Hello all,
This are my talk slides at null mumbai on one of the utilization of open source intelligence(OSINT)
it shows how we can use OSINT and explore more attack surface in a pentest.
This are my talk slides at null mumbai on one of the utilization of open source intelligence(OSINT)
it shows how we can use OSINT and explore more attack surface in a pentest.
Tools links and some information :
metadata:
FOCA - http://www.informatica64.com/foca.aspx
focaonline - http://www.informatica64.com/foca/
Metagoofil - http://www.edge-security.com/metagoofil.php
exiftool - http://www.sno.phy.queensu.ca/~phil/exiftool/
online exif - regex.info/exif.cgi
image search: for extracting metadata out of them
http://tineye.com
http://picfog.com
https://twitpic.com/search
http://www.pixsy.com/
http://www.flickr.com/
document resource search: for extracting metadata out of them
Docstoc - http://www.docstoc.com/
Scribd - http://www.scribd.com/
SlideShare - http://www.slideshare.net/
PDF Search - http://www.pdf-search-engine.com/
Toodoc - http://www.toodoc.com/
google 'filetype:' oprator
metadata removal:
MAT - https://mat.boum.org/
Oometa extractor - https://oometaextractor.codeplex.com/
Doc scrubber - http://www.javacoolsoftware.com/docscrubber.html
openDLP - https://code.google.com/p/opendlp/
myDLP - http://www.mydlp.com/
Tools with plenty of OSINT functions:
netglub - http://www.netglub.org/
maltego - http://www.paterva.com/
HconSTF - http://www.hcon.in/
network related info:
http://serversniff.net/
http://www.robtex.com/
centralops - http://centralops.net/co/
software info:
shodanhq - http://www.shodanhq.com/
netcraft - http://toolbar.netcraft.com/site_report?url=
wappalyzer - http://wappalyzer.com/
meta generator version check - https://addons.mozilla.org/en-US/firefox/addon/meta-generator-version-check/
http://www.1337day.com/webapps
password list generator:
wyd - http://www.remote-exploit.org/content/wyd-0.2.tar.gz
cupp - http://www.remote-exploit.org/content/cupp-3.0.tar.gz
crunch - http://sourceforge.net/projects/crunch-wordlist/
cewl - http://www.digininja.org/projects/cewl.php
email info: email , username ,people info
theharvester - http://www.edge-security.com/theHarvester.php
esearchy - https://github.com/FreedomCoder/esearchy
dorking tools: for software info , vulnerability analysis , password
ghdb - http://www.exploit-db.com/google-dorks/
sitedigger - http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx
seat - http://midnightresearch.com/projects/search-engine-assessment-tool/
searchdiggity - http://www.stachliu.com/resources/tools/google-hacking-diggity-project/
user name search:
http://www.checkusernames.com/
http://knowem.com/
www.namechk.com
http://webmii.com/
social networks:
www.facebook.com
www.twitter.com
www.myspace.com
people info:
http://www.123people.com/
http://pipl.com/
http://youropenbook.org/
fbpwn - https://code.google.com/p/fbpwn/
geo location:
http://www.infosniper.net/
http://twittermap.appspot.com
http://www.geobytes.com/iplocator.htm
creepy - http://ilektrojohn.github.com/creepy/
tool having some mixed functions:
passive recon - https://addons.mozilla.org/en-US/firefox/addon/passiverecon/
metadata:
FOCA - http://www.informatica64.com/foca.aspx
focaonline - http://www.informatica64.com/foca/
Metagoofil - http://www.edge-security.com/metagoofil.php
exiftool - http://www.sno.phy.queensu.ca/~phil/exiftool/
online exif - regex.info/exif.cgi
image search: for extracting metadata out of them
http://tineye.com
http://picfog.com
https://twitpic.com/search
http://www.pixsy.com/
http://www.flickr.com/
document resource search: for extracting metadata out of them
Docstoc - http://www.docstoc.com/
Scribd - http://www.scribd.com/
SlideShare - http://www.slideshare.net/
PDF Search - http://www.pdf-search-engine.com/
Toodoc - http://www.toodoc.com/
google 'filetype:' oprator
metadata removal:
MAT - https://mat.boum.org/
Oometa extractor - https://oometaextractor.codeplex.com/
Doc scrubber - http://www.javacoolsoftware.com/docscrubber.html
openDLP - https://code.google.com/p/opendlp/
myDLP - http://www.mydlp.com/
Tools with plenty of OSINT functions:
netglub - http://www.netglub.org/
maltego - http://www.paterva.com/
HconSTF - http://www.hcon.in/
network related info:
http://serversniff.net/
http://www.robtex.com/
centralops - http://centralops.net/co/
software info:
shodanhq - http://www.shodanhq.com/
netcraft - http://toolbar.netcraft.com/site_report?url=
wappalyzer - http://wappalyzer.com/
meta generator version check - https://addons.mozilla.org/en-US/firefox/addon/meta-generator-version-check/
http://www.1337day.com/webapps
password list generator:
wyd - http://www.remote-exploit.org/content/wyd-0.2.tar.gz
cupp - http://www.remote-exploit.org/content/cupp-3.0.tar.gz
crunch - http://sourceforge.net/projects/crunch-wordlist/
cewl - http://www.digininja.org/projects/cewl.php
email info: email , username ,people info
theharvester - http://www.edge-security.com/theHarvester.php
esearchy - https://github.com/FreedomCoder/esearchy
dorking tools: for software info , vulnerability analysis , password
ghdb - http://www.exploit-db.com/google-dorks/
sitedigger - http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx
seat - http://midnightresearch.com/projects/search-engine-assessment-tool/
searchdiggity - http://www.stachliu.com/resources/tools/google-hacking-diggity-project/
user name search:
http://www.checkusernames.com/
http://knowem.com/
www.namechk.com
http://webmii.com/
social networks:
www.facebook.com
www.twitter.com
www.myspace.com
people info:
http://www.123people.com/
http://pipl.com/
http://youropenbook.org/
fbpwn - https://code.google.com/p/fbpwn/
geo location:
http://www.infosniper.net/
http://twittermap.appspot.com
http://www.geobytes.com/iplocator.htm
creepy - http://ilektrojohn.github.com/creepy/
tool having some mixed functions:
passive recon - https://addons.mozilla.org/en-US/firefox/addon/passiverecon/