Domain name analysis of an

organisation and an email address

using Information gathering OSINT
tools

Domain:web application security, network

security, end point security

CDAC, Noida
CYBER GYAN VIRTUAL INTERNSHIP
PROGRAM

Submitted By:
PRATHUSH MON
Jyothi Pathak, July-2024

1
 BONAFIDE CERTIFICATE
This is to certify that this project report entitled
Domain name analysis of an organisation and an
email address using Information gathering OSINT
tools submitted to CDAC Noida, is a Bonafede record of
work done by PRATHUSH MON under my supervision
from 10th June to 21st July.

(Signature) (Signature)
HEAD OF THE DEPARTMENT SUPERVISOR

2
 Declaration by Author(s)
This is to declare that this report has been written by
me/us. No part of the report is plagiarized from other
sources. All information included from other sources
have been duly acknowledged. I/We aver that if any part
of the report is found to be plagiarized, I/we are shall
take full responsibility for it.

Prathush Mon
Cochin University of Science and Technology

3
 TABLE OF CONTENTS

1.INTRODUCTION………………………………………………….. 7
2.PROBLEM STATEMENT………………………………………… 8
3.LEARNING OBJECTIVES……………………………………….. 8-9
4. APPROACH……………………………………………………….. 10-11
4.1 Tools and Technologies Used
4.2 Diagram
5.IMPLEMENTATION……………………………………………... 11-14
5.1 Step-by-Step Process
5.1.1 Update and Install Dependencies
5.1.2 Clone the Spiderfoot Repository
5.1.3 Create and Activate a Virtual Environment
5.1.4 Navigate to the Spiderfoot Directory
5.1.5 Install Specific Versions of Dependencies
5.1.6 Install Remaining Dependencies
5.1.7 Verify Installation
5.1.8 Start Spiderfoot
5.1.9 Access the Spiderfoot Interface

5.2 Screenshots
6. SPIDERFOOT WEB INTERFACE AND SCANNING………. 15-17
6.1 Accessing SpiderFoot Web Interface
6.2 Initiating a Scan
6.3 Understanding SpiderFoot Modules

4
7.INDICATORS OF COMPRISE(IoC) AND INFORMATION
ANALYSIS………………………………………………………… 17-24
7.1 Domain Analysis
7.1.1 Scan result

7.2 E-mail Analysis

7.2.1 Scan result

7.3 Human Name Analysis

7.3.1 Scan result

7.4 IPv4 Analysis

7.3.1 Scan result

8. CONCLUSION………………………………………………….. 25
9.INFERENCES…………………………………………………… 25
10.REFERENCES…………………………………………………. 26

5
 ACKNOWLEDGEMENT
I would like to express my sincere appreciation to all those who have contributed to the
successful completion of this project on domain name analysis and email reconnaissance
using OSINT tools.
First and foremost, I extend my heartfelt gratitude to my project mentor, Dr. Rajesh Kumar,
at the Centre for Development of Advanced Computing (CDAC), Noida. His expert
guidance, continuous support, and insightful feedback were instrumental in shaping this
project and enhancing its quality. Dr. Kumar's expertise in cybersecurity and OSINT
techniques has been invaluable throughout this journey.
I am deeply thankful to CDAC, Noida for providing an excellent learning environment and
state-of-the-art resources that were crucial for conducting this research. The cutting-edge
facilities and supportive atmosphere at CDAC have significantly contributed to the depth and
breadth of this project.
My sincere thanks also go to the team at CyberSec Solutions for their collaboration and for
granting access to additional tools and datasets that enriched this study. Their industry
insights have added practical value to this academic endeavor.
I would also like to acknowledge my colleagues and fellow researchers for their constructive
feedback, stimulating discussions, and collaborative spirit. Their diverse perspectives have
undoubtedly improved the quality and scope of this work.
Lastly, I extend my appreciation to the open-source community, whose dedication to
developing and maintaining tools like SpiderFoot and Kali Linux has made this research
possible.
To all those mentioned and many others who have supported this project in various ways, I
offer my sincere thanks. Your contributions have been vital to the success of this endeavor.

