What is OSINT ? And one of the best OSINT tools
PLEASE NOTE : i am not the creator of spiderfoot i just thought it was cool that i could run it on repl.it and wanted to share ( because I'm extremely lonely e-learning sucks) oh and ( I decided hey why not give a little lesson here since i have a lot of time on my hands
) and its good to read
For those of you who don't know what OSINT is ...
OSINT stands for
It is used a lot in the cybersecurity world. OSINT
refers to any information that can legally be gathered from free, public sources about an individual or organization. In practice, that tends to mean information found on the internet, but technically any public information falls into the category of OSINT
Using OSINT in cybersecurity
When I'm doing a cybersecurity op I always start with target enumeration gathering as much info about the target that i can.
An example : lets you have been doing a cybersecurity op on a company's website you do a subdomian lookup (wether it be through a dns record lookup or fuzzing) you might find the domain mail.company.com (remember this) now you go surfing the main website and you find a list of employee's and there're company emails one of them is John Doe
Okay you open spiderfoot and search the name John Doe you find John Doe has there're own blog Bingo!
He gives hits birthday his pets name and his wife's name and birthday as well as his anniversary after you have all that info recorded using the knowledge that most people use passwords that have meaning to them we might be able to generate a word list (using a tool such as cup) that will give us some results in a brute force attack against mail.company.com
I hope this helps someone ( i love seeing people take there first steps into the world of cybersecurity)
Feel free to contact me privately via email with any questions
Or post them here
( also I might make a challenge (a little capture the flag) for you peeps out there reading this to test you OSINT, Cybersecurity and programming skills)