Scribd
Upload
20 views2 pages

Binca - Osint and Tools - BW

This document provides a cheat sheet on open-source intelligence (OSINT) tools that can be used to gather information from public online sources. It lists tools like Google search operators, Shodan, FOCA, theHarvester, Maltego and Recon-ng and describes their main functions and capabilities for reconnaissance and information gathering.

Uploaded by

gcom10651
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views2 pages

Binca - Osint and Tools - BW

This document provides a cheat sheet on open-source intelligence (OSINT) tools that can be used to gather information from public online sources. It lists tools like Google search operators, Shodan, FOCA, theHarvester, Maltego and Recon-ng and describes their main functions and capabilities for reconnaissance and information gathering.

Uploaded by

gcom10651
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

OSINT and Tools Cheat Sheet

by binca via cheatography.com/44948/cs/13288/

Google Search Engine Directives Shodan

site: Limits results ot a target site or domain "The world's first search engine for Intern​et-​con​nected device​s."
inurl: Searches for keywords within the URL of a page A plethora of devices can be found on Shodan including medical
devices, traffic management systems, automotive controls, traffic
intitle: Searches for keywords within the title of a page.
light controls, HVAC/e​nvi​ronment controls, power regula​tor​s/UPSs,
link: Identifies sites that link to our target, providing info that is
securi​ty/​access controls including CCTV and webcams, serial port
useful for social engine​ering and related attacks
servers and data radios.
filetype: Searches for files with an identi​fiable extension

Bing also supports site:, inurl:, intitle: and the filetype: direct​ives. FOCA

Search all documents in a domain


Google Modifiers
Download them
"​sur​roung strings in double Literal matches for the string Analyze them
quotes​"
Produce list of metadata
- = hyphen, -site:​www.do​mai​‐ omits pages or pages with
Metadata collected includes users, folders, printers, software,
n.com, or -omitted specific strings
emails, OS, password, and servers.
* = asterick Used as a keyword wildcard
Supports numerous document types: doc, ppt, pps, xls, docx, pptx,
Bing uses Not instead of the "​-" ppsx, xlsx, sxw, scx, sxi, odt, ods, odg, odp, pdf, wpd, svg, svgz,
indd, rdp and ica
Google Hacking Database (GHDB)
Finger​pri​nting Organi​zations with Collected Archives is primarily a
Is a repository for search syntax, known as "​Google Dorks", which document metadata search tool, Pro is now called "​Final Versio​n."
can find intere​sting inform​ation. Works with most search engines
with proper syntax adjust​ments. theHar​vester

Gathers inform​ation from target domains via public inform​ation


Automate Google Searches
sources including email addresses, IP addresses and domain
Google SOAP API key required for some automation tools but names, and ports and banners.
Google stopped issuing new keys in 12/06
Uses search engines, PGP key servers and Shodan
Google Shunning begins with banning you from a particular search,
Uses screen scraping and API calls to pull results from search
to a 2 hour ban, to an IP ban.
engines.

SPUD by SensePost
Maltego
Converts Google SOAP API requests into general searches of the
Inform​ation mapping tool that finds relati​onships among people, sites
Google website.
and companies
Uses "​scr​een​-sc​rap​ing​" to collect, parse, and return the results.
Uses "​tra​nsf​orm​s" to build a hierarchy of related inform​ation
Violates Google's ToS.
Starting points include domain, person's name, phone number, etc.
Originally SenseP​ost's Aura but that was deprec​ated.
Domain to PGP keys, Person to email, Domain to phone number
Community Edition limita​tions: not for commercial use, max 12
results per transform, need to register on website to use, API keys
expire every couple days, runs slower, no encryp​tion, not updated
until next major version, no end user support, no updates of
transforms on server sdie, only discover from Paterva servers.

By binca Not published yet. Sponsored by Readable.com


cheatography.com/binca/ Last updated 9th November, 2017. Measure your website readability!
Page 1 of 2. https://readable.com
OSINT and Tools Cheat Sheet
by binca via cheatography.com/44948/cs/13288/

Recon-ng

Recon >50 modules available


Mapping 0 modules overtly for mapping phase
Discovery Cache Snoop checks the DNS cache for previously
resolved names, Intere​sting Files looks for files of
interest associated with the target
Exploi​‐ XPATH and Command Injection attacks available
tation

Web reconn​ais​sance framework including dozens of modules that


interact with Internet services to obtain inform​ation. Reporting
modules consol​idate and export results, as well as discovery and
exploi​tation modules. Some modules require API keys which may
cost money. Use show info to get inform​ation about a module. 4.x
update provides a signif​icant overhaul especially of the layout and
structure.

By binca Not published yet. Sponsored by Readable.com


cheatography.com/binca/ Last updated 9th November, 2017. Measure your website readability!
Page 2 of 2. https://readable.com

You might also like