Skip to main content

OSINT Day

·508 words·3 mins
Posts anniversary framework osint social tools waf
Table of Contents
Open Source Intelligence (OSINT) is the collection, analysis, and dissemination of information that is publicly available and legally accessible.

National OSINT Day
#

OSINT Day is celebrated on February 26th each year. It was established by the OSINT Foundation, a professional association of U.S. Intelligence Community open-source intelligence (OSINT) practitioners, in recognition of the contributions made to the national security of the United States by OSINT practitioners and the OSINT discipline.

I didn’t know there is OSINT Day has been established until today.

Thus, with OSINT Day, it is an opportunity to raise awareness of the importance of OSINT and to celebrate the work of OSINT practitioners. It is also a time to learn more about OSINT techniques and tools, and to share knowledge with others.

OSINT Tools
#

Here are the 3 common tools that I used for OSINT.

  • WAFW00F: A WAF Fingerprinting Tool.
  • SherLock: A tool to hunt down social media accounts by username.
  • OSINT-Frameowrk: A OSINT framework that help to find free OSINT resources.

WAF Fingerprinting
#

Web application firewall, or known as WAF, is a security device that protect websites from attacks.

WAFW00f is a WAF fingerprinting tool. It is used to identify the specific type of WAF that is protecting a website.

This information can be useful for attackers, as it can help them to develop targeted attacks against the WAF. However, it can also be useful for security professionals, as it can help them to identify and mitigate vulnerabilities in WAFs.

$ git clone https://github.com/EnableSecurity/wafw00f
$ cd wafw00f
$ sudo python setup.py install

To start fingerprinting a website, like bbc.com, just do:

$ wafw00f bbc.com

                   ______
                  /      \
                 (  Woof! )
                  \  ____/                      )
                  ,,                           ) (_
             .-. -    _______                 ( |__|
            ()``; |==|_______)                .)|__|
            / ('        /|\                  (  |__|
        (  /  )        / | \                  . |__|
         \(_)_))      /  |  \                   |__|

                    ~ WAFW00F : v2.2.0 ~
    The Web Application Firewall Fingerprinting Toolkit

[*] Checking https://bbc.com
[+] The site https://bbc.com is behind Cloudfront (Amazon) WAF.
[~] Number of requests: 2

This is is created in Python by EnableSecurity and can be downloaded at:

EnableSecurity/wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Python
5355
941

Social Media
#

To hunt down a targetted user across social networks, we can use a tool called sherlock.

Same as wafw00f, sherlock can run as container too.

$ git clone https://github.com/sherlock-project/sherlock.git
$ cd sherlock
$ python3 -m pip install -r requirements.txt

To start hunting a user, hackerman1337:

$ python3 sherlock hackerman1337

To hunt for more users:

$ python3 sherlock elonmusk billgates 

sherlock is hosting at:

sherlock-project/sherlock

Hunt down social media accounts by username across social networks

Python
61183
7037

OSINT Framework
#

OSINT is the collection, analysis and dissemination of publicly accessible information using open source tools. And OSINT Framework is a tool focusing providing the free resources/tools for OSINT.

The tool is available at https://osintframework.com/, and the project is hosting at:

lockfale/OSINT-Framework

OSINT Framework

JavaScript
7918
1336

Links#

Related

Encrypted Shell Script
·329 words·2 mins
Posts bash crypto tools
We can encrypt our BASH shell script to protect some confidential configuration.
Open New Tab in Hugo
·112 words·1 min
Posts hugo
Open external links in a New Tab in your browser.
Python Rich Package
·121 words·1 min
Posts cli python
Enrich python cmdline apps with RICH.