Open source intelligence (OSINT) automation tools
-
SpiderFoot
SpiderFoot is an open source intelligence (OSINT) automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, network subnet, ASN, e-mail address or person's name.SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you.
Read more at the project website: https://www.spiderfoot.net/documentation/#what-is-spiderfoot
Uses lots of free APIs
https://www.spiderfoot.net/documentation/#api -
As far as I can see that is a blocking tool to block the use of various APIs on sites you personally visit.
It bares no relation to using APIs that are not in sites in the first place.
You running the extension does not stop me using the APIs in other sites when testing and investigating a site, link, IP, hash, email name or real name, etc.It cannot combat 3rd party intelligence gathering and the use of other APIs, unless for some strange reason you want to block the extra APIs you chose to add in the first place..... so don't add them if you use the tool. . . . or don't try using the tool if you intend to block every site it wants to use.
The APIs used are simply for logging into your own free accounts so you can access the features.
VirusTotal is the most commonly used API key by many people. -
ThreatPinch browser extension
https://www.threatpinch.com
Add threat intelligence hover tool tips. IPv4, MD5, SHA2, CVE, FQDN or add your own ThreatIntel IOC. Use any REST API.
Creates on hover tooltips for every website for IPv4, MD5, SHA2, CVE or any custom IOC you define. Designed to work with any API, customization encouraged. Its the infosec threat and OSINT swiss army knife for your browser. Investigate less by taking your context with you.Documentation here: https://github.com/cloudtracer/ThreatPinchLookup/wiki
Features:
- Add your own IOC's by setting your own Look up type via regex
- Create your own data connections, maybe add a data connection for your asset portal
- Sync your data requests with a CouchDB
- Filter look up requests so that you aren't looking up your own assets in online tools.
- Supports defanged IOCs
- Bulk IOC searching!
Out of the box integrations with:
- ThreatMiner for IPv4, FQDN, MD5, SHA1 and SHA2 lookups
- Alienvault OTX for IPv4, MD5, SHA1 and SHA2 lookups
- IBM X-Force Exchange for IPv4, FQDN lookups
- VirusTotal for MD5, SHA1, SHA2, FQDN lookups
- Cymon.io for IPv4 lookups
- ThreatCrowd for IPv4, FQDN and MD5 lookups
- Computer Incident Response Center Luxembourg (CIRCL) for CVE Lookups
- PassiveTotal for FQDN whois Lookups
- MISP for MD5 and SHA2
- Censys.io for IPv4 Lookups
- Shodan for IPv4 Lookups
- BlockChain.info for Bitcoin Lookups
- Zoomeye for IPv4 and FQDN lookups
- PulseDive for IPv4, FQDN and URL lookups
- Bitcoin Whos Who for Bitcoin lookups
- Recorded Future for IPv4, FQDN, MD5, SHA1 and SHA2 lookups
- Google Safe Browsing for URL lookups
- Have I Been Pwned for Email lookups
ThreatPinch Lite is also available which has all the API lookups of ThreatPinch, but without the on hover injection code. ThreatPinch Lite relies on only the highlight right click search, and requires only permissions to make request to APIs which do not allow CORS requests.
https://chrome.google.com/webstore/detail/threatpinch-lite/jcjcflihdgdhapkadakfahkplbafobbi -
@raed No, APIs don't communicate with any boxes, black or white.
I login to all the sites I want to use with my API key generated for me.
Nothing you can do can stop me using a public API unless you do something to my system.
The sites contain or collect publicly available info.The only way to stop Shodan looking at your IP address is if you are disconnected or hidden from the net.
The only way you can stop public services from looking up your email address, is to not have one or make your own on your own domain, and never use it anywhere it could bee seen online.
You can't stop me looking up Whois info or any malware signatures associated with a domain or IP.WebAPI manager works in your browser, and has nothing to do with network probing or looking up info from public databases.
It can only stop web sites from using their API in the pages you visit. -
Spiderfoot HX is now out of beta and available to the wider public.
This version is cloud hosted so you can use 1 profile to access on any machine you use from any location.
https://www.spiderfoot.net/hx/This can also be accessed with an API so,
"One API to bind them. One API to rule them all" -
Another OSINT tool out there is theHarvester it's an effective tool designed to be used in the early. stages of a penetration test. Use it for open source intelligence gathering and helping. to determine a company's external threat landscape on the internet.
It has the following features
-
Emails
-
Names
-
Social profile
-
Ips
-
-