DNINT Sources#
The data sources DNINT collection draws from. Coverage, cost, and legal authority differ by source; the operator picks the source that satisfies the collection requirement at the lowest OPSEC and legal load.
Source |
Description |
|---|---|
Active scanning |
nmap, masscan, zmap directly against authorized targets. |
Passive scanning |
Shodan, Censys, ZoomEye, BinaryEdge, Onyphe. |
DNS data |
Authoritative + passive DNS feeds (Farsight, DomainTools, SecurityTrails). |
CT logs |
Subdomain enumeration through certificate transparency. |
BGP / routing |
RIPEstat, BGPView, RouteViews. |
WHOIS / RDAP |
Domain and IP registration. |
Threat-intel feeds |
AlienVault OTX, MISP, abuse.ch, internal CTI. |
Honeypot / sensor |
Operator-run sensors capturing scans and attacks. |
References#
DNINT for the discipline overview.
DNINT Tools for the operator’s kit.
DNINT Techniques for the tradecraft.