Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OWASP - Introduction To OSINT In Real Life

OWASP - Introduction To OSINT In Real Life

Session given by - Ashwani kumar a.k.a CyberK@Lki
Hobbies – Gaming & finding new places to go solo
Interest area – OSINT, Network Pentest, Malware analysis, Social
engineering , DevSecOps, Geopolitics & Quantum physics
Professional CS GO & Fortnite Player : Nick : GodWA
Certified ICS Security skills from US Homeland Security & CISA
Reported Scada bugs for BSNL, Railtel & other National critical
infrastructures
Provided OSINT training and consultancy to govt agencies & Private
entities
Worked closely with CyberPeace NGO helping Indian masses to stay safe in
cyberspace and build next-gen cyber warriors

2c758159a15a0e8f5a030e2dee5dae56?s=128

Ashwani kumar

January 30, 2021
Tweet

Transcript

  1. Introduction To OSINT In Real Life A simple journey to

    gain passive & active info about target
  2. #whoami 👉 Ashwani kumar a.k.a CyberK@Lki 👉 Hobbies – Gaming

    & finding new places to go solo 👉 Interest area – OSINT, Network Pentest, Malware analysis, Social engineering , DevSecOps, Geopolitics & Quantum physics 👉 Professional CS GO & Fortnite Player : Nick : GodWA 👉 Certified ICS Security skills from US Homeland Security & CISA 👉 Reported Scada bugs for BSNL, Railtel & other National critical infrastructures 👉 Provide OSINT training and consultancy to govt agencies & Private entities 👉 Work closely with CyberPeace NGO helping Indian masses to stay safe in cyberspace and build next-gen cyber warriors 2 Website – https:/cyberkalki.com/ [ Work in Progress]
  3. None
  4. OSINT Use cases • Username lookup • Email lookup •

    Domain & IP lookup • Images & Docs lookup • Social Media OSINT • People OSINT • Telephone OSINT • Public ReCords • Corporate & Business OSINT • Geo OSINT • Darkweb OSINT • Malicious file OSINT • OSINT Frameworks
  5. Username & Email OSINT • http://checkusernames.com/ • https://namechk.com/ • https://whatsmyname.app/

    • Socialscan tool • Search4 tool • https://rocketreach.co/ • https://tools.verifyemailaddress.io/ • https://www.peekyou.com/ • https://hunter.io • https://www.spytox.com/people/search?email • https://intelx.io/tools?tab=email • https://en.gravatar.com/site/check/ • Harvester tool
  6. Domain & IP OSINT • https://securitytrails.com/domain • https://domaincrawler.com/ • https://viewdns.info/

    • Censys • Shodan • Greynoise : https://viz.greynoise.io/ • Onephye: https://www.onyphe.io/ • Virustotal : https://www.virustotal.com/gui/home/search • https://db-ip.com/ • https://www.projecthoneypot.org/list_of_ips.php • https://www.ipvoid.com/ • https://spyse.com/advanced-search/domain • https://www.zoomeye.org/
  7. Domain & IP OSINT • https://app.binaryedge.io/ • https://builtwith.com • www.visualsitemapper.com

    • r3con1z3r: https://github.com/abdulgaphy/r3con1z3r • https://whois.domaintools.com/ •
  8. Resources as per Use case

  9. Socialmedia OSINT • Telegram : https://www.telegramdb.org/ ◦ https://github.com/th3unkn0n/TeleGram-Scraper • Github

    : https://github.com/s0md3v/Zen • Whatsapp : https://github.com/LoranKloeze/WhatsAllApp • Instagram: https://github.com/Datalux/Osintgram • Twitter: https://github.com/twintproject/twint ◦ https://tweetdeck.twitter.com/ ◦ https://onemilliontweetmap.com/ ◦ https://www.tweetarchivist.com/c57fce2f/15287 ◦ https://www.trendsmap.com/ ◦ https://socialbearing.com/search/user ◦ https://github.com/atmoner/TwitWork ◦ https://doc.tafferugli.io/
  10. Socialmedia OSINT • Facebook : https://github.com/milo2012/osintstalker • Titktok: https://github.com/sc1341/TikTok-OSINT •

    https://github.com/GitSquared/sherlock-js • Linkedin: https://github.com/initstring/linkedin2username ◦ https://github.com/leapsecurity/InSpy ◦ https://github.com/dchrastil/ScrapedIn ◦ • https://github.com/batuhaniskr/twitter-intelligence • Reddit https://www.redective.com/ ◦ https://www.osintcombine.com/reddit-post-analyser • https://www.smat-app.com/ • SocialPwned : https://github.com/MrTuxx/SocialPwned
  11. Darkweb & Crypto OSINT • https://iaca-darkweb-tools.com/search-darkweb/ • https://github.com/MikeMeliz/TorCrawl.py • https://github.com/s-rah/onionscan

    • https://jakecreps.com/2019/05/16/osint-tools-for-the-dark-web/ • https://github.com/dirtyfilthy/freshonions-torscraper • Torbot : https://github.com/DedSecInside/TorBot • https://www.osintcombine.com/post/dark-web-searching • https://onion.live/ • https://www.blockchain.com/explorer • https://github.com/s0md3v/Orbit • https://bitcoinwhoswho.com/ • https://www.blockchain.com/explorer • https://www.bitcoinabuse.com/
  12. OSINT Frameworks • Maryam • Recon-ng • Vault Cyber Security

    https://github.com/Vault-Cyber-Security/osint • https://osintgeek.de/tools • https://github.com/digitaldisarray/OSINT-Tools • https://github.com/topics/osint-tool • https://github.com/ecstatic-nobel/pOSINT • https://www.osintcombine.com/tools •
  13. OSINT Tips & References • https://github.com/blaCCkHatHacEEkr/OSINT_TIPS • https://osint.link/ • Attack

    surface for OSINT • https://cheatsheet.haax.fr/open-source-intelligence-osint/ • Missing person OSINT • https://www.osintme.com/index.php/2020/11/21/list-of-darknet- markets-for-investigators/ •