This will be a living document and will get content added and/or updated as often as possible.
Open Source Intelligence [OSINT] describes a wide range of vital sources of data for hackers, pentesters, and attackers. Some of the resources used are social media platforms, public forums, and public records.
Reconnaissance [Recon] is one of the first steps in executing a Penetration Test to better assist cyber security & business functions. When used by an attacker, Recon can indicate susceptible ways in which they can engage with targeted systems used to gain malicious, unauthorized access.
To safely begin to Recon information, there are certain prerequisites that should be part of your field kit or hacker tool box to minimize your cyber exposure:
HARDWARE
Some hardware examples are: Raspberry Pi, a small single-board computer that fits in the palm of your hand; and a small hand-held RFID Reader/Writer that can easily be used on an elevator to copy someone’s entry badge.
There are many types of portable covert hardware that can be very useful in different situations such as:
| Ubertooth | LAN Turtle | Keygrabber |
| Rubber Ducky | WiFi Pineapple | Lock Pick set |
You can check: Hacker Warehouse, Hacker Gadgets or Hak5 for these and other products.
ANONYMITY
During recon, you want to retain all anonymity and to be as non-identifiable, unreachable, and untrackable as possible. For these purposes, it is recommended that you create and use a Sock Puppet account.
A Sock Puppet is a fake, deceptive identity created for Recon and/or Social Engineering purposes, to ensure any tracking methods cannot be used to trace back to you and/or your personal accounts.
Fake Name Generator can randomly provide an entire fake identity.
Privacy allows you to create security-focused, masked transactions via a virtual credit/debit card account.
This X Doesn’t Exist is a collection of sites that have realistic yet fake AI versions of just about anything to help create a Sock Puppet.
GITHUB REPOSITORIES
Eagle Eye allows you to use a reverse image search to find social media accounts.
Th3 Inspector is a multi-Information Gathering tool.
Trape tracks & executes social engineering attacks in real time.
WEBSITES
Big Domain Data can provide domain name registrant, history, and owner information.
Data Miner is a free google chrome and edge browser extension that helps you crawl and scrape data from web pages and into a CSV file or Excel spreadsheet.
Know Em will check over 500 social networks and over 150 domains for usernames.
SearX is a metasearch engine that uses over 70 search services.
NOTE: As always, remember to follow basic cyber security Tips before any online activity.