When users interested in cybersecurity ask themselves about possible ways of researching the internet, they always come up with a concept that leads them to a question: What is OSINT? OSINT is an acronym for Open Source Intelligence, this concept encompasses all the processes that are performed to obtain public information from a given target, this is important to highlight, OSINT is always and under any circumstances legal, because the information that is consulted always comes from public sources, several OSINT techniques are often used in the passive reconnaissance phase within a pentesting or other offensive security operation.
What OSINT is for
OSINT is not only used in cybersecurity, but, as they are very dynamic processes, they can be applied in several areas, even outside of IT, to comment on where it is most used, obviously, in various cybersecurity tasks within a pentesting, threat analysis, legal investigations or a Red Team exercise, outside this area, it is very useful for market research, generating statistics, for planning marketing campaigns and many others.
Basically, the main objective of OSINT, regardless of the area where OSINT-related techniques are used, is to gather information in order to create intelligence that can be used to advance a process that is being carried out (as in the case of pentesting) or allow an entity (individual or company) to make better decisions based on it.
Tools for OSINT
As usual, the global cybersecurity community has made several tools aimed only at Open Source Intelligence, you should know that there are many, but below we will list the most interesting ones that can help you as a cybersecurity analyst, pentester or whatever role you play.
- Sherlock: This is a tool designed to search for a username in different social networks, something that can be done manually, but this tool automates it completely.
- Maltego: An enhanced Sherlock on steroids that is not only limited to username searches, but also covers emails, target names, phone numbers and more.
- FOCA: This Spanish tool allows you to extract metadata from files that you provide or that you can search for on websites through it.
- Whois: Whois records provide information about who or what registered a domain, they used to be very useful in the past, nowadays many domains are registered with an Anonymous Whois feature, that is, it is not publicly known who or what registered it, although, in a security audit, it is always good to consult it.
Where OSINT is done
OSINT can be applied in different contexts inside and outside IT, if there is publicly available information, then OSINT is feasible regardless of the place, this includes social networks, digital media (newspapers, magazines), traditional media (newspapers, physical magazines), websites that collect public information, resources indexed in commonly used search engines such as Google, Bing, DuckDuckGo (its version for the Surface Web and the one stored in the Darknet Tor) and like these, many more places where information can be obtained.
In conclusion, OSINT is necessary for many areas, both for businesses and individuals, and especially if you are going to dedicate part of your life to cybersecurity work, learning research methodologies and techniques will help you.