What do you think?
Rate this book
Open Source Intelligence Methods and Tools: A Practical Guide to Online Intelligence
Apply Open Source Intelligence (OSINT) techniques, methods, and tools to acquire information from publicly available online sources to support your intelligence analysis. Use the harvested data in different scenarios such as financial, crime, and terrorism investigations as well as performing business competition analysis and acquiring intelligence about individuals and other entities. This book will also improve your skills to acquire information online from both the regular Internet as well as the hidden web through its two the deep web and the dark web.
The author includes many OSINT resources that can be used by intelligence agencies as well as by enterprises to monitor trends on a global level, identify risks, and gather competitor intelligence so more effective decisions can be made. You will discover techniques, methods, and tools that are equally used by hackers and penetration testers to gather intelligence about a specific target online. And you will be aware of how OSINT resources can be used in conducting social engineering attacks.
Open Source Intelligence Methods and Tools takes a practical approach and lists hundreds of OSINT resources that can be used to gather intelligence from online public sources. The book also covers how to anonymize your digital identity online so you can conduct your searching activities without revealing your identity.
What You’ll Learn
Who This Book Is For Penetration testers, digital forensics investigators, intelligence services, military, law enforcement, UN agencies, and for-profit/non-profit enterprises
The author includes many OSINT resources that can be used by intelligence agencies as well as by enterprises to monitor trends on a global level, identify risks, and gather competitor intelligence so more effective decisions can be made. You will discover techniques, methods, and tools that are equally used by hackers and penetration testers to gather intelligence about a specific target online. And you will be aware of how OSINT resources can be used in conducting social engineering attacks.
Open Source Intelligence Methods and Tools takes a practical approach and lists hundreds of OSINT resources that can be used to gather intelligence from online public sources. The book also covers how to anonymize your digital identity online so you can conduct your searching activities without revealing your identity.
What You’ll Learn
Who This Book Is For Penetration testers, digital forensics investigators, intelligence services, military, law enforcement, UN agencies, and for-profit/non-profit enterprises
377 pages, Paperback
Published July 1, 2018
49 people are currently reading
106 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
April 20, 2020
Understanding the data that is publicly available about you and your employees is an essential element of any proactive protective security strategy. If you are familiar with the Cyber Kill Chain or the Cognitive Attack Loop, you will be aware that reconnaissance is the starting point for any attack. Part of this reconnaissance is identifying what publicly available is available for the attacker to leverage against an individual or business.
In this book, Nihad provides an overview of the methods and tools that your attacker might be using against you, during their recon.
Knowing what they know is imperative to being adequately prepared to defend your realm. Readers of this book will get an insight into how an attacker thinks and behaves, enabling you to act proactively to develop proactive defences.
Imagine being able to alter or remedy any potential harmful vulnerability before an attacker can leverage them against you. This book will give you access to some of the OSINT methods and tools so that you can recon yourself, or your organisation.
FOREWARNED is being FOREARMED!
In this book, Nihad provides an overview of the methods and tools that your attacker might be using against you, during their recon.
Knowing what they know is imperative to being adequately prepared to defend your realm. Readers of this book will get an insight into how an attacker thinks and behaves, enabling you to act proactively to develop proactive defences.
Imagine being able to alter or remedy any potential harmful vulnerability before an attacker can leverage them against you. This book will give you access to some of the OSINT methods and tools so that you can recon yourself, or your organisation.
FOREWARNED is being FOREARMED!
August 27, 2018
The bad: nothing in particular.
The good: a good overview of OSINT techniques nowadays, ranging from corporate data to personal geolocation data, with specific examples and tools for each. Would be more helpful with specific examples for each situation, but I assume due to the sensitive nature of information, the authors decided not to.
The good: a good overview of OSINT techniques nowadays, ranging from corporate data to personal geolocation data, with specific examples and tools for each. Would be more helpful with specific examples for each situation, but I assume due to the sensitive nature of information, the authors decided not to.
July 6, 2023
Informative
This book contains a valuable trove of places to go to gather legitimate information about your target. It's good to have in your library for reference.
This book contains a valuable trove of places to go to gather legitimate information about your target. It's good to have in your library for reference.
July 20, 2023
A huge collection of OSINT tools, but very little about how to properly use them.
The Evolution of Open Source Intelligence
Definitions
• NOSINT: classified info that isn't properly protected, including leaked documents.
• Gray literature: sources legally available to the public through specific channels (books, journals, dissertations, technical reports, internal documents of commercial enterprises, commercial imagery, etc.).
• Open source data (OSD): generic data from a primary source.
• Open source information (OSINF): generic data that has undergone some filtering to meet a specific criterion or need; aka a secondary source.
• OSINT: info that has been discovered, filtered, and designated to meet a specific need or purpose.
• Validated OSINT (OSINT-V): OSINT with a high degree of certainty; confirmed (verified) using a non-OSINT source or from a highly reputable OSINT source.
Gray literature
• White: anything published publicly for sale through traditional bookstore channels (books, journals, newspapers).
• Ephemeral: short-lived literature (flight schedules, draft versions, copies of invoices, advertisements, posters, tickets, business cards, anything self-published).
• Gray: mix of white and ephemeral.
Introduction To Online Threats and Countermeasures
Dradis CE: open source reporting and collaboration tool which can combine output of tools like Burp, Nessus, Nmap, Qualys to create single report.
Identity generation
• https://www.fakenamegenerator.com
• https://names.igopaygo.com/people/fak...
• https://www.elfqrin.com/fakeid.php
The Underground Internet
Change your online identity and IP address for each dark web site you visit.
I2P is preferred over Tor for hosting anonymous sites and for making communications within the I2P darknet because it's faster and gives stronger anonymity. Tor is preferred to anonymize traffic when accessing the surface web, unlike I2P, which is almost unusable and too risky for this.
Search Engine Techniques
Website archives
• https://archive.org/web/
• https://archive.ph
• http://www.cachedpages.com
• https://github.com/jsvine/waybackpack
• https://www.loc.gov/web-archives/
• https://www.webarchive.org.uk/ukwa
• https://swap.stanford.edu
• https://oldweb.today/
• https://www.nationalarchives.gov.uk/w...
Information verification (hoaxes, fake news, misinformation, disinformation)
• https://www.snopes.com
• https://hoaxy.osome.iu.edu
• https://www.factcheck.org
• https://www.truthorfiction.com
People Search Engines and Public Records
People search engines
• https://www.truthfinder.com
• https://pipl.com
Search registries (wedding, baby, graduation, birthday, holiday, etc.).
Vital records (US birth certificates, death records, marriage licenses): http://www.vitalrec.com
Checking for usernames
• https://checkusernames.com
• https://namechk.com
• https://www.namecheckr.com
• https://usersearch.org/index.php
Technical Footprinting
Download a website
• https://www.httrack.com
• https://www.gnu.org/software/wget/
Website reputation checkers
• https://www.threatminer.org/index.php
• https://urlquery.net
• https://www.urlvoid.com
• https://www.threatcrowd.org
• https://sitecheck.sucuri.net
• https://www.malwareurl.com/index.php
• https://www.scumware.org
Subdomain discovery
• Google site:target.com -inurl:www
• https://www.virustotal.com/gui/home/s...
• https://dnsdumpster.com
Blacklist IP addresses
• http://www.blocklist.de/en/index.html
• http://iplists.firehol.org
• https://www.projecthoneypot.org/list_...
What’s Next?
OSINT process
1. Identify sources: identify sources from which to collect data (Internet, newspapers, magazines, commercial databases, etc).
2. Harvest data: use tools and passive techniques to gather data.
3. Process and verify data: process data, verify uncertain data by referencing more than one source if possible; exclude outdated and irrelevant data from further analysis.
