSINT tools can be found on here.
It is designed to be a one-stop-shop for finding and organizing information, and includes categories such as people search, geolocation, cybersecurity, and dark web resources. The goal of the OSINT Framework is to make it easier for individuals to access and use publicly available information to answer questions and support decision making.
In conclusion, OSINT is a valuable tool for gathering and analyzing information, but it must be used with care and caution to ensure that the information gathered is accurate and reliable.