Week in OSINT #2019–21
This week I dove into a couple of links I had laying around for a while. Everything from Telegram to threat hunting and from cyber criminals to carding.
This is a slightly longer Week in OSINT and it is because I decided to dive into my backlog of links. I see so many sites and tools, but don’t always have the time to have a look at them. Until now…
- Telegram Channels
- Harpoon
- Finalrecon
- APT’s & Cyber Criminals
- WhatBreach
- Datajournalism Resources
- CardPwn
- Awesome Asset Discovery
Site: Telegram Channels
This site is by Combot, that doesn’t just give you some analytics or insight in your channel when adding it, but it gives us also a nice a list of Telegram channels. Best thing of all is that they are nicely grouped per language!
Telegram channels: https://combot.org/telegram/top/chats
Tool: Harpoon
This tool isn’t for everybody, especially not for journalists that don’t have a lot of knowledge of IT. You will also need some basic understanding of the command line. Now that’s out of the way, I can say this tool is one heck of a collection of things! After installing, configuring the API keys and letting Harpoon download the needed information — like the MaxMind GeoIP database and data sets with routing information of the internet — it is ready to find anything that has to do with malware, web servers, IoT devices, domain names and anything related. For instance helpful when researching the windows[.]net domain:
Tool: Finalrecon
FinalRecon is a small tool, but incredibly useful and above all, easy to use! It maybe doesn’t have a lot of features, but that is it’s strength in my opinion.
With one single line you can get the Whois info from a website, but it can also go after information stored in the certificates. And that can contain lots of useful information as you may know.
Besides that it can retrieve headers from the webserver or can crawl the website for each and every link it can find and dump it into a file. It goes over the robots.txt, maps out internal links, links to scripts, external links, you name it. And I must say it is fast. Really fast!
Archive: APT’s & Cyber Criminals
And now for something completely different! This GitHub repository is a huge archive with information on cyber threat intelligence for over ten years. From Stuxnet and Duqu to Lazarus and GPS spoofing attacks. If you are into threat intelligence, or want to learn more, go and check this out!
Link: https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/
Tool: WhatBreach
Finding breach data can be very useful during investigations, especially if one is able to find other possible owned mail addresses via a hash. With the tool ‘WhatBreach’ it just got a whole lot easier to find out whether any information was added to DeHashed, Databases.today or HaveIBeenPwned. Just run the python script and specify the mail address to be checked — or use a list with addresses as input — and optionally download the paste or database where it was found. Simple, but awesome little tool!
Links: Datajournalism Resources
Here is a huge collection of links for you! I know it is called ’datajournalism resources’, but there are lots of different topics, so no matter in what line of work you are, there is something new to discover for sure!
Tool: CardPwn
This tool has one very specific job: Searching for credit card numbers. It searches a whole bunch of paste and dump sites for a card number you provided and returns all the links to the sites that have it indexed.
Links: Awesome Asset Discovery
This looks a bit like the ‘Datajournalism Resources’ I mentioned above, with the main difference this being a list of tools and sites aimed at network and infrastructure investigations. Whether it’s about domains and email addresses, IoT or cloud storage, or even secrets in code, this list has something for everything. And to go with this, there’s a blog about all different assets that companies need to protect nowadays.
Link: https://github.com/redhuntlabs/Awesome-Asset-Discovery
Blog: https://redhuntlabs.com/blog/redifining-assets-a-modern-perspective.html
Have a good week and have a good search!