Read on Twitter
★ #OSINT Tips ★ 17 short tips for website investigations
[1/17: tactical information
]
Purpose: collect and analyze tactical information.
1. Visit website
2. Collect visible info (contact details, VAT numbers, etc.)
3. Analyze information
4. Have fun!
[1/17: tactical information
]Purpose: collect and analyze tactical information.
1. Visit website
2. Collect visible info (contact details, VAT numbers, etc.)
3. Analyze information
4. Have fun!
[2/17: WHOIS information]
Purpose: find owner/host of website
1. Find top level domain
2. Find TLD register via http://iana.org/root/domains/db *
3. Fill in target URL
4. Look for registrant/registrar
5. Have fun!
* Use multiple databases/registers!
Purpose: find owner/host of website
1. Find top level domain
2. Find TLD register via http://iana.org/root/domains/db *
3. Fill in target URL
4. Look for registrant/registrar
5. Have fun!
* Use multiple databases/registers!
[3/17: archives]
Purpose: find archived information
1. Visit http://archive.org *
2. Fill in target URL
3. Check for archived information
4. Have fun!
* Use other websites such as http://archive.is
* Use cached version of search engines
Purpose: find archived information
1. Visit http://archive.org *
2. Fill in target URL
3. Check for archived information
4. Have fun!
* Use other websites such as http://archive.is
* Use cached version of search engines
[4/17: text]
Purpose: find related information by text
1. Copy text from target website
2. Paste text in search engine*
3. Have fun!
* Or use websites such as http://copyscape.com
Purpose: find related information by text
1. Copy text from target website
2. Paste text in search engine*
3. Have fun!
* Or use websites such as http://copyscape.com
[5/17: images | reverse image search ]
Purpose: find websites that use the same/a similar image
1. Copy image location of target image
2. Navigate to http://google.com/images *
3. Find identical and overeenkomstige afbeeldingen
4. Have fun!
* Also use Yandex, Bing, Baidu, TinEye
Purpose: find websites that use the same/a similar image
1. Copy image location of target image
2. Navigate to http://google.com/images *
3. Find identical and overeenkomstige afbeeldingen
4. Have fun!
* Also use Yandex, Bing, Baidu, TinEye
[6/17: images | EXIF data]
Purpose: find EXIF data of digital images
1. Navigate to target image
2. Download target image
3. Extract EXIF data*
4. Analyze data
5. Have fun!
* Or use Jeffreys Exif viewer / add-ons (wxIF)
Purpose: find EXIF data of digital images
1. Navigate to target image
2. Download target image
3. Extract EXIF data*
4. Analyze data
5. Have fun!
* Or use Jeffreys Exif viewer / add-ons (wxIF)
[7/17: source code]
Purpose: investigate source code
1. Navigate to target website
2. View source code
3. Analyze source code (hidden info, ID's, templates, plugins)
4. Find vulnerabilities/related websites
5. Have fun!
* http://Builtwith.com & http://Publicwww.com
Purpose: investigate source code
1. Navigate to target website
2. View source code
3. Analyze source code (hidden info, ID's, templates, plugins)
4. Find vulnerabilities/related websites
5. Have fun!
* http://Builtwith.com & http://Publicwww.com
[8/17: other TLD's]
Purpose: find other tld's of target website
1. Use operators -site: http://target.com -site:target.*
2. Analyze and verify the results
3. Have fun!
Purpose: find other tld's of target website
1. Use operators -site: http://target.com -site:target.*
2. Analyze and verify the results
3. Have fun!
[9/17: mentions of target]
Purpose: find mentions of target website
1. Use operators -site: http://target.com " http://target.com "
2. Analyze and verify the results
3. Have fun!
Purpose: find mentions of target website
1. Use operators -site: http://target.com " http://target.com "
2. Analyze and verify the results
3. Have fun!
[10/17: check info via RSS]
Purpose: find information via RSS feeds
1. Navigate to http://target.com/RSS *
2. Analyze and verify the results
3. Have fun!
* Will of course not always work. Will probably do on Wordpress websites.
Purpose: find information via RSS feeds
1. Navigate to http://target.com/RSS *
2. Analyze and verify the results
3. Have fun!
* Will of course not always work. Will probably do on Wordpress websites.
[11/17: investigate SSL certificates]
Purpose: find (sub)domains of target
1. Navigate to http://crt.sh
2. Typ in target website
3. Check certificate ID's
4. Analyze information
5. Have fun!
Purpose: find (sub)domains of target
1. Navigate to http://crt.sh
2. Typ in target website
3. Check certificate ID's
4. Analyze information
5. Have fun!
[12/17: check robots/sitemaps]
Purpose: find "hidden" webpages and content
1. Navigate to http://target.com/robots.txt
2. Analyse all disallowed pages and content
3. Visit pages and content
4. Have fun!
Purpose: find "hidden" webpages and content
1. Navigate to http://target.com/robots.txt
2. Analyse all disallowed pages and content
3. Visit pages and content
4. Have fun!
[13/17: port scans]
Purpose: find open ports and services
1. Use a TCP port scanner such as NMAP
2. Run scan
3. Analyze results
4. Have fun!
Purpose: find open ports and services
1. Use a TCP port scanner such as NMAP
2. Run scan
3. Analyze results
4. Have fun!
[14/17: reverse IP lookup]
Purpose: find other domains on same IP address
1. Use a service such as http://viewdns.info
2. Typ in target website
3. Analyze results
4. Be aware of shared hosting services
5. Have fun!
* Reverse DNS is also interesting
Purpose: find other domains on same IP address
1. Use a service such as http://viewdns.info
2. Typ in target website
3. Analyze results
4. Be aware of shared hosting services
5. Have fun!
* Reverse DNS is also interesting
[15/17: reverse DNS lookup]
Purpose: find other domains that use same DNsame IP address
1. Use a service such as http://viewdns.info
2. Typ in target website
3. Analyze results
4. Be aware of shared hosting services
5. Have fun!
Purpose: find other domains that use same DNsame IP address
1. Use a service such as http://viewdns.info
2. Typ in target website
3. Analyze results
4. Be aware of shared hosting services
5. Have fun!
[16/17: monitoring changes]
Purpose: monitor changes on website
1. Use a service such as http://visualping.io
2. Fill in all information
3. Wait for changes
4. Analyze changes
5. Have fun!
Purpose: monitor changes on website
1. Use a service such as http://visualping.io
2. Fill in all information
3. Wait for changes
4. Analyze changes
5. Have fun!
[17/17: malware check]
Purpose: check for malware on target website
1. Use a service such as http://any.run
2. Fill in all information
3. Wait for the results
4. Analyze results
5. Have fun!
Want to add more tips? let us know!
Purpose: check for malware on target website
1. Use a service such as http://any.run
2. Fill in all information
3. Wait for the results
4. Analyze results
5. Have fun!
Want to add more tips? let us know!
