Open source intelligence (Open Source Intelligence), is one of the sources of intelligence, it is knowledge produced through data (internet or even physical artifacts, such as books, newspapers or magazines) available information accessible to any public person. These are techniques widely used by investigative journalists, government agencies or law enforcement agencies, among others.
It was created in the late 1930s by the Foreign Broadcast Information Service (FBIS) during World War II, its function was to carry out analysis of international news captured by radio and monitoring of official publications aimed at collecting, analyzing and processing information from open sources. . They are still used well today.
In general the first step of a targeted attack or a penetration test, or specific group activities – is to gather information (information gathering) – on the target and perform all the mapping. While there are ways and means to do this covertly, intelligence gathering often starts with gathering information from public sources, collectively known as open source intelligence or OSINT. There is a wealth of legally collectible OSINT available for free on social media, published studies or on research forums.
“The OSINT framework is a cybersecurity framework consisting of a collection of open source technologies that can be used to find information about a target faster and easier.”
OSINT is an intelligence model focused on finding, selecting and collecting information from public sources and analyzing it so that together with other sources they can produce knowledge in an intelligent way. In the intelligence community, the term “open” refers to publicly available sources.
Open Source Intelligence (OSINT) takes three forms; Passive, semi-passive e Active.
• Passive Information Collection: Passive Information Gathering is generally only useful if there is a very clear requirement that intelligence gathering activities never be detected by the target. This type of profiling is technically difficult to run, as we are never sending traffic to the target organization, nor from one of our hosts or “anonymous” Internet services. This means that we can only use and collect information that is archived or stored. As such, this information may be out of date or incorrect, as we are limited to results collected from third parties.
• Semi-passive Information Collection: The purpose of semi-passive information gathering is to profile the target with methods that appear as normal Internet traffic and behavior. Only published nameservers for information, does not perform deep reverse lookups or brute-force DNS requests, does not look for “unpublished” servers or directories. Doesn't run portscans or network-level crawlers, just looks at metadata in published documents and files; does not actively seek out hidden content. The intention here is not to draw attention to the activities. The target might be able to go back and find out the recon activities, but they shouldn't be able to assign the activities back to anyone.
• Active Information Collection: Active information collection must be detected by the target and suspicious or malicious behavior. During this step we are actively mapping the network infrastructure (full port scans nmap tool), actively enumerating and/or vulnerability scanned, actively looking for unpublished directories, files and servers. Most of this activity falls under your typical “recognition” or “scanning” activities, which can be standard pentesting activities.
Some OSINT tools:
Maltego, Shodan, TheHarvester, Recon-Ng, Spiderfoot, Censys, Checkusernames, Metagoofil, Recorded Future, Have i been pwned, Google Dorks (GHDB), Hunter.io, Who.is, Securitytrails, Centralops, Dehashed, Whoisxmlapi, Urlscan, Dnsdumpster, Exiftool, among many others.
Using intelligence gathering techniques not only helps you enforce an organization's cybersecurity point of view, but can also help protect them, from identifying data leaks, insecure ports or devices connected to the internet, codes available from web pages and even combat types of social engineering, phishing, and other attacks.
With these kinds of open source tools (open source) it is possible to identify and analyze possible imminent threats, map the information correctly with open source intelligence. Knowing what information is available from public sources is extremely important, as it can prevent you or your organization from suffering a cyberattack.
Thanks for the information it was very useful.