an advanced and real-time Vulnerability Intelligence platform, including CVE, exploits and threats news.
Prereqs / install https://github.com/Patrowl/PatrowlHears/blob/master/INSTALL.md
Side projects
- PatrowlHearsData: Contains data-scrapper scripts collecting CVE, CPE, CWE and exploit references (cf. CVE-SEARCH project) + raw data as JSON files
- PatrowlHears4py: Python CLI and library for PatrowlHears API.
via https://twitter.com/matthieugarin/status/1356509675844435968
Bonne nouvelle. La plate-forme de #ThreatIntel #PatrowlHears est dispo sur #GitHub #OpenSource #ATester https://github.com/Patrowl/PatrowlHears
- Consolide de nb sources de vulns, exploits et feeds #OSINT
- Avec un peu de paramétrage : aide à la priorisation & risk-based scoring
Cours (payant). Voir contenu
#osint #dork
Pour trouver des sites d'hameçonnage :
https://urlscan.io/search/#page.url%3A%22-gouv.fr%22%20OR%20page.url%3A%22-gouv.com%22
"page.url:"-gouv.fr" OR page.url:"-gouv.com"
ça permet de trouver de beaux bébés comme celui-là :
https://urlscan.io/ip/103.10.234.247
suite...
https://twitter.com/__osint__/status/1336646023159005190
#osint
Petite enquête : sur la même IP, de multiples sites font vos démarches administratives pour vous ... mais vous font payer alors que ces démarches sont gratuites ! Derrière ces sites, une seule entité.
https://host.io/ip/103.10.234.247
OnionSearch is a script that scrapes urls on different .onion search engines. - megadose/OnionSearch
This Ten Minute Tip is the first in a series looking at how we can geolocate images as part of OSINT work. Being able to examine a picture and work out when and where it was taken is an increasingl…
https://t.co/jV4tUqx9fo OSINT Recon Tool (Email address, phone # Domain, URL, username ETC https://t.co/61IZDN3yRf
holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
A blog about search, search skills, teaching search, learning how to search, learning how to use Google effectively, learning how to do research. It also covers a good deal of sensemaking and information foraging.
via https://twitter.com/PrincipeDebase/status/1308319368003104768
Petite découverte du jour, un blog qui propose des challenges de recherche sur Internet pour apprendre à mieux chercher, à comprendre les outils et à mettre un pied dans l'OSINT
Cet article est un condensé de méthodologies utilisables pour faire de l’OSINT (Open Source INTelligence) orienté sur les informations que l’on peut trouver sur les réseaux sociaux. Il retrace uniquement certains outils pouvant être utiles, leur exploitation et les résultats qu’il est possible d’obtenir.
Many disinformation or malware campaigns rely on a computer architecture based on several servers and domains, and even if they often try to hide the infrastructure, it has to be accessible online. Investigating these infrastructure links is often a good way to get a broader view of the campaign. This is one of the tools...
Via https://twitter.com/gijn/status/1279854570479517697
(Voir touit et réponse de Stéphane Bortzmeyer)
PhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier, and line type on any
Edward Snowden revealed the agency’s phone-record tracking program. But thanks to “precomputed contact chaining,” that database was much more powerful than anyone knew.
Maltego is an open source intelligence (OSINT) and graphical link analysis tool for gathering and connecting information for investigative tasks.
quelques chapitres d'un bouquin
https://www.sciencedirect.com/topics/computer-science/maltego
Quidam
permet de recupérer des informations grace a la fonction mot de passe oubliée de certains sites
Quidam maltego
Allows you to use quidam with maltego
https://github.com/megadose/quidam-maltego