1 / 15

One OSINT Tool to Rule Them All

One OSINT Tool to Rule Them All. by: Émilie St-Pierre BSidesLV Proving Ground, July 24 th 2017. $ whoami. Émilie St-Pierre Security Analyst at Rapid7 Active in information security for 5 years Director at large for the SYN Shop hackerspace https:// synshop.org

nicholass
Download Presentation

One OSINT Tool to Rule Them All

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. One OSINT Tool to Rule Them All by: Émilie St-Pierre BSidesLV Proving Ground, July 24th 2017

  2. $whoami Émilie St-Pierre Security Analyst at Rapid7 Active in information security for 5 years Director at large for the SYN Shop hackerspace https://synshop.org Co-host of the weekly Greynoisepodcast https://greynoi.se Twitter: @L4bF0x

  3. How it all began

  4. OSINT Tool Comparison Table

  5. Define: OSINT Open Source Intelligence (OSINT) … is locating, and analyzing publicallyavailable sources of information … [with the] goal of producing current and relevant information that is valuable to either an attacker or competitor. http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#OSINT

  6. Valuable types of OSINT • Usernames • E-mails • Technology in use • Location data • Corporate data

  7. Methodology Compiled a list of reputable, free and popular tools with a focus on organizational penetration testing: • Default Kali Linux OSINT tools • Tools listed in popular pentesting books • Word-of-mouth • OSINT tool lists (osintframework.com)

  8. Methodology Compared them against 3 benchmarks: • Data variety • Data quality • Relevancy

  9. Data Limitations • Non-exhaustive list. • Some tools contain some stand-alone tools. • Some tools are hybrids that do more than OSINT. • Data accuracy could be biased based on chosen sample (sample size = 42).

  10. Results

  11. https://bit.ly/osintcomparison

  12. “So Émilie, which tool rules them all?”

  13. My top picks • Best e-mail lists: • Recon-ng (URL) • Most user-friendly: • Spiderfoot • Easiest metadata analysis: • FOCA

  14. Thank you! Émilie St-Pierre @L4bF0x https://github.com/L4bF0x/osintcomparison OSINT Tool Comparison Table https://bit.ly/osintcomparison osintcomparison@gmail.com

More Related