用开源代码如何建立网站_您如何通过开源情报来建立网络技能

用开源代码如何建立网站

通过开源情报培养您的网络技能(Build Your Cyber Skills By Open Source Intelligence)

开源情报：(Open Source Intelligence:)

Today I am going to talk about the world of OSINT, or open-source intelligence and how it can really help boost your skills as a cyber practitioner, whether you’re a seasoned professional or just starting out.

今天，我将讨论OSINT或开源情报的世界，以及它如何真正帮助提高您作为网络​​从业者的技能，无论您是经验丰富的专业人员还是刚起步的人。

To better understand what OSINT is, let’s know how a military commander begins a campaign. First, he starts off by conducting reconnaissance and gathering intel. He’ll then send out spies to collect as much info on the enemy’s strength and disposition. If he’s really smart, he might also do the reverse and use the same scouts to recon his own forces to understand what kind of information the enemy might be able to gather on him.

为了更好地了解OSINT是什么，让我们知道一名军事指挥官如何开始战役。 首先，他首先进行侦察并收集情报。 然后，他将派出间谍以收集有关敌人力量和部署的尽可能多的信息。 如果他真的很聪明，他也可能会做相反的事情，并使用相同的侦察兵侦察自己的部队，以了解敌人可能在他身上收集到什么样的信息。

In the cyber world, it’s no different. Building situational awareness is crucial to success, whether you’re doing digital investigations, red or blue team operations, or looking for a place to start in the world of cybersecurity. And OSINT is one of the most accessible and low-cost ways to do this.

在网络世界中，没有什么不同。 无论您是进行数字调查，红色或蓝色团队运营，还是在网络安全领域寻找起点，建立态势感知对于成功都是至关重要的。 OSINT是执行此操作的最便捷且成本最低的方法之一。

In this article, we’ll go through a conceptual overview of OSINT, how it can benefit your skills as a cyber professional, and some great resources out there to start with. So back in World War Two, the United States had an intelligence Department called the Office of Strategic Services, or OSS, which was the precursor to the CIA. The OSS had an entire Research and Analysis branch dedicated to open-source intelligence.

在本文中，我们将对OSINT进行概念性概述，它如何使您成为网络专业人员，从而使您受益匪浅，并从中获得一些不错的资源。 因此，在第二次世界大战中，美国有一个名为战略服务办公室(OSS)的情报部门，它是CIA的前身。 OSS拥有整个研究和分析部门，专门研究开源情报。

They collected newspapers, journals, press clippings, and radio broadcast reports from all over the world, just to hunt down photos or articles that might give away crucial intelligence about the enemy.

他们收集了来自世界各地的报纸，期刊，新闻剪报和广播报道，只是为了寻找照片或文章，这些照片或文章可能会泄露有关敌人的重要情报。

From bomb craters to new aircraft or battleships, these bits of data, once pieced together, could be used to assess an enemy or to verify other sources of intel.

从炸弹坑到新飞机或战舰，这些数据一旦组合在一起，就可以用来评估敌人或验证其他情报来源。

谁使用OSINT？ (Who Uses OSINT?)

But today, just about everybody uses OSINT for different purposes. Journalists writing news reports. cybercriminals looking to scam people, students in academia working on research projects, employers scoping out job candidates, law enforcement working on crime cases, and much, much more. For example, in 2015, the US Air Force was able to launch a strike against an ISIS headquarters building within 24 hours of a fighter posting a selfie of himself on social media. Back in the old days, the challenge of OSINT was in gathering enough information.

但是今天，几乎每个人都将OSINT用于不同的目的。 记者撰写新闻报道。 试图骗人的网络犯罪分子，从事研究项目的学术界学生，寻找工作候选人的雇主，从事犯罪案件的执法人员等等。 例如，在2015年，美国空军在战斗机在社交媒体上发布自己的自拍照后的24小时内，对ISIS总部大楼进行了打击。 回顾过去，OSINT面临的挑战是收集足够的信息。

In today’s world, though, we’re drowning in it, and the challenge lies in processing and analyzing everything. The sources of data are tremendous, covering everything from satellite or street-level imagery, public court records, social media posts, videos, forum threads, news articles, data leaks, website history, IP registration data, and many more.

但是，在当今世界，我们淹没了，挑战在于处理和分析所有内容。 数据来源非常丰富，涵盖了卫星或街道级别的图像，公共法院记录，社交媒体帖子，视频，论坛主题，新闻文章，数据泄漏，网站历史记录，IP注册数据等所有内容。

如何收集英特尔？ (How to Collect Intel?)

