OSINT

Main Tools

FavFreak: Weaponizing favicon.ico for BugBounties , OSINT and what not.

$ git clone https://github.com/devanshbatham/FavFreak
$ cd FavFreak
$ virtualenv -p python3 env
$ source env/bin/activate
$ python3 -m pip install mmh3
$ cat urls.txt | python3 favfreak.py 

Result - hashes

Pwning with Shodan

Copy

$ cat urls.txt | python3 favfreak.py -o output

Reference: https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139

Goohak: Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.

Smap: passive Nmap like scanner built with shodan.io.

GitHub - s0md3v/Smap: a drop-in replacement for Nmap powered by shodan.ioGitHub

urlhunter: urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go.

//grep.app: Search across a half million git repos.

domain-check-2: Domain Expiration Check Shell Script Forked and Maintained by nixCraft.

dns-domain-expiration-checker: Send notifications when DNS domains are about to expire.

Expired Domains | Daily Updated Domain Lists for 677 TLDswww.expireddomains.net

sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault's OTX, Common Crawl, URLScan, Github and the Wayback Machine.

GitHub - hueristiq/xurlfind3r: A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.GitHub

GitHub - UndeadSec/EvilURL: Generate unicode domains for IDN Homograph Attack and detect them.GitHub

sherlock: Hunt down social media accounts by username across social networks.

GitHub - sherlock-project/sherlock: Hunt down social media accounts by username across social networksGitHub

TheHarvester: E-mails, subdomains and names Harvester - OSINT.

GitHub - laramies/theHarvester: E-mails, subdomains and names Harvester - OSINTGitHub

Usernamesearch (web) : Uncover social media profiles and real people behind a username.

Find User Profiles | Dating Sites | UserSearchusersearch.org

Instant Username SearchInstant Username Search

IntelX (web): Discovering everything.

Intelligence Xintelx.io

Spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

GitHub - smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.GitHub

Creepy: A geolocation OSINT tool. Offers geolocation information gathering through social networking platforms.

Twint: An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

GitHub - twintproject/twint: An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.GitHub

Reddit Analyzer: Reddit data correlation.

Reddit User Analyserreddit-user-analyser.netlify.app

Googleadvcs: Google advance search.

Google Advanced Searchwww.google.com

Telegram OSINT: Resources about Telegram OSINT.

GitHub - ItIsMeCall911/Awesome-Telegram-OSINT: 📚 A Curated List of Awesome Telegram OSINT Tools, Sites & ResourcesGitHub

Reverse email search: Email Lookup tool.

Reverse phone searh: Phone Lookup tool.

Holehe OSINT: Email to Registered Accounts.

GitHub - megadose/holehe: holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.GitHub

Thephonebook: Phone numbers.

Hinter.io: Find email addreesses in secounds.

Find email addresses and send cold emails • HunterHunter

411.com: Find Contact Information on yourself or anyone else.

411 - White Pages | Find Phone Numbers, People, Addresses & Morewww.411.com

Fonefinder: Fone Finder query form.

Fone Finder query formwww.fonefinder.net

BuiltWith: BuiltWith is a website profiling tool that shows current and historical information about a website's technology usage, technology versions, and hosting.

BuiltWithBuiltWith

ReNgine: reNgine is an automated reconnaissance framework used for OSINT gathering that streamlines the recon process.

Mac Address Lookup: Find MAC vendors.

MAC Address Lookup - MAC/OUI/IAB/IEEE Vendor Manufacturer Searchwww.macvendorlookup.com

People Search

> Truepeoplesearch > Thatsthem > Whitepages > Spokeo > Idcrawl > Zabasearch > Intelius > Lullar > Pipl > Peekyou > Familytreenow > Beenverified > Peoplefinder > Unicourt > Jailbase > Publicrecordsdir

Images And Videos

> Exifdata > Pimeyes > Tineye > Youtube Metadata

megagoofil: Scan for documents from a domain (-d kali.org) that are PDF files (-t pdf), searching 100 results (-l 100), download 25 files (-n 25), saving the downloads to a directory (-o kalipdf), and saving the output to a file (-f kalipdf.html).

metagoofil | Kali Linux ToolsKali Linux

Recon

> Maltego > Recon-ng > Theharvester

Web Archives

> Archive.org > Archive.is > Archivedweb > Arquivo.pt

Multi Tool 🎉

IntelTechniques Search Toolinteltechniques.com

GitHub - jivoi/awesome-osint: :scream: A curated list of amazingly awesome OSINTGitHub