3 Kali Linux operating system related OSINT tools

This article addresses various OSINT (Open Source Intelligence) tools. A critical first step is gathering information about an appropriate target within the scope of the project. This enables a Pen Tester to find possible weaknesses and vulnerabilities in a company’s security system that may be exploitable.

What is Open Source Intelligence?

OSINT stands for Open Source Intelligence. OSINT is a process to collect data/intelligence about people, companies, and organizations using an extensive collection of sources including the Internet.

As per DoD, OSINT is “produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for addressing a specific intelligence requirement.

The expanding explosive growth of internet users now pays for goods and services online sharing their thoughts via personal blogs and expose sharing their day to day lives to other people.

This generates extensive data or intelligence in various forms like audio, video, images, and text which is free and accessible to everyone unless restricted by an organization or law.

OSINT sources can be divided up into six different categories of information flow:

Media: print newspapers, magazines, radio, and television from across and between countries.

Internet, online publications, blogs, discussion groups, citizen media (i.e. -cell phone videos, and user-created content), YouTube, and other social media websites (i.e. -Facebook, Twitter, Instagram, etc.). This source also outpaces a variety of other sources due to its timeliness and ease of access.

Public -government data, public government reports, budgets, hearings, telephone directories, press conferences, websites, and speeches. Although this source comes from an official source they are publicly accessible and may be used openly and freely.

Professional -academic publications, information acquired from journals, conferences, symposia, academic papers, dissertations, and theses.

Commercial Data, commercial imagery, financial and industrial assessments, and databases.

Grey literature, technical reports, preprints, patents, working papers, business documents, unpublished works, and newsletters.

So to collect and analyze the massive amount of data /intelligence we need tools that will help us reduce the analysis time.

The following are free OSINT tools that use parts of the Kali Linux operating system, mainly used by penetration testers, social engineers, and security researchers for their various projects.

1. Maltego

Maltego is a product of Paterva and is a part of the Kali Linux operating system. Maltego tools help to play out a critical observation against targets with the assistance of different built-in transforms and it is open source so it gives the capability to write custom transform or modules.

To use Maltego first, the user should be registered on the Paterva site.

After registering, the user can run machines on the target or the user can make another machine according to what intelligence they want to collect. After configuring those machines need to be started. There are various footprints built-in inside Maltego which can easily collect information from various sources and based on the result it will also create graphical results about the target.

2. The Harvester

The Harvester is an outstanding tool for collecting intelligence like email and domain for the specified target. This tool is a part of the Kali Linux operating system and very popular for harvesting intelligence used in the early stages of a penetration test or phishing.

Following pieces of information, we can gather from the tool

We use this tool to gather the following:

email address, usernames, subdomains, IPs; and URLs using multiple public data sources.

3. Recon-Ng

Recon-ng is another powerful tool for target intelligence collection which also comes with the Kali Linux operating system. Recon-ng builds with a modular approach in mind just like Metaspoilt. So according to the need, we can use different modules on the target to extract information. Just add the domains in the workspace and use the modules.