Generally, there’s two ways to gather data and information: active and passive. Active collection puts the researcher in direct contact with a target. This might mean physically traveling somewhere, talking with someone, dumpster diving, or scanning a system for vulnerabilities. While these results can be very accurate, there’s a higher risk of detection because of your direct involvement.

通常，有两种收集数据和信息的方法：主动和被动。 主动收集使研究人员与目标直接接触。 这可能意味着要亲自出差，与某人交谈，潜水垃圾箱或扫描系统中的漏洞。 尽管这些结果可能非常准确，但是由于您直接参与，因此存在较高的检测风险。

It also tends to be narrowly scoped and may miss out on the bigger picture. Passive collection, on the other hand, focuses more on quiet observation of data that’s generated by a target. Studying maps, listening to someone’s conversation, or finding vulnerabilities by fingerprinting a device based on its network traffic are all passive techniques.

它还倾向于范围狭窄，可能会错过大局。 另一方面，被动收集则更多地侧重于对目标生成的数据进行静默观察。 研究地图，听某人的对话或通过基于设备的网络流量对设备进行指纹识别来发现漏洞都是被动技术。

OSINT largely falls under the passive category since it can almost be done from the comfort of your chair. You can also remain anonymous, provided you’re practicing good OPSEC such as using virtual machines, VPNs, research accounts, and Tor. The downside to passive collection is that it requires more involved analysis and may not provide the same quality of intelligence as active collection. Let’s say you went on vacation to Japan and I wanted to learn more about the trip.

OSINT在很大程度上属于被动类别，因为它几乎可以从您的椅子舒适度来完成。 如果您正在练习良好的OPSEC，例如使用虚拟机，VPN，研究帐户和Tor，那么您也可以保持匿名。 被动收集的缺点在于，它需要更多的参与分析，并且可能无法提供与主动收集相同的情报质量。 假设您去日本度假了，而我想进一步了解这次旅行。

While it might be easier to ask you how it went, you might think I’m being nosy and not want to share much. But by turning to open-source intelligence, I could gather the photos you posted on Facebook of the trip, and geolocate them to see where you went. To find out harder questions like why you went to those places, I might have to do some map recon or spend time studying your Twitter account or blog to get some contextual clues about your choices and thought processes.

尽管可能会更容易问您进展如何，但您可能会认为我很管闲，不想分享太多。 但是，通过使用开源情报，我可以收集您在旅途中发布在Facebook上的照片，并对它们进行地理位置定位以查看您的去向。 为了找出更难的问题，例如您为什么去那些地方，我可能需要做一些地图勘察或花时间研究您的Twitter帐户或博客，以获得有关您的选择和思考过程的上下文线索。

半被动式收藏： (Semi-Passive Collection:)

There’s actually a third collection method we’ll call semi-passive, that falls somewhere between the previous two. This involves leveraging a third-party service’s active collection measures to perform passive analysis.

实际上，有第三种收集方法，我们称之为半被动方法，介于前两种方法之间。 这涉及利用第三方服务的主动收集措施来执行被动分析。

For example, one of my favorite tools is a site called urlscan.io. Made by the threat intelligence expert Johannes Gilger, urlscan lets you input a target URL, like maybe a suspected phishing link and the service will provide you with detailed analysis about the website by visiting it on your behalf, or presenting you the scan results performed by someone else. It’s a kind of in-between the active and passive techniques, but can also be considered OSINT. There are also many services that require you to pay for access to premium databases that aren’t publicly available because they source information in a variety of ways.

例如，我最喜欢的工具之一是一个名为urlscan.io的网站。 urlscan由威胁情报专家Johannes Gilger制作，可让您输入目标URL，例如可疑的网络钓鱼链接，并且该服务将代表您访问该网站或向您展示由以下人员执行的扫描结果，从而为您提供有关该网站的详细分析：其他人。 它是主动和被动技术之间的一种，但也可以视为OSINT。 还有许多服务需要您付费才能访问不公开的高级数据库，因为它们以多种方式来获取信息。

There’s a controversial company called Clearview AI that scrapes search engines and social media platforms for images of people’s faces, building a private facial-recognition database for clients to access. While some people might not consider private databases to be pure OSINT, because they’re not free, others might consider them fair game and be considered a semi-passive research method.

有一家颇具争议的公司，名为Clearview AI，该公司通过刮擦搜索引擎和社交媒体平台获取人脸图像，并建立供客户访问的私人面部识别数据库。 虽然有些人可能不认为私有数据库不是纯粹的OSINT，但由于它们不是免费的，因此其他人可能认为它们是公平的游戏，并被视为半被动研究方法。

标识符和透视： (Identifiers and Pivoting:)

Now, with all this in mind, we’re going to talk about the two most important concepts in OSINT: identifiers and pivoting. Identifiers are unique keywords, tokens, or artifacts that describe a piece of data.

