tools tips reconnaissance

SecurityTrails Blog · Jan 28 · by Esteban Borges

Top 15 OSINT Web Browser Extensions

Reading time: 9 minutes

OSINT stands for Open Source Intelligence, as explained in our previous article What is OSINT? At that time, we learned about the concept of OSINT, how to make use of it, and its most popular techniques.

Today we’ll add some valuable OSINT functionality to your browser. Let’s unlock, discover and explore the most useful OSINT browser extensions employed by penetration testing and cybersecurity researchers during their information gathering and reconnaissance processes.

Why are web browser add-ons important for OSINT?

Browser add-ons, also known as browser extensions, are web browser-based applications that help users extend base functions from popular web browsers such as Google Chrome, Mozilla Firefox, Opera, etc.

The HTTPS protocol remains one of the most frequently used protocols since the Internet’s inception, helping us interact with information from remote and local pages.

And anywhere where you find information, there are also security researchers seeking sensitive data within that information, trying to make use of it during the intelligence collection tasks used to investigate a possible target.

With OSINT add-ons, you’ll be able to intercept, analyze and extract data from the web browser, web apps and web servers while also being allowed to block online tracking, run traces against networks, login via SSH to remote devices, and more.

Before you start adding web browser add-ons, make sure you’re running the latest version of Mozilla Firefox or Google Chrome to ensure the best compatibility possible.

The Google Chrome Web Store or the Firefox Add-ons page are the only trusted sources we recommend for getting these extensions. While malicious codes can still get through, it’s a rare occasion; working with these sources provides a lot more security than downloading from third-party websites created by unknown developers.

Now that you know why add-ons are useful for the infosec community, and you’re familiar with the best recommended practices for adding extensions to your browser, let’s explore the top recommended OSINT add-ons.

Internet history

Web pages are the heart and soul of the Internet. By browsing pages you can find data about services, products, people, businesses, entertainment, dangers, illegal stuff, and much more. However, web pages are usually updated, changing their design and texts from time to time.

Wayback machine

One popular extension that lets you analyze how a website once looked is the aptly named Wayback Machine. This add-on will enable you to explore the look and feel of a web page, and explore images and texts as if you were there—browsing the page when it was originally updated or launched.

This service is super useful for OSINT research, as the old version of any page can reveal sensitive data about products, companies, networks, domains and IP addresses.

Get it now: Google Chrome | Mozilla Firefox

Image data extraction

Images hold an immense amount of data in their EXIF information, and that’s something researchers often focus their attention on during the OSINT process.

Image data extraction

By using extensions such as Exif Viewer, you can extract Exif data that can be crucial for security researchers and forensic analysts. This includes data such as camera model, picture orientation, X resolution, Y resolution, last modification date/time and colour histograms.

Get it now: Google Chrome | Mozilla Firefox

Website technology

Websites are built using different types of programming languages, frameworks, plugins, themes, databases and more. All these technology platforms are easily detectable by using Wappalyzer, one of the most popular extensions available on both Chrome and Firefox.

This add-on will help you detect content management systems, web servers, javascript and CSS frameworks, analytics and stats tools, plugins, themes and many other interesting details about any local or remote website.

Website technology

As of today, Wappalyzer is able to detect up to 1,270 technologies in 66 categories, making it a must for any OSINT research.

Get it now: Google Chrome | Mozilla Firefox

IP, domain and hosting information

For any security researcher investigating a company, getting IP address, domain and web hosting information is a priority.

The best available method for this purpose may be to use the IP Address and Domain Information add-on, which will give you instant (although limited) access to important data in this area.

IP, domain and hosting information

While there are better alternatives that include historical DNS and IP lookup information, such as our free service at SecurityTrails, this browser add-ons is a good start.

Get it now: Google Chrome | Mozilla Firefox

Sputnik is a nice alternative that includes several advanced IP intelligence features. By using this add-on you’ll be able to search IPs, domain names, file hashes and URLs; and get direct results from third-party services such as AbuseIPDB, VirusTotal, ARIN, Bad Packets, and even our own SecurityTrails domain data, as you can see in the following screenshot.

Sputnik tool

Get it now: Google Chrome | Mozilla Firefox

Device spoofing

While browsing a web page, your browser sends a lot of information about the browser and operating system you’re using. To prevent this data leak about your device, there are some handy browser extensions that can help you hide your real data during OSINT investigations. One is the User-Agent Switcher, a cool extension that actually lets you fake the browser you’re using when you visit a web page.

