UniqueSINT PART - 1

-

                                    
                      

 

      https://c.tenor.com/eYRNL1In-ooAAAAM/namaste-covid.gif                     

 

 

                           In Information security there are many branches that we need to learn it is not mandatory to be expert on everything but its necessary to be aware on each branch and today in this blog we are going to learn one of the domain in Information Security

 

OPEN SOURCE INTELLIGENCE [ OSINT ]

 

Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources to produce actionable intelligence

In common words gathering information about a geolocation,person,domain or a organisation through the publicly available data for a better understanding first we need to understand few terms

 DIGITAL FOOTPRINT : 

 A digital footprint is data that is left behind when users have been online   

 

DORKING :

Google Dorking is a search technique that enables hackers to gain access to information that corporations and individuals did not intend to make publicly available

 

SOCIAL ENGINEERING : 

Psychological manipulation to trick users into making security mistakes or giving away sensitive information 

 

There are different methods and steps to find information of our target like the way of approaching to the target depends on the type of target which means if we want to collect data about the website its of different methods but the same methodology is used for everything

 

Today in this blog im gonna explain you the methods and instructions to approach a target and get maximum information from them by directly or indirectly if i want to say these in technical terms then it sounds like active(directly) and passive(indirectly) 

 

WE MUST GET MAXIMUM INFORMATION THROUGH PASSIVE METHODS SO THAT THE VICTIM IS NOT AWARE OF WHAT WE COLLECT

 

Many of us surf internet daily maybe for social media interaction,posting blogs,reading news, shopping,excetra 

 During this we use many websites for different purpose and every website collects information according to their agreement and here all the data they collect can be used in different ways to provide us the best they can

You might think how can we relate this to OSINT.

YES the information that we leave here becomes the public data and using different  techniques and methods we can extract info about the person i may not cover everything in this blog there will be a continuation if you guys like my blogs  

Most people use SOCIAL MEDIA such as

  • Twitter
  • Instagram
  • Facebook
  • Snapchat
  • Linkedin
  • whatsapp or Signal 
  • Telegram

 

We start our gathering information through these as most of the social accounts require email to signup 

So for us email is more important than contact number 

First to understand what im gonna say now for that lets think a situation and we implement our techniques according to them,

                                                We are in linkedin as it is the most used profession searching platform for those want to get job in linkedin there are connections  which is referred to as the people who accepted our request to connect.

  • Here the important information that we get is :
  • victim Full Name(job searching platforms most people dont use fake names)
  • Their Email-ID yes we can see our connections email

 

 To get our connection email : 

  • Go to the profile of the connection
  • you can see menu within that you can see contact info

 No one can stop other users in seeing our email because its the default feature of the linkedin so better to be careful with whom you are connecting with check their profile before attempting the acceptance of connection

so we got the email and their are different components in email such as the domain like gmail,hotmail,outlook,protonmail,icloud excetra and also we can find their name 

from linkedin we got the following details

  • The place where the person resides
  • The qualification and experience on a particular field
  • E-mail ID
  • Full name and if they expose more we can get their DOB(date of birth)

 

Now we start to dig more information through email for example testing123@gmail.com is the victim email there are plenty of information you can get from email lets move onto practical

Everytime hackers from different locations try to hack a organisation with malware or else with their existing vulnerabilities in them and hackers take the advantage of this and demand ransom(like blackmailing for money) if they make a deal with the hackers then they dont expose the company and their customer data to public..if not they leak data to public or else sell the whole company data privately for a certain amount as a price tag the common term for these data stealing is called DATA BREACH this can happen at anytime and anywhere

we use this public data to collect data of our victim for that we need to check whether the victim email is there in the breach database that happened till date 

To check the compromised dataset there is a search website to check whether the mail is listed in any of the data breaches that occured

 

for searching leaked passwords


The above information is only for getting details about in which database our victim is leaked his information some databases have email address and passwords,and some have Address,contact number and other juicy content those are really useful.But if you need that data you must have personally i collect all the datasets that are publicly available to us i will add that too in next blog

SITUATION 2 : 

                           Suppose our victim email is not leaked in any of the database then we follow in which websites is the email is linked to such as 

Is the email linked to instagram,facebook,twitter,amazon excetra 

For this there are instructions to follow but first i will explain the mechanism behind it so that you can understand on how the tool works

There is a github repository and also they made a go language library for that and it is called as HOLEHE

                                                        holehe website 

Holehe OSINT - Email to registered accounts

holehe checks whether the email is registered to different websites such as instagram,twitter and more than 120 websites by using forgotten password functionality and important thing is it doesnt alert the users

you can use some telegram bots too those work in the same way like holehe
step 1 : copy the email address of the victim
step 2 : paste the link in the url where the parameter email exists
step 3 : link : https://api.twitter.com/i/users/email_available.json?email=example123@gmail.com
step 4 ; it downloads the file which is in json format
step 5 : Read the file if the "taken : true" then the email is linked to twitter or else if the "taken:false"is shown then the email is not linked to the twitter

