OSINT Top Ten #2 – Mitaka

We’re nearly there, readers. We have climbed the mountain of the secpro OSINT top ten, and we are just about to reach the summit – thanks for coming along with us for this journey. But before we get there, obviously we’ll have to look at our second favourite tool available right now. Not only is it a fantastic and idiot-proof piece of OSINT software, but it is also completely open source and free. What more could we ask for? 

Introducing Mitaka, a browser extension OSINT tool that is really a collection of four open-source tools. These are: 

  1. Browserling 
  1. HybridAnalysis 
  1. io 
  1. VirusTotal 

We will cover these scan engines in detail later on. But first, let’s look at what Mitaka says it can do. 

What is Mitaka? 

As we already said, Mitaka is a browser add-on tool. Like many OSINT tools, it is designed to be as simple as possible. After it has been installed, it provides multiple functions that are easily accessible from a dropdown menu. For a quick rundown on how the Mitaka tool looks, check out the secpro newsletter and click through to our website. 

Now, the obvious question – how powerful can a browser add-on really be? Although I would be inclined to agree with the idea that Mitaka is restricted in some ways, it only has a simple goal. This is not a silver bullet or a miracle cure to all the problems that cybersecurity professionals face. But Mitaka sets out to achieve a small goal and achieves it comfortably. 

How does Mitaka work? 

Firstly, you will want to install the Mitaka extension. It is a Firefox add-on, so using Firefox or a fork of Firefox and navigating to the Firefox Add-ons page is really the only way to get it. The add-on is not monitored by Mozilla, and it requires access to 1. display notifications to you and 2. access your data on all websites, so be sure what you are getting into before you install it. 

Like any good cybersecurity professional, you’re probably feeling that slight pang of paranoia when you hear the request for access to personal data. Don’t worry – I was exactly the same. The extension needs to access your data on all websites to actually engage with the potential malware and scams that are lurking in cyberspace. As many OSINT tools do this, it’s up to you to decide whether you’re willing to hand over that data. 

Next, we will look over the services that Mitaka offers and explain how they work. Included with each section is the name of the sub-tool that Mitaka draws information from, for your own investigative pleasure.

Mitaka and crypto address analysis 

Sub-tool: Bitcoin Abuse Database 

It’s no secret that one prominent use of cryptocurrency is as a currency that is difficult to track. For that reason, it’s attractive to cybercriminals. But it’s even more worrying for people who have crypto just how easy it is to steal. 

By highlighting a cryptocurrency wallet address, right clicking, and opening the Mitaka dropdown menu, you can search on Bitcoin Abuse Database. This allows you instant access to the trustworthiness (or untrustworthiness) of a particular wallet. If you’re in the habit of working with crypto often, this is a good defense against known bad wallets. 

Mitaka and email analysis 

Sub-tool: emailrep.io 

The eternal suffering of the security analyst is best summed up in email phishing attacks. The team behind Mitaka knows that. That’s why there are multiple search engines hooked up to Mitaka that allow you to search the web for malicious email addresses and indicators of compromise. As well as popular social media sites such as LinkedIn, Facebook, and Twitter, Mitaka consults Shodan, Sploitus, Radar, Scumware, and VirusTotal.

Mitaka and IP address analysis 

Sub-tool: DNSlytics amongst others 

We know from firsthand experience that IP tracking can become soul-destroying within a matter of minutes, especially if you don’t have some decent tools to help you out. The thought of manually searching through IP addresses keeps me up at night sometimes. 

But if you are alerted to a malicious IP address by your system, Mitaka can instantly link you out to DNSlytics. From this site, you can find all the relevant information you need. This includes SPAM database lookups, blocklist lookups, and any obtainable network information. Again, this is done through simply clicking on the dropdown menu, so it’s very convenient and worker focused. 

Mitaka and malware analysis 

Sub-tool: VirusTotal amongst others 

Uh-oh, a malicious email got through your defenses. That’s obviously not a great situation to find yourself in, but the first step is to understand what exactly got through the perimeter. Obviously, this is a worst case scenario, but we can’t always rely on conventional antivirus programs to save us. 

If something gets through, Mitaka can instantly perform a hash check of any downloaded application or file using the malware scanners built into Mitaka’s toolkit. For example, you can be linked out to VirusTotal to obtain all relevant information. 

Stay up to date with the latest threats

Our newsletter is packed with analysis of trending threats and attacks, practical tutorials, hands-on labs, and actionable content. No spam. No jibber jabber.