skip to top

10 Minute Domain Checkup using OSINT Toolkit

OSINT Toolkit accelerates open-source intelligence investigations by 30x over traditional methods and drives swift business decisions that reduce risk and mitigate threats.

Something that is always top of mind at Media Sonar is the operational efficiency of our customers. We started out seven years ago with a plan to help OSINT investigators access public sources of information in support of freedom, safety, and security for all. Since then, we’ve streamlined the open intelligence operation through practical tools and workflows to meet an even broader number of use cases. But efficiency is always our Holy Grail, our Quest to Mordor, our Prime Directive. 

With ten minutes to spare recently between meetings, I decided to put the Media Sonar OSINT Toolkit to the test. The OSINT toolkit is an investigation force multiplier. To accelerate investigations while reducing effort, we have integrated powerful tools and data sources used by OSINT investigators today, with the workflow and case management systems of the Media Sonar platform. It is embedded in an action-oriented workflow so analysts can quickly act on any information they have. It works with a broad range of data sources and capture tools to answer the specific questions organizations regularly have about points of interest prior to making decisions, or diving into a security investigation.  

Learn how our New OSINT Toolkit can help your security team deliver results 30x faster than traditional investigation methods by integrating and connecting together the best data capture tools and action-oriented workflow.

With limited time, I set some goals to direct my line of inquiry. My goal: Identify any compromises or weaknesses associated with one of my domain names. I was also interested in any compromises associated with email addresses on that domain, or if a third-party had compromised us in any way. A tall order in 10 minutes. I would be relying on publicly available sources. I knew I was not going to find every vulnerable point, but I was hoping to find “what was known,” what was in the public domain, and what threat actors were in a position to find out.

With the OSINT Toolkit, I could start with a regular domain name and go from there. Entity extraction along with each of the tools would take care of the rest. Pathfinder would track and record any information I found, the path I took to reach that point, saving any case data along the way, to make it easy to later report on what I had found. The workflow was essential to getting the job done quickly and efficiently.

10 Minutes with the OSINT Toolkit

  1. With one click I am able to capture any subdomains, IP addresses, emails, and services connected with my target domain. While at face value, this might not seem very interesting, but that information helps me know what else I need to look at next.
  2. Next, using that same domain, I verify that there are no typosquatting or similar domains being used to impersonate the site, which could harm their customers and company.
  3. Using the IP address obtained in the first step, I want to confirm it has not been used for malicious purposes. Even though I don’t suspect the company, they are on a shared server, meaning one of the other hosted sites could be dragging them into a nasty neighborhood. There are a few different tools I can use to do this. In a few clicks, I am able to get reputation scores, see any reported activity associated with the IP, as well as look up the IP using a number of independent directories dedicated to identifying and archiving open-source threat intelligence.
  4. Using the email addresses I obtained, I check the primary email addresses for the company to see if there have been any reported leaks or breaches that might impact them. The inputted email will return any sites and platforms that have been breached, along with the email address associated with the account.
  5. Next, I run a few queries on the Deep and Dark Web to check that the domain, IP address, and emails do not show up in any of the results. Even though many of the tools I have used already did find information from the Dark Web, this helps give me broader coverage across a wide number of sites, forums, and markets.

Even though I work with the platform every day, I was surprised at the results and how quickly I was able to obtain them.  I had just enough time to export the report to share it with my team. I can use it to investigate a wide range of Points of Interest such as domains, organizations, and people. Having the OSINT tools in one place, and an interrupted workflow let me accomplish a lot more in 10 minutes than would have been possible under any other circumstances. When seconds count, having a sound workflow to follow helped drive an outcome.

How Does The OSINT Toolkit Work?

OSINT Tools for OSINT Investigations The OSINT Toolkit leverages Media Sonar’s existing AI-driven entity extraction capability to capture Points of Interest (POIs) from massive amounts of unstructured data across the web. From this, corporate and cyber security teams can quickly jump into their OSINT investigation with a single click to obtain intelligence across a range of new data sources and tools.

The OSINT Toolkit is made actionable in Pathfinder, where analysts are able to visualize workflows, link data, and connect POI.  This tool is a game-changer for a large breadth of corporate use cases that include third-party vetting, executive protection, situational awareness, and cybersecurity, and indeed any investigation that touches the Internet.