For checking for the gravatar image just copy the email of the victim and enter in the below link

 
 There is a automated tool to test whether the email is connected to twitter,instagram and snapchat

github link : https://github.com/Fah4d/SocialMediaChecker

How to check whether the phone number is linked to snapchat or not
 
github link : https://github.com/Fah4d/Remax-CheckSnap


To get public instagram data manually
 
  • Get the Username of the victim
  • edit this link : https://instagram.com/(yourvictimusername)/?__a=1
  • you will get public data in json format if it is bussiness account you can get email and contact number too
A Telegram bot which fetches the google maps review the profile pic of the email,connected skype account if exists and other public information

 
 You got a situation in which you know only the username and this username is either you might guess or else you got from the social media the person used 

we need to analyse the ids for this there are so many github and online tools but i will only mention few of them 

Method to read deleted or suspended tweets

  •  copy the twitter username without this symbol
  • now add the victim username in the username field below
  • link : https://web.archive.org/web/timemap/?url=https%3A%2F%2Ftwitter.com%2F[USERNAME]%2F&matchType=prefix&collapse=urlkey&output=json&fl=original%2Cmimetype%2Ctimestamp%2Cendtimestamp%2Cgroupcount%2Cuniqcount&filter=!statuscode%3A%5B45%5D..&limit=100000&_=1627821432372
  • The result will be in JSON format just copy the result you get now(jsonresult)
  • paste the result in here link : https://web.archive.org/web/0/(RESULT OF JSON)
  • You will be redirected to waybackmachine and can see the tweets
  • NOTE : Replace the name DOT with a period " . "
Sometimes when you find the instagram id and you want the email he used so that you can find more info like i mentioned before for that switch to instagram App and connect to any VPN you want other than the INDIA because now we are going to do forgotten password method if he use email then we can see the option to request OTP through email but now you may get doubt why i asked you to turn on VPN the reason is whenever someone tries to login or else sends password reset request it notes the IP address and send to the victim mail and he get notified so to be safe i said to turn on VPN
 
 
when you press forgot password option there will be a POP-UP like the mail is sent to e********@gmail.com
 
The tricky here is the email is masked with * its time to guess the mail maybe the mail is the full name of the victim combined with their date of birth try all the possible guessing methods
 
what if you have email and the name of the victim and you want to find instagram id 

github : https://github.com/blackeko/yesitsme
 
HOW IT WORKS
 
This tool works on the basis of masked email along with username like we have our masked email and the username of the victim and when we submit the data to this tool it fetches every instagram id with masked email by doing forgot password to it but it doesnt prompt the user because they use instagram USER-AGENT and fetch masked email according to our given usernames when the match is high it shows a different colour


THATS ALL FOR TODAY GUYS I HOPE WHOEVER READING MY BLOG MAY GAINED SOME KNOWLEDGE SHARE THIS POST SO THAT OTHERS CAN ALSO GET THESE INFORMATION 

                                    
                                      

Comments

Post a Comment

Popular posts from this blog

UniqueSINT PART - 2

-
 This post is the continuation of the previous post UniqueSINT PART - 1 so lets start this blog   UniqueSINT PART - 2 In this blog we mainly focus on estimating whether the email or a phone number that we got during our investigation and also we can look at some tools and methods for estimating for the contact number too Email : example123@gmail.com The above email is our target email and we can start looking into various different social media sites that are mostly used in India such as : Twitter Instagram Snapchat Whatsapp Telegram Discord Twitter :               Twitter is a widely used social media by most of the persons so lets start checking our target email is linked to twitter or not and also we see method for checking the contact number linked to the twitter As mentioned in the previous post copy the victim email  Now analyse this link and try to copy this link too link : https://api.twitter.com...
Read more

UniqueSINT PART - 3

-
 Today in this blog we are going to look for Geolocation intelligence inshort we can call as GEOINT Description : GEOsint is nothing but extracting information based on geographical data either through the posts that our victim posted in his/her social media or else from the ip address through active information gathering which means direct interaction with our target   Before going to the content i want to mention the situations where you need to check about GEOLOCATION   When you find location tags in the posts for example instagram,facebook etc When you analyse the posts of your victim you might come accross post in which background is a monumental place or else any other well recognised tourist place     We will discuss several methods to extract important information from the imaginery location of the victim Important keywords :    EXIFDATA : Exchangeable Image File Format and refers to the basic metadata that is generated and stored by your ...
Read more