Automating Open Source Intelligence (OSINT) using Python

Sudhanshu Chauhan (~sudhanshu)


2

Votes

Description:

Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. With evolution of social media and digital marketplaces a huge amount of information is constantly generated on the Internet (sometimes even without our conscious consent). This is of great concern for organisations and businesses as chances of confidential data floating in the public domain may seriously harm their business integrity. Similarly from a pentester's perspective it is important to collect as much information as possible about the target before going for the kill.

Based on experience and robust research in this domain, for this talk the speakers have created a tool (https://github.com/upgoingstar/datasploit) which will help all kind of organisations to identify the threat landscape they expose, without much investment. This tool is simple but an effective solution which is capable of collecting information which is usually missed or ignored, but shouldn’t be.

During the presentation, we will discuss and demonstrate how we automated the process of OSINT and used the same in our security assessments. Topics covered will include:

  • Public WhoIs, DNS Records.
  • Domain IP History
  • Website’s technology profiling.
  • Looking for publicly available Vulnerability Information about the target.
  • Enumerating Subdomains and other exposed resources.
  • Harvesting Emails from domain and further profiling users behind these emails.
  • Social Profile Enumeration
  • Fetching information from Hacker Search Engines.
  • Breach Status of target and Email Ids.
  • Extraction of juicy information from Github.
  • Targeted intelligence on username using Geo Location and other information accumulated from Social media.
  • Prerequisites:

  • Understanding of Cyber Security Basics.
  • Web Scraping and Crawling Basics
  • Content URLs:

  • https://github.com/upgoingstar/datasploit
  • http://www.slideshare.net/SudhanshuChauhan/presentations
  • http://www.slideshare.net/upgoingstar1/
  • Speaker Info:

    Sudhanshu Chauhan is an information security professional and OSINT specialist. He has worked in the information security industry, previously as Senior security analyst at iViZ and currently as Director and Principal Consultant at Octogence Technologies. Sudhanshu has also written various articles on a wide range of topics including Cyber Threats, Vulnerability Assessment, Honeypots, Metadata etc and Co-authored ‘Hacking Web Intelligence’.

    Shubham is an active Information Security researcher at NotSoSecure, with 4 years of experience in offensive and defensive security, with interests in Infrastructure security and OSINT. He has given training, conducted numerous workshops and delivered talks at local security chapters and multiple conferences, including Nullcon 2016, Null Delhi and Bangalore chapters, etc. In his free time, he loves to craft open source tools in python, and if the weather is nice, he loves to ride his bike. Twitter handle: @upgoingstar

    Speaker Links:

  • http://www.g0s.org/g0s15/speakers.html
  • http://nullcon.net/website/nullcon-2016/training/attack-monitoring-using-elasticsearch-logstash-kibana.php
  • http://resources.infosecinstitute.com/author/sudhanshu/
  • https://www.vpnmentor.com/blog/breach-encryption-mechanism-duckduckgo-search-engine-enables-identification-users-queries/
  • Section: Security
    Type: Talks
    Target Audience: Intermediate
    Last Updated:

    No comments added so far.

    Login to add a new comment.