domingo, 21 de junio de 2020

Best 25 OSINT Tools used by InfoSec Professionals


1. OSINT Framework

 While OSINT Framework isn't a tool to be run on your servers, it's a very useful way to get valuable information by querying free search engines, resources, and tools publicly available on the Internet. They are focused on bringing the best links to valuable sources of OSINT data.

 

2. CheckUserNames

CheckUserNames is an online OSINT tool that can help you to find usernames across over 170 social networks. This is especially useful if you are running an investigation to determine the usage of the same username on different social networks.
It can be also used to check for brand company names, not only individuals.

3. HaveIbeenPwned

HaveIbeenPwned can help you to check if your account has been compromised in the past. This site was developed by Troy Hunt, one of the most respected IT security professionals of this market, and it's been serving accurate reports since years.

4. BeenVerified

BeenVerified is another similar tool that is used when you need to search people on public internet records. It can be pretty useful to get more valuable information about any person in the world when you are conducting an IT security investigation and a target is an unknown person.

5. Censys

Censys is a wonderful search engine used to get the latest and most accurate information about any device connected to the internet, it can be servers or domain name

6. BuiltWith

BuiltWith is a cool way to detect which technologies are used at any website on the internet.

7. Google Dorks

While investigating people or companies, a lot of IT security newbies forget the importance of using traditional search engines for recon and intel gathering.
In this case, Google Dorks can be your best friend. They have been there since 2002 and can help you a lot in your intel reconnaissance.

8. Maltego

Is an amazing tool to track down footprints of any target you need to match. This piece of software has been developed by Paterva, and it's part of the Kali Linux distribution.
Using Maltego will allow you to launch reconnaissance testes against specific targets.

9. Recon-Ng

Recon-ng comes already built in the Kali Linux distribution and is another great tool used to perform quickly and thoroughly reconnaissance on remote targets.

10. theHarvester

theHarvester is another great alternative to fetch valuable information about any subdomain names, virtual hosts, open ports and email address of any company/website.

11. Shodan

Shodan is a network security monitor and search engine focused on the deep web & the internet of things.

12. Jigsaw

Jigsaw is used to gather information about any company employees. This tool works perfectly for companies like Google, Linkedin, or Microsoft, where we can just pick up one of their domain names (like google.com), and then gather all their employee's emails on the different company departments.

13. SpiderFoot

SpiderFoot is one of the best reconnaissance tools out there if you want to automate OSINT and have fast results for reconnaissance, threat intelligence, and perimeter monitoring.

14. Creepy

Creepy is a geo-location OSINT tool for infosec professionals. It offers the ability to get full geolocation data from any individuals by querying social networking platforms like Twitter, Flickr, Facebook, etc.

15. Nmap

Nmap is one of the most popular and widely used security auditing tools, its name means "Network Mapper". Is a free and open source utility utilized for security auditing and network exploration across local and remote hosts.

16. WebShag

WebShag is a great server auditing tool used to scan HTTP and HTTPS protocols. Same as other tools, it's part of Kali Linux and can help you a lot in your IT security research & penetration testing.

17. OpenVAS

OpenVAS (Open Vulnerability Assessment System) is a security framework that includes particular services and tools for infosec professionals.

18. Fierce

Fierce is an IP and DNS recon tool written in PERL, famous for helping IT sec professionals to find target IPs associated with domain names.

19. Unicornscan

Unicornscan is one of the top intel gathering tools for security research. It has also a built-in correlation engine that aims to be efficient, flexible and scalable at the same time.

20. Foca

FOCA (Fingerprinting Organizations with Collected Archives) is a tool written by ElevenPaths that can be used to scan, analyze, extract and classify information from remote web servers and their hidden information.

21. ZoomEye

ZoomEye is a Chinese IoT OSINT search engine that allows users to grab public data from exposed devices and web services. In order to build its database it uses Wmap and Xmap, and then runs extensive fingerprinting against all the information found, ultimately presenting it to users in a filtered and curated way for easy visualization.

22. Spyse

Spyse is another OSINT search engine that lets anyone grab critical information about any website in the world. Quite simply, Spyse is an infosec crawler that gets useful information for red and blue teams during the reconnaissance process.

23. IVRE

This infosec tool is frequently overlooked, but it has great potential in boosting your infosec discovery and analysis processes. IVRE is an open source tool that's built on a base of popular projects like Nmap, Masscan, ZDNS, and ZGrab2.

24. Metagoofil

Metagoofil is another great intel-reconnaissance tool that aims to help infosec researchers, IT managers, and red teams to extract metadata from different types of files

25. Exiftool

While a lot of OSINT tools focus on data found on public files such as PDF, .DOC, HTML, .SQL, etc., there are other tools that are specifically designed to extract critical Open Source Intelligence data from image, video and audio files.
Exiftool reads, writes and extracts metadata from the following types of files



Fuente: securitytrails.com/blog/osint-tools 

No hay comentarios: