OSINT stands for Open Source Intelligence, as explained in our previous article What is OSINT? At that time, we learned about the concept of OSINT, how to make use of it, and its most popular techniques.
Today we'll add some valuable OSINT functionality to your browser. Let's unlock, discover and explore the most useful OSINT browser extensions employed by penetration testing and cybersecurity researchers during their information gathering and reconnaissance processes.
- Why are web browser add-ons important for OSINT?
- 15 most popular OSINT web browser add-ons
Why are web browser add-ons important for OSINT?
Browser add-ons, also known as browser extensions, are web browser-based applications that help users extend base functions from popular web browsers such as Google Chrome, Mozilla Firefox, Opera, etc.
The HTTPS protocol remains one of the most frequently used protocols since the Internet's inception, helping us interact with information from remote and local pages.
And anywhere where you find information, there are also security researchers seeking sensitive data within that information, trying to make use of it during the intelligence collection tasks used to investigate a possible target.
With OSINT add-ons, you'll be able to intercept, analyze and extract data from the web browser, web apps and web servers while also being allowed to block online tracking, run traces against networks, login via SSH to remote devices, and more.
The Google Chrome Web Store or the Firefox Add-ons page are the only trusted sources we recommend for getting these extensions. While malicious codes can still get through, it's a rare occasion; working with these sources provides a lot more security than downloading from third-party websites created by unknown developers.
Now that you know why add-ons are useful for the infosec community, and you're familiar with the best recommended practices for adding extensions to your browser, let's explore the top recommended OSINT add-ons.
15 most popular OSINT web browser add-ons
Web pages are the heart and soul of the Internet. By browsing pages you can find data about services, products, people, businesses, entertainment, dangers, illegal stuff, and much more. However, web pages are usually updated, changing their design and texts from time to time.
One popular extension that lets you analyze how a website once looked is the aptly named Wayback Machine. This add-on will enable you to explore the look and feel of a web page, and explore images and texts as if you were there—browsing the page when it was originally updated or launched.
This service is super useful for OSINT research, as the old version of any page can reveal sensitive data about products, companies, networks, domains and IP addresses.
Image data extraction
Images hold an immense amount of data in their EXIF information, and that's something researchers often focus their attention on during the OSINT process.
By using extensions such as Exif Viewer, you can extract Exif data that can be crucial for security researchers and forensic analysts. This includes data such as camera model, picture orientation, X resolution, Y resolution, last modification date/time and colour histograms.
Websites are built using different types of programming languages, frameworks, plugins, themes, databases and more. All these technology platforms are easily detectable by using Wappalyzer, one of the most popular extensions available on both Chrome and Firefox.
As of today, Wappalyzer is able to detect up to 1,270 technologies in 66 categories, making it a must for any OSINT research.
IP, domain and hosting information
For any security researcher investigating a company, getting IP address, domain and web hosting information is a priority.
The best available method for this purpose may be to use the IP Address and Domain Information add-on, which will give you instant (although limited) access to important data in this area.
Sputnik is a nice alternative that includes several advanced IP intelligence features. By using this add-on you'll be able to search IPs, domain names, file hashes and URLs; and get direct results from third-party services such as AbuseIPDB, VirusTotal, ARIN, Bad Packets, and even our own SecurityTrails domain data, as you can see in the following screenshot.
While browsing a web page, your browser sends a lot of information about the browser and operating system you're using. To prevent this data leak about your device, there are some handy browser extensions that can help you hide your real data during OSINT investigations. One is the User-Agent Switcher, a cool extension that actually lets you fake the browser you're using when you visit a web page.
You'll be able to make webpages believe you're visiting from a mobile phone with Android and Mozilla Firefox, when in reality you're browsing from Linux with Google Chrome. Simply choose the device you need to "use," apply the changes, and you're ready to go.
Text, screenshot and video recording
Websites change from time to time, and while we have extensions like the Wayback Machine—that allow us to visit a site and see what it looked like some time ago—sometimes you simply need to take screenshots or video recordings of the websites you're visiting, as you never know when that's the proof you'll need for your next OSINT research or forensic digital analysis.
With Nimbus you can record screencasts and take screenshots of the entire page, or a portion or section of it, and even edit and annotate the screenshots for further reference.
Explain and Send Screenshots is another alternative we love. It's completely free, although a donation to the developer is required to remove the watermark from screenshots. It's a great addition to Nimbus.
At some point in your OSINT research it's highly probable that you'll need to login via SSH to test boxes located in your own infrastructure, or even on remote cloud servers. No matter where, you'll probably use the SSH protocol to login securely. The good news is that you don't need a native SSH client application to connect to these servers—you can do it directly from the web browser by using SSH client and emulator extensions.
Secure Shell App turns out to be one of the best we found during our research.
HTTP headers refer to the critical information served by the web server that hosts the web page you're trying to browse.
This information is crucial when you're in the information gathering process. Browser extensions like 'Live HTTP Headers' will help you log all the HTTP traffic between your browser and the Internet, letting you debug web applications, follow redirect paths, inspect remote cookies, detect web server banners, check the response status of the web page, and more.
Some time ago we published an article about the Top 5 WordPress Security Scanners, where we explored several web based tools for scanning any WP installation. However, there are also browser extensions that let you grab valuable information about themes and plugins from any WordPress-based site.
One in particular is Scan WP, which is your best ally if you don't want to rely on web-based tools and you're looking for quick details about the WP site you're browsing.
Vulners is one of the largest online vulnerability scanners and exploit databases used by security researchers around the world. One of the coolest things about this service is that it's also available as a web browser extension, one that allows you to quickly detect any CVE from the page you're browsing.
Indicators of compromise
Known as an IoC, an indicator of compromise is a piece of software detected on a network or operating system most likely the symptom or trail of a security breach. IoCs include unknown IP addresses and hosts, viruses, malware, backdoors, trojans, unknown or hidden files and directories, URLs and domain names.
Mitaka, written by our friend Ninoseki, is an OSINT extension that will help you identify IoCs. It works by extracting data from a selected block of text; then you simply have to right-click on it, use Mitaka and search for the infosec engine you want to run the test from (for example, SecurityTrails, Shodan, Censys, etc.).
Getting help from cross-platform OSINT web browser extensions during your recon and intel gathering process puts you at a great advantage. They work on any browser, and unlike other OSINT tools, they don't rely on operating system requirements such as libraries, dev packages, etc.
While these are probably the best OSINT web-browser add-ons available, it's important to remember that most of them lack some advanced intelligence data about the host or IP you’re targeting.
So if you want to jump into a real OSINT platform, explore SurfaceBrowser™, our enterprise-grade OSINT tool that will enable you to discover full domain, subdomain, IP, DNS, SSL, and port information in a single-unified web platform. Book a demo with our sales team today!