CSE4026: CYBER SECURITY

Name: Vedha Samhitha Chava

Reg. No: 20BCE7201

PROOJECT TITLE: OSINT FRAMEWORK USING

MALTEGO AND MARYAM TOOLS

Lab Slot: L9 + L10

Date: 12-12-2022

Submitted to: Prof. shaik kareemulla

Abstract
Open Source Intelligence (OSINT) has gained importance in more fields of application than
just in intelligence agencies. Different models of the information cycle applied to OSINT are
addressed. Additionally, the terms data, information, and intelligence are explained and
correlated with the intelligence cycle. A classification system for entities during OSINT
investigations is introduced. By presenting the capabilities of modern search engines, techniques
for research within social networks and for penetration tests, the fundamental methods used for
information gathering are explained.
INDEX

1. Introduction

2. Background

3. Problem Definition

4. Objectives

5. Methodology/Procedure

6. Results and Discussion

7. Conclusion and Future Scope

8. References
1)INTRODUCTION

OSINT framework focused on gathering information from free tools or resources. The intention is
to help people find free OSINT resources. We define OSINT as intelligence produced from publicly
available information that is collected, analyzed, and shared for the purpose of aiding a specific
investigation. In other words, OSINT is intelligence gathered by collecting and analyzing publicly
available information and data for investigative purposes. OSINT can be very helpful for
cybersecurity experts to use to garner data about particular organizations. OSINT data sources
collected from the internet can encompass pretty much anything you can find online, from an IP
address to public governmental records. In a broad sense, OSINT gathering can even encompass
performing a Google search or reading through a public forum about learning how to fix a leaking
pipe. When we start exploring OSINT practices in your investigations, you will start hearing more
about the term “OSINT Framework.” OSINT Framework is the most extensive repository of tools
for OSINT information gathering and investigations. It sorts the resources into 32 categories
based on the type of data investigators are looking for: Public records, social networks, images,
videos, digital currency, dark web, archives, and more. In each category, you can find free and
paid tools that can be used to locate the data in question.

OSINT (open source intelligence) is described as a process by which we collect information from
publicly available sources. These sources are not limited to online searches or Google, but from
newspapers, television, blogs, tweets, social media, images, podcasts, or videos as long as it is
public, free, and legal. The scope of OSINT is not limited to the cybersecurity field. But corporate,
military intelligence, sales, marketing, and product management are all using OSINT techniques
to be more productive while delivering their services to the public. The OSINT framework can be
used to extract data by analyzing various public platforms. These platforms include news, image,
social media platform. OSINT framework is a boon to the digital world as it assists one in
crystallizing the large chunk of data online and mining information that’s more relevant and
valuable. OSINT tools simplify life with their segregation phenomenon. OSINT frameworks are
employed across various industries for optimum results.
Overview of the information that can be gathered from the OSINT framework:
● Gather person’s full names, job roles, phone numbers, photos, etc.
● Various data from search engine information from Google, Bing, Yahoo, and others
● Data from personal and corporate blogs, as well as evaluating user activity on digital forums.
● Identify various social networks used by the person.
● Evaluate content available on social networks like Facebook, Instagram, WhatsApp,
Linkedin, or Twitter.
● Accessing old cached data from Google.
● Recognize mail addresses, mobile phone numbers from social media networks, or Google
results.
2) BACKGROUND

Open source intelligence predates the internet. Governments have long used newspapers, and
later broadcasts, to track potential adversaries’ military, political, or economic plans and
activities.

OSINT is low risk, cheap, and often highly effective, as corporate intelligence consultant Cameron
Colquhoun has written in a Bellingcat article on the history of OSINT.

As Colquhoun suggests, OSINT fell out of fashion after World War Two, with intelligence agencies
instead focusing on the more glamorous and dangerous world of HUMINT – human intelligence
or spying – and SIGINT: signals and electronic intelligence.

But with the rise of the internet and social media, and online tools that can sift through vast
amounts of information, OSINT is now more relevant than ever.

