Red Teaming and Malware Analysis
  • About
  • Red Teaming
  • Cheat Sheet
    • Web
      • Misc
      • File Upload bypass
      • Authentication bypass
      • SQL Injection
      • XSS
      • XXE
      • Reverse-shell
      • Webshell
      • (De)Serialization
    • Active Directory
    • Services by port
      • Enum
      • 5060 - SIP
      • 25 - SMTP
      • 135 - RPC
      • 445 - SMB
      • 11211 - PHPMemCached
      • ldap
    • Hardening
    • Stuff
      • Basic tips/scripts
      • OpenBSD & NetBSD
      • File Transfer
      • Pivoting
  • Active Directory 101
    • Dumping Active Directory DNS using adidnsdump
    • PrintNightmare
    • From DFSCoercer to DA
  • Fuzzing and Web
    • Server Side Template Injection (SSTI)
    • Finding SSRF (all scope)
    • Format String Exploitation
    • Cache Poisoning using Nuclei
  • Initial Foothold
    • Browser In The Browser (BITB) Attack
    • Phishing with Office
      • Weaponizing XLM 4.0 macros
  • Privilege Escalation (Privesc)
    • AV/EDR Bypass
      • Bypass AV/EDR using Safe Mode
      • Resources
    • UAC bypass
    • Process migration like meterpreter
  • Lateral Movement (Pivoting)
    • From Windows VPN + Kali VPN + DC
      • By using Proxifier
  • Persistence
  • Command and Control (C&C)
    • CobaltStrike 101
      • Pivoting DMZ: weevely + ngrok + CS Pivot COMBO via Linux
      • Extras + Plugins
      • Resources
  • Data Exfiltration
    • Extracting certs/private keys from Windows using mimikatz and intercepting calls with burpsuite
  • CVE & Exploits / CTF
    • Privilege Escalation
    • Serialization
    • CVEs
      • CHIYU IoT devices
      • Chamilo-lms-1.11.x - From XSS to account takeover && backdoor implantation
    • CVE - Submission Guides
  • Tools
    • Intel
    • OSINT
    • DNS
    • WEB
      • API and WS Hacking
      • Web Discovery
      • Web Fuzzing
      • Path Traversal
      • GraphQL
      • JWT
    • Infrastructure and Network
      • Scan and Discovery
        • Network mapper
      • Automated Scanners
      • Misc
      • Active Directory
        • Burpsuite with Kerberos Auth
      • Cloud & Azure
      • Command and Control (C&C)
      • (De)serialization
      • Lateral Movement
      • Powershell
    • Privilege Escalation
    • Exfiltration
    • Persistence
    • Password & Cracking
      • Wordlists
      • Tips
      • Rainbow Crackalack
    • Static Code Analysis
    • Reporting
  • Resources
  • Pwnage
    • WiFi
      • HOSTAPD-WPE
      • Rogue APP
      • WPA3 Downgrade attack
    • NRF
    • rubber ducky
  • Malware Analysis
  • Unpacking
  • Basic tips
  • Malware instrumentation with frida
  • Tools
    • Debuggers / Disassemblers
    • Decompilers
    • Detection and Classification
    • Deobfuscation
    • Debugging and Reverse Engineering
    • Memory
    • File Analysis
    • Emulators
    • Network Traffic Analysis
    • Other
    • Online Tools
  • Resources
    • DFIR FTK Imager
    • Convert IP Range into CIDR
    • Parsing Large Raw Files and Excluding Country IP Address Ranges
    • Windows Logs Automation
      • amcache.hve
    • Windows EventViewer Analysis | DFIR
    • Prevent Windows shutdown after license expire
    • Firewall raw Logs
  • Mobile
    • Tools
    • Reverse iOS ipa
      • Jailbreak
      • Install Frida iPhone 5S
      • Frida instrumentation
      • Resources / Extra features
    • Reverse Android APKs
      • Android Dynamic Analysis
      • Bypass root + Frida
      • SSL unpining frida + Fiddler/Burp
      • Backdooring/patch APKs
    • Basic tips
    • Resources
  • IoT / Reverse / Firmware
    • Basic tips
      • Repair NTFS dirty disks
    • Reverse IoT devices
      • Reverse TP-Link Router TL-WR841N
      • Reverse Trendnet TS-S402 firmware
      • Full emulate Netgear WNAP320
      • Reverse ASUS RT-AC5300
      • Reverse LinkOne devices
    • Tools
      • Qemu + buildroot 101
      • Kernel
    • Resources
Powered by GitBook
On this page
  • Main Tools
  • People Search
  • Images And Videos
  • Recon
  • Web Archives
  • Multi Tool

Was this helpful?

  1. Tools

OSINT

PreviousIntelNextDNS

Last updated 2 years ago

Was this helpful?

Main Tools

Weaponizing favicon.ico for BugBounties , OSINT and what not.

