> For the complete documentation index, see [llms.txt](https://gitbook.seguranca-informatica.pt/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gitbook.seguranca-informatica.pt/tools/osint.md).

# OSINT

## Main Tools

[**FavFreak:**](https://github.com/devanshbatham/FavFreak) Weaponizing favicon.ico for BugBounties , OSINT and what not.

```
$ git clone https://github.com/devanshbatham/FavFreak
$ cd FavFreak
$ virtualenv -p python3 env
$ source env/bin/activate
$ python3 -m pip install mmh3
$ cat urls.txt | python3 favfreak.py 
```

{% tabs %}
{% tab title="Result - hashes" %}

```
$ cat urls.txt | python3 favfreak.py -o output
```

![](/files/-MWzntMRyXFUsRqr0HhI)
{% endtab %}

{% tab title="Pwning with Shodan" %}
http.favicon.hash:\[Favicon hash here]

![](/files/-MWznzRmX_Ftp4qAfRkj)

```
$ shodan search org:"Target" http.favicon.hash:116323821 --fields ip_str,port --separator " " | awk '{print $1":"$2}'
```

![](/files/-MWzoPv04TlQq6ix5WKR)
{% endtab %}
{% endtabs %}

Reference: <https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139>

&#x20;[**Goohak**](https://github.com/1N3/Goohak)**:** Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.

```
./goohak domain.com
```

[ **Smap**](https://github.com/s0md3v/Smap): passive Nmap like scanner built with shodan.io.

![](/files/9S65cpTwvY4nB7ZEupHJ)

{% embed url="<https://github.com/s0md3v/Smap>" %}

[**urlhunter**](https://github.com/utkusen/urlhunter): urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go.

{% embed url="<https://youtu.be/Ct086YRm7i8>" %}

[**//grep.app**](https://gitbook.seguranca-informatica.pt/tools/grep.app)**:** Search across a half million git repos.

![](/files/-MYUMHqiRPK1DvNkKpv5)

[**domain-check-2**](https://github.com/nixcraft/domain-check-2)**:** Domain Expiration Check Shell Script Forked and Maintained by nixCraft.

[**dns-domain-expiration-checker**](https://github.com/Matty9191/dns-domain-expiration-checker)**:** Send notifications when DNS domains are about to expire.

{% embed url="<https://www.expireddomains.net/>" %}

**sigurlfind3r** is a passive reconnaissance tool, it fetches known URLs from [**AlienVault's OTX**](https://otx.alienvault.com/), [**Common Crawl**](https://commoncrawl.org/), [**URLScan**](https://urlscan.io/), [**Github**](https://github.com/) and the [**Wayback Machine**](https://archive.org/web/).

{% embed url="<https://github.com/signedsecurity/sigurlfind3r>" %}

{% embed url="<https://github.com/UndeadSec/EvilURL>" %}

{% embed url="<https://youtu.be/COyFfSlexTw>" %}

[**sherlock**](https://github.com/sherlock-project/sherlock): Hunt down social media accounts by username across social networks.

![](/files/GLjUgTlg5dbN9dztB0Eo)

{% embed url="<https://github.com/sherlock-project/sherlock>" %}

[**TheHarvester**](https://github.com/laramies/theharvester)**:** E-mails, subdomains and names Harvester - OSINT.

{% embed url="<https://github.com/laramies/theharvester>" %}

[**Usernamesearch**](https://www.idcrawl.com/username) (web) : Uncover social media profiles and real people behind a username.

{% embed url="<https://www.idcrawl.com/username>" %}

{% embed url="<https://checkusernames.com>" %}

{% embed url="<https://usersearch.org/index.php>" %}

{% embed url="<https://instantusername.com/#/>" %}

[**IntelX**](https://intelx.io/) (web): Discovering everything.

{% embed url="<https://intelx.io>" %}

[**Spiderfoot**](https://github.com/smicallef/spiderfoot): SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

![](/files/jGN9psHGtWC2h04AG9rK)

{% embed url="<https://github.com/smicallef/spiderfoot>" %}

[**Creepy**](https://github.com/ilektrojohn/creepy): A geolocation OSINT tool. Offers geolocation information gathering through social networking platforms.

![](/files/U9c2lW6JNEYZ4pZSbKMY)

[**Twint**](https://github.com/twintproject/twint)**:** An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

![](/files/bm7eWkhGqT7cYsvLuCNg)

{% embed url="<https://github.com/twintproject/twint>" %}

[**Reddit Analyzer**](https://reddit-user-analyser.netlify.app/)**:** Reddit data correlation.

![](/files/Ei2gmlupapeICdPDqi6b)

{% embed url="<https://reddit-user-analyser.netlify.app>" %}

[**Googleadvcs**](https://www.google.com/advanced_search)**:** Google advance search.

![](/files/O1zQxV0EsMlRnfjcK4NZ)

{% embed url="<https://www.google.com/advanced_search>" %}

[**Telegram OSINT**](https://github.com/ItIsMeCall911/Awesome-Telegram-OSINT)**:** Resources about Telegram OSINT.