4. Analyze data: analyze data and try to find connections to form a complete picture about target.
5. Deliver results: present easy-to-understand report of findings to relevant party.
The Evolution of Open Source Intelligence
Definitions
• NOSINT: classified info that isn't properly protected, including leaked documents.
• Gray literature: sources legally available to the public through specific channels (books, journals, dissertations, technical reports, internal documents of commercial enterprises, commercial imagery, etc.).
• Open source data (OSD): generic data from a primary source.
• Open source information (OSINF): generic data that has undergone some filtering to meet a specific criterion or need; aka a secondary source.
• OSINT: info that has been discovered, filtered, and designated to meet a specific need or purpose.
• Validated OSINT (OSINT-V): OSINT with a high degree of certainty; confirmed (verified) using a non-OSINT source or from a highly reputable OSINT source.
Gray literature
• White: anything published publicly for sale through traditional bookstore channels (books, journals, newspapers).
• Ephemeral: short-lived literature (flight schedules, draft versions, copies of invoices, advertisements, posters, tickets, business cards, anything self-published).
• Gray: mix of white and ephemeral.
Introduction To Online Threats and Countermeasures
Dradis CE: open source reporting and collaboration tool which can combine output of tools like Burp, Nessus, Nmap, Qualys to create single report.
Identity generation
• https://www.fakenamegenerator.com
• https://names.igopaygo.com/people/fak...
• https://www.elfqrin.com/fakeid.php
The Underground Internet
Change your online identity and IP address for each dark web site you visit.
I2P is preferred over Tor for hosting anonymous sites and for making communications within the I2P darknet because it's faster and gives stronger anonymity. Tor is preferred to anonymize traffic when accessing the surface web, unlike I2P, which is almost unusable and too risky for this.
Search Engine Techniques
Website archives
• https://archive.org/web/
• https://archive.ph
• http://www.cachedpages.com
• https://github.com/jsvine/waybackpack
• https://www.loc.gov/web-archives/
• https://www.webarchive.org.uk/ukwa
• https://swap.stanford.edu
• https://oldweb.today/
• https://www.nationalarchives.gov.uk/w...
Information verification (hoaxes, fake news, misinformation, disinformation)
• https://www.snopes.com
• https://hoaxy.osome.iu.edu
• https://www.factcheck.org
• https://www.truthorfiction.com
People Search Engines and Public Records
People search engines
• https://www.truthfinder.com
• https://pipl.com
Search registries (wedding, baby, graduation, birthday, holiday, etc.).
Vital records (US birth certificates, death records, marriage licenses): http://www.vitalrec.com
Checking for usernames
• https://checkusernames.com
• https://namechk.com
• https://www.namecheckr.com
• https://usersearch.org/index.php
Technical Footprinting
Download a website
• https://www.httrack.com
• https://www.gnu.org/software/wget/
Website reputation checkers
• https://www.threatminer.org/index.php
• https://urlquery.net
• https://www.urlvoid.com
• https://www.threatcrowd.org
• https://sitecheck.sucuri.net
• https://www.malwareurl.com/index.php
• https://www.scumware.org
Subdomain discovery
• Google site:target.com -inurl:www
• https://www.virustotal.com/gui/home/s...
• https://dnsdumpster.com
Blacklist IP addresses
• http://www.blocklist.de/en/index.html
• http://iplists.firehol.org
• https://www.projecthoneypot.org/list_...
What’s Next?
OSINT process
1. Identify sources: identify sources from which to collect data (Internet, newspapers, magazines, commercial databases, etc).
2. Harvest data: use tools and passive techniques to gather data.
3. Process and verify data: process data, verify uncertain data by referencing more than one source if possible; exclude outdated and irrelevant data from further analysis.
4. Analyze data: analyze data and try to find connections to form a complete picture about target.
5. Deliver results: present easy-to-understand report of findings to relevant party.
Displaying 1 - 4 of 4 reviews