$ git clone https://github.com/devanshbatham/FavFreak
$ cd FavFreak
$ virtualenv -p python3 env
$ source env/bin/activate
$ python3 -m pip install mmh3
$ cat urls.txt | python3 favfreak.py 
$ cat urls.txt | python3 favfreak.py -o output

http.favicon.hash:[Favicon hash here]

$ shodan search org:"Target" http.favicon.hash:116323821 --fields ip_str,port --separator " " | awk '{print $1":"$2}'
./goohak domain.com

People Search

Images And Videos

root@kali:~# metagoofil -d kali.org -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html

******************************************************
*     /\/\   ___| |_ __ _  __ _  ___   ___  / _(_) | *
*    /    \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
*   / /\/\ \  __/ || (_| | (_| | (_) | (_) |  _| | | *
*   \/    \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
*                         |___/                      *
* Metagoofil Ver 2.2                                 *
* Christian Martorella                               *
* Edge-Security.com                                  *
* cmartorella_at_edge-security.com                   *
******************************************************
['pdf']

[-] Starting online search...

[-] Searching for pdf files, with a limit of 100
        Searching 100 results...
Results: 21 files found
Starting to download 25 of them:

Recon

Web Archives

Reference:

: Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.

: passive Nmap like scanner built with shodan.io.

: urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go.

: Search across a half million git repos.

: Domain Expiration Check Shell Script Forked and Maintained by nixCraft.

: Send notifications when DNS domains are about to expire.

sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from , , , and the .

: Hunt down social media accounts by username across social networks.

: E-mails, subdomains and names Harvester - OSINT.

(web) : Uncover social media profiles and real people behind a username.

(web): Discovering everything.

: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

: A geolocation OSINT tool. Offers geolocation information gathering through social networking platforms.

: An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

: Reddit data correlation.

: Google advance search.

: Resources about Telegram OSINT.

: Email Lookup tool.

Phone Lookup tool.

: Email to Registered Accounts.

: Phone numbers.

Find email addreesses in secounds.

: Find Contact Information on yourself or anyone else.

: Fone Finder query form.

: BuiltWith is a website profiling tool that shows current and historical information about a website's technology usage, technology versions, and hosting.

: reNgine is an automated reconnaissance framework used for OSINT gathering that streamlines the recon process.

: Find MAC vendors.

: Scan for documents from a domain (-d kali.org) that are PDF files (-t pdf), searching 100 results (-l 100), download 25 files (-n 25), saving the downloads to a directory (-o kalipdf), and saving the output to a file (-f kalipdf.html).

Multi Tool

🎉
https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139
Goohak
Smap
urlhunter
//grep.app
domain-check-2
dns-domain-expiration-checker
AlienVault's OTX
Common Crawl
URLScan
Github
Wayback Machine
sherlock
TheHarvester
Usernamesearch
IntelX
Spiderfoot
Creepy
Twint
Reddit Analyzer
Googleadvcs
Telegram OSINT
Reverse email search
Reverse phone searh:
Holehe OSINT
Thephonebook
Hinter.io:
411.com
Fonefinder
BuiltWith
ReNgine
Mac Address Lookup
> Truepeoplesearch
> Thatsthem
> Whitepages
> Spokeo
> Idcrawl
> Zabasearch
> Intelius
> Lullar
> Pipl
> Peekyou
> Familytreenow
> Beenverified
> Peoplefinder
> Unicourt
> Jailbase
> Publicrecordsdir
> Exifdata
> Pimeyes
> Tineye
> Youtube Metadata
megagoofil
> Maltego
> Recon-ng
> Theharvester
> Archive.org
> Archive.is
> Archivedweb
> Arquivo.pt
LogoExpired Domains | Daily Updated Domain Lists for 492 TLDs
FavFreak:
LogoGitHub - UndeadSec/EvilURL: Generate unicode domains for IDN Homograph Attack and detect them.GitHub
LogoGitHub - sherlock-project/sherlock: 🔎 Hunt down social media accounts by username across social networksGitHub
LogoGitHub - laramies/theHarvester: E-mails, subdomains and names Harvester - OSINTGitHub
https://www.idcrawl.com/usernamewww.idcrawl.com
LogoCheckUsernames Searches over 100 Social Networks - KnowEm.com searches over 500Check Usernames
LogoUsername Search | Search Dating Sites | Find User Profiles
LogoInstant Username Search
LogoIntelligence X
LogoGitHub - smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.GitHub
LogoGitHub - twintproject/twint: An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.GitHub
LogoReddit User Analyser
LogoGoogle Advanced SearchGoogle
LogoGitHub - ItIsMeCall911/Awesome-Telegram-OSINT: 📚 A Curated List of Awesome Telegram OSINT Tools, Sites & ResourcesGitHub
LogoEmail Lookup
LogoPhoneInfoga
LogoGitHub - megadose/holehe: holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.GitHub
LogoFind a Person | The Phone Book from BT
LogoFind email addresses in seconds • Hunter (Email Hunter)Hunter
LogoWhitepagesWhitepages
LogoFone Finder query form
https://builtwith.com/builtwith.com
LogoMAC Address Lookup - MAC/OUI/IAB/IEEE Vendor Manufacturer Search
Logometagoofil | Kali Linux ToolsKali Linux
LogoIntelTechniques OSINT Online Search Tool
LogoGitHub - jivoi/awesome-osint: A curated list of amazingly awesome OSINTGitHub
LogoGitHub - signedsecurity/sigurlfind3r: A passive reconnaissance tool for known URLs discovery - it gathers a list of URLs passively using various online sources.GitHub
LogoGitHub - s0md3v/Smap: a drop-in replacement for Nmap powered by shodan.ioGitHub