OSINT

The first thing to do when starting OSINT collection on an organisation is to do an internet and social media search. This inlcudes creating a list of individuals who work for the company. If the individual is high value (C-level or or IT related) an attacker would look into them specifically aswell.

Social media profiles can contain loads of information. This includes locations the target frequently goes to or confidential information in the backgroud. Make note of any information you notice especially passwords stuck to pc monitors.

Starting automated searches first can speed up the process. This is since you can have them running in the background while looking at other sources. Also all the easy to get information can help define your search and give ideas of what to look for.

Search Engines

• Google - https://www.google.com/

• Google Advanced Search - https://www.google.com/advanced_search

• Google Search Guide - http://www.googleguide.com/print/adv_op_ref.pdf

• Bing - https://www.bing.com/

• Bing Search Guide - https://www.bruceclay.com/blog/bing-google-advanced-search-operators/

• Yandex - https://yandex.com/

• DuckDuckGo - https://duckduckgo.com/

• DuckDuckGo Search Guide - https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/

• Baidu - http://www.baidu.com/

Google Hacking

Google and other web browsers can be manipulated to find out specific information like hidden files or passwords. These are some good example searches.

site:twitter.com companyname
site:linkedin.com companyname
site:facebook.com companyname
site:example.com filetype:pdf    (looks for pdf documents also try docx, xlsx, ect)
Site:website.com password filetype:pdf    
Site:website.com intext:password    (looks for the word password in website text)
site:website.com inurl:dev    (looks for dev sites)
site:website.com -www    (brings back every subdomain which does not include www)

TheHarvester

theharvester -d example.com -l 500 -b all

TheHarvester works best with as many APIs as you have.

edit /etc/theHarvester/api-keys.yaml to add new api keys.

Resources

• Hunter.io – https://hunter.io/

• Phonebook.cz – https://phonebook.cz/

• VoilaNorbert – https://www.voilanorbert.com/

• Email Hippo – https://tools.verifyemailaddress.io/

• Email Checker – https://email-checker.net/validate

• Clearbit Connect – https://chrome.google.com/webstore/detail/clearbit-connect-supercha/pmnhcgfcafcnkbengdcanjablaabjplo?hl=en

• Email and breached data OSINT

• breach-parse – https://github.com/hmaverickadams/breach-parse