LITERARTURE REVIEW OF PROBLEM

Akhgar, B.
Open source intelligence Investigation : from strategy to implementation / Akhgar, B. . - Cham CH
: Springer , 2016 Bazzell, M. Open source intelligence techniques : resources for searching and
analyzing online information / Bazzell, M. : Inteltechniques.com , 2021 "...contains hundreds of
pages which have been updated to keep your OSINT investigative methods fresh. It includes new
online and offline search tools; a new Linux OSINT virtual machine; and tutorials to replicate all
Linux OSINT tools within Mac and Windows operating systems. Brand-new search methods for
Facebook, Instagram, LinkedIn, YouTube, and others ensure you have the latest techniques
within your online investigation arsenal. An entire section is devoted to Methodology, Workflow,
Documentation, and Ethics which provides a clear game plan for your next active investigation"
Bertram, S.K.
The tao of open source intelligence / Bertram, S.K. : Cambridgeshire IT Governance Publishing ,
2015 ...provides a comprehensive guide to OSINT techniques, for the investigator: It catalogues
and explains the tools and investigative approaches that are required when conducting research
within the surface, deep and dark webs. It explains how to scrutinise criminal activity without
compromising your anonymity - and your investigation. It examines the relevance of cyber
geography and how to get around its limitations. It describes useful add-ons for common search
engines, as well as considering metasearch engines (including Dogpile, Zuula, PolyMeta, iSeek,
Cluuz and Carrot2) that collate search data from single-source intelligence platforms such as
Google. It considers deep-web social media platforms and platform-specific search tools,
detailing such concepts as concept mapping, entity extraction tools and specialist search syntax
(Google kung fu). It gives comprehensive guidance on Internet security for the smart investigator,
and how to strike a balance between security, ease of use and functionality, giving tips on
counterintelligence, safe practices and debunking myths about online privacy
Evangelista, J.R.G.
Systematic Literature Review to Investigate the Application of Open Source Intelligence (OSINT)
with Artificial Intelligence / Evangelista, J.R.G. . - In: Journal of Applied Security Research , 2021
''...develop a systematic literature review on OSINT to investigate the application of OSINT with
AI. This work was motivated to fill this research gap, for this, consolidate the publications on
OSINT divided into the publication bases. As for its contribution, this work presents a systematic
literature review composed of 9-step and also brings consolidated information to support the
next OSINT studies. This research searched for publications between January 1990 and October
2019, finding a total of 244 publications. The 9-steps of the systematic literature review are
Definition of Keywords, Query string definition, the definition of publication bases, the search on
the publications bases, the base search results analysis, download of publications, importing the
publications into Mendeley, Importing. Ris file into VOSviewer and Keyword Map Analysis.‘’
•Fernandez, M. The art and science of finding information : achieving more knowledge
advantage through OSINT / Fernandez, M. . - St Petersburg FL : Booklocker , 2019 "Open source
intelligence (OSINT) and its components in journalism, politics, business and similar fields offers
the hidden power that the Internet offers to those who know how to search for information, how
to separate fact from fiction. Putting a word or two into a computer's search box is not enough.
The power of open source research is available for those who bend it to their needs."
• Gannon, J. The strategic use of Open Source Information / Gannon, J. , [2009] Chairman,
National Intelligence Council. "This article examines three aspects of the open-source
challenge/response dynamic: its critical importance; how the 1C is using technology to help the
analyst cope with the information glut; and the need for interaction with the private sector."

3) PROBLEM DEFINITION
There is a great quantities of accessible information present in open resources. Public
space is characterised by great quantities of available information. Quite often the data is badly
laid out and therefore confusing, and then it is also difficult to find the exact data we are looking
for. One of the biggest problems of OSINT is one of potential information overload; filtering insight
from the “noise” can be difficult
 4) Objectives:
Open source intelligence (OSINT) is the act of gathering and analyzing publicly
available data for intelligence purposes. Open source data is any information that is readily
available to the public or can be made available by request.

OSINT sources can include:

• Newspaper and magazine articles, as well as media reports

• Academic papers and published research

• Books and other reference materials

• Social media activity

• Census data

• Telephone directories

• Court filings

• Arrest records

• Public trading data

• Public surveys

• Location context data

• Breach or compromise disclosure information

• Publicly shared cyberattack indicators like IP addresses, domain or file hashes

• Certificate or Domain registration data

• Application or system vulnerability data

• While most open source data is accessed via the open internet and may be indexed with the help
of a search engine like Google, it can also be accessed via more closed forums that are not indexed
by search engines. Though most deep web content is inaccessible to general users because it lives
behind a paywall or requires a login to access, it is still considered part of the public domain.

• It is also important to note that there is often a tremendous amount of secondary data that can be
leveraged from each open source of information. For example, social media accounts can be mined
for personal information, such as a user’s name, birthdate, family members and place of residence.
However, the file metadata from specific posts can also reveal additional information such as
where the post was made, the device used to create the file and the author of the file.

5) Methodology:
The tools I used to in OSINT framework are:

1) Maltego
2) Maryam

3)The Harvester

MALTEGO : Maltego is an open source intelligence (OSINT) and graphical link analysis tool for
gathering and connecting information for investigative tasks. One of the major advantages of
Maltego for OSINT is that it is reasonably private, even when running more active OSINT measures
Maltego can be used to identify relationships that might otherwise not be obvious. When we have
a huge amount of information, it can be really difficult to identify connections between apparently
disparate pieces of that information. By visualizing relationships within data, Maltego makes it
easier to see connections that could otherwise go unnoticed.

MARYAM: Maryam tool is one of the best tool which is been designed by OWASP team and has
the potential to collect information from the open resources. Maryam is written in Python
programming language and It’s designed to provide a powerful environment to harvest data from
open sources and search engines and collect data quickly and thoroughly.

