InfoHound: Improving OSINT open source CyberArsenal for good

Abstract

During the reconnaissance phase, an attacker searches for any information about his target to create a profile that will later help him to identify possible vulnerabilities or misconfigurations to exploit. Using passive analysis methods (which do not interact directly with the target) through OSINT, a large amount of data can be extracted, such as: organisation addresses, IPs, systems open ports, sensitive files or directories exposed to the internet and subdomains, among others. Are we aware of this data? Do we know what impact they can have in an organization? What information is publicly available about us? Currently, there are specific Open Source OSINT tools for each of the data that we want to monitor. This involves setting up and running these programs separately and then grouping the results together. Although there are tools that combine different functionalities to extract more data, such as ReconFTW (an Open Source tool that finds IPs, ports, subdomains and more from the target) and LookingGlass (a private solution that monitors a large amount of internet sources to detect possible threats to an organisation), no Open Source tool has been found that groups a great variety of these techniques together. Therefore, the aim of this project is to implement an Open Source tool that collects all the information that can be extracted from publicly accessible sources from an Internet web domain. In addition, considering the information obtained, it will create a profile of the company and its employees helping analysts in their cybersecurity assessments.