reconCTI: A Proactive Approach to Cyber-Threat Intelligence
For cybersecurity professionals and individuals, the tool offers a proactive approach to early risk identification, but the contribution is incremental as it combines existing OSINT techniques and frameworks without novel methodology or performance benchmarks.
The paper introduces reconCTI, a Python-based command-line tool for searching sensitive data leaks on surface and dark web platforms, referencing the MITRE ATT&CK framework to compile threat reports with mitigation strategies. No quantitative results are provided.
The rapid advancement of information technology has introduced a noticeable shift from traditional offline practices to more efficient and interconnected online environments. This transition, while offering convenience, has also increased exposure to various cyber threats such as identity theft, impersonation, and phishing scams. Reconnaissance, or briefly known as information gathering, is a key stage for threat actors, often relying on open-source intelligence (OSINT) to collect sensitive and extensive data on targets. In response to this challenge, this study introduces reconCTI, a command-line tool built using Python for Linux systems. The tool is designed to search for sensitive data leaks across both surface web and dark web platforms. It allows users to input specific keywords, scan multiple sites at once, and then assess the findings by referencing the MITRE ATT&CK framework. The results are compiled into a threat report that also includes possible mitigation strategies. reconCTI is intended to support both cybersecurity professionals and individuals in identifying risks early and taking appropriate action.