Sincerely,

PRATHUSH MON

6
1.INTRODUCTION
In an era dominated by digital interactions, the ability to discern legitimate online entities
from malicious ones has become paramount. The internet, while a powerful tool for
communication and commerce, also harbors numerous threats in the form of fraudulent
websites, phishing schemes, and sophisticated cyber attacks. Simultaneously, the digital
footprint of individuals and organizations continues to expand, often unknowingly, across
various platforms and databases. This proliferation of personal and professional information
online presents both opportunities and risks, particularly when associated with email
addresses that serve as primary digital identifiers.
This project delves into the critical realm of Open Source Intelligence (OSINT) to address
these pressing concerns. By leveraging advanced OSINT tools and techniques, we aim to
develop a robust methodology for two key objectives: first, to assess the authenticity and
security posture of domain names, and second, to map and analyze the digital footprint
associated with email addresses.
Our investigation utilizes a suite of powerful tools, including Kali Linux, SpiderFoot, and
various Python libraries, to gather, process, and analyze publicly available information.
Through this process, we seek to illuminate the vast amount of data that can be gleaned from
open sources and demonstrate how this information can be used to enhance cybersecurity
measures, protect online identities, and make informed decisions about digital interactions.
The findings of this project have far-reaching implications for individuals, businesses, and
cybersecurity professionals alike. By understanding the mechanisms through which
information is exposed and potentially exploited, stakeholders can better fortify their digital
presence, implement more effective security protocols, and navigate the complex online
landscape with greater confidence and safety.
As we embark on this exploration of domain name analysis and email reconnaissance, we
invite readers to consider not only the technical aspects of OSINT but also the ethical
implications of information gathering in the digital age. This project stands at the intersection
of technology, security, and privacy, offering valuable insights into the nature of our digital
identities and the tools available to protect them.

7
2.PROBLEM STATEMENT:
In today's digital landscape, the proliferation of fraudulent websites and sophisticated cyber
threats has made it increasingly challenging to distinguish between legitimate and malicious
online entities. This growing complexity poses significant risks to individuals, businesses, and
organizations as they navigate the internet, potentially exposing them to phishing attacks, data
breaches, and other security vulnerabilities. The ability to quickly and accurately assess the
authenticity of domains has thus become a critical component of cybersecurity and digital trust.
Simultaneously, the expanding digital footprint of individuals and organizations presents
another layer of concern. Personal and professional information is scattered across numerous
platforms and databases, with email addresses often serving as the primary digital identifier.
This widespread distribution of data not only raises privacy concerns but also creates potential
attack vectors for cybercriminals. Understanding the extent and nature of one's digital presence
has become crucial for managing online reputation and mitigating security risks.
This project aims to address these dual challenges by leveraging Open Source Intelligence
(OSINT) tools to conduct comprehensive analyses of domain names and investigate the digital
presence associated with email addresses. By developing a robust methodology for domain
authenticity assessment and digital footprint mapping, we seek to enhance cybersecurity
postures, improve risk assessment capabilities, and provide actionable insights for protecting
online identities and assets. The goal is to empower users with the knowledge and tools
necessary to navigate the complex digital ecosystem safely and make informed decisions about
their online interactions.

3.LEARNING OBJECTIVES:
The learning objectives of this project are designed to equip participants with a comprehensive
skill set in Open Source Intelligence (OSINT) techniques, focusing on domain name analysis
and email reconnaissance. These objectives aim to enhance cybersecurity proficiency, develop
critical analytical skills, and foster a deep understanding of digital footprints in the modern
internet landscape. By achieving these objectives, participants will be well-prepared to conduct
thorough OSINT investigations and contribute effectively to organizational security efforts.
Learning Objectives:
1. OSINT Tool Proficiency: Develop expertise in using advanced OSINT tools,
particularly SpiderFoot and Netlas, for comprehensive domain and email analysis
within a Kali Linux environment.
2. Domain Authenticity Assessment: Learn to evaluate the legitimacy of websites by
analyzing multiple data points gathered through OSINT techniques, including
registration details, DNS configurations, and hosting information.
3. Digital Footprint Mapping: Master the process of mapping and interpreting the digital
presence associated with email addresses across various online platforms and services.