THE HARVESTER: The harvester is another OSINT tool for reconnaissance. It uses several sources
of information to gather results and help us determine the company’s perimeter. TheHarvester
gathers emails, subdomains, IP e URL. The harvester is pre-installed in Kali Linux.

Some modules require an API key:

• hunter

• intex

• securityTrails

• shodan

The Harvester (purposely spelt with a lower-case 't' at the beginning) is a command line-
based tool made by the team at Edge-Security. It is a Python- based tool meant to be used
in the initial stages of an investigation by leveraging open source Intelligence to help
determine a company's external threat landscape on the internet. The tool was originally
designed to be used inthe early stages of a penetration test or red team engagement.
However, the passive reconnaissance abilities of the Harvester also make it suitable for
blue or purple teams, depending on the situation.
6)Results and discussion:
Working with Maltego Tool on Kali Linux
Starting with a domain name we can begin to map out the structure of an
organization including other sites they own. It is surprising how much information
can be found by using nothing more than a domain name.

Click the new graph button in the upper left corner and a blank new graph pane
will open.
From the Entity Palette on the left, scroll until you find Domain and then drag it
into your blank graph pane.
Double click on the domain icon and change the name to the domain you want to
investigate, I chose google.com.

Right-click on the domain icon, this opens the Run Transforms box. Here you could
be very specific about what you want to search for by scrolling through the palette
and selecting Run All Transforms by selecting the little fast forward arrows beside
it.
As soon as Run Transform is selected, Maltego begins its work by graphing out the
structure of the network. Note: on the left side of the graph pane there are several
options for viewing the graph in different layouts.

You can see in the image below that all sorts of information pops up including
DNS servers, related sites, related emails, email servers…
You can use these connections to make even more detailed connections like names
associated with emails.
7|Page
Let’s take a closer look at one of the people that showed up connected to
goggle.com. Right-click on [email protected] icon and run All Transforms.

When the transforms finish running, we will have an added graph.

Working with Maryam Tool on Kali Linux :

1) Anonymous Email Grabbing – OSINT

We have got the email address for public source

2) Social Nets – OSINT

We have got the information about the username for public sources

3) Getting Profiles From LinkedIn – Search

we are using the LinkedIn module

We have got the link of profiles on LinkedIn

Working with The Harvester Tool on Kali Linux :
1. Security Trails
2. Url Scan

We were able to find 5 IPs and 1 host.

Primary OSINT data sources are great for finding IPs and hosts. The good thing is
that this tool offers a big set of sources to choose from, we will now attempt to
run more tests using other third party service
It was a bit concerning that we might be doing something wrong. So
we decided totest out the Hunter API to see if we found any data
regarding 'moslempress' there.
The discrepancy here is most likely due to the lack of data available
for this nichedomain on Hunter and other sources.

Threat Miner and Rapid DNS helped us uncover the following

CONCLUSION:
As technology increases day by day the need of fast and specific information
gathering arises, and it increases the need of OSINT. In the upcoming years
OSINT will become the basic need of the organization weather it’s private or
government. By using OSINT we are able to get important information’s in just
couples of minute which is only possible by deep analysis in newspapers,
magazines, industry newsletters, social networking media, television
transcripts, and blogs.
REFERENCES :

1. Schwartz, Leo (March 7, 2022). "Amateur open-source

researchers went viral unpacking the war in Ukraine". Rest of
World. Retrieved 8 March 2022.
2. ^ Richelson, Jeffrey (2016). The US Intelligence
Community. ISBN 978-0813349183.
3. ^ "Spy Agencies Turn to Newspapers, NPR, and Wikipedia for
Information: The intelligence community is learning to value
'open-source' information". Archived from the original on 2012-
10-23. Retrieved 2008-09-15.
4. ^ "As defined in Sec. 931 of Public Law 109-163, entitled,
"National Defense Authorization Act for Fiscal Year
2006."". Archived from the original on 2008-11-12.
Retrieved 2006-12-08.
5. ^ "NATOTermOTAN". nso.nato.int. Retrieved 2021-04-02.
6. ^ Richelson, Jeffrey T (2015-07-14). The U.S. Intelligence
Community. Avalon Publishing. ISBN 9780813349190.
Retrieved 15 May 2017.
7. ^ Lowenthal, Mark M. (2005), "Open-Source Intelligence: New
Myths, New Realities", in George, Roger Z; Kline, Robert D
(eds.), Intelligence and the national security strategist : enduring
issues and challenges, Lanham: Rowman and
Littlefield, ISBN 9780742540392
8. ^ Bornn, D Marshall (9 Jan 2013). "Service members, civilians
learn to harness power of 'Open Source'
information". www.army.mil. Archived from the original on 9
December 2017. Retrieved 14 May 2017