Main Tools

FavFreak: Weaponizing favicon.ico for BugBounties , OSINT and what not.
$ git clone
$ cd FavFreak
$ virtualenv -p python3 env
$ source env/bin/activate
$ python3 -m pip install mmh3
$ cat urls.txt | python3
Result - hashes
Pwning with Shodan
$ cat urls.txt | python3 -o output
http.favicon.hash:[Favicon hash here]
$ shodan search org:"Target" http.favicon.hash:116323821 --fields ip_str,port --separator " " | awk '{print $1":"$2}'
Goohak: Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.
Smap: passive Nmap like scanner built with
urlhunter: urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as and The project is written in Go.
// Search across a half million git repos.
domain-check-2: Domain Expiration Check Shell Script Forked and Maintained by nixCraft.
dns-domain-expiration-checker: Send notifications when DNS domains are about to expire.
sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault's OTX, Common Crawl, URLScan, Github and the Wayback Machine.
sherlock: Hunt down social media accounts by username across social networks.
TheHarvester: E-mails, subdomains and names Harvester - OSINT.
Usernamesearch (web) : Uncover social media profiles and real people behind a username.
IntelX (web): Discovering everything.
Spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Creepy: A geolocation OSINT tool. Offers geolocation information gathering through social networking platforms.
Twint: An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.
Reddit Analyzer: Reddit data correlation.
Googleadvcs: Google advance search.
Telegram OSINT: Resources about Telegram OSINT.
Reverse email search: Email Lookup tool.
Reverse phone searh: Phone Lookup tool.
Holehe OSINT: Email to Registered Accounts.
Thephonebook: Phone numbers. Find email addreesses in secounds. Find Contact Information on yourself or anyone else.
Fonefinder: Fone Finder query form.
BuiltWith: BuiltWith is a website profiling tool that shows current and historical information about a website's technology usage, technology versions, and hosting.
ReNgine: reNgine is an automated reconnaissance framework used for OSINT gathering that streamlines the recon process.
Mac Address Lookup: Find MAC vendors.

Images And Videos

megagoofil: Scan for documents from a domain (-d that are PDF files (-t pdf), searching 100 results (-l 100), download 25 files (-n 25), saving the downloads to a directory (-o kalipdf), and saving the output to a file (-f kalipdf.html).
[email protected]:~# metagoofil -d -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html
* /\/\ ___| |_ __ _ __ _ ___ ___ / _(_) | *
* / \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
* / /\/\ \ __/ || (_| | (_| | (_) | (_) | _| | | *
* \/ \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
* |___/ *
* Metagoofil Ver 2.2 *
* Christian Martorella *
* *
* *
[-] Starting online search...
[-] Searching for pdf files, with a limit of 100
Searching 100 results...
Results: 21 files found
Starting to download 25 of them:


Web Archives

Multi Tool

Last modified 6mo ago