OSINT Tool Tuesday - Pivoting, Google Search, APIs
Another week, another set of OSINT tools. This week we'll be looking at tools for OSINT investigations using pivoting, automating Google search, and testing APIs. The goal is to expand your mindset on what's possible using tools, increase your efficiency, and amplify your outcomes. Let's get started.
Mitaka
The first OSINT tool is a browser extension called Mitaka available on Google Chrome and Firefox. It's designed with threat intelligence in mind, but it can be used with a variety of applications. Mitaka essentially takes a datapoint on page and pivots it to another source to find additional information. Here's a list of the inputs that Mitaka will recognize on page:
| Name | Desc. | E.g. |
|---|---|---|
| asn | ASN | AS13335 |
| btc | BTC address | 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa |
| cve | CVE number | CVE-2018-11776 |
| domain | Domain name | github.com |
| Email address | test@test.com | |
| eth | Ethereum address | 0x32be343b94f860124dc4fee278fdcbd38c102d88 |
| gaPubID | Google Adsense Publisher ID | pub-9383614236930773 |
| gaTrackID | Google Analytics Tracker ID | UA-67609351-1 |
| hash | MD5, SHA1, SHA256 | 44d88612fea8a8f36de82e1278abb02f |
| ip | IPv4 address | 8.8.8.8 |
| url | URL | https://github.com |
So if you find an email address on a webpage, simply highlight and right click and reverse search with Mitaka. This is a quick and easy way to expand your investigation beyond the initial scope.
ninoseki
Sitedorks
The second OSINT tool is a Python script called Sitedorks from Zarcolio. This tool will automatically search across multiple search engines using a prebuilt list of queries. Simply download the script, enter your query, and watch your web browser populate with useful information across a variety of website categories.
Manually searching multiple queries on multiple search engines can be a tedious task. Sure, you can build a list of bookmarklets that open any search combination of your choosing; however, this requires active management of your bookmark list and can easily create a lot of noise. I prefer to have one script as the starting point for my investigation that doesn't occupy a lot of browser space. I'm already short on space as it is!
Another thing I like about Sitedorks is its level of customization. See the image below. With a few, straightforward commands, you can quickly and easily control exactly what you query and where you query it.
ZarcolioPostman
The third OSINT tool is Postman. I recently did a poll and 46% of OSINT professionals aren’t using/testing APIs in their workflow. Postman has streamlined my API testing/managing process and has allowed me to explore a wealth of data sources easily and efficiently.
I wasn't a power user of APIs until recently. I found that while most information can be obtained for free and is usually publicly available, the value of having data structured, searchable, and receiving that information instantly is a game changer. If you're building tools or want to integrate data into your workflow, learn how to manage and test APIs and learn how to use Postman.
If Postman isn't your favorite flavor, check out Insomnia or Paw.
Remember OSINT != tools. Tools help you plan and collect data, but the end result of that tool is not OSINT. You have to analyze, receive feedback, refine, and produce a final, actionable product of value before you can call it intelligence.
Thanks for reading. If you enjoyed this post, make sure to subscribe. A new one just like this will be posted every Tuesday at 6:00 PM UTC-5:00.