Browser extensions are one of the easiest ways to start using open source tools because they are platforms. So anyone using Chrome on Linux, macOS and Windows can use them the same way. The same goes for Firefox. In particular, a browser extension on the desktop makes OSINT as easy as right-clicking to search for hashes, email addresses and URLs.
Mitaka, created by Manabu Niseki, works in Google Chrome and Mozilla Firefox. After installation, you can select and inspect certain pieces of text and compromise indicators (IoC) and run them through a variety of search engines, all with just a few clicks. The tool can help investigators identify malicious code, determine the credibility of an email address, and see if a URL is associated with something sketchy, just to name a few.
Install Mitaka in your browser
If you̵7;ve ever installed a browser extension before, you know what to do. Even if not, it could not be easier. Just visit Mitaka in either the Chrome Web Store or Firefox extensions, tap “Add to Chrome” or “Add to Firefox” and then select “Add” to verify.
Once you have found something of interest on a website or in an email that you are researching, all you have to do is select and right-click on it and look through all the options that Mitaka offers in the context menu. On the GitHub page for Mitaka, there are some examples that are worth testing to see how well Mitake works.
Example 1: Inspect email addresses
When you see an email address that you suspect is malicious, whether it is defective (obscured so that it cannot be clicked) or clickable, you can select it, right-click on it, and then select “Mitaka”. If it is defunct, it usually means to insert [.] where regular periods go by to break the link, Mitaka will rearrange it so that each search you perform still works.
In the Mitaka menu, you see a variety of tools that you can use to inspect and examine your email address. There are searches you can perform on Censys, PublicWWW, DomainBigData, DomainWatch, EmailRep, IntelligenceX, OCCPR, RiskIQ, SecurityTrails, ThreatConnect, ThreatCrowd and ViewDNS. For example, if you want to learn its email reputation, select “Search this email on EmailRep.”
From the results we can see that firstname.lastname@example.org is probably not something we should trust. In fact, we can see from this report that it has been blacklisted and flagged for harmful activity.
So if we were to find or receive an email address that had been flagged in this way, we could very quickly determine that it was associated with someone who was blacklisted for malicious code or possibly some similar phishing, and that would be a great way to identify a risky sender or user.
Conversely, let’s say we’re looking through a breach of different people’s passwords and we want to identify if a real person owns an email address or not. We can take a properly designed email address, right-click on it, select “Mitaka” and then use the same EmailRep tool to check.
From a report, we can assume that it is probably a real person because the email address has been seen in 27 reputable sources on the internet, including Vimeo, Pinterest and Aboutme. In the code we can see all the information about the different types of high quality profiles that are linked to the email address, which further legitimizes the account as real.
Example 2: Perform malicious analysis on files
Malware analysis is another exciting tool in Mitaka’s arsenal. Let’s say we’re on a website and we have a file we want to download. We have heard about the tool before, it looks reputable and the web app seems good. Once we have downloaded the file, we can compare the hash with the one listed on the website. If the hash matches, we know that we downloaded the file that the site’s author referred to, but how do we know that the file is really OK?
If a virus scanner does not catch it on your computer, you can always hash the file found on the website, right-click on it, select “Mitaka” and then use something like VirusTotal. This scanner can identify potentially suspicious files by looking at the hash and trying to determine if it could harm your computer or not.
In our case, we can see that there are several discoveries and that this is a macOS cryptominer. So if we had run this on our computer, even if it was not detected by Avast and a lot of other different, fairly reputable malware scanners, it would still have gone through.
As you can see, Mitaka is a pretty effective way to check if a file you come across online has been flagged for doing something bad using tools like VirusTotal or another data source. From the menu for this type of search are Censys, PublicWWW, ANY.RUN, Apklab, Hashdd, HybridAnalysis, InQuest, Intezer, JoeSandbox, MalShare, Maltiverse, MalwareBazaar, Malwares, OpenTIP, OTX, Pulsedive, Scumware, ThreatMiner, VMRayTotal VxCube and X-Force-Exchange.
Example 3: Check if a website is sketchy
Now we can also do URL searches with Mitaka. If we are looking at a large data dump, or if we just want to see if a certain URL on a web page or email has been identified with something sketchy, we can right-click on the link, select “Mitaka” and then select from one of the tools .
Available tools for this type of search include Censys, PublicWWW, BinaryEdge, crt.sh, DNSlytics, DomainBigData, DomainTools, DomainWatch, FOFA, GoogleSafeBrowsing, GreyNoise, Hashdd, HurricaneElectric, HybridAnalysis, IntelligenceX, Maltiversalsum, OT , Shodan, SpyOnWeb, Spyse, Talos, ThreatConnect, ThreatCrowd, ThreatMiner, TIP, URLhaus, Urlscan, ViewDNS, VirusTotal, VxCube, WebAnalyzer and X-Force-Exchange.
For our test, let’s just check out Censys.
In our case, the domain we were looking for is associated with some pretty sketchy things. Since we can see that it is used for bad searches and all other worrying activities, we can assume that it is probably not a domain owned by a company or companies that are more simple with their business.
This is just someone who wants to make as much money as possible from the web space they have. We can also see that it uses an Amazon system, which means that it is probably just a rented system and not really anyone’s physical setting. All this information points to the fact that this would be a very sketchy website to do business with and may not be as legitimate as you would like.
There is much more to explore!
These were all pretty basic use cases, but as you can see, there are lots of different ways to research a clue on the internet with a simple right-click menu. One thing that is really cool about Mitaka is that it can detect different types of data so that the contextual search options can provide the right information.
This was just a quick overview. To get started with Mitaka, you should go through all the different data types, select something on a website or email, then right-click and select your Mitaka search. There are many sources available, and it can be overwhelming at first, but that only means that Mitaka is a valuable tool with lots of useful searches available at your fingertips.
Want To Get Into The Gift Basket Business? Start your career with white hat hacking with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get more than 60 hours of training from ethical hackers.
Buy now (90% off)>