LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.
Linux is a Unix-based system and there are many variations and forks developed over the past. Actually, if you are using MacOS, you are also using Unix-based system (not Linux thought) and you can access the terminal (open Terminal app) and use Unix commands.
Another way to use Linux system is to install your own. There are many Linux distributions you can choose from such as Ubuntu, Debian, SUSE Linux, Fedora, Mandriva or Red Hat Enterprise Linux (RHEL) which is more for the server-side usage. There are also so-called Live Linux distributions you can simply boot from a CD/DVD or an USB stick and they just run in your RAM. No installation needed. Kali supports that as well.
Note: You might heard of other OSINT distributions such as OSINTTUX, Buscador (not supported anymore), Huron, Dora OSINT VM, CSI Linux, Tsuguri Linux or Trace Labs OSINT VM. For our needs you can use any of those even if Kali Linux is probably the most popular.
You can choose how much of your virtual memory (RAM) and physical memory (your hard disk) should be allocated for this virtual machine. Go with default or adjust based on free space and RAM capabilities.
You can also easily clone your virtual machine (Clone feature). Maybe you are about to do something risky which can damage the operating system. You can easily clone the machine with everything on it as a backup. You may also need more virtual machines than one.
And that is not all. To avoid that Kali Linux will be super heavy distribution, there are other so call Kali Linux Metapackages you can download and install from their website. There is e.g. 3 GB package kali-linux-forensic, 1,5 GB package kali-linux-rfid, 1,8 GB package kali-linux-voip or 6,6 GB package kali-linux-wireless.
By default, you are not the root (means the administrator on Linux) so as a common user you have to use the command sudo to execute commands with the root privileges and you will be asked for the root password:
There are many commands which are self-explanatory and they mostly download content such as stories, comments, captions, followers, followings and others. They include commands: captions, commentdata, comments, followers, followings, hashtags, photodec, propic and stories.
The beauty of the Linux shell is that it is very responsive. Osintgram is a sort of interactive command line application so you cannot utilize pipes or output redirecting like with the non-interactive commands (I will show you later). The thing when you start Osintgram, you can enable logging of all outputs you get from the used commands by a command FILE=y.
If you want just to glimpse into the file, you can use the Linux command cat followed by the path to the file. If we are in the same directory where the file is presented, we can use its name only without a path.
We can see that the output is not ideal as it included other words containing the word love such as lovely. Linux shell supports regular expressions but in this it is easy fix to get a word love which is not a part of any other word or a hashtag.
If you expect to edit the file, some text editor would be handy. There are several CLI (command-line interface) text editors such as nano or vim (or the older version vi) which if you got used to them, they are super-fast and efficient. They behave as standard Linux commands so just type:
And finally, you can use some text editors with a graphic interface such as xedit or mousepad which is a standard application in Kali Linux. You can launch them in a same way as any other commands from the Linux shell. In this case I use:
Of course, there is another way to work with outputs. If you are more confident on your own hosting operating system (MacOS or MS Windows), you can set a shared directory by VirtualBox which will be visible by the hosting system and virtual machine as well.
It means that you cannot execute the command twint just by typing twint but you have to state the whole path to the twint file - /home/jose/.local/bin/twint in my case. If you update the general Linux variable $PATH by adding the directory (as you can see in the following command), you can simply type twint only whenever you need to call this command.
Twint is the ultimate tool when researching data on Twitter. We can be analyzing tweets of a specific person, a group of people or start the analysis from some specific tweets related to a location for instance.
Another neat OSINT tool for information gathering is Sherlock. You might know cross-referencing web tools such as namechk.com or namecheckup.com. Sherlock is something like that on the command line.
You can change the output file by the option -o or save it to a specific folder by the option -fo. There is also a possibility to store the output as CSV or JSON. Using proxy or TOR network for better anonymity is also an option. Use the switch -h to see all the options.
There is another lightweight tool of this sort called Skiptracer which can also find information about the US car plates. If you want something more robust, see recon-ng as the next showcased example.
This is a big one. Not a coincidence that Recon-ng is in Kali Linux by default. More than just an app it is the whole framework where you install other apps (they are called modules there) like Sherlock. So just one specific recon-ng module called profiler can do more than the whole Sherlock. And you have tens of those and you or the community can create others.
It will get a little while to get to used to that. What helps is that when you press Tab on your keyboard, it completes the command and also suggests you what are your options when you hit it again after you make a space after the command.
You can notice that you can use various known sources for the research such as Google, Bing, Github, Youtube, Namechk, Hunter, Fullcontant, Flickr but also specialized search engines such as Shodan or Cencys. And various network modules such as netcraft, whois, ssl, etc. Wikileaker and pwnedlist where you can search through leaked data sounds promising:-)
Before we start using it, we should explain how the database structure works. There are 13 tables in the database (domains, companies, netblocks, locations, vulnerabilities, ports, hosts, contacts, credentials, leaks, pushpins, profiles, repositories) and you can display them by the command db schema.
We found some e-mails and some hosts as well. Using other sources such as Google, otx Bufferoverrun, Hackertarget, sublist3r or urlscan you can find tens of thousands more subdomains which might lead you to further source of information. This is the output from the source Google only:
Other similar command line tools like theHarverster and Photon include Dmitry, sublist3r, Datasploit, Belati, Fierce, DNStwist and Gas Mask. Also, the tool SRFramework which can provide more information on domains, usernames, e-mail addresses or telephone numbers and has a graphical output eventually as well.
There are not only command line apps on Linux. You can use desktop applications (Creepy, Maltego) and some of the CLI apps have also web interface. For example, IVRE is a web app running on your localhost and can call CLI apps such as nmap. I will focus on them in a different article.
Also, there are many others command line apps you can use for OSINT on Linux. All or the vast majority of apps I described are supposed to be so-called passive recon tools. You can also use some active recon tools like Social Engineering Toolkit (SET) which you can also find on Kali Linux by default.
7fc3f7cf58