Introducing OSINT Reconnaissance Levels

[0x48piraj]

Introducing Reconnaissance levels for OSINT knowledge gathering

OSINT knowledge gathering is done by using one of three primary methods, passive, semi-passive, and active. Using one rather than another is dependent on the scenario and the kind of intelligence that you are interested in.

• Passive: Collect information about the target via publicly available resources (most used type).
• Semi-passive: Sending internet traffic resembling typical internet traffic to avoid drawing any attention to your reconnaissance activities to target servers in order to acquire general information about them.
• Active: Interacting directly with the system to gather intelligence.

[rachejazz]

@0x48piraj I remember clearly my friend getting penalized by OWASP, for carrying out active recon in the name of OSINT. As a practitioner, I'd suggest be careful what you categorize OSINT as.

[0x48piraj]

Oh, but I also found references in OWASP approved documents and talks talking about active reconnaissance.

References

• Let's Recon - OWASP
• OSINT OPEN INTELLIGENCE

[saeeddhqan]

What works need to be done for this issue?

[0x48piraj]

We can categorise modules by the levels defined above so that they can be used as a search filter.

As far the implementation goes, we can define a variable in modules or restructure the project directories (for example, msf-framework).

[saeeddhqan]

Or adding a new framework option to declare the mode? and if the mode is passive, the framework shouldn't run active modules such as crawler.