The best open-Source Intelligence Software (OSINT) tools collect publicly available information from the internet and puts it into a usable format. If the OSINT tool you use has more technical capability, it can collect and combine multiple points of data so that you can cross-reference the data set or sets easier.
Search engines can provide millions of pages of data, but the best OSINT tools can find information search engines cannot. They can do this because they home in on precise points of information about persons or businesses, not a general search inquiry. This makes them an excellent resource for adding information to data lakes when trying to reduce chargeback risk and prevent ecommerce fraud.
How do you use OSINT tools?
The four main ways to use OSINT tools are:
- Penetration Testing: Gathers all the information available online to see if your network has been compromised.
- Breach Detection: Looking for data on the internet that you did not put out there yourself. If you find data such as this, it’s clear that there was either an inside leak or you have been hacked. Magecart attacks are a common example of this.
- Ethical Hacking: Gather information on a source target –individuals or competitors – within the best OSINT tools community’s ethical hacking rules. Breaking these rules would mean you’re stepping into doing illegal things, so best stay on the right side of the law.
- Chatter Monitoring: You can use OSINT tools to monitor what information or conversation is about your business. This information can be used to track public opinion and get ahead of attacks on your business.
Having network security teams handle these processes can help bolster your company’s security and any important documents that should never leak.
Why would you need OSINT tools for your business?
So, is the purpose of OSINT tools simply to act as a more detailed, professional-looking search engine? Well, not exactly. One of the strengths of OSINT tools is that they can access Open-Source information – information that is freely accessible on the internet and usable without special permissions – from both public and private sources.
Public sources include popular websites, social media platforms, and even forums. On the other hand, private sources include files or documents from publicly accessible domains or even pages from websites ordinarily hidden behind paywalls or forced logins.
That should make it clear what the difference is between OSINT tools and a typical search engine. If you have access to information behind paywalls or logins, you could potentially also create systems to alert your company when sensitive information is found elsewhere, or in other terms, leaked, so that you can take timely action against it.
What type of information can OSINT tools find?
OSINT tools can look for and compile information from public or private sources. This information encompasses much more than a simple search engine result will provide. Examples of what types of information you can use an OSINT tools to find and compile include:
- The Domain Name System (where internet domain names are found and turned into IP addresses.)
- IP Addresses
- Emails
- Usernames
- Telephone or Cellphone numbers
- Social Media posts
- Any website metadata (images, videos, audio, etc.)
- Blogs
- Forums
- Messaging Boards
- Digital or Print media hosted online
- Research journals or academic papers
- Public data and records such as court cases, law enforcement information, and more.
Compared to typical search engines, OSINT tools provide significantly more complex information that is valuable for either research or security. Below is a list of the top 10 OSINT tools, their capabilities, and how they might help your business build a omnichannel ecommerce fraud prevention strategy.
10 Best OSINT Tools:
The tools below are in no specific order.
Trace Labs OSINT VM Version 2
Trace Labs is a non-profit organization that tries to assist law enforcement with its services. They passively collect information about a subject before passing it on to law enforcement agencies so that those agencies can take appropriate action.
While the company focuses on assisting law enforcement with some of their OSINT services, they released a Virtual Machine –the Trace Labs OSINT VM Version 2 in 2020. This tool is for anyone to use. The virtual machine protects the user while also providing a wide range of tools to allow them to assist in what Trace Labs calls crowdsourced OSINT to find missing persons.
You could also use the virtual machine to set up systems for your company that capitalize on other OSINT tools for research or security.
A popular OSINT tool on any similar list, the OSINT Framework contains the necessary resources to help you find info on specific targets. The information it compiles about these targets comes from social networks, metadata, instant messaging, and other publicly available data.
You can narrow your searches further based on which platform you want to explore. For example, you could choose only to scan social networks for specific information or delve further into instant messaging scanning based on what you’ve already found using other platforms.
Regardless of the type of information you want, using OSINT Framework is usually an excellent place to begin since it offers a wide selection of tools and can access such a wide array of data sources.
