This document discusses tools and techniques for open source intelligence (OSINT) gathering. It provides an overview of OSINT and lists many free online resources that can be used to find public information about people, including social media profiles, contact details, and background checks. It also introduces tools for searching the deep web and dark web, geolocation tracking on social media, cloning websites, testing email addresses, and more. The goal is to educate "social detectives" on how to efficiently search public records and online profiles to gather intelligence using only open source information.
This document discusses tools and techniques for open source intelligence (OSINT) gathering. It provides an overview of OSINT and lists many free online resources that can be used to find public information about people, including social media profiles, contact details, and background checks. It also introduces tools for searching the deep web and dark web, geolocation tracking on social media, cloning websites, testing email addresses, and more. The goal is to educate "social detectives" on how to efficiently search public records and online profiles to gather intelligence using only open source information.
This document discusses tools and techniques for open source intelligence (OSINT) gathering. It provides an overview of OSINT and lists many free online resources that can be used to find public information about people, including social media profiles, contact details, and background checks. It also introduces tools for searching the deep web and dark web, geolocation tracking on social media, cloning websites, testing email addresses, and more. The goal is to educate "social detectives" on how to efficiently search public records and online profiles to gather intelligence using only open source information.
Learn the basics; Boolean, Email finding, research, etc.
Tool are meant to help you do it faster not replace the basics Social Detective – Is a person who utilizes standard detective and research skills and processes to find and or put together information. For recruiting that means profiles, and contact info OSINT-Open Source Intelligence Gathering Open Source Intelligence (OSINT) is a term used to refer to the data collected from publicly available sources to be used in an intelligence context. In the intelligence community, the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources).
Huge amount of Social engineering tools and search capabilities
Facebook, Twitter, email, phone etc A one stop shop for the Social Detective Example of OSINT Resources Black Book Online (public records) Canada411 Intellius MarketVisual Peekyou Phonebook of the World Pipl Public Records Rootsweb Snitch.name (username search) Spokeo UserSearch Webmii TOR Browser The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody from watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked. 1. notice the url- chrishawtrey 2. Notice of course his name Chris Hawtrey 3. Amazing Hiring showing Github, FB, tw-Follow the bread crumbs to FB (also Connectifier Social Links shows the same) 1. Notice the Url-Hawtry 2.Notice now Prophet-FB, Klout, Li, Tw and Website. 3. We follow the bread crumbs to the website 1. Notice the url- hawtrey.us 2. Not much else but still enough 3. Put the Url into Domain Availability All the other info we acquired
1. name Chris Hawtrey
2. hawtry 3. chrishawtrey (also on klout) 4. email was chris.hawtrey@gmail.com 1. Common work and personnel-top name variations. 2. Big Common Personnel-top 6 email domains with top 11 combinations of name. 3. Domain Email-most common emails for owned domains. 4. User Name-For creating common permutations for user names. 5. All up-45+ different permutations for an email with fname, lname, mname, and domain Email Testing • Toofr • Email Checker • Verifalia • Hunter • Bulk Email Verifier • EmailChecker • Email Qualifier Social Name Check Tools • Knowem • Namechk • Check usernames • https://usersearch.org/ • http://snitch.name/ GeoTrack-Send, track, geo track your email Oryon C Portable • This is the detectives browser-links to multiple tools that can help you such as: • People Searches, Company Searches, Deep Web, Social media Search, Document Search, OSINT and more Open Source Intelligence Browser Ext Creepy GEO OSINT • A Geolocation OSINT Tool. Offers geolocation information gathering through social networking platforms. • Uses-Twitter, G+, Flickr, Instagram • Example-searching Athens for a particular users geo locations HTTrack Website Copier • HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility. • It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. • It basically will copy and reproduce the entire site or part of the site you pointed it to on your computer, all the data everything. In the folder will also be a text version of the page as well as a text version of any connected pages which for this is their email. Scythe:Account enumerator • This tool was created with 2 main use cases in mind: • - The ability to test a range of email addresses across a range of sites (e.g. social media, blogging platforms, etc...) to find where those targets have active accounts. This can be useful in a social engineering test where you have email accounts for a company and want to list where these users have used their work email for 3rd party web based services. - The ability to quickly create a custom testcase module and use it to enumerate for a list of active accounts. Using either a list of know usernames, email addresses, or a dictionary of common account names. • Checks over 700 places to verify emails, usernames, etc. MaltegoCE- the great equalizer The Gold Standard in OSINT 1.Allows you to find virtually anything 2.Provide a little and get a lot 3. You can search with a name, username, social search, company, Domain, IPadress, location, picture url and much much more 4.You can connect pieces of info and rerun to target even more 5.You can create or get extra tranformers Buscador – the ANSWER • This is a OSINT Linux Virtual Machine- that can work on any OS using Virtual Box (allows you to run Linux on a Windows machine via Virtualization). • Comes with: Custom Firefox Install and Add-Ons, Custom Chrome Install and Extensions, Tor Browser, Custom Video Manipulation Utilities, Custom Video Download Utility, Recon-NG, Maltego, Creepy, Metagoofil, MediaInfo, ExifTool, TheHarvester(gathers emails from a webapge and domains), Wayback Exporter(lets you export large results from the internet archieve), HTTrack Cloner, Web Snapper, Knock Pages, SubBrute, Twitter Exporter, Tinfoleak, BleachBit, VeraCrypt, KeePass Other OSINT Tools • OSIRT-Open Source Internet Research tool • FAW-Forensic Acquisition Website • Glance-uses work emails to find other info such as personnel emails, phone, social and more • Shodan-allows you to search devices connected over the internet
• OSINT tool list-my list of over 1500 OSINT tools
OSINT Framework • Dean Da Costa, SP, TSIP, STIL • The Search Authority • http://www.linkedin.com/in/deandacosta • http://thesearchauthority.weebly.com/ • searchauthority@comcast.net • 206-214-5337 Mobile • 253-520-3305 Office • “Finding what Cannot be found” • “Helping people connect with their destiny”
• Top 25 Must Read Blogs for Recruiters #12
• http://hr.sparkhire.com/human-resources-news/spark-hires-top-25-must-read- blogs-for-recruiters/ • 2012 HRE #1 most influential Recruiter • http://www.hrexaminer.com/lists/online-influence-recruiting-2012-v5