8
4. Cybersecurity Risk Identification: Enhance the ability to recognize potential security
vulnerabilities and risks associated with both domains and email addresses through
systematic OSINT investigations.
5. Data Interpretation and Analysis: Improve skills in interpreting and analyzing large
volumes of data collected from diverse online sources to draw meaningful conclusions
about digital entities.
6. Ethical Considerations in OSINT: Understand and apply ethical guidelines and legal
considerations when conducting OSINT investigations, ensuring respect for privacy
and data protection regulations.
7. Kali Linux Utilization: Gain practical experience in using Kali Linux as a primary
platform for cybersecurity investigations and OSINT gathering, including familiarity
with its built-in tools.
8. Reporting and Documentation: Develop proficiency in creating comprehensive, well-
structured reports that effectively communicate findings, analyses, and
recommendations from OSINT investigations.
9. Threat Intelligence Integration: Learn to integrate OSINT-derived insights into broader
threat intelligence frameworks and cybersecurity strategies.
10. Counter-Measure Development: Cultivate the ability to formulate effective counter-
measures and recommendations based on OSINT findings to enhance overall digital
security posture.

4. APPROACH
4.1 Tools and Technologies Used:
The approach to this OSINT investigation relies on a carefully selected set of powerful
and versatile tools, each serving a specific purpose in the information gathering and
analysis process. These tools, when used in conjunction, provide a comprehensive
framework for conducting thorough domain name analysis and email reconnaissance. The
primary technologies employed in this project are as follows:
Tools and Technologies Used:
1. Kali Linux:
A specialized Linux distribution designed specifically for digital forensics, penetration
testing, and cybersecurity tasks. Kali Linux comes pre-loaded with numerous security and
hacking tools, making it an ideal platform for conducting OSINT investigations and
security audits.
2. Spiderfoot:
An open-source intelligence (OSINT) automation platform that allows for
comprehensive information gathering about target domains, IP addresses, and email
addresses. Spiderfoot can query over 200 public data sources to collect a wide range of

9
information, including DNS data, WHOIS records, social media presence, and potential
vulnerabilities.
3. Python:
A high-level, interpreted programming language known for its readability and
versatility. Python is essential for running Spiderfoot, as the tool is primarily written in
this language. Python's extensive library ecosystem also allows for easy integration of
additional functionalities and data processing capabilities during OSINT investigations.
4. Git:
A distributed version control system used to manage and track changes in source code
during software development. In the context of this project, Git is utilized to clone the
Spiderfoot repository from its online source (typically GitHub). This ensures that
investigators have access to the latest version of Spiderfoot.
5. pip:
The standard package manager for Python, used to install and manage software
packages written in Python. In this project, pip is crucial for installing Spiderfoot and its
dependencies. It simplifies the process of setting up the required environment by
automatically handling package installations and resolving dependencies.

4.2 Diagram
A visual representation of a Kali Linux machine running Spiderfoot and accessing its web
interface through the local loopback address can help clarify the setup. Below is a
diagram illustrating this configuration:

10
In this setup, the Spiderfoot application runs on the Kali Linux machine. The web
browser, also on the same machine, accesses the Spiderfoot web interface via the local
loopback address (127.0.0.1) and the designated port (commonly 5001). This setup allows
for easy and secure local access to Spiderfoot's functionalities

5.IMPLEMENTATION
5.1 Step-by-Step Process
5.1.1 Update and Install Dependencies
Ensure all packages and tools needed for the installation are up to date. This includes
updating the package lists and installing Python, pip, and Git

5.1.2 Clone the Spiderfoot Repository

Get the latest version of Spiderfoot from GitHub.

5.1.3 Create and Activate a Virtual Environment

Manage dependencies in an isolated environment.

5.1.4 Navigate to the Spiderfoot Directory

Move to the directory containing Spiderfoot's files.

5.1.5 Install Specific Versions of Dependencies

Resolve compatibility issues by installing particular versions of libraries.

11
5.1.6 Install Remaining Dependencies
Install all other required libraries from the requirements file.

5.1.7 Verify Installation

Check that all dependencies are correctly installed.

5.1.8 Start Spiderfoot

Run the Spiderfoot tool.

5.1.9 Access the Spiderfoot Interface

Open the web interface to interact with Spiderfoot.Open a web browser and navigate to
http://127.0.0.1:5001.

