The purpose of this talk is to share the results of a comparative analysis between different automated Open Source Intelligence (OSINT) gathering tools. To do so, a list of reputable, popular and open source tools was compiled and then compared against three (3) different benchmarks: Data variety, Data quality and Currency. I then added useful details such as an overview of tool Modules, Output formats, Supported Operating Systems (OS) and more. The results include a table which will help security professionals easily find the appropriate tool for their type of engagement, their available time and the type of information they seek. Finally, the talk will answer some practical questions a security professional might have during engagements, such as: "What tool is the best for e-mail lists?" "What tools are awesome for beginners?" and others! :-)
Émilie St-Pierre is currently a security analyst at Rapid7, where she asks a lot of questions and works on offensive engagements. She has been a part of the infosec community for 5 years and has been co-hosting the weekly Greynoise podcast for the past 2 years. Émilie is a Director at Large for SYNShop, the Las Vegas hackerspace where she hosts the cryptoparties and privacy workshops. If you ever encounter her, you may be subject to many cat pictures.