background preloader

OSINT Framework

Related:  Veille & fact-checkNetwork/SecurityOSINTjosemartin31Ciberseguridad

Google hacking Basics[edit] One can even retrieve the username and password list from Microsoft FrontPage servers by inputting the given microscript in Google search field: "#-Frontpage-" inurl: administrators.pwd or filetype: log inurl password login Devices connected to the Internet can be found. A search string such as inurl: "ViewerFrame?Mode=" will find public web cameras.

How To Set Up A Wireless Router Want to set up your wireless router, but don’t know where to start? You’re not alone. The assortment of cables, ports, and other components stashed in your router leaves most people scratching their heads. Every router is different, and the specific steps for setting them up depend on your model. In most cases, the easiest thing to do is to follow the instructions that come with the device.

Penetration Testing Tools OSRFramework is a set of libraries to perform Open Source Intelligence tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regular expressions extraction, and many others. At the same time, by means of ad-hoc Maltego transforms, OSRFramework provides a way of making these queries graphically as well as several interfaces to interact with like OSRFConsole or a Web interface.

CAPEC - CAPEC-3000: Domains of Attack (Version 3.0)  Attack patterns within this category focus on the exploitation of software applications. The techniques defined by each pattern are used to exploit these weaknesses in the application's design or implementation in an attempt to achieve a desired negative technical impact. Meta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns.

Creating an Effective Sock Puppet for OSINT Investigations – Introduction – Jake Creps Introduction and Philosophy In recent light of the epic failure by Surefire Intelligence to frame Robert Mueller for sexual assault allegations, I feel it’s important to discuss and unpack how to make a good sock puppet for OSINT operations. If you aren’t familiar, just google Jacob Wohl or Surefire Intelligence and you will likely be flooded with information about the scandal. For further details on the unraveling of the socks Wohl made, check out Aric Toler’s threat on Twitter @arictoler from Bellingcat.

Cannot connect to primary dns server Microsoft Windows [Version 6.0.6002] Copyright (c) 2006 Microsoft Corporation. All rights reserved. C:\Users\Derek>ipconfig/all Windows IP Configuration Host Name . . . . . . . . . . . . : Derek-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection 2: Top 9 Popular OSINT Facebook Tools Social networks are indeed a big part of any OSINT investigation. They can reveal useful information about individuals, what they look for, how they do it, what they like and many other personal details. But OSINT Facebook data-gathering doesn’t stop with tools that show you only information about Facebook profiles. Today we’ll show you the best OSINT utilities that not only gather information about Facebook public data but also dig a little bit deeper under the surface — so keep reading. 9 popular OSINT Facebook tools Let’s start with the best online tools to help you get the most out of Facebook intel gathering.

NetworkMiner - The NSM and Network Forensics Analysis Tool ⛏ NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files. NetworkMiner makes it easy to perform advanced Network Traffic Analysis (NTA) by providing extracted artifacts in an intuitive user interface. The way data is presented not only makes the analysis simpler, it also saves valuable time for the analyst or forensic investigator.

Download DNS Benchmark (DNSBench) Manufacturer’s Description GRC's DNS Benchmark performs a detailed analysis and comparison of the operational performance and reliability of any set of up to 200 DNS nameservers (sometimes also called resolvers) at once. When the Benchmark is started in its default configuration, it identifies all DNS nameservers the user's system is currently configured to use and adds them to its built-in list of publicly available “alternative” nameservers. Each DNS nameserver in the benchmark list is carefully “characterized” to determine its suitability — to you — for your use as a DNS resolver. This characterization includes testing each nameserver for its “redirection” behavior: whether it returns an error for a bad domain request, or redirects a user's web browser to a commercial marketing-oriented page.

OSINT Tools - Recommendations List With the New Year fast approaching I thought now would be a great time to post the first draft of some recommended Open Source Intelligence (OSINT) gathering tools and resources. I will look to maintain this list overtime and have it grow, so if you come across something you think should be on the list, drop me an email or leave a comment for consideration. The reconnaissance phase of any engagement is very important and can often save you alot of time and of course money. If you are really lucky you may even find the information you are looking for freely available posted online. Either way the information you find will only be as good as the tools you use, so with this in mind here is the list based on tools I have come across over the years or have been recommended by other InfoSec peeps.

The Best Hacking Tutorial Sites - Learn Legal Hacking Introduction Films like Swordfish and Hackers have made hacking seem cool, a lifestyle choice almost. However most techies know that in reality it's often a difficult and time consuming process. Before diving head first into learning how to hack it's advisable to get a taste of exactly what frustrations you might encounter, so below you’ll see our pick of the six best hacking sites to get you started. HellBound Hackers (5 out of 5) Mastering Google Search Operators in 67 Easy Steps See Also:• Google Search Operators - Best Practices• 25 Killer Combos for Google's Site: Operator Any SEO worth their sustainably harvested pink Himalayan salt knows that Google offers a variety of advanced search operators – special commands that take you above and beyond regular text searches. Learning search operators is a bit like learning chess, though.