5.2 Screenshots
5.2.1 Updating and Installing Dependencies

12
5.1.2 Clone the Spiderfoot Repository

5.1.3 Create and Activate a Virtual Environment

5.1.4 Navigate to the Spiderfoot Directory

5.1.5 Install Specific Versions of Dependencies

13
5.1.6 Install Remaining Dependencies

5.1.7 Verify Installation

5.1.8 Start Spiderfoot

14
6. SPIDERFOOT WEB INTERFACE AND SCANNING
6.1 Accessing SpiderFoot Web Interface
• Description: Instructions for accessing and navigating the SpiderFoot web interface to
initiate scans and analyze results.
• Content:
o Access: Open a web browser and navigate to ‘http://127.0.0.1:5001’ to access
the SpiderFoot web interface. Ensure that SpiderFoot is running and accessible
on the specified port.
o Login: Log in using the credentials set during the installation process, or use
the default settings if not configured otherwise.
o Dashboard Overview: The main dashboard provides options to start new
scans, view past results, and configure SpiderFoot settings.

6.2 Initiating a Scan

• Description: Step-by-step guide on how to initiate a scan using SpiderFoot.
• Content:
o Start a New Scan:
▪ Navigate: From the SpiderFoot dashboard, click on “New Scan” to
start a new scanning process.
▪ Input Target: Enter the target domain, email address, or IP address that
you wish to analyze.
▪ Select Scan Type: Choose the appropriate scan type (e.g., domain,
email, IP) from the available options.
▪ Configure Scan: Customize the scan settings based on your needs. This
may include choosing specific modules or adjusting scan parameters.
▪ Run Scan: Click on the “Start Scan” button to begin the scanning
process.
o Monitor Progress: Track the progress of the scan in the “Active Scans” section
and wait for the scan to complete.

15
6.3 Understanding SpiderFoot Modules
• Description: Overview of SpiderFoot modules and their functionalities.
• Content:
o Module Types: SpiderFoot includes various modules that perform different
types of reconnaissance and data gathering. These can include:
▪ Information Gathering: Modules that collect basic information about
the target, such as WHOIS data or DNS records.
▪ Threat Intelligence: Modules that cross-reference the target with
known threat databases and provide risk assessments.
▪ Social Media: Modules that gather data from social media platforms to
identify potential leaks or relevant information.
▪ Network Analysis: Modules that analyze network-related information,
such as IP addresses and related services.
o Configuring Modules:
▪ Enable/Disable Modules: Select or deselect modules based on your
scanning needs from the “Settings” or “Module” section.

16
 ▪ Customize Module Settings: Configure specific parameters for each
module to tailor the scan results to your requirements.
o Interpreting Results: Review the scan results to understand the data collected
by each module and identify any potential issues or threats.

7.INDICATORS OF COMPRISE(IoC) AND INFORMATION

ANALYSIS

7.1 Domain Analysis

Domain analysis in SpiderFoot involves examining various aspects of a domain to gather
comprehensive intelligence. This process includes retrieving WHOIS information to
understand domain ownership, registration details, and contact information. Additionally,
the analysis encompasses DNS record checks, identifying subdomains, and discovering
associated IP addresses. SpiderFoot’s domain analysis modules also look for historical
data to detect any changes over time, providing insights into domain stability and
potential security risks. By leveraging these modules, users can uncover hidden
relationships between domains, detect potential phishing sites, and assess the overall
security posture of the target domain.
After completing a scan, SpiderFoot presents the results in an organized and detailed
manner. Users can view the findings directly within the web interface, where data is
categorized based on the modules used. Each category provides specific insights, such as
WHOIS information, DNS records, IP addresses, and potential vulnerabilities. Users can
explore these categories to understand the various aspects of the scanned target. For
further analysis or reporting, results can be exported in multiple formats like CSV or
JSON. This feature allows for easy integration with other tools or sharing with team
members, ensuring that the collected intelligence can be effectively utilized for security
assessments and decision-making.

