Open Source Intelligence Solutions

Security has evolved to need better situational awareness as well as attribution in complex compromises. Packet Ninjas has answered that challenge through custom solutions we built for ourselves over the years to identify who, persistently monitor for team based situational awareness, as well as tools to identify the physical source and number of attackers which may be engaging with your company, brand or executive.

Strangely, we have found that hunting for vulnerabilities and the pursuit of exploit development, mixed with the search for forensic artifacts has complimented the get it done attitude that software development demands.

While hacking is different than creating, we have found the same hunter insticts and stubborn attitude against failure complimentory in the tools we created to help extend the capabilities of our clients.


SocialNet is a SaaS-based framework that integrates with Maltego to map social media entities, identifying connections between and among individuals. Some groups may call this social media forensics, while others characterize this as 'open source intelligence'. Regardless, SocialNet helps you map out online identities quickly and easily for an analyst.

  • Actor Identification
  • Automated link analysis
  • Open source intelligence
  • Actor and association identification
  • Aid in the identification of complex money-mule operations
  • Easily identify actors to expedite legal processes in investigations.

Identify other associates of actors to widen the scope of investigations.

SocialNet Automated Features

Identify actors by email address

Identify friends-of actors

Search by name

Open Source Intelligence Monitor - OIMonitor

OIMonitor™ provides intelligence and brand security for specialized intelligence gathered from multiple online sources. Whether the need is for daily intelligence briefs or specific keyword alerts, we provide customized intelligence solutions to address specific requirements. Our intelligence services and capabilities include:

  • Keyword analysis of adversaries
  • Preemptive and ongoing monitoring of hostile actors related to your industry
  • Ongoing adversary research
  • Threat feed based on recently attacked and compromised servers

Specific intelligence on actors

Enterprise Intelligence

Tactical real time updates

User-defined collection across data channels

Real time situation analysis

Spotter - Targeted Attribution Case Management System

Spotter is a SaaS-based application, or hardware appliance that helps investigators gain remote IP identification of a targeted person or persons. Spotter provides ways to gather identifying information on a target, including their IP address, without the target suspecting that the information is being gathered. Spotter helps investigators create, track and record multiple cases in which collected artifacts can be analyzed. Spotter records artifacts on the targeted adversary, which can help in identifying the source and size of the adversary. It also provides automated email alerts of unique hits.

Uses Cases

  • Actor Remote IP Identification
  • Frequency of information use
  • Aid in the identification of data leakage
  • Aid in cyber-bully actor identification
  • Case management
  • Browser fingerprinting
  • Frequency of alerts


Alias DB is a proprietary database of over 70,000 confirmed-threat actors who are documented with attribution and correlations of known associates. We offer a strategic partnership to contribute to and resell attribution data to enhance ongoing threat-intelligence investigations and active-targeting campaigns. AliasDB™ aids investigators in building dossiers on suspects while providing information that can be queried through a vast array of products. Alias DB is built on the historical data in the Zone-H Database with our enhancements.