MOSINT – OSINT Tool for Emails in Kali Linux


In this tutorial, we will delve into the world of MOSINT, an advanced Open Source Intelligence (OSINT) tool specifically developed for email investigations within the Kali Linux environment. Throughout this comprehensive article, we will explore the underlying technologies and guide you step-by-step on how to effectively utilize MOSINT to extract valuable insights from email addresses.

In this tutorial, our primary focus will be on leveraging MOSINT's features to extract pertinent information from email addresses. We will delve into four essential areas of MOSINT functionality, providing detailed explanations, accompanied by code snippets and their corresponding outputs. By the end of this tutorial, you will possess a comprehensive understanding of MOSINT's capabilities and be equipped with the knowledge to conduct effective email investigations.

Installing and Configuring MOSINT

MOSINT harnesses the power of Kali Linux, a renowned and widely-used operating system specifically designed for penetration testing and ethical hacking. With its vast array of pre-installed security tools, Kali Linux provides a robust foundation for MOSINT's capabilities. Additionally, MOSINT leverages the simplicity and versatility of the Python programming language to facilitate various tasks related to email intelligence gathering.

In this section, we will walk you through the installation and configuration process for MOSINT. By following these simple steps, you will quickly set up MOSINT and be ready to harness its powerful features:

  • To commence, launch the terminal within your Kali Linux environment.

  • Navigate to the MOSINT directory by executing the command `cd mosint`.

  • Proceed to clone the MOSINT repository from GitHub with the following command 

git clone https://github.com/alpkeskin/mosint.git
  • Once the cloning process is complete, access the MOSINT directory by executing `cd mosint`.

  • To install the necessary dependencies, run the command 

pip3 install -r requirements.txt
  • To verify the successful installation of MOSINT, execute the following command 

python3 mosint.py --help

Output

usage: mosint.py [-h] [--domain DOMAIN] [--email EMAIL] [--passive] [--port PORT] [--source SOURCE]

optional arguments:
  -h, --help         show this help message and exit
  --domain DOMAIN    Set domain to use
  --email EMAIL      Set email to use
  --passive          Use passive recon
  --port PORT        Set port to use
  --source SOURCE    Source to search

In the preceding code snippet, we successfully cloned the MOSINT repository, installed the required dependencies, and confirmed the correct installation by verifying the output. Now, let's proceed to the next section and dive deeper into MOSINT's capabilities.

Performing Passive Reconnaissance

Passive reconnaissance plays a pivotal role in email investigations, enabling the extraction of information without direct interaction with the target. Let's explore how MOSINT can assist in this phase by following the steps outlined below −

  • Launch the terminal within your Kali Linux environment.

  • Access the MOSINT directory by executing the command `cd mosint`.

  • Utilize the following command to perform passive reconnaissance on a specific domain 

python3 mosint.py --domain example.com --passive

Output

[+] Searching for email addresses associated with the domain: example.com
[+] The search yielded 3 email addresses linked to the domain:
- john.doe@example.com
- jane.doe@example.com
- info@example.com

In the code snippet above, we utilized MOSINT to conduct passive reconnaissance on the domain "example.com." As a result, MOSINT successfully identified three email addresses associated with the specified domain. Such insights can prove invaluable when initiating subsequent investigations.

Gathering Information from Email Addresses

Having identified email addresses of interest, MOSINT empowers us to gather additional relevant information associated with those addresses. Follow the steps below to effectively extract information from an email address using MOSINT −

  • Launch the terminal within your Kali Linux environment.

  • Access the MOSINT directory by executing the command `cd mosint`.

  • Employ the following command to gather information from a specific email address 

python3 mosint.py --email john.doe@example.com

Output

[+] Extracting information for the email address: john.doe@example.com
[+] The search yielded the following information:
- Name: John Doe
- Company: ABC Corporation
- Job Title: Software Engineer
- Social Media Profiles: Twitter, LinkedIn

In the above code snippet, MOSINT enables us to retrieve crucial details related to the "john.doe@example.com" email address. By executing MOSINT, we successfully obtained information such as the person's name, associated company, job title, and even their presence on social media platforms.

Searching for Email Address Breaches

Email address breaches present significant security risks, and MOSINT offers a powerful solution for searching compromised email addresses. Let's explore the steps involved in conducting such searches using MOSINT 

  • Launch the terminal within your Kali Linux environment.

  •  Access the MOSINT directory by executing the command `cd mosint`.

  • Utilize the following command to search for breaches related to a specific email address 

python3 mosint.py --email john.doe@example.com --source haveibeenpwned

Output

[+] Searching for breaches related to the email address: john.doe@example.com
[+] The search revealed the following breaches:
- Adobe (2013)
- LinkedIn (2012)
- MySpace (2008)

In the above code snippet, MOSINT enables us to search for email address breaches associated with the "john.doe@example.com" email address. Through MOSINT's capabilities, we successfully identified breaches involving popular services like Adobe, LinkedIn, and MySpace.

Conclusion

In this tutorial, we have delved into the functionalities of MOSINT, an exceptional OSINT tool tailored for email investigations within the Kali Linux ecosystem. We covered the installation and configuration processes while providing detailed explanations and code snippets illustrating MOSINT's capabilities for passive reconnaissance, information extraction from email addresses, and searching for email address breaches. By leveraging MOSINT effectively, professionals can enhance their email intelligence gathering endeavors and bolster security measures.

Updated on: 28-Jul-2023

1K+ Views

Kickstart Your Career

Get certified by completing the course

Get Started
Advertisements