Another week, another set of OSINT tools. This week we'll be looking at tools for OSINT investigations including a web technologies lookup, SSL certification data, and breach data analysis. The goal is to expand your mindset on what's possible using tools, increase your efficiency, and amplify your outcomes. Let's get started.
If you've ever used BuiltWith, you'll be familiar with Uptain. Uptain allows you to see what web technologies any domain is using. You can use the playground environment on the web app, or you can use the API and import it into a tool like Postman or Insomnia. They also have a Python, Go, and Node.js module if you want to integrate it into a script. As far as performance goes, it can be sort of slow; however, the results are pretty extensive. It's definitely worth checking out.
A common vulnerability for a website is an expired SSL certification. HaveIBeenExpired lets you know when a website first registered their SSL certificaiton as well as when it expires. It will also let you know when a domain is registered and when it will expire. Here's an example of what to expect from HaveIBeenExpired.
HaveIBeenExpired allows you to set up monitoring for specific domains. This can be excellent for red and blue teams monitoring a list of domains.
Ethically leveraging breach data can be an excellent resource for any OSINT investigation. Finding tools that will help exploit that data is necessary to allow for investigation at scale. DelvedLeak lets you check for email and password breaches as well as profiles that the data might be associated with. Here's an example.
This is a sample of a email check taht reveals reputation, data breach, credentials leaks, spoofability(?), as well as profiles associated with that email. What's really cool about this is that it takes what seems to be the list of breaches from HaveIBeenPwned and links them to the RaidForums breach for the source material. This is probably one of the more well-rounded open source scripts I've used.
Remember OSINT != tools. Tools help you plan and collect data, but the end result of that tool is not OSINT. You have to analyze, receive feedback, refine, and produce a final, actionable product of value before you can call it intelligence.
Thanks for reading. If you enjoyed this post, make sure to subscribe. A new one just like this will be posted on Tuesdays at 6:00 PM UTC-5:00.