OSINT tools for hosts, ports and more

Security with Open Source – Part 2
OSINT tools for hosts, ports and more

providers on the subject

Various open source tools are available to check hosts and ports, most of which also run completely in the browser. This allows the security settings of servers that use an Internet connection to be tested very quickly.

Many OSINT tools run directly in the web browser and help to find vulnerabilities and security gaps and to check websites.
Many OSINT tools run directly in the web browser and help to find vulnerabilities and security gaps and to check websites.

(Image: Imillian – stock.adobe.com)

With tools from the Open Source Intelligence (OSINT) area, weaknesses and security gaps in computers and servers that are available on the Internet can be discovered and websites can also be checked. In the second part of our series on OSINT tools, we will go into various tools that can also be used directly in the web browser to discover gaps.

READ:  What is an NGFW? Basics of the Next Generation Firewall (NGFW)!

With OSINT tools, security experts can find systems and data accessible from the Internet that should not actually be publicly accessible in order to then secure them.  (Image: Kurhan - stock.adobe.com)

URLScan.io – Scan websites, detect connections, check IP addresses

With the web tool URLScan.io, websites can be scanned for HTTP connections. The tool therefore comprehensively lists links and connections between websites. Relationships with other websites can also be analyzed in this way. Therefore, by scanning a web page, all the necessary information that is important for a web page can be displayed. No local installation is required to use URLScan.io, the tool works entirely in the web browser.

In addition to the HTTP elements, the tool examines other objects on the page. This also includes HTML, CSS, Javascript or DOM content. The tool therefore also shows the technologies used by websites. Cookies, IP addresses and other details can also be seen. For the IP addresses of larger and international websites, the page also displays the flag of the respective country.

The tool also detects dangerous content, such as cryptojacking campaigns, phishing sites or even hacked websites. Downloads on the pages can also be seen as well as the SSL certificates used and their validity. Information can be shown or hidden using the “Details: Visible” or “Details Hidden” button. Different views can be displayed with “Showing All Hits” and “Collaped by Hostname”. By clicking on a scanned link, URLScan.io displays further information, for example the cloud provider through which the website is made available.

READ:  What is a Web Application Firewall?

picture gallery

Picture gallery with 7 pictures

Scanless – Online port scanner

Scanless is a tool that can also be used in the CLI to scan host ports. The Python program can thus also be used in your own applications. The installation can also be done in Python via “pip”:

pip install scanless --user

A Python installation on the computer is therefore necessary for the use of Scanless. The tool displays help with “scanless –help”. The tool can also be integrated into the security distribution Kali, for example with:

git clone https://github.com/vesche/scanless.git

Scanless is a tool that performs port scans. The scanning solution uses different scanners and displays their results directly in the terminal. The scanners used are: hackertarget, ipfingerprints, pingeu, portcheckers, spiderip, t1shopper, viewdns and yougetsignal.

masscan: Massive IP port scanner for a large number of devices to be scanned

masscan is a port scanner that can scan a very large number of devices in a very short time. The tool works similar to nmap. For its deployment, masscan uses its own IP stack. For example, the syntax for the tool looks like this:

masscan -p80,8000-8100 2603:3001:2d00:da00::/112

This command scans subnet 10.xxx and subnets 2603:3001:2d00:da00::x Ports 80 and 8000 to 8100 are scanned. More information about the tool can be found on the developer’s website on GitHub.

READ:  What Is Overlay Network?

Search for names, user information and brands on social networks: KnowEm, NameCheckup and NameCheckr

The website can be a valuable help when searching for duplicate usernames, phishing fakes or fake brands and user information in social networks. The web tool has the task of searching for specific terms in social networks and checking whether a specific login name is already in use or available on social networks.

This makes it possible to quickly identify fakes in this area and check whether user names have been leaked in certain social networks. The tool can search for domains and trademarks at the same time. For researching information in this area, Knowem offers many more options and information than Google or other search engines. Another search engine in this area is Namecheckr. This tool also searches for specific user names in social networks and clearly displays the result. Similar information can be found on the NameCheckup page. The three tools therefore offer a fairly comprehensive overview of user names and their use. Instant Username Search also checks social networks for existing usernames.

picture gallery

Picture gallery with 7 pictures

Reverse lookup for email addresses, IP addresses and extract email addresses from domains: ThatsThem

With the open source tool ThatsThem it is possible to perform a reverse search for e-mail addresses. After entering the email address, the tool tries to find out who exactly owns this email address. ThatsThem is also able to perform a reverse lookup of IP addresses and display information about that domain. If the IP address belongs to a common block or a subnet, ThatsThem also shows this. If domains are linked to the address, the tool also displays this information. Hunter, in turn, focuses on searching for email addresses from specific domains. After entering a domain, the search engine will display all email addresses that belong to that domain.

READ:  What is Ransomware | Ransomware Protection?