User-Agent Switcher

You’ll be able to make webpages believe you’re visiting from a mobile phone with Android and Mozilla Firefox, when in reality you’re browsing from Linux with Google Chrome. Simply choose the device you need to “use,” apply the changes, and you’re ready to go.

Get it now: Google Chrome | Mozilla Firefox

Text, screenshot and video recording

Websites change from time to time, and while we have extensions like the Wayback Machine—that allow us to visit a site and see what it looked like some time ago—sometimes you simply need to take screenshots or video recordings of the websites you’re visiting, as you never know when that’s the proof you’ll need for your next OSINT research or forensic digital analysis.

Text, screenshot and video recording

With Nimbus you can record screencasts and take screenshots of the entire page, or a portion or section of it, and even edit and annotate the screenshots for further reference.

Get it now: Google Chrome | Mozilla Firefox

Explain and Send Screenshots is another alternative we love. It’s completely free, although a donation to the developer is required to remove the watermark from screenshots. It’s a great addition to Nimbus.

Get it now: Google Chrome | Mozilla Firefox

SSH Tunneling

At some point in your OSINT research it’s highly probable that you’ll need to login via SSH to test boxes located in your own infrastructure, or even on remote cloud servers. No matter where, you’ll probably use the SSH protocol to login securely. The good news is that you don’t need a native SSH client application to connect to these servers—you can do it directly from the web browser by using SSH client and emulator extensions.

SSH Tunneling

Secure Shell App turns out to be one of the best we found during our research.

Another choice is SSHGate, ready to be downloaded for Google Chrome and Mozilla Firefox.

HTTP headers

HTTP headers refer to the critical information served by the web server that hosts the web page you’re trying to browse.

HTTP headers

This information is crucial when you’re in the information gathering process. Browser extensions like ‘Live HTTP Headers’ will help you log all the HTTP traffic between your browser and the Internet, letting you debug web applications, follow redirect paths, inspect remote cookies, detect web server banners, check the response status of the web page, and more.

Get it now: Google Chrome | Mozilla Firefox

WordPress scanning

Some time ago we published an article about the Top 5 WordPress Security Scanners, where we explored several web based tools for scanning any WP installation. However, there are also browser extensions that let you grab valuable information about themes and plugins from any WordPress-based site.

WordPress scanning

One in particular is Scan WP, which is your best ally if you don’t want to rely on web-based tools and you’re looking for quick details about the WP site you’re browsing.

Get it now: Google Chrome | Mozilla Firefox

Vulnerability scanning

Vulners is one of the largest online vulnerability scanners and exploit databases used by security researchers around the world. One of the coolest things about this service is that it’s also available as a web browser extension, one that allows you to quickly detect any CVE from the page you’re browsing.

Vulnerability scanning

Get it now: Google Chrome | Mozilla Firefox

Indicators of compromise

Known as an IoC, an indicator of compromise is a piece of software detected on a network or operating system most likely the symptom or trail of a security breach. IoCs include unknown IP addresses and hosts, viruses, malware, backdoors, trojans, unknown or hidden files and directories, URLs and domain names.

Indicators of compromise

Mitaka, written by our friend Ninoseki, is an OSINT extension that will help you identify IoCs. It works by extracting data from a selected block of text; then you simply have to right-click on it, use Mitaka and search for the infosec engine you want to run the test from (for example, SecurityTrails, Shodan, Censys, etc.).

Get it now: Google Chrome | Mozilla Firefox

Summary

Getting help from cross-platform OSINT web browser extensions during your recon and intel gathering process puts you at a great advantage. They work on any browser, and unlike other OSINT tools, they don’t rely on operating system requirements such as libraries, dev packages, etc.

While these are probably the best OSINT web-browser add-ons available, it’s important to remember that most of them lack some advanced intelligence data about the host or IP you’re targeting.

So if you want to jump into a real OSINT platform, explore SurfaceBrowser™, our enterprise-grade OSINT tool that will enable you to discover full domain, subdomain, IP, DNS, SSL, and port information in a single-unified web platform. Book a demo with our sales team today!

ESTEBAN BORGES

Esteban is a seasoned security researcher and cybersecurity specialist with over 15 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.