Skip to main content

OSINT

By

 


MindMap for OSINT

- DNS Enum - Domian/Subdomain 
- Check the Services/Applications Running
- Organization Details
- Organization users 
- Organization Job Profiles 
- Google Dorks - Follow Google Hacking Database
User Recon - Finding Emails

- Check for the files on the website, download and exif all the files for info on the users. Use ExifTool, Strings
- PowerMeta can be used to gather the data from a domain 
- hunter.io - Can be used to find email address available online, free for first few times
- Awesome tool for finding Emails - Phonebook.cz
- voilanorbert.com - Gives 50 Free emails 
- clearbit.com - Chrome Extension
- check if the email is valid or not - Verifalia.com / verifyemailaddress.org
- Find Users from Linkedn via BridgeKeeper 
python bridgekeeper.py -c website.com
#can use the wordlist generator to create a set of wordlist "git clone https://github.com/captain-noob/username-list-generator.git"

- Automated recon using SpiderFoot
Gathering Breached Credentials

- Use heathadams breach-parse to find breached creds from a credential dump  
- Haveibeenpwned.com - Check if the email is present in some breach 
- Dehashed.com 
- 
Organization Technology Finder
#Similar to Wappalyzer but gives detailed information

https://builtwith.com/
Search Social Media Accounts of a user 

git clone https://github.com/sherlock-project/sherlock.git
python3 sherlock username --timeout 1
Twitter OSINT 

https://github.com/twintproject/twint 
 
pip3 install twint 

twint -u username 
Instagram OSINT - Instaloader

https://github.com/instaloader/instaloader 

#Installation
pip3 install instaloader

#Usage
instaloader profile UserName

#Downlaod GeoTags - might have to login 
instaloader -G UserName


Instagram OSINT - Osintgram
git clone https://github.com/Datalux/Osintgram.git
cd Osintgram
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

#update your creds in credentials.ini file in config folder

#Start Enum
python3 main.py TargetUserName

Finding Users/Locations with Images - Image Reverse Search

use the chrome extension Fake News Debunker by Inv and right Click on the image select the extension and "Search All" 

- This will open a new tab on the browser with all search engines reverse search for the selected image. 
- You can also, go to https://lens.google.com, upload an image and look for it 
- if you want to add some text to image search, right click on the image and click "Scan with Google Lens", here is an option to add text 
- You can also use Yandex Image Search   
Image Reverse Seach - EXIF/Location

# Find Latitude and Longitude
- on Windows, you can right click on an image --> properties --> Details --> GPS 
- There are multiple online exif viewers as well
- or use Exif Viewer Pro Chrome Extension, use it by right clicking on the image and Select "Show EXIF Data"
- or use an offline version of EXIF Tool


# Youtube Metadata Viewer
go to https://mattw.io/youtube-metadata/ 


- First try to create a proper image of the location that you are looking for - search it on google, social media - find any clues 
- if it's a video, try to take multiple snaps from different angles and create a proper panorama, and use that as a source image 
- use google maps, Google Earth, Sentinel-Hub - 30 Days free trail - has more timelines of the satellite imagery (can be used to find an exact date of when something happened)
Creating Satellite Image Timelapse 


  • go to Sentinal-hub EO browser and go to the location that you are looking by entering it in search
  • click on "Timeline" icon on the right side 
  • Choose timeframe, no of frames and click download.

 

 

 

 

Labels:

Comments

Post a Comment

Popular posts from this blog

POC Links for CVE's

By
  Serach for a CVE here first - Trickest/cve Apache CVE-2024-38475 - CVE-2024-38475 #version less than 2.4.51 CVE-2021-44790 - h ttps://www.exploit-db.com/exploits/51193 #Apache HTTP Server 2.4.50 CVE-2021-42013 - https://www.exploit-db.com/exploits/50406 use https://github.com/mrmtwoj/apache-vulnerability-testing for below CVE's CVE-2024-38472: Apache HTTP Server on Windows UNC SSRF CVE-2024-39573: mod_rewrite proxy handler substitution CVE-2024-38477: Crash resulting in Denial of Service in mod_proxy CVE-2024-38476: Exploitable backend application output causing internal redirects CVE-2024-38475: mod_rewrite weakness with filesystem path matching CVE-2024-38474: Weakness with encoded question marks in backreferences CVE-2024-38473: mod_proxy proxy encoding problem CVE-2023-38709: HTTP response splitting EXIM #suppodily should work for versions below Exim 4.96.1 - is not accurate CVE-2023-42115 - https://github.com/AdaHop-Cyber-Security/Pocy/tree/main
Post a Comment
Read more

Hash Extension Attacks

By
  #Install Dependencies sudo apt-get install libssl-dev #Download Hash Extender git clone https://github.com/iagox86/hash_extender.git cd hash_extender make #Run it /hash_extender --data 'username=admin' --secret 16 --append '&isLoggedIn=True' --signature d3a85d3b3087c7e841f84eb4316765c6e1f786074a1f1db996b2e0f8c96f197e2f55433920a630feb07daafadefbc13c947e5225fc509f8241f57f47a8df5311 --format sha512
Post a Comment
Read more