DNINT Sources

Contents

DNINT Sources#

The data sources DNINT collection draws from. Coverage, cost, and legal authority differ by source; the operator picks the source that satisfies the collection requirement at the lowest OPSEC and legal load.

Source

Description

Active scanning

nmap, masscan, zmap directly against authorized targets.

Passive scanning

Shodan, Censys, ZoomEye, BinaryEdge, Onyphe.

DNS data

Authoritative + passive DNS feeds (Farsight, DomainTools, SecurityTrails).

CT logs

Subdomain enumeration through certificate transparency.

BGP / routing

RIPEstat, BGPView, RouteViews.

WHOIS / RDAP

Domain and IP registration.

Threat-intel feeds

AlienVault OTX, MISP, abuse.ch, internal CTI.

Honeypot / sensor

Operator-run sensors capturing scans and attacks.

References#