Open Source Intelligence Tools (OSINT)
Whether you want to check your corporate exposure to hackers and foreign governments, or you’re trying to see how much of your personal information is out there, OSINT suites are excellent resources.
Think of OSINT as a vetting software toolkit. In the right hands, these tools can improve your security and provide helpful insights. In the wrong hands, these tools can ruin lives and serve as a way to exploit or alienate others. So make sure that you’re following the highest ethical standards when engaging in OSINT analysis.
What Does OSINT Stand For?
OSINT is shorthand for Open Source INTelligence tools. OSINT can represent the singular or plural version of the term, and even the activity of using said tools, depending on context. So don’t get hung up on sentence structures when you see the term ‘OSINT’.
These tools are either free to use, or free to compile from their source code. Some versions of the tools will have a separate commercial suite with certain added features, but the free, core product generally remains useful.
What Are Some Examples Of OSINT?
Although not every link is currently active, the OSINT Framework site provides a great list of resources in common use by both amateur and professional intelligence enthusiasts.
For example, just using Google might seem like an obvious way to start your OSINT activities. But there are specific parameters that you can use that will greatly narrow down the results in order to produce target lists or potential threat vectors. Collectively, this kind of search is called Google Dorking. It leverages the power of the biggest search engine in the world to gather specific, actionable intelligence on a site.
Popular OSINT activities include social media scraping (such as ScrapedIn), default password or settings lists, ID generation for online personas, phishing sources for checking legitimacy or setting up a patsy, seven degrees checkers to gauge circles of influence (like LittleSis), vetting software, and more traditional spycraft and intel gathering tools.
Who Uses OSINT?
The answer should be ‘everyone’. Sadly, that’s not the case.
Checking your own (or your company’s) exposure to external threats should be a regular activity that people perform periodically in this day and age. But some people don’t have the time, others lack the technical knowhow, and still others relegate the job to third parties (credit check services, reputation investigation services, etc.) many of whom are underqualified to perform the task correctly.
The most common users of OSINT end up being hackers, private investigators, law enforcement officials, spies, consultants, and infosec professionals.
Some of the language used in both discussion and documentation is slanted towards one or more of these groups. Don’t let that put you off. Learn the lingo, use the tools, and don’t worry about whether or not you ‘belong’ to any specific community. In the end, the information is more important than the artificial social constructs that surround it.
What OSINT Suites Are The Most Useful?
That depends entirely on what your end goal is, and how much formal security or reconnaissance training you have. But generally speaking, there are some tools that everyone should at least know about.
Metasploit: This is one of the best pen testing frameworks on the planet. It’s used by the ‘good guys’, the ‘bad guys’, and internally by all manner of utilities and automated resources. The documentation is incredibly detailed, and there’s a Pro version if you need those extra features or just want to support the developers.
Shodan: There will eventually be over a hundred billion devices on the Internet of Things, it’s simply a matter of time. At the moment, Shodan indexes just a portion of the 14 billion IoT devices in the world… and yet that’s still immensely useful.
LittleSis: Already mentioned as an example of gauging circles of influence, LittleSis is one of the best ways to see how rich and powerful people can mess with you, either professionally or personally. It is a who’s who of political and financial power, nepotism, favoritism, and information sharing.
Black Book Online: This one is US based, though there are similar sites for several countries that keep public legal records. This is a search engine specifically for court resources, court cases, and the criminal records that they generate. Key vetting software for checking out individuals who want access to your personal space, your company, or your family.
HaveIBeenPwned: This is one that everyone should know about, included for completeness’ sake. This is a database of usernames (often manifesting as email addresses) and passwords that have been publicly shared in hacker communities or archives. It lets you know if you should change your password on certain sites, or preferably all sites using a password manager.
AmIUnique: This is a test platform for one of the most insidious tracking techniques available in both the corporate and hacking worlds: Browser fingerprinting. By doing an analysis of browser, device, and profile information that you commonly share with websites, AmIUnique can tell you if you can be tracked without ever logging into anything, even through a VPN or Onion networking (yes, even through the Dark Web).
Social Searcher: A social analytics and notification utility. This can be used to monitor influencer mentions, publicly aired complaints, competitor announcements, personal information leaks or mentions, and other social media happenings.
Why Is OSINT Important In The Modern World?
People throw around phrases like ‘Big Brother’ and ‘personal privacy’ without really understanding the true scope of what’s happening out there.
The resources listed as OSINT are only the free, publicly available tools. Imagine for a moment the commercial and governmental tools that aren’t available to the public. In fact, you don’t need to imagine them. Leaks from people like Snowden give us the abilities of some of those tools in chilling detail.
OSINT is one of the few ways you can defend yourself or your company against outside intelligence and hacking entities, both in the cybersecurity sense and reputationally. At the very minimum, consider setting up a quarterly calendar event that sets aside an hour to check your online safety using some of these tools. You owe yourself at least that much peace of mind.
