# OSINT ## Main Tools [**FavFreak:**](https://github.com/devanshbatham/FavFreak) Weaponizing favicon.ico for BugBounties , OSINT and what not. ``` $ git clone https://github.com/devanshbatham/FavFreak $ cd FavFreak $ virtualenv -p python3 env $ source env/bin/activate $ python3 -m pip install mmh3 $ cat urls.txt | python3 favfreak.py ``` {% tabs %} {% tab title="Result - hashes" %} ``` $ cat urls.txt | python3 favfreak.py -o output ``` ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MWzmE4Hvh1LjqpFxdyO%2F-MWzntMRyXFUsRqr0HhI%2Fimage.png?alt=media\&token=d1200a26-f65f-4dfd-9c3a-20840be94db9) {% endtab %} {% tab title="Pwning with Shodan" %} http.favicon.hash:\[Favicon hash here] ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MWzmE4Hvh1LjqpFxdyO%2F-MWznzRmX_Ftp4qAfRkj%2Fimage.png?alt=media\&token=541ec22c-5a90-4798-9a38-7de88b467a4f) ``` $ shodan search org:"Target" http.favicon.hash:116323821 --fields ip_str,port --separator " " | awk '{print $1":"$2}' ``` ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MWzmE4Hvh1LjqpFxdyO%2F-MWzoPv04TlQq6ix5WKR%2Fimage.png?alt=media\&token=087d4700-1752-4d08-84a1-2bd9d9ed6c29) {% endtab %} {% endtabs %} Reference: [**Goohak**](https://github.com/1N3/Goohak)**:** Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target. ``` ./goohak domain.com ``` [ **Smap**](https://github.com/s0md3v/Smap): passive Nmap like scanner built with shodan.io. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FWOMK5UaA1UyZU0MfJItP%2Fimage.png?alt=media\&token=2e3c90d1-e909-4390-9879-91ba72e1bc1c) {% embed url="" %} [**urlhunter**](https://github.com/utkusen/urlhunter): urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go. {% embed url="" %} [**//grep.app**](https://grep.app)**:** Search across a half million git repos. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MYUL-xKSOiPaRLOL63i%2F-MYUMHqiRPK1DvNkKpv5%2Fimage.png?alt=media\&token=d181b032-d2a4-4d9d-b787-acec5ca2adef) [**domain-check-2**](https://github.com/nixcraft/domain-check-2)**:** Domain Expiration Check Shell Script Forked and Maintained by nixCraft. [**dns-domain-expiration-checker**](https://github.com/Matty9191/dns-domain-expiration-checker)**:** Send notifications when DNS domains are about to expire. {% embed url="" %} **sigurlfind3r** is a passive reconnaissance tool, it fetches known URLs from [**AlienVault's OTX**](https://otx.alienvault.com/), [**Common Crawl**](https://commoncrawl.org/), [**URLScan**](https://urlscan.io/), [**Github**](https://github.com/) and the [**Wayback Machine**](https://archive.org/web/). {% embed url="" %} {% embed url="" %} {% embed url="" %} [**sherlock**](https://github.com/sherlock-project/sherlock): Hunt down social media accounts by username across social networks. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FwRrR7SuyAysjOKPPUkgJ%2Fsherlock_demo.gif?alt=media\&token=f91720df-b56b-4364-9b2f-13f847a4434e) {% embed url="" %} [**TheHarvester**](https://github.com/laramies/theharvester)**:** E-mails, subdomains and names Harvester - OSINT. {% embed url="" %} [**Usernamesearch**](https://www.idcrawl.com/username) (web) : Uncover social media profiles and real people behind a username. {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} [**IntelX**](https://intelx.io/) (web): Discovering everything. {% embed url="" %} [**Spiderfoot**](https://github.com/smicallef/spiderfoot): SpiderFoot automates OSINT for threat intelligence and mapping your attack surface. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FXg8BNlAtGBqY0VIewXK1%2F68747470733a2f2f7777772e737069646572666f6f742e6e65742f77702d636f6e74656e742f75706c6f6164732f323032302f30382f537069646572466f6f742d332e312d62726f7773652e706e67.png?alt=media\&token=ef465084-3b65-4781-b14f-6cf37f4cd59e) {% embed url="" %} [**Creepy**](https://github.com/ilektrojohn/creepy): A geolocation OSINT tool. Offers geolocation information gathering through social networking platforms. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2Fc0QDboMnePwVlR8IkYv5%2Fimage.png?alt=media\&token=ef07697d-6d81-4474-8278-ee78c8b4f95a) [**Twint**](https://github.com/twintproject/twint)**:** An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FBkoFrmr3sSV02Eh3lMtQ%2F68747470733a2f2f692e696d6775722e636f6d2f6961483373377a2e706e67.png?alt=media\&token=af558a20-6860-4864-9662-867151f58222) {% embed url="" %} [**Reddit Analyzer**](https://reddit-user-analyser.netlify.app/)**:** Reddit data correlation. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FxEulRJeRYLvU4hRgUrsj%2Fimage.png?alt=media\&token=446ebf93-c137-4e6e-a84b-9153821bbef5) {% embed url="" %} [**Googleadvcs**](https://www.google.com/advanced_search)**:** Google advance search. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FHOOSJs6pDQ2K80VvuyYb%2Fimage.png?alt=media\&token=dbd772f3-d1d5-4e33-8d27-6d52ee596efb) {% embed url="" %} [**Telegram OSINT**](https://github.com/ItIsMeCall911/Awesome-Telegram-OSINT)**:** Resources about Telegram OSINT. {% embed url="" %} [**Reverse email search**](https://tools.epieos.com/email.php): Email Lookup tool. {% embed url="" %} [**Reverse phone searh:** ](https://demo.phoneinfoga.crvx.fr/#/)Phone Lookup tool. {% embed url="" %} [**Holehe OSINT**](https://github.com/megadose/holehe/): Email to Registered Accounts. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FuVTPP7vhgFfuDEXr53N9%2Fholehe-demo.gif?alt=media\&token=dbb0e0f0-fb0f-49b6-8458-691b3fe6b241) {% embed url="" %} [**Thephonebook**](https://www.thephonebook.bt.com/person/): Phone numbers. {% embed url="" %} [**`Hinter.io:`**](https://hunter.io/) Find email addreesses in secounds. {% embed url="" %} [**411.com**](https://www.411.com/): Find Contact Information on yourself or anyone else. {% embed url="" %} [**Fonefinder**](https://www.fonefinder.net/): Fone Finder query form. {% embed url="" %} [**BuiltWith**](https://builtwith.com/)**:** BuiltWith is a website profiling tool that shows current and historical information about a website's technology usage, technology versions, and hosting. {% embed url="" %} [**ReNgine**](https://github.com/yogeshojha/rengine)**:** reNgine is an automated reconnaissance framework used for OSINT gathering that streamlines the recon process. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FsYJnzT4nsHliLfhT5iPd%2Fscan_results.gif?alt=media\&token=c2b79fe9-685d-4067-8e6a-8dfff2bcba70) [**Mac Address Lookup**](https://www.macvendorlookup.com/)**:** Find MAC vendors. {% embed url="" %} ## People Search [> Truepeoplesearch](https://www.truepeoplesearch.com/)\ [> Thatsthem](https://thatsthem.com/)\ [> Whitepages](https://whitepages.com/)\ [> Spokeo](https://www.spokeo.com/)\ [> Idcrawl](https://www.idcrawl.com/)\ [> Zabasearch](https://www.zabasearch.com/)\ [> Intelius](https://www.intelius.com/)\ [> Lullar](https://com.lullar.com/)\ [> Pipl](https://pipl.com/)\ [> Peekyou](https://www.peekyou.com/)\ [> Familytreenow](https://familytreenow.com/)\ [> Beenverified](https://www.beenverified.com/)\ [> Peoplefinder](https://www.peoplefinder.com/)\ [> Unicourt](https://unicourt.com/)\ [> Jailbase](https://www.jailbase.com/)\ [> Publicrecordsdir](https://publicrecords.directory/) ## Images And Videos [> Exifdata](https://exifdata.com/)\ [> Pimeyes](https://pimeyes.com/)\ [> Tineye](https://tineye.com/)\ [> Youtube Metadata](https://citizenevidence.amnestyusa.org/) [**megagoofil**](https://www.kali.org/tools/metagoofil/): Scan for documents from a domain (-d kali.org) that are PDF files (-t pdf), searching 100 results (-l 100), download 25 files (-n 25), saving the downloads to a directory (-o kalipdf), and saving the output to a file (-f kalipdf.html). ``` root@kali:~# metagoofil -d kali.org -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html ****************************************************** * /\/\ ___| |_ __ _ __ _ ___ ___ / _(_) | * * / \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | * * / /\/\ \ __/ || (_| | (_| | (_) | (_) | _| | | * * \/ \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| * * |___/ * * Metagoofil Ver 2.2 * * Christian Martorella * * Edge-Security.com * * cmartorella_at_edge-security.com * ****************************************************** ['pdf'] [-] Starting online search... [-] Searching for pdf files, with a limit of 100 Searching 100 results... Results: 21 files found Starting to download 25 of them: ``` {% embed url="" %} ## Recon [> Maltego](https://www.maltego.com/)\ [> Recon-ng](https://tools.kali.org/information-gathering/recon-ng)\ [> Theharvester](https://github.com/laramies/theharvester) ## Web Archives [> Archive.org](https://archive.org/)\ [> Archive.is](https://archive.is/)\ [> Archivedweb](https://archivedweb.com/)\ [> Arquivo.pt](https://arquivo.pt/) ## Multi Tool :tada: {% embed url="" %} {% embed url="" %} {% embed url="" %}