Geekflare
In Seguridad y Gestión de pruebas  |  Última actualizaciónated:
Comparte en:
Cloudways ofrece alojamiento en la nube administrado para empresas de cualquier tamaño para alojar un sitio web o aplicaciones web complejas.

10 herramientas de inteligencia de código abierto (OSINT) para pruebas de penetración

By
Diseño sin título 2

La vista llamativa de diferentes Inteligencia de código abierto (OSINT) que están disponibles en el mercado.

In our daily lives, we search for a lot of information on the internet. If we don’t find the expected results, we usually ¡dejar!

Pero, ¿alguna vez imaginó lo que hay en esos cientos de resultados de páginas? "Información"!

Esto solo puede ser posible utilizando diferentes herramientas. Las herramientas juegan un papel importante en la búsqueda de información pero, sin conocer la importancia y el uso de las herramientas, no serán útiles para los usuarios. Antes de comenzar con las herramientas, tengamos una idea clara sobre OSINT.

¿Qué es la inteligencia de código abierto?

Inteligencia de código abierto, en definitiva, llamado OSINT, se refiere a la recopilación de información de fuentes públicas para utilizarla en el contexto de la inteligencia. A día de hoy, vivimos en el “mundo de Internet”, su impacto en nuestras vidas tendrá pros y contras.

Las ventajas de utilizar Internet son: proporciona mucha información y es de fácil acceso para todos. Considerando que, las desventajas son el uso indebido de la información y dedicar mucho tiempo a ella.

Now, here comes the existence of OSINT tools which are mainly used to collect and correlate information on the web. Information can be available in various forms; it can be text format, file, image, and so on. According to the Informe de RSE para el Congreso, it has been said that Open Source Intelligence has been produced from the public information that is correctly disseminated, collected, and exploited effectively. And makes this information available for the users to address a specific intelligence requirement.

¿Por qué necesitamos herramientas OSINT?

Let us consider one situation or scenario in which we need to find information related to some topics on the web. For this you need first to search and do analysis till you get the exact results, this consumes a lot of time. This is the main reason why we need intelligence tools because the process mentioned above can be done within seconds using these tools.

We even can run multiple tools to collect all the information related to the target, which can be correlated and used later.

Así que profundicemos en algunas de las mejores herramientas OSINT.

Criminal IP

Criminal IP is a prominent OSINT search engine for cybersecurity, designed to collect and analyze threat intelligence by gathering real-time data on over 4.2 billion IP addresses and cyber assets. Through Criminal IP’s Asset Search and Domain Search, users can easily and quickly access desired asset information.

Criminal-PI
An OSINT-based Cyber Threat Intelligence Search Engine, Criminal IP
Criminal-PI
An OSINT-based Cyber Threat Intelligence Search Engine, Criminal IP
Criminal-PI
An OSINT-based Cyber Threat Intelligence Search Engine, Criminal IP

This includes a comprehensive range of data for pentesting, such as a 5-level risk score, current open port information and vulnerabilities (códigos CVE), probabilidad de URL de phishing, registros de abuso, uso de favicon falso, IP conectadas e información de subdominio.

Adiciónally, various search filters allow users to effectively extract the desired assets.

Criminal-IP-búsqueda de activos-1
Resultados de búsqueda con la palabra clave "cámara IP"
Criminal-IP-búsqueda de activos-1
Resultados de búsqueda con la palabra clave "cámara IP"
Criminal-IP-búsqueda de activos-1
Resultados de búsqueda con la palabra clave "cámara IP"

The search is not limited to phishing sites or malicious IPs, as it can also search for all assets connected to the internet, including IoT devices and certificates.

Shodan

Google es el motor de búsqueda más utilizado por todos, mientras que Shodan es un motor de búsqueda fantástico y de mina de oro para que los piratas informáticos vean activos expuestos.

When compared to other search engines, Shodan provides you the results that make more sense and related to security professionals. It mainly includes information related to assets that are being connected to the network. The devices may vary from laptops, traffic signals, computers, and various other IoT devices. This open-source tool mainly helps the security analyst in identifying the target and test it for different vulnerabilities, passwords, services, ports, and so on.

Shodan Herramienta de inteligencia
Shodan Herramienta de inteligencia
Shodan Herramienta de inteligencia

Además, proporciona a los usuarios las búsquedas más flexibles de la comunidad.

For example, let us consider the situation in which the single user can see the connected netcams, webcams, traffic lights, and so on. We will have a look at some of the use cases from Shodan:

  • Prueba de "contraseñas predeterminadas"
  • Activos con visor VNC
  • Usando el puerto RDP abierto para probar los activos disponibles

NexVision

NexVision is an advanced A.I.-powered OSINT solution that provides real-time intelligence from the Whole Web (Clear Web, Dark Web, and Social Media). It provides unprecedented access to Dark web searches through regular browsers like Chrome and Safari, without the use of anonymizing browser Tor.

