reconCTI: A Proactive Approach to Cyber-Threat Intelligence

TL;DR

reconCTI is a Python-based command-line tool that helps cybersecurity professionals and individuals proactively identify sensitive data leaks across surface and dark web platforms, enhancing threat awareness.

Contribution

the paper introduces reconCTI, a novel tool that integrates OSINT data collection with threat assessment using the MITRE ATT&CK framework for proactive cyber threat intelligence.

Findings

reconCTI effectively scans multiple sites for sensitive data leaks

the tool provides comprehensive threat reports with mitigation strategies

it supports early detection of cyber threats

Abstract

The rapid advancement of information technology has introduced a noticeable shift from traditional offline practices to more efficient and interconnected online environments. This transition, while offering convenience, has also increased exposure to various cyber threats such as identity theft, impersonation, and phishing scams. Reconnaissance, or briefly known as information gathering, is a key stage for threat actors, often relying on open-source intelligence (OSINT) to collect sensitive and extensive data on targets. In response to this challenge, this study introduces reconCTI, a command-line tool built using Python for Linux systems. The tool is designed to search for sensitive data leaks across both surface web and dark web platforms. It allows users to input specific keywords, scan multiple sites at once, and then assess the findings by referencing the MITRE ATT&CK framework. The results are compiled into a threat report that also includes possible mitigation strategies. reconCTI is intended to support both cybersecurity professionals and individuals in identifying risks early and taking appropriate action.