As we use the internet in our daily activities, we are supposed to be cautious of the risks related to using the internet. Mitaka open source tool is a tool developed by Niseki Manabu. Using Mitaka we are able to easily search and be able to detect web pages and other components that are malicious. i.e. Files, email addresses, domains, links and other features used to distinguish malicious and non-malicious components.
This tool works as an extension on both Chrome web browser and the Firefox web browser. In this guide, I will be taking you through the installation and performing scans on various IoCs that are used.
Mitaka as an extension can run on any operating system as long as the system has either Chrome or Firefox browser installed.
Overview on Mitaka tool
Mitaka tool has various features within it that make it a better tool for open source intelligence for it has features which make it easily usable by users regardless of their technical knowledge., Some of these features include;
- It is easy to install since it is built as a browser extension.
- Compared to other such tools, it saves on cost since the tool is open source.
- It supports numerous scan engines and search engines to check the IoCs. Some examples of the supported search and scan engines include;
The tool supports the search for different indicators of compromise. These IoCs include;
- Cryptocurrency wallet addresses search. (BTC, ETH wallets)
- CVE numbers search
- Domain names search
- Email addresses search
- Google Adsense publisher ID and Google Analytics Tracker ID search
- IPv4 addresses search
- URLs search
Supported scan engines
Supported search engines
An updated list of all available search and scan engines list can be found on the tool’s official GitHub repository.
Installing the Mitaka OSINT tool is as easy as installing any other extension. You first go to Firefox Add-Ons and click on the install button to install the extension as shown in the image below.
While installing, Mitaka may require some additional permissions for it to run effectively.
- Permission to display notifications.
- Permission to change and read the data visited by the user.
Always make sure you allow the required permissions.
- While performing OSINT, some of the search engines will require you to provide an API Key (urlscan, HybridAnalysisand VirusTotal). These websites will require you to create an account with them on their website to be able to get your API Key.
Perform malware analysis
When downloading an application or a file from a website, we usually crosscheck the hash found on the website and the one generated on the client side after he/she downloads the file. In some cases, the user will rely on the scan made by antivirus programs installed on their computer.
Hackers use advanced malware which in some cases is not detected by the antivirus program installed on the computer. Using the Mitaka tool we can be able to perform a hash check of an application website against malware scanners found online to confirm its legitimacy as shown below.
Once the hash is found to be malicious, the summary and details of the malware found will be displayed on a new tab of the malware search engine.
Mitaka tool can also be used to perform analysis of suspicious emails. Different IoCs are cross-checked on various OSINT search engines to confirm the authenticity of the email. One of the analyses we can do is to check the suspected email reputation on various search engines online. We can also check for the reputation of the domain related to the email. Mitaka goes an extra step to check if the suspected email has accounts on other reputable sites such as LinkedIn, Facebook, Twitter and many other sites.
Checking email using emailrep.io
To check a suspicious email address using Mitaka we just highlight the email address then we chose to scan using the different email search tools found on the tool. Depending on the search engine you use to search the email, different information can be extracted from the search. In the image below, we can see search result for a suspicious email address using emailrep.io.
Checking malicious crypto address
We can also check for suspicious crypto currency addresses on the web using Mitaka. The tool will scan through various sites which have databases of crypto currency wallet addresses used by scammers and people with malicious intent around the world. The video below shows a scan for a sample bitcoin address I found online.
Checking a malicious IP address is similar to searching a malicious email only that in this search we are using search engines used to collect and store IP addresses associated with malicious activities around the globe. In the image below, we can see search results of an IP address I got from an online directory of malicious IPs.
In this guide, we have used Mitaka which is an open-source intelligence tool to check and confirm the authenticity of various components we interact with as we use the internet for our daily activities. All the checks have been done from within the browser without the need to copy an address or upload a file to a search engine with just a click of a button.
Despite having multiple search engines, Mitaka can be easily used by a user with no technical knowledge of how these IoCs are checked. This tool can be used by any type of user making it more efficient compared to other tools where you have to copy and paste whenever you want to perform a check.
The tool is in-browser and hence does not require the user to run another application to perform any type of scan. Mitaka can be used by both professions for forensic-related investigations and activities, and also by any user using the web browser to ensure his/her safety while interacting with different applications on the internet.