# OSINT

## Main Tools

[**FavFreak:**](https://github.com/devanshbatham/FavFreak) Weaponizing favicon.ico for BugBounties , OSINT and what not.

```
$ git clone https://github.com/devanshbatham/FavFreak
$ cd FavFreak
$ virtualenv -p python3 env
$ source env/bin/activate
$ python3 -m pip install mmh3
$ cat urls.txt | python3 favfreak.py 
```

{% tabs %}
{% tab title="Result - hashes" %}

```
$ cat urls.txt | python3 favfreak.py -o output
```

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MWzmE4Hvh1LjqpFxdyO%2F-MWzntMRyXFUsRqr0HhI%2Fimage.png?alt=media\&token=d1200a26-f65f-4dfd-9c3a-20840be94db9)
{% endtab %}

{% tab title="Pwning with Shodan" %}
http.favicon.hash:\[Favicon hash here]

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MWzmE4Hvh1LjqpFxdyO%2F-MWznzRmX_Ftp4qAfRkj%2Fimage.png?alt=media\&token=541ec22c-5a90-4798-9a38-7de88b467a4f)

```
$ shodan search org:"Target" http.favicon.hash:116323821 --fields ip_str,port --separator " " | awk '{print $1":"$2}'
```

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MWzmE4Hvh1LjqpFxdyO%2F-MWzoPv04TlQq6ix5WKR%2Fimage.png?alt=media\&token=087d4700-1752-4d08-84a1-2bd9d9ed6c29)
{% endtab %}
{% endtabs %}

Reference: <https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139>

&#x20;[**Goohak**](https://github.com/1N3/Goohak)**:** Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.

```
./goohak domain.com
```

[ **Smap**](https://github.com/s0md3v/Smap): passive Nmap like scanner built with shodan.io.

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FWOMK5UaA1UyZU0MfJItP%2Fimage.png?alt=media\&token=2e3c90d1-e909-4390-9879-91ba72e1bc1c)

{% embed url="<https://github.com/s0md3v/Smap>" %}

[**urlhunter**](https://github.com/utkusen/urlhunter): urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go.

{% embed url="<https://youtu.be/Ct086YRm7i8>" %}

[**//grep.app**](https://grep.app)**:** Search across a half million git repos.

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MYUL-xKSOiPaRLOL63i%2F-MYUMHqiRPK1DvNkKpv5%2Fimage.png?alt=media\&token=d181b032-d2a4-4d9d-b787-acec5ca2adef)

[**domain-check-2**](https://github.com/nixcraft/domain-check-2)**:** Domain Expiration Check Shell Script Forked and Maintained by nixCraft.

[**dns-domain-expiration-checker**](https://github.com/Matty9191/dns-domain-expiration-checker)**:** Send notifications when DNS domains are about to expire.

{% embed url="<https://www.expireddomains.net/>" %}

**sigurlfind3r** is a passive reconnaissance tool, it fetches known URLs from [**AlienVault's OTX**](https://otx.alienvault.com/), [**Common Crawl**](https://commoncrawl.org/), [**URLScan**](https://urlscan.io/), [**Github**](https://github.com/) and the [**Wayback Machine**](https://archive.org/web/).

{% embed url="<https://github.com/signedsecurity/sigurlfind3r>" %}

{% embed url="<https://github.com/UndeadSec/EvilURL>" %}

{% embed url="<https://youtu.be/COyFfSlexTw>" %}

[**sherlock**](https://github.com/sherlock-project/sherlock): Hunt down social media accounts by username across social networks.

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FwRrR7SuyAysjOKPPUkgJ%2Fsherlock_demo.gif?alt=media\&token=f91720df-b56b-4364-9b2f-13f847a4434e)

{% embed url="<https://github.com/sherlock-project/sherlock>" %}

[**TheHarvester**](https://github.com/laramies/theharvester)**:** E-mails, subdomains and names Harvester - OSINT.