{% embed url="<https://github.com/ItIsMeCall911/Awesome-Telegram-OSINT>" %}

[**Reverse email search**](https://tools.epieos.com/email.php): Email Lookup tool.

{% embed url="<https://tools.epieos.com/email.php>" %}

[**Reverse phone searh:** ](https://demo.phoneinfoga.crvx.fr/#/)Phone Lookup tool.

{% embed url="<https://demo.phoneinfoga.crvx.fr/#/>" %}

[**Holehe OSINT**](https://github.com/megadose/holehe/):  Email to Registered Accounts.

![](/files/oXGbEneiCfQeTH8hEVn8)

{% embed url="<https://github.com/megadose/holehe>" %}

[**Thephonebook**](https://www.thephonebook.bt.com/person/): Phone numbers.

{% embed url="<https://www.thephonebook.bt.com/person>" %}

[**`Hinter.io:`**](https://hunter.io/) Find email addreesses in secounds.

{% embed url="<https://hunter.io>" %}

[**411.com**](https://www.411.com/): Find Contact Information on yourself or anyone else.

{% embed url="<https://www.411.com>" %}

[**Fonefinder**](https://www.fonefinder.net/): Fone Finder query form.

{% embed url="<https://www.fonefinder.net>" %}

[**BuiltWith**](https://builtwith.com/)**:** BuiltWith is a website profiling tool that shows current and historical information about a website's technology usage, technology versions, and hosting.

{% embed url="<https://builtwith.com/>" %}

[**ReNgine**](https://github.com/yogeshojha/rengine)**:** reNgine is an automated reconnaissance framework used for OSINT gathering that streamlines the recon process.

![](/files/I9VhVv5B365mnDCoqpFo)

[**Mac Address Lookup**](https://www.macvendorlookup.com/)**:** Find MAC vendors.&#x20;

{% embed url="<https://www.macvendorlookup.com>" %}

## People Search

[> Truepeoplesearch](https://www.truepeoplesearch.com/)\
[> Thatsthem](https://thatsthem.com/)\
[> Whitepages](https://whitepages.com/)\
[> Spokeo](https://www.spokeo.com/)\
[> Idcrawl](https://www.idcrawl.com/)\
[> Zabasearch](https://www.zabasearch.com/)\
[> Intelius](https://www.intelius.com/)\
[> Lullar](https://com.lullar.com/)\
[> Pipl](https://pipl.com/)\
[> Peekyou](https://www.peekyou.com/)\
[> Familytreenow](https://familytreenow.com/)\
[> Beenverified](https://www.beenverified.com/)\
[> Peoplefinder](https://www.peoplefinder.com/)\
[> Unicourt](https://unicourt.com/)\
[> Jailbase](https://www.jailbase.com/)\
[> Publicrecordsdir](https://publicrecords.directory/)

## Images And Videos

[> Exifdata](https://exifdata.com/)\
[> Pimeyes](https://pimeyes.com/)\
[> Tineye](https://tineye.com/)\
[> Youtube Metadata](https://citizenevidence.amnestyusa.org/)

[**megagoofil**](https://www.kali.org/tools/metagoofil/): Scan for documents from a domain (-d kali.org) that are PDF files (-t pdf), searching 100 results (-l 100), download 25 files (-n 25), saving the downloads to a directory (-o kalipdf), and saving the output to a file (-f kalipdf.html).

```
root@kali:~# metagoofil -d kali.org -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html

******************************************************
*     /\/\   ___| |_ __ _  __ _  ___   ___  / _(_) | *
*    /    \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
*   / /\/\ \  __/ || (_| | (_| | (_) | (_) |  _| | | *
*   \/    \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
*                         |___/                      *
* Metagoofil Ver 2.2                                 *
* Christian Martorella                               *
* Edge-Security.com                                  *
* cmartorella_at_edge-security.com                   *
******************************************************
['pdf']

[-] Starting online search...

[-] Searching for pdf files, with a limit of 100
        Searching 100 results...
Results: 21 files found
Starting to download 25 of them:
```

{% embed url="<https://www.kali.org/tools/metagoofil>" %}

## Recon

[> Maltego](https://www.maltego.com/)\
[> Recon-ng](https://tools.kali.org/information-gathering/recon-ng)\
[> Theharvester](https://github.com/laramies/theharvester)

## Web Archives

[> Archive.org](https://archive.org/)\
[> Archive.is](https://archive.is/)\
[> Archivedweb](https://archivedweb.com/)\
[> Arquivo.pt](https://arquivo.pt/)

## Multi Tool :tada:

{% embed url="<https://inteltechniques.com/tools/>" %}

{% embed url="<https://docs.google.com/spreadsheets/d/1JxBbMt4JvGr--G0Pkl3jP9VDTBunR2uD3_faZXDvhxc/edit#gid=164143315>" %}

{% embed url="<https://github.com/jivoi/awesome-osint>" %}
