قالب وردپرس درنا توس
Home / Tips and Tricks / Use Mitaka to run OSINT in the browser to identify malware, sketchy sites, shady emails, and more. «Null Byte :: WonderHowTo

Use Mitaka to run OSINT in the browser to identify malware, sketchy sites, shady emails, and more. «Null Byte :: WonderHowTo



Web browser extensions are one of the easiest ways to use open source intelligence tools because they are cross-platform. Anyone using Chrome on Linux, macOS, and Windows can use them all the same. Same goes for Firefox. A desktop browser add-on in particular makes OSINT as easy as right-clicking to search for hashes, email addresses, and URLs.

Mitaka, created by Manabu Niseki, works in Google Chrome and Mozilla Firefox. Once installed, you can select and review specific pieces of text and compromise indicators (IoC) and run them through various search engines with just a few clicks. The tool can help investigators identify malware, determine the credibility of an email address, and determine if a URL is linked to something outlined, to name a few.

Install Mitaka in your browser

If you̵

7;ve ever installed a browser extension before, you’ll know what to do. Even if you don’t, it couldn’t be easier. Simply visit Mitaka on the Chrome Web Store or Firefox Add-Ons, click “Add to Chrome” or “Add to Firefox” and select “Add” to review.

Once you’ve found something of interest on a website or in an email you’re investigating, all you have to do is highlight it and right-click it, then go through all of the options Mitaka has in the context menu. There are a few examples on the GitHub page for Mitaka that are worth trying to see how well Mitake works.

Example 1: Checking Email Addresses

If you see an email address that you suspect is malicious, regardless of whether it’s broken (disguised so it can’t be clicked) or clickable, you can highlight it by right-clicking on it click and then select “Mitaka”. If it is defang, that usually means the onset [.] If the link is broken periodically, Mitaka will reactivate it so any search you have done will continue to work.

In the Mitaka menu, you’ll see a variety of tools that you can use to verify and investigate the email address. There are searches you can do for Censys, PublicWWW, DomainBigData, DomainWatch, EmailRep, IntelligenceX, OCCPR, RiskIQ, SecurityTrails, ThreatConnect, ThreatCrowd, and ViewDNS. For example, if you want to know the email reputation, select “Search this email on EmailRep”.

From the results we can see that test@example.com is probably not what we should trust. In fact, we can tell from this report that it has been blacklisted and flagged for malicious activity.

So if we were to find or receive an email address flagged in this way, we could very quickly see that it was linked to someone who was blacklisted for malware or possibly phishing, and this would be a great way to identify a risky sender or user.

Conversely, let’s say we’re investigating someone’s password violation and want to find out whether a real person has an email address or not. We can take a properly formed email address, right click on it, select “Mitaka” and then check it with the same EmailRep tool.

From one report, we can assume it’s likely a real person as the email address has appeared in 27 reputable sources on the internet including Vimeo, Pinterest and Aboutme. In the code we see all the information about the different types of high quality profiles associated with the email address, which legitimizes the account as real.

Example 2: Performing malware analysis on files

Malware analysis is another exciting tool in Mitaka’s arsenal. Suppose we are on a website and have a file that we want to download. We’ve heard of the tool before, it looks legitimate and the web app seems good. Once we’ve downloaded the file, we can compare the hash to the one listed on the site. If the hash matches, we know we downloaded the file the site author intended, but how do we know the file is really OK?

If a virus scanner doesn’t catch it on the computer, you can always get the hash of the file on the website, right click on it, select “Mitaka” and then use something like VirusTotal. This scanner can identify potentially suspicious files by checking the hash and trying to find out whether or not it could harm your computer.

In our case we can see that there are multiple detections and that this is a macOS Crypto Miner. If we had done this on our computer even though it was not detected by Avast and a number of other fairly reputable malware scanners, it would have gotten through anyway.

As you can see, Mitaka is a pretty effective way to check if any file you come across on the web has been flagged as bad using tools like VirusTotal or some other data source. For this type of search, the menu options Censys, PublicWWW, ANY.RUN, Apklab, Hashdd, Hybridanalyse, InQuest, Intezer, JoeSandbox, MalShare, Maltiverse, MalwareBazaar, Malware, OpenTIP, OTX, Pulsedive, Scumware, ThreatMiner, VirusTotal, VMRay , VxCube and X-Force-Exchange.

Example 3: Checking that a site is sketchy

Now we can also do url searches with Mitaka. If we want to look at a big data dump, or just want to see if a particular url on a webpage or email has been identified with something sketched, we can right-click the link, select “Mitaka,” then select one of the tools.

Tools available for this type of search include Censys, PublicWWW, BinaryEdge, crt.sh, DNSlytics, DomainBigData, DomainTools, DomainWatch, FOFA, GoogleSafeBrowsing, GreyNoise, Hashdd, HurricaneElectric, HybridAnalysis, IntelligenceX, Maltiverse, OTX, Pulsedtex, Riskedtex , SecurityTrails, Shodan, SpyOnWeb, Spyse, Talos, ThreatConnect, ThreatCrowd, ThreatMiner, TIPP, URLhaus, Urlscan, ViewDNS, VirusTotal, VxCube, WebAnalyzer and X-Force-Exchange.

Let’s just look at Censys for our test.

In our case, the domain we searched is related to pretty sketchy things. Since we can see that it is being used for bad searches and all sorts of other worrying activity, we can assume that it is likely not a domain owned by a company or a company that is easier to do business with.

This is just someone trying to make as much money as possible from the web space they have. We can also see that it uses an Amazon system, which means that it’s probably just a rented system and not someone’s physical setup. All of this data suggests that this is a very sketchy website for business and it might not be as legitimate as you’d like it to be.

There is so much more to discover!

These were all pretty straightforward use cases, but as you can see, there are tons of ways we can investigate a hint on the web using a simple right-click menu. One of the really cool things about Mitaka is that it can recognize different types of data so the contextual search options can provide the right information.

This was just a brief overview. If you want to get started with Mitaka, you should go through all of the different types of data, highlight something on a website or email, then right click and select your Mitaka search. There are many sources available, and it can be overwhelming at first, but that just means that Mitaka is a valuable tool with tons of helpful searches available to you.

Would you like to make money as a hacker with a white hat? Start your white hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and receive over 60 hours of training from ethical hacking professionals.

Buy now (90% discount)>

Cover picture, screenshots and GIF by Retia / Null Byte

Source link