{% embed url="<https://github.com/laramies/theharvester>" %}

[**Usernamesearch**](https://www.idcrawl.com/username) (web) : Uncover social media profiles and real people behind a username.

{% embed url="<https://www.idcrawl.com/username>" %}

{% embed url="<https://checkusernames.com>" %}

{% embed url="<https://usersearch.org/index.php>" %}

{% embed url="<https://instantusername.com/#/>" %}

[**IntelX**](https://intelx.io/) (web): Discovering everything.

{% embed url="<https://intelx.io>" %}

[**Spiderfoot**](https://github.com/smicallef/spiderfoot): SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FXg8BNlAtGBqY0VIewXK1%2F68747470733a2f2f7777772e737069646572666f6f742e6e65742f77702d636f6e74656e742f75706c6f6164732f323032302f30382f537069646572466f6f742d332e312d62726f7773652e706e67.png?alt=media\&token=ef465084-3b65-4781-b14f-6cf37f4cd59e)

{% embed url="<https://github.com/smicallef/spiderfoot>" %}

[**Creepy**](https://github.com/ilektrojohn/creepy): A geolocation OSINT tool. Offers geolocation information gathering through social networking platforms.

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2Fc0QDboMnePwVlR8IkYv5%2Fimage.png?alt=media\&token=ef07697d-6d81-4474-8278-ee78c8b4f95a)

[**Twint**](https://github.com/twintproject/twint)**:** An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FBkoFrmr3sSV02Eh3lMtQ%2F68747470733a2f2f692e696d6775722e636f6d2f6961483373377a2e706e67.png?alt=media\&token=af558a20-6860-4864-9662-867151f58222)

{% embed url="<https://github.com/twintproject/twint>" %}

[**Reddit Analyzer**](https://reddit-user-analyser.netlify.app/)**:** Reddit data correlation.

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FxEulRJeRYLvU4hRgUrsj%2Fimage.png?alt=media\&token=446ebf93-c137-4e6e-a84b-9153821bbef5)

{% embed url="<https://reddit-user-analyser.netlify.app>" %}

[**Googleadvcs**](https://www.google.com/advanced_search)**:** Google advance search.

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FHOOSJs6pDQ2K80VvuyYb%2Fimage.png?alt=media\&token=dbd772f3-d1d5-4e33-8d27-6d52ee596efb)

{% embed url="<https://www.google.com/advanced_search>" %}

[**Telegram OSINT**](https://github.com/ItIsMeCall911/Awesome-Telegram-OSINT)**:** Resources about Telegram OSINT.

{% embed url="<https://github.com/ItIsMeCall911/Awesome-Telegram-OSINT>" %}

[**Reverse email search**](https://tools.epieos.com/email.php): Email Lookup tool.

{% embed url="<https://tools.epieos.com/email.php>" %}

[**Reverse phone searh:** ](https://demo.phoneinfoga.crvx.fr/#/)Phone Lookup tool.

{% embed url="<https://demo.phoneinfoga.crvx.fr/#/>" %}

[**Holehe OSINT**](https://github.com/megadose/holehe/):  Email to Registered Accounts.

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FuVTPP7vhgFfuDEXr53N9%2Fholehe-demo.gif?alt=media\&token=dbb0e0f0-fb0f-49b6-8458-691b3fe6b241)

{% embed url="<https://github.com/megadose/holehe>" %}

[**Thephonebook**](https://www.thephonebook.bt.com/person/): Phone numbers.

{% embed url="<https://www.thephonebook.bt.com/person>" %}

[**`Hinter.io:`**](https://hunter.io/) Find email addreesses in secounds.

{% embed url="<https://hunter.io>" %}

[**411.com**](https://www.411.com/): Find Contact Information on yourself or anyone else.

{% embed url="<https://www.411.com>" %}

[**Fonefinder**](https://www.fonefinder.net/): Fone Finder query form.

