OSINT Toolkit

Shabarish SugguShabarish Suggu
3 min read

My Digital Detective Toolkit: A Look at Some Cool Investigation Tools

One of the most exciting parts of my internship at Cyber Privilege has been discovering the incredible tools that cybersecurity professionals use every day. It feels a lot like being a digital detective, and just like any detective, you need a good toolkit. These tools help us gather information from publicly available sources—a practice known as Open-Source Intelligence (OSINT).

I wanted to share a few of my favorites that I've been learning about. These tools are powerful, freely available, and can give you a surprising amount of information.

WhatWeb: What's Under the Hood of a Website?

Have you ever wondered what technology a website is built on? WhatWeb is the tool for that. It's like being a car mechanic who can pop the hood of any car and instantly tell you the engine type, its version, and other components. In an investigation, this is crucial for finding out if a website is running on outdated software that might have security holes.

Hunter.io: The Digital Address Book

Let's say you need to find the professional email address of someone at a specific company for a legitimate reason, like a phishing investigation. Hunter.io is brilliant at this. It scans the web and pieces together the most likely email format for a company (like firstname.lastname@company.com), making it much easier to find the right point of contact.

crt.sh: Uncovering Hidden Domains

This one is a bit more technical, but it's super powerful. Every time a website gets a security certificate (the thing that gives you the little padlock in your browser), a public record is made. crt.sh lets you search these records. Why is this useful? Because you can see all the subdomains a company has ever created (like archive.company.com or test.company.com). Sometimes, these forgotten subdomains are less secure and can provide a way in for attackers.

IntelX and DeHashed: Searching the Data Breaches

These two are similar and incredibly important. IntelX.io is a search engine that scours data from past data breaches. DeHashed is also fantastic for checking if your information has been compromised. In an investigation, we can use these to see if a company's or an individual's email addresses and passwords have been leaked online, which could be the source of a security incident. It's a stark reminder to never reuse your passwords!

DNSDumpster: Mapping a Company's Digital Footprint

Think of DNSDumpster as a map-maker. You give it a domain name (like company.com), and it draws out a map of its entire digital presence on the internet. It finds all the company's servers, email servers, and subdomains, giving you a complete picture of their online infrastructure. It's one of the first steps in understanding a target's digital footprint.

How We Use These at Cyber Privilege

Learning about these tools is one thing, but seeing them used in real case scenarios at Cyber Privilege is another. The real skill, as I'm learning from my mentors, isn't just knowing how to use one tool. It's about knowing which tool to use and how to connect the pieces of information you get from each one to tell a complete story.

Disclaimer: These tools should only be used for ethical and legal purposes, such as security research and professional investigations.

~ By Shabarish Suggu …

0
Subscribe to my newsletter

Read articles from Shabarish Suggu directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#cybersecurityCyberprivilegeinternships

Written by

Shabarish Suggu
Shabarish Suggu