Shodan
If you’re looking for information on your business that shouldn’t be available to the public, Shodan is probably the tool you want to use. Shodan is like popular search engines, but instead of finding all information based on your search, Shodan focuses on finding information or assets exposed to people that could potentially want to hack you.
Shodan is the ideal tool in the hands of network security professionals as Shodan’s searches will show assets connected to other networks. These devices include a massive range of possibilities, such as laptops, computers, servers, virtual machines, and many other Internet of Things (IoT) devices.
Shodan can also come in handy when your security professionals want to pinpoint specific devices and test them for network-related vulnerabilities.
NexVision is an OSINT tool powered by AI that provides real-time intelligence from the Whole Web. When we say the Whole Web, we mean the Web that includes the Clear Web (ordinary web), the Dark Web (hidden web) and social media.
NexVision is commonly used by businesses to access real-time information about certain things, such as background checks on individuals or other companies, customer onboarding compliance specifics, third-party intelligence, cyber threat intelligence, or information from addresses linked to ransomware threats.
Primarily used by governments, militaries, and security companies, it has become commercially available for anyone to use. You can use it to set keyword alerts so that you’ll know immediately if information about something specific pop up somewhere.
Another AI-driven service, Social Links, is an OSINT service that finds, analyzes, and visualizes data from open sources. These open sources can include social media, instant messaging, blockchains, and the Dark Web.
Another effective tool for your security professionals to use, Social Links, comes with a sophisticated search tool spanning over 500 open sources. You can even alter the filters for your searches as the information comes in, making it ideal for in-depth, branching searches.
And, of course, don’t forget that it can visualize all this information for you so that it’s easier to present to another party for scanning or in-depth analysis.
This OSINT tool that arguably everyone should know about, yet few people outside of tech-related positions do, Google Dorks provides a way to filter your searches with much more sophistication. This tool is a query-based intelligence tool that alters your Google search engine results with certain operators.
Examples of these operators include the words ‘Filetype’, ‘Intext’, ‘Ext’, ‘Inurl’, and ‘Intitle’. Using these operators before your search tells Google that you only want responses of a specific type. Using ‘Filetype: pdf for …’ will only provide results linking to PDFs about whatever term you use in your search.
Phonebook.cz
While Phonebook.cz is a less complicated tool when compared to some of the others on the list, that doesn’t mean Phonebook.cz doesn’t deserve a spot. This tool – created by Intelligence X – allows you to enter a website name or subdomain before returning a comprehensive list of all associated email addresses.
Access to all emails related to a specific domain can prove useful depending on your business requirements.
The Harvester
Another useful security tool, The Harvester, provides you with bits of information related to a specific domain target, such as a .com website. The tool then scours public data to find emails, subdomains, IPs, hosts, and more.
This tool is a quick way to find out what information from your business is publicly available or what information about domains trying to target you is available. Tools such as these allow your security professionals to better defend your business against attacks pre-emptively, rather than reactively.
SpiderFoot
SpiderFoot is a tool that assists the user in finding comprehensive sets of information about specific targets. It acts as a recon tool and is available on both Windows and Linux thanks to its use of the Python coding language.
It queries more than 100 OSINT sources to look for information such as emails, names, domain names, IP addresses, netblocks, and more. If you need a tool that does nothing more than collect every bit of public data on a target, SpiderFoot is the tool to use.
Aside from gathering information, your security teams can use it to analyze hacking threats, vulnerabilities, data leaks, or other bits of vital information on your business.
Karma_v2 enables security professionals such as penetration testers to comb through public information in various forms. These forms include deep info, WAF/CDN bypassed Ips, assets, internal/external infrastructures, or even public leaks on a specific target.
You can use this tool, target your own business, and find any vulnerabilities you might want to patch up or keep an eye on. The only caveat with using Karma_v2 is that you require a premium Shodan account – which is also on our list, so it’s a win-win to have both.