现在，考虑到所有这些，我们将讨论OSINT中两个最重要的概念：标识符和数据透视。 标识符是描述一条数据的唯一关键字，令牌或工件。

Some examples include name, email, birthday, IP address, MAC address, phone number, geo coordinates, home address, license plate, timeframe, picture, Bitcoin address, password hash, hostname, operating system, social media handle, relationships, occupations, social media username, hobbies, hacker handle, credit card number, search query, or website. You get the idea. These identifiers might exist across many different datasets scattered across the internet.

一些示例包括姓名，电子邮件，生日，IP地址，MAC地址，电话号码，地理位置，家庭住址，车牌，时间范围，图片，比特币地址，密码哈希，主机名，操作系统，社交媒体句柄，关系，职业，社交媒体用户名，兴趣爱好，黑客行为，信用卡号，搜索查询或网站。 你明白了。 这些标识符可能存在于分散在Internet上的许多不同数据集中。

When you’re conducting OSINT research, you may only have one or two identifiers available to work with. Just searching for information based on a couple of them might not give you the best intelligence. The real OSINT magic comes from pivoting, which is searching for the same identifier in different datasets to correlate and discover new identifiers about a research target.

在进行OSINT研究时，您可能只有一个或两个标识符可以使用。 仅基于其中的几个信息来搜索可能无法为您提供最佳情报。 真正的OSINT魔术来自旋转，即在不同的数据集中搜索相同的标识符以关联并发现有关研究目标的新标识符。

For instance, a photo might contain a unique landmark that you can discover using Google Street View or Mapillary that leads you to a house. Searching for the address on public county records can reveal the owner’s name, which can then be used to discover social media accounts and email addresses. In this case, we’ve pivoted from a photo to an email address.

例如，一张照片可能包含一个独特的地标，您可以使用Google Street View或Mapillary将其引导到房屋。 在县公共记录中搜索地址可以显示所有者的姓名，然后可以使用该姓名来查找社交媒体帐户和电子邮件地址。 在这种情况下，我们已经从照片转到电子邮件地址。

OSINT的四个阶段： (Four Stages of OSINT:)

In other cases, you may want to pivot in the opposite direction, which requires you to possibly chain identifiers using different types of open-source data. For a more formalized approach, the RAND Corporation came out with a great paper talking about open-source intelligence.

在其他情况下，您可能想朝相反的方向旋转，这要求您可能使用不同类型的开源数据来链接标识符。 对于更正式的方法，兰德公司(RAND Corporation)发表了一篇有关开放源代码情报的出色论文。

They break down the OSINT lifecycle into four stages: collection, processing, exploitation, and production. The collection stage involves acquiring and storing data from a variety of sources. In many cases, it’s not practical for individuals to hoard terabytes of data, so this step might involve just signing up for accounts and building API keys to query services that do store the data. Speaking of services, a great one out there is IntelX.io.

他们将OSINT生命周期分解为四个阶段：收集，处理，开发和生产。 收集阶段涉及从各种来源获取和存储数据。 在很多情况下，对于个人而言，存储数TB的数据并不现实，因此此步骤可能涉及仅注册帐户并构建API密钥以查询确实存储数据的服务。 说到服务， IntelX.io是一个很好的服务。

Built by the Austrian security professional, Peter Kleissner, IntelX scrapes, Pastebin, and many other sources from the darknet for breach data and other types of information. They also host a bunch of useful third-party search tools for identifiers. You should definitely check out IntelX since it’s a great way to find different identifiers that normal search engines won’t show. Now the next stage is processing, which may involve translating results or normalizing them into a common format for collaboration.

由奥地利安全专家Peter Kleissner构建，IntelX scrapes，Pastebin和其他来自Darknet的来源，用于破坏数据和其他类型的信息。 他们还托管了许多有用的标识符第三方搜索工具。 您绝对应该检查IntelX，因为它是查找普通搜索引擎不会显示的不同标识符的好方法。 现在，下一个阶段是处理，这可能涉及转换结果或将结果规范化为用于协作的通用格式。

There’s Google Translate and a bunch of project management tools out there that will come in handy at this step. The exploitation stage involves connecting the dots between identifiers and analyzing results in a broader context. A great tool to use here is Maltego, which lets you perform graph analysis between different identifiers, almost like a digital version of a detective’s evidence board. You can also use Hunchly, which is a web capture tool that automatically saves pages you’ve visited before to preserve a trail during OSINT deep dive or investigation.