If you’re looking to conduct background checks, due diligence, customer on-boarding compliance (KYC/AML/CFT), gather organization intelligence, third party intelligence, inteligencia de amenazas cibernéticas, or even research on cryptocurrency addresses from a ransomware threat, NexVision proporciona precisiónate real-time answers.

NexVision is primarily used by the military and governments, but has since 2020, been commercially available and relied on by Fortune 500 companies and small-medium businesses (SMBs) alike for their intelligence and investigative needs. Their service includes a direct subscription to their SaaS solution and purchasing intelligence reports.

Como Funciona:

In the first step, its A.I. powered engine continually collects data, analyses it, and categorizes them, providing the largest commercially available data lake. In the second step, the engine uses machine learning to reduce false positives to provide highly accurate and contextualized results. This greatly reduces the man-hours and time required in investigations and the alert fatigue that analysts face when met with large amounts of irrelevant data. In the final step, all the results are reflected on the dashboard where users can easily visualize and make informed decisions.

El tablero permite a los usuarios configurar alertas de palabras clave para monitorear objetivos en tiempo real, realizar investigaciones y analizar resultados mientras se mantiene anónimo.

El software tiene una interfaz simple que está diseñada para analistas de nivel de entrada. Los analistas pueden acceder y utilizar inteligencia integral y de grado militar sin depender de scripts o escribir una sola línea de código.

Its social media module monitors data from Meta (previously Facebook), Instagram, LinkedIn, Discord, Twitter, Youtube, Telegram, etc, and comes equipped with geo-location technology to determine the source and location of information dissemination.

vínculos sociales

vínculos sociales is a software company that develops AI-driven solutions that extract, analyse and visualise data from open sources including social media, messengers, blockchains, and the Dark Web. Their flagship product SL Professional empowers investigators and data security professionals to reach their work objectives quicker and more effectively.

SL Professional offers a suite of custom-designed search methods spanning more than 500 open sources. The product’s advanced search queries, many of which rely on machine learning, allow users to filter the data as it is being gathered in a range of sophisticated ways.

However, Social Links OSINT solutions do more than just gather information; they also offer advanced analysis tools for refining data as you progress through investigations, returning accurate results for an ever more comprehensible picture of the investigation.

Características

  • Un paquete profesional de más de 1000 métodos de búsqueda originales para más de 500 fuentes de datos abiertas, incluidas las principales plataformas en redes sociales, mensajeros, cadenas de bloques y la Dark Web.
  • Advanced automation features which leverage machine learning to deliver an expansive range of information retrieval, showing accurate results at remarkable speeds.
  • Las herramientas de análisis personalizadas permiten que los datos se enriquezcan significativamente y se adapten a los propósitos particulares del usuario.
  • Perfecta integración dentro de su infraestructura de TI
  • Social Links ofrece capacitación y soporte como parte de sus paquetes de productos.

For organizations who need the ultimate OSINT solution, Social Links also have an enterprise-grade platform SL Private Platform – an on-premise OSINT solution offering their widest range of search methods, full customization according to the users’ needs, and private almacenamiento de datos.

Google Dorks

Google Dorks have come into existence in 2002, and it gives effective results with excellent performance. This query-based open-source intelligence tool is mainly developed and created to help users in targeting the index or search results appropriately y efectivamente.

Google Dorks provides a flexible way of searching for information by using some operators, and perhaps it is also called Google Hacking. These operators make the search easier to extract information. Below are some of the operators or indexing options provided by Google Docker, and they are:

google dorks
google dorks
google dorks
  • Tipo de archivo: Este operador se utiliza principalmente para encontrar los tipos de archivos o para buscar una cadena en particular.
  • En el texto: Esta opción de indexación se utiliza para buscar un texto específico en una página específica.
  • Ext: Se utiliza para buscar una extensión específica en un archivo.
  • URL interna: Se utiliza para buscar la cadena o palabra específica en la URL.
  • Intitulo: Para buscar el título o las palabras mencionadas anteriormente en la URL

Maltego

Maltego is designed and developed by Paterva, and it is one of the inbuilt tools in Kali Linux. This open-source intelligence tool is mainly used to perform a significant exploration against various targets with the help of several in-built transforms (and also provides the capability to write custom ones).

A programming language that you use in Maltego is written in Java and displays as a built-in pre-packaged in the Kali Linux. Once the registration process is done, then the users can use this tool to create and develop effective digital footprints of the particular target on the internet.

Maltego herramienta de inteligencia
Maltego herramienta de inteligencia
Maltego herramienta de inteligencia

The expected results may happen to IP conversion, AS number is identified, Netblock is also identified, even the phrases and locations are also identified. These are all the icons in Maltego that provides a detailed view and information about all the icons.

You can even know more information about the target by digging more into the process. Aletaally, I can say that it is an excellent tool to track the footprints of each and every single entity over the internet. Maltego is available across all popular operating systems.

TheHarvester

TheHarvester es una herramienta increíble para encontrar correos electrónicos, subdominios, direcciones IP, etc. a partir de varios datos públicos.

Below example to find the subdomains using DNSdumpster.