7.1.1 Scan result

17
(i) Summary

(ii) Graph

18
(iii) Browsing Scan Records

7.2 E-mail Analysis

Email analysis in SpiderFoot involves scrutinizing email addresses to uncover associated
data and potential vulnerabilities. The analysis uses various modules to check if an email
has been involved in breaches, verify its reputation, resolve associated domain names,
and search for related information across different platforms. These modules provide a
comprehensive overview of an email address's security and associated risks.
• sfp_emailbreach

19
• sfp_emailrep
• sfp_dnsresolve
• sfp_spider
• sfp_pwned
• sfp_social

7.2.1 Scan results

(i) Summary

(ii) Graph

20
(iii) Browsing Scan Records

7.3 Human Name Analysis

Human name analysis involves examining names extracted from various data sources to
identify potential connections, validate identities, and uncover additional information
related to individuals. This analysis can help in discovering public profiles, social media
accounts, and other relevant details that might be associated with a given name.
SpiderFoot's modules streamline this process by fetching data from multiple sources and
correlating it to provide a comprehensive view.
Modules used for human name analysis include:
• sfp_humanname.
• sfp_social
• sfp_corp
• sfp_email
• sfp_dnsresolve

6.3.1 Scan results

(i) Summary

21
(ii) Graph

(iii) Browsing Scan Records

7.4 IPv4 Analysis

IPv4 address analysis focuses on identifying and evaluating the characteristics of IP
addresses associated with the target domain or email. This analysis helps in understanding
network configurations, pinpointing potential vulnerabilities, and uncovering related
infrastructure. SpiderFoot’s modules facilitate this process by collecting data on IP
address allocations, ownership, and any associated domains, allowing for a
comprehensive assessment.
Modules used for IPv4 address analysis include:
• sfp_ipwhois
• sfp_ipinfo
• sfp_dnsresolve

22
• sfp_reverse
• sfp_geoip

7.4.1 Scan Resuls

(i) Summary

(ii) Correlations

23
(iii) Graph

(iv) Browsing Scan Records

24
8. CONCLUSION
The project demonstrated the effectiveness of SpiderFoot in performing a detailed
analysis of domains and email addresses. By utilizing SpiderFoot’s comprehensive
modules, we gathered in-depth information on domain ownership, email registrations,
human names, and IPv4 addresses. This enabled us to uncover critical insights into the
target's digital footprint.
The analysis revealed both potential vulnerabilities and the scope of the target’s digital
presence. We identified key areas where the target’s infrastructure could be susceptible to
threats and where additional security measures might be required. The detailed data on
domain configurations and email associations provided a clearer understanding of the
potential risks.
Overall, the project emphasized the importance of leveraging advanced reconnaissance
tools like SpiderFoot for security assessments. By thoroughly analyzing the target's
digital footprint, we gained valuable insights into potential vulnerabilities and areas
needing improvement, reinforcing the need for robust cybersecurity practices.

9.INFERENCES
The project's findings have led to several critical inferences about the target's digital
footprint and its security posture. The analysis using SpiderFoot provided a
comprehensive view of various aspects of the target, revealing both strengths and
vulnerabilities.
Inferences:
1. Exposure Risks: The domain and email analysis exposed various exposure risks,
including unprotected domain configurations and email addresses associated with
multiple platforms. These risks highlight potential areas for exploitation by malicious
actors.
2. Infrastructure Vulnerabilities: Insights gained from the IPv4 address analysis and
human name modules uncovered vulnerabilities in the target's infrastructure.
Understanding these vulnerabilities can help in addressing potential security gaps and
improving the overall security posture.
3. Digital Footprint Assessment: The project demonstrated the broad scope of the
target's digital footprint. The detailed information about domain registrations, email
platforms, and associated human names underscores the need for continuous
monitoring and proactive security measures.
Overall, the inferences drawn from this project emphasize the importance of thorough
digital reconnaissance and the need for robust security measures to protect against
potential threats.

25
 10.REFERENCES
The following references provide valuable resources for further exploration of the tools,
techniques, and concepts discussed in this OSINT project. These sources offer in-depth
information on cybersecurity, open-source intelligence gathering, and the specific
technologies employed in our investigation. Researchers, cybersecurity professionals, and
enthusiasts are encouraged to consult these references for a more comprehensive
understanding of the subject matter.
References:
1. Kali Linux Official Website: https://www.kali.org/
2. SpiderFoot Official Repository: https://github.com/smicallef/spiderfoot
3. Python Official Website: https://www.python.org/
4. Git Official Website: https://git-scm.com/
5. pip Documentation: https://pip.pypa.io/en/stable/
6. OSINT Framework: https://osintframework.com/

Prathush Mon

Cochin University of Science and Technology

E-mail: [email protected]

26
27
28