{% embed url="<https://www.fonefinder.net>" %}

[**BuiltWith**](https://builtwith.com/)**:** BuiltWith is a website profiling tool that shows current and historical information about a website's technology usage, technology versions, and hosting.

{% embed url="<https://builtwith.com/>" %}

[**ReNgine**](https://github.com/yogeshojha/rengine)**:** reNgine is an automated reconnaissance framework used for OSINT gathering that streamlines the recon process.

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWd-VcvRHVgUtkahm85%2Fuploads%2FsYJnzT4nsHliLfhT5iPd%2Fscan_results.gif?alt=media\&token=c2b79fe9-685d-4067-8e6a-8dfff2bcba70)

[**Mac Address Lookup**](https://www.macvendorlookup.com/)**:** Find MAC vendors.&#x20;

{% embed url="<https://www.macvendorlookup.com>" %}

## People Search

[> Truepeoplesearch](https://www.truepeoplesearch.com/)\
[> Thatsthem](https://thatsthem.com/)\
[> Whitepages](https://whitepages.com/)\
[> Spokeo](https://www.spokeo.com/)\
[> Idcrawl](https://www.idcrawl.com/)\
[> Zabasearch](https://www.zabasearch.com/)\
[> Intelius](https://www.intelius.com/)\
[> Lullar](https://com.lullar.com/)\
[> Pipl](https://pipl.com/)\
[> Peekyou](https://www.peekyou.com/)\
[> Familytreenow](https://familytreenow.com/)\
[> Beenverified](https://www.beenverified.com/)\
[> Peoplefinder](https://www.peoplefinder.com/)\
[> Unicourt](https://unicourt.com/)\
[> Jailbase](https://www.jailbase.com/)\
[> Publicrecordsdir](https://publicrecords.directory/)

## Images And Videos

[> Exifdata](https://exifdata.com/)\
[> Pimeyes](https://pimeyes.com/)\
[> Tineye](https://tineye.com/)\
[> Youtube Metadata](https://citizenevidence.amnestyusa.org/)

[**megagoofil**](https://www.kali.org/tools/metagoofil/): Scan for documents from a domain (-d kali.org) that are PDF files (-t pdf), searching 100 results (-l 100), download 25 files (-n 25), saving the downloads to a directory (-o kalipdf), and saving the output to a file (-f kalipdf.html).

```
root@kali:~# metagoofil -d kali.org -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html

******************************************************
*     /\/\   ___| |_ __ _  __ _  ___   ___  / _(_) | *
*    /    \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
*   / /\/\ \  __/ || (_| | (_| | (_) | (_) |  _| | | *
*   \/    \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
*                         |___/                      *
* Metagoofil Ver 2.2                                 *
* Christian Martorella                               *
* Edge-Security.com                                  *
* cmartorella_at_edge-security.com                   *
******************************************************
['pdf']

[-] Starting online search...

[-] Searching for pdf files, with a limit of 100
        Searching 100 results...
Results: 21 files found
Starting to download 25 of them:
```

{% embed url="<https://www.kali.org/tools/metagoofil>" %}

## Recon

[> Maltego](https://www.maltego.com/)\
[> Recon-ng](https://tools.kali.org/information-gathering/recon-ng)\
[> Theharvester](https://github.com/laramies/theharvester)

## Web Archives

[> Archive.org](https://archive.org/)\
[> Archive.is](https://archive.is/)\
[> Archivedweb](https://archivedweb.com/)\
[> Arquivo.pt](https://arquivo.pt/)

## Multi Tool :tada:

{% embed url="<https://inteltechniques.com/tools/>" %}

{% embed url="<https://docs.google.com/spreadsheets/d/1JxBbMt4JvGr--G0Pkl3jP9VDTBunR2uD3_faZXDvhxc/edit#gid=164143315>" %}

{% embed url="<https://github.com/jivoi/awesome-osint>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gitbook.seguranca-informatica.pt/tools/osint.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.