Open source Intelligence – Part 1
With the whole world going completely digital, it is obvious that we all are starting to have a strong online presence. The online world has brought in many different avenues to make things easy for the people to stay connected through the internet. And with more number of avenues for us to socialize comes with more attack surfaces for attackers to target. The Social media websites at large have contributed to the growth of the internet, and it has helped the folks in the security industry get vast knowledge about their targets not just from a professional standpoint but also from a personal standpoint. The Intelligence Gathering has evolved over the time and now Open Source Intelligence makes it into the limelight. In this blogpost we see the basics of how Open Source Intelligence could be of great use while Pentesting.
Open source intelligence allows user to fetch results from all open databases. A normal user would search in web search engine and he would get restricted results. OSINT helps to get results from related databases. OSINT results are not restricted to web search engine only, it looks for all related and databases.
Earlier web users used to get very limited information about searched content. There were only static pages where user could only see text and go through images. But in later version of web users are able to interact with web. They can share, post data on web. This bought drastic change in human life. User can interact with other people, other groups through web. Web 2.0 gave people online life where user share their feelings, ideas, thoughts to anyone all over world.
Users can discuss topic, share their knowledge which confirms the information available on web.
Social Media Intelligence:
It is an integral part of web which mostly stores user generated content. SOCMINT is collected from social media sites. Sometimes it requires authentication and sometimes it does not. Due to this nature, some people don’t count it as part of OSINT.
Twitter allows us to get desired output by simply typing some keywords in twitter search bar. We can use “” to get more specific results. E.g. you just type “very good” and you will get all tweets related to very good. If you want to search hash tag simply type #hashtag. – Operator is used to exclude terms. If you want to search for information security but don’t want results for hack then you can search information security – hack. In similar way, you can use OR operator. If you want to search for information security or hack related information then you can simply type and search for information security OR hack. Twitter has few more techniques to get more specific information. Twitter has filter – from and to. Using this filter, you can get only specified tweets.
E.g. from: user1, To: user2.
As we have discussed earlier Facebook can be very helpful for information gathering. Many people knowingly or unknowingly share important information on Facebook. Facebook graph is a feature used for searching people on Facebook. Facebook graph explores location, photos and places to explore people. It has its unique way of searching as you type first letter it starts giving suggestions to you. It searches in different categories like people, pages, places, photos etc. If the sufficient results are not found in Facebook then it searches in Bing search engine provides sufficient results.
If you put photo in Facebook search box, Facebook gives you queries like photos of my friend, photos taken in Bangalore etc. In the same way, you can type query in Facebook search box and get desired results. You can create query like restaurants in pune, people who like cricket, people who follow me etc. to get desired results.
Searching any Open Social Media Website
There are some platforms that need to be searched but don’t support any advanced search techniques. To overcome this drawback Google has provided a simple way i.e. Google search operator. It allows us to get specific results by using queries. Example:
If user want to search for information security but only in Hindi Wikipedia then you should type the following:
If the user wants to combine results for both search queries then he can use OR operator. User can combine two queries and use OR operator to get results.
Hope that now you have understood the very basics of the Open Source Intelligence as this blogpost was made for basic understanding of the Open Source Intelligence, in the coming posts, we will also go from basics to intermediate and then to advance.
Also make sure to check out our new course on Udemy on Open Source Intelligence & Social Engineering.