An Evaluation of Osint Tools for External Attack Surface Mapping
DOI:
https://doi.org/10.55826/jtmit.v4i4.1415Keywords:
External Attack Surface, OSINT, Asset Mapping, Cybersecurity, Vulnerability, Subdomain EnumerationAbstract
Modern cybersecurity relies heavily on proactively understanding the external attack surface (EAS), defined as the totality of digital assets accessible to attackers from the internet, including domains, subdomains, IP addresses, SSL certificates, cloud services, and exposed employee information. Failure to map these assets can create blind spots that are exploited in zero-day and misconfiguration-based attacks. This research aims to evaluate the effectiveness, efficiency, and scope of publicly available Open-Source Intelligence (OSINT) tools, such as Subfinder, Amass, Maltego, theHarvester, and Shodan , in identifying and mapping an organization's EAS components. The research approach involved benchmarking these tools against predetermined targets, comparing metrics such as execution time, number of unique assets discovered, and accuracy of collected information. Initial findings indicate that no single tool can provide comprehensive EAS mapping, highlighting the need for a tool-chaining strategy or combination of tools for optimal results. This evaluation provides practical recommendations for security professionals and Red Teams on the most appropriate OSINT tools for the various phases of EAS mapping, contributing significantly to a data-driven cybersecurity risk management strategy.
References
[1] Gartner, “Hype Cycle for Security Operations,” gartner.com.
[2] C.C., The state of external attack surface management (EASM) in 2022. New York: Black Hat USA Proceedings, 2022.
[3] B.Schneier, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World concepts). New Jersey: WW Norton & Company, 2020.
[4] J. P.Smith, “Subdomain enumeration techniques for external network penetration testing: A performance evaluation,” in Proceedings of the Annual Security Conference, 2021, p. 19.
[5] P.Martins, “The role of OSINT in pre-attack reconnaissance: An experimental evaluation,” Journal of Information Security and Applications, vol. 4, no. 2, p. 8, 2019.
[6] George, George, Jennifer M. dan Gareth R. Jones, Organizational Behavior, Understanding and Managing, Sixth Edition. New Jersey: Pearson Education Prentice Hall, 2012. 2012.
[7] O.Foundation, “OWASP Testing Guide,” owasp.org.
[8] M.Corporation, ATT&CK: Reconnaissance . Retrieved from [Include official Mitre ATT&CK Reconnaissance URL]. New York: Provides a framework for the technical placement of OSINT in the attack lifecycle, 2023.
[9] Sugiyono, Metode Penelitian Kuantitatif, Kualitatif, R&D. 2019.
[10] S.Abdurahman, Metodologi Penelitian. Jakarta: Sinar Grafika, 2016.
[11] Hair, Multivariate Data analysis, Seventh Editions. Prentice Hall: New Jersey, 2010.
[12] M.Sarstedt, C.M. Ringle, D.Smith, R.Reams, andJ. F.Hair Jr, “Partial least squares structural equation modeling (PLS-SEM): A useful tool for family business researchers,” Journal of Family Business Strategy, vol. 5, no. 1, pp. 105–115, Mar.2014.
[13] D.Shackelford, Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. New Jersey, USA: Apress. (Supports discussion on EAS and Risk Management), 2021.
[14] Shodan, he Search Engine for the Internet of Things. Oxford: Official Shodan, 2024.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Q Fadlan
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
