The 10 best OSINT tools for 2023

Analyze threat data with OSINT
The 10 best OSINT tools for 2023

providers on the topic

With open source intelligence tools, there are various tools that can be used to use publicly accessible information sources to identify weak points in your own network. In this article we show 10 interesting tools for 2023.

We have already explained some interesting tools in the field of Open Source Intelligence (OSINT) in the article “Security with Open Source – Part 1”. In the article “Security with Open Source – Part 2” we show even more tools from this area, with which admins can obtain comprehensive information and actively improve security in their network. In the following article we show other tools that can also be of valuable help for the challenges in 2023.

1. IBM X-Force Exchange: Explore threat intelligence and leverage early warning feeds

With the IBM platform X-Force Exchange in the IBM cloud, files, applications, IP addresses, URLs, indicators of compromise (IOC) and security gaps can be examined more closely. The service can also be integrated into SIEMS. APIs are available for this, which are displayed as part of the online investigation of certain threats.

IBM X-Force Exchange can be used without registration, but also with a free IBM ID via the IBM Cloud. Here IBM also provides a free subscription with various options. Our sister site CloudComputing-Insider covered the possibilities in detail in the article “IBM Cloud Free Tier – Storage, Clusters and Databases”. The OSINT tool can also examine files for relevant content that is of interest for security. In addition to examining files and other objects, IBM X-Force Exchange offers various early warning feeds for threats and current vulnerabilities.

2. MISP – The Free Malware Information Sharing Platform

MISP is an open source project that allows companies, organizations, researchers and users to collect and share information about malware. The site is ideal for analyzing malware attacks and preparing for such attacks. The site allows Indicator of Compromise (IOC) to be shared and analyzed.

picture gallery

READ:  What is CEO Fraud?

Picture gallery with 10 pictures

With the MISP project, correlation, automated exports for IDS or SIEM, in STIX or OpenIOC can be used and synchronized with other MISPs. The platform for the automated analysis of threats and malware is interesting. Often, similar organizations are targeted by the same threat actor in the same or different campaigns. Participants in MISP can thus detect and prevent such attacks very early on in a community. Sharing enables collaborative analysis. In addition, MISP offers metadata tagging, feeds, visualization and, through open protocols and data formats, enables integration with other tools for further analysis.

3. Project Honey Pot – Analyze suspicious IP addresses

With the Project Honey Pot, companies and researchers can participate in a community that documents suspicious IP addresses and statistics on suspicious attacks from those IP addresses. The project also makes various feeds available for this purpose, and the dashboard of the free service provides comprehensive information on where most of the attacks are currently coming from. The tool also displays suspicious IP addresses worldwide and in your own country. IP addresses can also be analyzed to determine if they are already known for suspicious behavior. In addition to IP addresses, the service can also be used to analyze known spam servers and read out their IP addresses.

4. Botscout – Detect and block suspicious bots on the internet

Botscout helps to detect scripts and bots from the internet that try to attack your own web services and cloud infrastructures or register automatically. Bots can be reliably blocked with the service, at least some of the known bots. The service stores IP addresses, names, behavior, email addresses and signatures of the bots. There is also an API for Botscout, which can be integrated into your own web services to block bots.

5. Blueliv Threat Exchange Network – Protection against the latest threats

The Blueliv Threat Exchange Network is a network for exchanging information on current threats. Community participants share the threat data in their network with other participants and in turn receive the information of the other participants. This makes it possible to improve your own actions against known threats and to prepare for unknown attacks. The service also displays maps showing countries and IP addresses where current attacks are coming from.

As of 10/30/2020

It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. You can find detailed information in our data protection declaration.

Consent to the use of data for advertising purposes

I agree that Vogel IT-Medien GmbH, Max-Josef-Metzger-Straße 21, 86157 Augsburg, including all companies affiliated with it within the meaning of Sections 15 et seq. AktG (hereinafter: Vogel Communications Group) my E e-mail address for sending editorial newsletters. Lists of the respective associated companies can be accessed here.

The content of the newsletter extends to the products and services of all the companies mentioned above, including, for example, trade journals and specialist books, events and trade fairs as well as event-related products and services, print and digital media offers and services such as other (editorial) newsletters, competitions, lead campaigns, Market research in the online and offline area, subject-specific web portals and e-learning offers. If my personal telephone number was also collected, it may be used for submitting offers for the aforementioned products and services from the aforementioned companies and for market research.

If I call up protected content on the Vogel Communications Group portals, including its affiliated companies within the meaning of §§ 15 ff. AktG, I have to register with additional data for access to this content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here.

right of revocation

I am aware that I can revoke this consent at any time for the future. My revocation does not affect the legality of the processing carried out on the basis of my consent up to the time of revocation. In order to declare my revocation, I can use the contact form available at as one option. If I no longer wish to receive individual newsletters to which I have subscribed, I can also click on the unsubscribe link at the end of a newsletter. I can find more information about my right of withdrawal and how to exercise it, as well as the consequences of my withdrawal, in the data protection declaration, section Editorial newsletters.

READ:  Detect and stop ransomware early

6. APTnotes – Collection of public sources on malware and cyber attacks

APTnotes is a project available on GitHub. The task of the solution is to read information from publicly accessible sources and make it available centrally. The data is stored in cloud storage. Here the sources can be downloaded as CSV or JSON data and thus imported into your own SIEMS or other solutions.

7. Pulsedive: Simple threat intelligence

Data on websites or IP addresses can be called up via the Pulsedive web service. The service can be integrated in parallel with Shodan, VirusTotal or AbuseIPDB. With the service, comprehensive information can be displayed quickly. This allows attackers to be quickly identified.

picture gallery

Picture gallery with 10 pictures

8. Mr. Looquer IOC Feed – Dual-stack feed for IPv4 and IPv6 attacks

The Mr. Looquer IOC Feed service provides a threat feed focused on dual-stack systems. The service therefore provides feeds for IPv6 and for IPv4. Here you can download IOCs that show which attacks run over the two protocols. There is also a threat database that can be downloaded for your own systems. IOCs can be downloaded based on different countries. The data is available as JSON or CSV for this purpose.

9. ThreatIngestor – Aggregating IOCs from different feeds

With the ThreatIngestor tool, data from different IOC feeds can be aggregated and thus used more effectively from different sources. The tool can also use RSS feeds and sources such as Twitter or other information.

10. Detect phishing attacks with PhishTank

Admins and users can use the PhishTank service to analyze current phishing attacks and their sources. The websites and information on the phishing attacks can be found here. Community participants can also submit information and websites related to phishing attacks themselves.

(ID:49231918)