OSINT Resources for 2019 [source: medium.com]

Whether you are new to OSINT (Open Source Intelligence) or use it regularly in your professional life for reconnaissance, threat intelligence or investigations, the recent speed of growth in the field means constant development in terms of tooling, data, content and community. In this post I aim to highlight some essentials that everyone relying on OSINT should know, plus newer resources that might provide additional insights.

First, the Essentials

If you are new to OSINT or come from a less technical background, there are some foundational resources you should gain a solid grasp of first because they’ll really help you get better use out of the other tools mentioned later in this post, in addition to gaining a deeper understanding the data they present:

• DNS: With tools like host, dig and nslookup you can look-up different types of DNS records (A, CNAME, NS, MX, TXT, etc), use alternate name servers and more. For instance, did you know that Quad9‘s DNS will always resolve any malicious host to 127.0.0.1? This means by using their name server to perform your lookup, you can quickly check if it’s potentially malicious:

$ nslookup m-tesla.pw 9.9.9.9
Server:       9.9.9.9
Address:      9.9.9.9#53Non-authoritative answer:
Name:   m-tesla.pw
Address: 127.0.0.1

• Whois: Probably everyone knows about performing Whois lookups on domains, but did you know you can also perform Whois on IP addresses, networks and ASNs? Let’s see who owns 8.8.8.8 — yes, Google, but Whois shows us that the broader network range is owned by Level 3 Communications (now CenturyLink), who have sub-allocated 8.8.8.0/24 to Google:

For more, click here.