Introducing OSINT YOGA

I absolutely love all of the public projects where people share their favorite OSINT bookmarks with others. You’ve most likely seen some of them.

[UPDATE] Bruno Mortier (@digintelosint) created an excellent resource of resources page at https://start.me/p/ZME8nR/osint where a bunch of these sites are catalogued. Head over there and check them out!

If you haven’t seen these sites and documents, go and look. The people that collected, sorted, and posted the content on these resources did a HUGE amount of work to make it easier for us to know “where do I go next?” in an OSINT investigation or when doing recon.

Link Overload

There are so many great link resources that I’m finding myself getting overwhelmed with sites and links (I’m a simple man). A friend of mine mentioned that he likes the diverse set of these bookmarking sites because he gets different resources and perspectives for what sites to use.

While I agree that diversity is key, there is still something missing. We have links to sites without the “why would I go there?” In my SANS SEC487 OSINT class (aw come on….you know I was going to plug it, right?), I heard students mention that understanding how to pivot from a piece of data to another is the first step in understanding what sites to use to perform lookups.

For instance, if I have an email address, where could I submit that to find other pieces of data that use it? Reverse Whois search? People search engine? DuckDuckGo.com? I mentioned in class that this, connecting the dots between pieces of data, comes with experience. Then I began wondering if I could use my expertise, other’s resources, and some Javascript to help shortcut that process.

YOGA

So I made Your OSINT Graphical Analyzer or YOGA. It is a Github project and hosted at https://yoga.osint.ninja. It seeks to answer the question of:

I have this information. What can I transform it into or use it for?

I’ve examined the data on the above bookmarking sites, Michael Bazzell’s fabulous flowcharts, and other places to connect the dots for people in a fun, dynamic way.

YOGA is flexible and will strengthen your OSINT research by helping you see connections and pathways to continue your research.

YOGA seeks to abstract “what can I do?” into categories. Instead of me telling you to use Google, Yandex, DuckDuckGo or another search engine to look up an email address, YOGA just connects the “Email Address” node to the “Search Engine” node. It leaves it to you to use your favorite engine or to visit the bookmark sites above to find one.

How You Use It

It is a single web site that can be downloaded and used offline or at https://yoga.osint.ninja (Github hosted).

Let’s take a look at each of the components of the page.

Pieces of data you have, such as a hashtag, will be in blue.

hashtag

Searches and sites where you use other data are in yellow, such as searching for a domain in the whois system.

whois

 

Actions that may be more complicated than simple web searches appear in red. Here we have “Examine for Services” which usually means port scanning an IP address or domain.

services

When you click on a node, it highlights all the connections (edges) to and from it in a magenta color.

highlight1

See all those “O” letters in the middle of the arrows (edges)? You can mouseover those and get a pop-up with suggestions or examples.

highlight2

Navigating around the page is simple using your mouse/trackpad and clicking or clicking and dragging. Zooming in and out is done with a mouse wheel or the normal pinching on a trackpad. Alternatively, you can use the green buttons in the lower portion of the page to move around and zoom in and out.

buttons

How It Works

The site itself is super simple and lightweight. It uses the visjs.org Javascript libraries to create nodes and edges. If you look at the page source for the index.html file, you can see it all (or look at https://github.com/WebBreacher/yoga/blob/master/index.html).

Nodes are the dots and appear like this in the code:

nodes

Whereas the edges that connect each node to other nodes appear in the code like this:

edges

Help Me

Make YOGA Prettier

By looking at this site you can see that I am not a programmer/graphic artist. I’d love someone to help me make the site look less 1990s and more 2018s using CSS and other things.

Contribute Nodes and Edges

The site is a public one on Github at https://github.com/WebBreacher/yoga. I’d love your ideas for new nodes and edges.

Please keep in mind that I’m trying to keep this high-level and not specify distinct resources (duckduckgo.com, pipl.com, etc.) but more classes of resources (search engines, people search sites, etc).

Standardize Category Names

If you are one of those people that has a bookmark site, how about we talk about making a standardized set of categories for everyone to use for the OSINT bookmark classification system? We could call it OBCS – OSINT Bookmark Classification System (or something else).

My thought here is that, if http://osintframework.com used the same groups/categories for a set of links that https://technisette.com does, then users of those sites can find resources faster.

I’ve created the ORCS (OSINT Resource Classification System) project (https://github.com/WebBreacher/orcs and https://orcs.osint.ninja/) to begin this conversation and classification but I cannot (and will not) do it alone. See https://webbreacher.com/2018/06/24/introducing-orcs/ for details. We also have a private channel in the Rocket Chat https://osint.team server for discussions.

Comments are closed.

A WordPress.com Website.

Up ↑

%d bloggers like this: