OSINT Quick Guide: Running a Domain Scan in Lampyre

Lampyre is a windows-based tool that I like to use for some quick OSINT research. Previously, I wrote a blog on Basic Email and Phone Number recon but Lampyre has since upgraded and now has an exciting new beta version with a more simple layout and new tools. If you don’t already have Lampyre, you can go to their website www.lampyre.io and click Try Lampyre for Free.

Once Lampyre is installed, activate it through their website and then open the program. This demo will be run in online mode, I have found it to be less buggy overall. It is my understanding that Standalone mode is just a way to isolate your search data from the internet and since we won’t be doing anything secret in nature it shouldn’t matter.

A window will open to start a new investigation. I prefer setting the layout to Simplified Mode since it has fewer options that will confuse me. Click on that option and windows will open for the new investigation.

One of the cool new things in the beta is the Lampyrise tool. It makes it super easy to search for things by selecting them from the drop-down.

You can see I chose Domain in the Lampyrise drop-down menu below. In the field next to Domain is where the search criteria will go.

Out of sheer curiosity, I searched for Breitbart dot com and then clicked the Lampyre logo next to the box which starts the search.

Another fun thing about Lampyre is there is no real need to mess with installing API keys. Their website claims to have over 100 regularly updated data sources. If you are a person who struggles with API keys in Maltego this might be where Lampyre can help.

As this scan runs you can see it tabs pop up for Threatcrowd, NSLookup, Snov.io and Full Contact of objects and social networks with the domain. Additionally, I am able to choose whether I want to run data in a table, schema, map, or all three. Who doesn’t love a good schema amirite?

Each tab shown here offers different data to parse through. The ThreatCrowd tab shows us all of the resolved IPs associated with our domain. ThreatCrowd is great at finding entities alone but requires something like Lampyre to help visualize all of the data.

In my initial scan, I ran all visualization options (table, schema, map). Below we can see the graph of all the entities associated with the domain. We can also open the Timeline (Window>Timeline) to focus in on just one section of the schema. Furthermore, we can grab an entity on the schema and open it into it’s own investigation.

Many of the entities found in this scan were emails. I found these two emails below interesting.

I obviously couldn’t let it go without trying to validate them but they were undeliverable.

Another tab shows NSlookup, or Name Server Lookup results. This is used for querying the Domain Name System to gather the domain name, IP, or other DNS records. In this instance, NSlookup provided most of the same data as Threatcrowd.

When I ran the scan we selected to run all 3 modes of viewing. We saw the schema, this below is the data in a table. We get all of the email addresses in an easy to export chart.

As you can see, using Lampyre is a simple way to start doing domain recon and practicing your OSINT skills. Generally, I do not stick to using just one method however and I would most likely pair this with searches from intelligence X , Whois, and RiskIQ just to name a few. Be sure to keep an eye out for more quick tips coming soon!

--

--

--

@wondersmith_rae | OSINT Analyst | @OSINTCurious Advisory Board | @QuizTime | http://Tracelabs.org | http://safeescape.org | Speaker and @Wiley Author

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

50% Free Membership on Medium

Quick Tutorial On Kash Dex — wUST to UST

Types of Cybercrime — Panda Security Mediacenter

I — Risk Management

Different Types of Attacks on a System

THREAT DETECTION AND WHY YOU SHOULD SPEND MORE TIME THINKING ABOUT IT

📢MetaWorld Breaking News📢

SolidProof Offers Free Audit for DeFi projects in a Community Tournament

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
wondersmith_rae

wondersmith_rae

@wondersmith_rae | OSINT Analyst | @OSINTCurious Advisory Board | @QuizTime | http://Tracelabs.org | http://safeescape.org | Speaker and @Wiley Author

More from Medium

Cyberthreats and Protection of Power Grid

Network Fundamentals — Part 2

Wireshark for Cybersecurity and Threat Hunting — Log4J Exploit —  CyberDefense

Incident Response: Building Automation