这里有Google Translate和许多项目管理工具，它们将在此步骤中派上用场。 开发阶段包括将标识符之间的点连接起来并在更广泛的上下文中分析结果。 Maltego是一个很好用的工具，它使您可以在不同标识符之间执行图形分析，就像侦探证据板的数字版本一样。 您还可以使用Hunchly(这是一个网络捕获工具)，该工具会自动保存您之前访问过的页面，以在OSINT深入调查或调查期间保留跟踪记录。

It’s made by the security researcher and OSINT wizard Justin Seitz, who’s also the author of Gray Hat in Black Hat Python. One OSINT pitfall is that not all sources of information are equally valid, since some might contain bias or have questionable origins. Authenticating the credibility of data at this stage is an important, but often overlooked part of OSINT.

它是由安全研究员和OSINT向导Justin Seitz制作的，他也是Black Hat Python中Gray Hat的作者。 OSINT的一个陷阱是，并非所有信息来源都同样有效，因为某些信息来源可能带有偏见或有可疑的来源。 在此阶段验证数据的可信度是重要的，但常常被OSINT忽略。

The last stage is production, which involves consolidating your findings into a useful report and then sharing it with others. If you’re just starting out in cybersecurity, practicing your open-source intelligence gathering skills is a fantastic way to dip your toes into the field, since it’s something that doesn’t require heavy technical knowledge or programming skills to learn. OSINT is naturally research-oriented, which helps you develop the virtues of persistence and curiosity, personality traits that are essential for being successful in cyber. If you know how to use Google search, start learning some of the more advanced search operators available.

最后一个阶段是生产，它涉及将您的发现合并为有用的报告，然后与他人共享。 如果您只是刚开始涉足网络安全，那么练习开源情报收集技能是将您的脚趾投入领域的一种绝妙方法，因为它不需要大量的技术知识或编程技能即可学习。 OSINT自然是面向研究的，它可以帮助您开发持久性和好奇心，人格特质的美德，这些特质对于网络成功至关重要。 如果您知道如何使用Google搜索，请开始学习一些更高级的搜索运算符。

OSINT应用程序： (OSINT Application:)

Esteban Boges, a cyber researcher at SecurityTrails, wrote a great article on using Google Dorking to find sensitive information and potential vulnerabilities indexed online.

SecurityTrails的网络研究员Esteban Boges写了一篇很棒的文章，介绍了如何使用Google Dorking查找敏感信息和在线编制索引的潜在漏洞。

Start with mini-OSINT project such as trying to find as much personal information on yourself or your family. Try different tools to make the process easier and automated. Now, if you work as a penetration tester or red teamer, OSINT is one of the first methods you should turn to when performing reconnaissance on a client.

从mini-OSINT项目开始，例如尝试查找有关您自己或家人的尽可能多的个人信息。 尝试使用其他工具来简化和自动化该过程。 现在，如果您是渗透测试人员或红队工作人员，则OSINT是在对客户端执行侦察时应使用的第一种方法。

Companies are made up of people, with a well-defined hierarchy, you can uncover with formal and informal relationships between them. You should build out clear profiles that include identifiers, interests, and habits, because these can uncover clues to weaknesses for exploitation. You may find someone who habitually recycles passwords, some of which already exist in in breach dumps or have the answers to their account security questions scattered across the Internet.

公司由具有明确定义的层次结构的人员组成，您可以通过它们之间的正式和非正式关系来发现它们。 您应该建立清晰的配置文件，其中包括标识符，兴趣和习惯，因为它们可以发现利用漏洞的线索。 您可能会发现一些习惯性地回收密码的人，其中一些密码已经存在于违规转储中，或者他们的帐户安全性问题的答案分散在整个Internet上。

The right amount of due diligence on people allows you to craft more credible and trustworthy social engineering pretexts or phishing emails. For more technical targets like servers, good OSINT can let you map out a company’s external-facing infrastructure, or even uncover clues about its internal posture and security policies.

对人员进行适当的尽职调查可以使您制作更可信和可信赖的社会工程借口或网络钓鱼电子邮件。 对于服务器等更多技术目标，良好的OSINT可以让您规划公司的外部基础结构，甚至揭示有关其内部状况和安全策略的线索。

翻译自: https://medium.com/swlh/how-can-you-build-your-cyber-skills-by-open-source-intelligence-4947a15a86df

用开源代码如何建立网站