[root@geekflare theHarvester]# python theHarvester.py -d geekflare.com -v -b dnsdumpster

*******************************************************************
*  _   _                                            _             *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __|  _ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* theHarvester 3.1.0.dev1                                         *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* cmartorella@edge-security.com                                   *
*                                                                 *
******************************************************************* 

 
[*] Target: geekflare.com 
 
[*] Searching DNSdumpster. 

[*] No IPs found.

[*] No emails found.

[*] Hosts found: 3
---------------------
lab.geekflare.com:104.25.134.107
tools.geekflare.com:104.25.134.107
www.geekflare.com:104.25.134.107

[*] Virtual hosts:
------------------
[root@geekflare theHarvester]#

TheHarvester is also available on Kali Linux. You can check the Guía de instalación de Kali Linux si lo necesitas.

Por cierto, hay más herramientas para buscar subdominios.

Recon-Ng

Recon-ng es una herramienta eficaz para realizar reconocimientos en el objetivo.

The entire power of this tool lies completely in the modular approach. The power of modular tools can be understood for those used Metasploit. Recon-ng has various built-in modules that are used to target mainly while extracting information as per user needs. We can use the Recon-ng modules just by adding the domains in the workspace.

Workspaces are mainly created to carry out the operations inside it. The users will be redirected to the workspace as soon as it is created. Inside the workspace, the domain can be particularly specified using add domain <domainname>. Modules of Recon-ng are used to fetch information about the specific domain after they (domains) are added into the recon-ng.

Some of the excellent modules, such as google-site-web and bing-domain-web, are used to find further domains related to the first initial target domain. The result of these domains will be all the indexed domains to the search engines. Another catchy module is bing_linkedin_cache which is mainly used to fetch the details of the email addresses related to the domain. This module can also be used to leverage in performing social engineering.

Moreover, using other modules, we can get fetch the extra or additional information about targets. So finally, this open-source intelligence tool is a fantastic tool and also must be included in the toolkit of researchers.

SpiderFoot

SpiderFoot is an open-source reconnaissance tool available for Linux and Windows. It has developed using Python language with high configuration and runs virtually on any platform. It integrates with easy and interactive GUI with a powerful command-line interface.

tiene automáticoally enabled us to use queries over 100+ OSINT sources to grab the intelligence on emails, names, IP addresses, domain names, etc. It collects an extensive range of information about a target, such as netblocks, e-mails, web servers, and many more. Using Spiderfoot, you may able to target as per your requirement because it will collect the data by understanding how they are related to each other.

The data collected from a SpiderFoot will provide a wide range of information about your specific target. It provides clear insights about possible hacking threats which are leads to vulnerabilities, data leaks, and other vital information. So these insights will help to leverenvejecer el prueba de penetración y mejorar la inteligencia de amenazas para alertar antes de que sea atacada o robada.

Creepy

Creepy is an open-source Geolocation intelligence tool. It collects information about Geolocation by using various social networking platforms and image hosting services that are already published somewhere else. Creepy presents the reports on the map, using a search filter based on the exact location and date. These reports are available in CSV or KML format to export for additional analysis.

The main functionality in Creepy is divided into two main tabs viz. ‘Targets’ and ‘map view’ tabs.

Targets tab in Creepy
Targets tab in Creepy
Targets tab in Creepy
Mapview Tab inCreepy
Mapview Tab inCreepy
Mapview Tab inCreepy

Creepy is written in python and also comes with a packaged binary for Linux distributions such as Debian, Backtrack, Ubuntu, and Microsoft windows.

Para Concluir

Las pruebas de penetración son un desafío y requieren información de varias fuentes. Espero que las herramientas ONIST anteriores le ayuden con eso.

También puede explorar en línea pentest tools for reconnaissance and exploit search.

Comparte en:
  • ANJANEYULU NAINI
    Autor
    A Anjaneyulu Naini le encanta buscar la excelencia a través de la escritura y le apasiona la tecnología. Él cree que tener una habilidad o talento es más valioso que tener un título.
Publicado en

Gracias a nuestros patrocinadores

Más lecturas interesantes sobre seguridad

Impulse su negocio

Algunas de las herramientas y servicios para ayudar a su negocio grow.
  • IA Murf

    La herramienta de conversión de texto a voz que utiliza IA para generarate Voces realistas parecidas a las humanas.

    Prueba la IA de Murf
  • Datos brillantes

    Web scraping, proxy residencial, administrador de proxy, desbloqueador web, rastreador de motores de búsqueda y todo lo que necesita para recopilar datos web.

    Prueba Brightdata
  • Monday.com

    Monday.com es un sistema operativo de trabajo todo en uno para ayudarlo a administrar proyectos, tareas, trabajo, ventas, CRM, operaciones, workflows, y más.

    Intente Monday
  • Intruder

    Intruder es un escáner de vulnerabilidades en línea que encuentra debilidades de ciberseguridad en su infraestructura, para evitar costosas filtraciones de datos.

    Intente Intruder