What is OSINT and how it is used?
OSINT term is a short form of (Open-Source Intelligence Tool). Here the word Open-source does not refer to freeware (open-source software) But here it is showing the acquisition of free & publicly available data. Any type of information about a person or an organization found on any type of social media, print media, are on TV can be related to this. Simple open-source intelligence is a smart method to gather information about the target. For Example: If you are collecting information about a person like, What is his full name, date of birth, place of birth, profession, hobbies, activities, social media platform accounts, everything related to this type of intelligence is sheltered under the OSINT. Maybe the term OSINT is new to you, but people interested in cyber-security are well aware of this term.
Why OSINT is used?
The pen-testers and attackers must know every single detail about their target, the information gathered earlier ease their work and efficiency. And they have to collect this information without being acknowledged by the target, therefore their priority is to collect publicly available data. Here comes the main use case of OSINT. OSINT provides a smarter way to collect information about the target without being exposed.
What are the OSINT Frameworks?
In our modern world, there are lots of information sources available, from where the information is gathered. If this process is done manually it might take years to do so. While doing OSINT jobs, pentesters used multiple tools, & later on, these separated tools were being combined and named OSINT frameworks. In other words, the OSINT framework is a cluster of multiple open-source intelligence tools which perform data scans on multiple databases instantly.
If you are searching for OSINT websites for tracking someone then it could be a less clear answer to tell, which are the exact OSINT websites but it is quite clear that social media websites have huge databases of peoples’ and businesses’ information you can get fruitful results there, besides that you can collect some information from popular search engines. But here if you have a technical mind you can do a lot more things using search techniques like Google Dorks.
1. Shodan: Shodan is the most powerful website among cyber security professionals. They use this website for information gathering and footprinting. Shodan is a powerful search engine for devices belonging to IoT (Internet of Things), every device like wifi router, web camera, security camera, etc with a default password can be found here. Shodan shows you the ports exposed on the internet. Millions of IoT devices are exposed and available on the shodan website.
2. Meltego: In 2007, a South African, developer Paterva developed this OSINT tool in the JAVA language. Meltego is one of the most powerful OSINT tools that can mine the data and visualize it in easily readable graphics. Meltego transforms the results data into graphical insights to be read quickly. Meltego comes pre-installed with Kali Linux and only registered users can access this tool. To use this tool, one should register an account there.
3. Maryam OSINT Tool (Maryam Framework): Maryam software was developed in Python, it can do lots of things to get things easily done. It has enough power to crawl websites and collect Regexp Data, it can get collect emails, links, sub-domains, documents, and keywords from search engines.
4. The Harvestor: This OSINT tool was also written in Python and has great usability like it can be used to fetch information like: Subdomains, emails, exposed or opened ports, and website banners. this also comes pre-installed with Kali Linux.
5. PhoneInfoga: As the name, PhoneInfoge tells us this tool deals with open-source intelligence worldwide phone numbers. The number registered on the various platforms and phonebooks like Yellowpages are easily found with this tool. Information gathering for a phone number is easily availed by this OSINT tool.
6. The Tiny Eye: Just like Google Lens Tiny eye is also a service that works with images. Tiny Eye is an AI-based image searching that can search any image matching results online.
To summarize there are lots of OSINT tools developed till now to help security professionals with their work. But if you care about your online privacy you have to be careful with yourself and never share any personal information which may cause any trouble for you. You can always use a VPN as a preventive measure to avoid privacy-related issues and use a search engine like duckduckgo which doesn’t collect any user data.