Domain Scanner: OSINT Print

Domain Scanner: OSINT Page

Overview

The Domain Scanner OSINT page in TRaViS EASM provides a focused analysis of Open-Source Intelligence (OSINT) data for a specific domain, in this case, example.com. Accessible via the Domain Scanner section in the left navigation menu, this page aggregates publicly available information to help Security Operations Center (SOC) teams understand the domain’s external exposure, identify potential risks, and enhance their threat intelligence. This page is designed to complement the broader Domain Details analysis by offering a dedicated view of OSINT findings.

Page Layout

The OSINT page is structured to deliver concise insights into the domain’s public footprint, with a clean and focused layout. The page includes:

• Header Metrics Panel: Summarizes key OSINT metrics for the domain.
• Domain Graph Visualization: Displays a visual representation of the domain and its connections.
• Employee Information Panel: Provides detailed OSINT data about the domain’s organization.
• Contact Information Table: Lists contact details and email policy violations.
• Navigation and Export Tools: Offers options for data management and reporting.

Key Features and Capabilities

Header Metrics Panel: OSINT Overview

The header section provides a snapshot of critical OSINT metrics for the domain, enabling users to quickly assess its external exposure.

• Email Policy Violations:
  • Displays the number of email policy violations detected (e.g., 0 for example.com).
  • Benefit: Helps users verify email security configurations, such as DMARC, SPF, and DKIM settings, to prevent phishing or spoofing attacks.
• Exposed Positions:
  • Indicates the number of exposed positions or roles (e.g., 1 for example.com).
  • Benefit: Alerts users to publicly available organizational data that could be exploited for social engineering attacks.

User Value: This panel provides a high-level overview of OSINT-related risks, enabling users to prioritize areas of concern (e.g., exposed positions) and take action to reduce external exposure.

Domain Graph Visualization: Network Connections

The central section features a visual representation of the domain and its connections.

• Graph Display:
  • Shows a simple graph with the domain (e.g., example.com) at the center, connected to a related node (e.g., a generic "www" node).
  • Benefit: Offers a visual overview of the domain’s connections, helping users identify related entities or infrastructure that may be part of the attack surface.
• Interactivity:
  • Likely allows users to interact with the graph (e.g., zooming, panning, or clicking nodes for more details), though not visible in the static screenshot.
  • Benefit: Enhances exploration of the domain’s relationships, aiding in threat mapping and reconnaissance.

User Value: The domain graph provides a visual tool for understanding the domain’s external connections, supporting threat intelligence and attack surface mapping.

Employee Information Panel: Organizational Insights

The Employee Information panel provides detailed OSINT data about the organization associated with example.com.

• Fields:
  • Domain Name: Confirms the domain under analysis (e.g., example.com).
  • Industry: Specifies the organization’s industry (e.g., Airlines and Aviation).
  • Company Description: Offers a brief description of the organization (e.g., "Delta Air Lines is an airline that provides domestic and international flight service").
  • Twitter: Lists the organization’s Twitter handle (e.g., N/A).
  • LinkedIn: Provides a link to the organization’s LinkedIn profile (e.g., N/A).
  • Instagram: Lists the organization’s Instagram handle (e.g., N/A).
  • Disposable Email: Indicates if disposable email addresses are used (e.g., No).
  • Webhook: Indicates if webhooks are exposed (e.g., No).
  • Email Pattern: Shows the email pattern used by the organization (e.g., firstname.lastname).
  • Technologies: Lists technologies associated with the domain (e.g., N/A).
  • Location: Specifies the organization’s location (e.g., Atlanta, GA, US).
  • Headcount: Estimates the organization’s employee count (e.g., 1000+).
  • Company Type: Indicates the organization type (e.g., Public Company).
• Data Examples:
  • For example.com, the panel shows an industry of Airlines and Aviation, a location in Atlanta, GA, a headcount of 1000+, and an email pattern of firstname.lastname, with no social media links or disposable emails detected.
  • Benefit: Provides a comprehensive profile of the organization, helping users understand its public footprint and potential social engineering risks.

User Value: The Employee Information panel offers valuable OSINT insights into the organization, enabling users to identify exposed data (e.g., email patterns, headcount) and mitigate risks such as phishing or targeted attacks.

Contact Information Table: Email and Contact Details

The Contact Information table at the bottom of the page lists contact details and email policy violation data.

• Columns:
  • Contact: Lists contact points (e.g., "support@example.com").
    • Benefit: Identifies official contact points that may be targeted for phishing or impersonation.
  • Email: Indicates if the contact is an email address (e.g., Yes).
    • Benefit: Confirms the type of contact for further analysis.
  • Location Found: Specifies where the contact was discovered (e.g., N/A).
    • Benefit: Provides context on the source of the contact data, though no data is populated here.
  • Discovered Date: Shows when the contact was found (e.g., 2023-03-11).
    • Benefit: Helps track the timeline of exposure for historical analysis.
  • Last Seen: Indicates the last time the contact was verified (e.g., 6 days ago).
    • Benefit: Confirms the recency of the data, ensuring relevance.
  • Email Policy Violation: Flags any email policy violations (e.g., N/A).
    • Benefit: Verifies compliance with email security policies, though no violations are detected here.
• Data Examples:
  • A contact entry for support@example.com shows it as an email, discovered on 2023-03-11, last seen 6 days ago, with no email policy violations.
  • Benefit: Highlights a potential point of contact that could be exploited, prompting users to secure or monitor it.
• Features:
  • Pagination: Supports navigation through multiple pages of contact data (e.g., Previous/Next buttons).
    • Benefit: Ensures scalability for domains with extensive contact information.
  • Export Options (CSV, Print): Located above the table.
    • Benefit: Enables users to export contact data for detailed reporting or third-party analysis.

User Value: The Contact Information table provides actionable insights into exposed contact points, helping users secure communication channels and prevent phishing or impersonation attacks.

Navigation and Export Tools

The page includes tools for managing and sharing data:

• Export Options (CSV, Print):
  • Located above the Contact Information table.
  • Benefit: Allows users to generate reports for audits, compliance, or team collaboration.
• Left Navigation Menu:
  • Includes links to other TRaViS features (e.g., Dashboard, CVE Intelligence, Domain Scanner).
  • Benefit: Provides seamless access to additional tools and views within the TRaViS platform, with the Domain Scanner section expanded to show the OSINT page.

User Value: These tools enhance usability by enabling data export and efficient navigation within the TRaViS platform.

Benefits for Security Teams

The Domain Scanner OSINT page for example.com offers several key benefits:

• Focused OSINT Insights: Provides a dedicated view of publicly available data, enhancing threat intelligence.
• Actionable Data: Identifies exposed contacts, email patterns, and organizational details that could be exploited, with clear steps to mitigate risks.
• Visual Analysis: Offers a domain graph for visualizing connections, aiding in attack surface mapping.
• Social Engineering Prevention: Highlights exposed positions and contact points, helping users prevent targeted attacks.
• Efficient Workflows: Supports data export and navigation, streamlining analysis and reporting.

Conclusion

The Domain Scanner OSINT page in TRaViS EASM is a powerful tool for gathering and analyzing open-source intelligence for a domain. By providing detailed organizational insights, contact information, and a visual domain graph, it empowers security teams to understand their external exposure and mitigate risks effectively. This documentation will continue to expand as additional pages and features are explored.