Open source awesomeness

The first thing I do before accepting a task or job is to figure out what I am up against. It wasn't always this way. As a young engineer working on communications systems, I was once asked to lead the development of a specification for a subsystem that sounded cool. Woo hoo – a time to shine! I committed based on the sales pitch that the team lead provided. Reality hit me sometime around the second week in the task, as it was only then that I could look up from my keyboard to envision the remaining path ahead of me. Had I done that research ahead of my commitment, I could have avoided the trouble that was ahead of me. Needless to say, the job got done, but I always look back and wonder how much better it could have been and how much happier and better rested I would have been had I researched the process, constraints, and expectations before accepting the task.

Penetration testing is no different. While some testers (and black hats, for that matter) may accept a job before researching the target, the most experienced professionals take a different approach and do their homework. We're all Google search experts, but there are ways we can all improve these queries and leverage additional tools to complete the picture of what our target looks like. We need to take advantage of the many links between search engines, social media, forums and boards, and other public domain information. The following figure shows us how raw Open Source Intelligence (OSINT) comes from many sources, and it can be accessed through search engines and Kali's own toolsets alike. An efficient use of OSINT helps to better understand the ask of a project and can help us develop the strategies, uncover vulnerabilities, harvest user information, and gain details that can help us map out the infrastructure. We'll take a look at a couple of tools that are likely familiar, but we will see if we can unlock some more of their potential.