OSINT

Main Tools

FavFreak: Weaponizing favicon.ico for BugBounties , OSINT and what not.
1
$ git clone https://github.com/devanshbatham/FavFreak
2
$ cd FavFreak
3
$ virtualenv -p python3 env
4
$ source env/bin/activate
5
$ python3 -m pip install mmh3
6
$ cat urls.txt | python3 favfreak.py
Copied!
Result - hashes
Pwning with Shodan
1
$ cat urls.txt | python3 favfreak.py -o output
Copied!
http.favicon.hash:[Favicon hash here]
1
$ shodan search org:"Target" http.favicon.hash:116323821 --fields ip_str,port --separator " " | awk '{print $1":"$2}'
Copied!
Goohak: Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.
1
./goohak domain.com
Copied!
Smap: passive Nmap like scanner built with shodan.io.
GitHub - s0md3v/Smap: a drop-in replacement for Nmap powered by shodan.io
GitHub
urlhunter: urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go.
//grep.app: Search across a half million git repos.
domain-check-2: Domain Expiration Check Shell Script Forked and Maintained by nixCraft.
dns-domain-expiration-checker: Send notifications when DNS domains are about to expire.
Expired Domains | Daily Updated Domain Lists for 492 TLDs
sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault's OTX, Common Crawl, URLScan, Github and the Wayback Machine.
GitHub - signedsecurity/sigurlfind3r: A passive reconnaissance tool for known URLs discovery - it gathers a list of URLs passively using various online sources.
GitHub
GitHub - UndeadSec/EvilURL: Generate unicode domains for IDN Homograph Attack and detect them.
GitHub
sherlock: Hunt down social media accounts by username across social networks.
GitHub - sherlock-project/sherlock: 🔎 Hunt down social media accounts by username across social networks
GitHub
TheHarvester: E-mails, subdomains and names Harvester - OSINT.
GitHub - laramies/theHarvester: E-mails, subdomains and names Harvester - OSINT
GitHub
Usernamesearch (web) : Uncover social media profiles and real people behind a username.
https://www.idcrawl.com/username
www.idcrawl.com
CheckUsernames Searches over 100 Social Networks - KnowEm.com searches over 500
Check Usernames
Username Search | Search Dating Sites | Find User Profiles
Instant Username Search
IntelX (web): Discovering everything.
Intelligence X
Spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
GitHub - smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
GitHub
Creepy: A geolocation OSINT tool. Offers geolocation information gathering through social networking platforms.
Twint: An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.
GitHub - twintproject/twint: An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.
GitHub
Reddit Analyzer: Reddit data correlation.
Reddit User Analyser
Googleadvcs: Google advance search.
Google Advanced Search
Google
Telegram OSINT: Resources about Telegram OSINT.
GitHub - ItIsMeCall911/Awesome-Telegram-OSINT: 📚 A Curated List of Awesome Telegram OSINT Tools, Sites & Resources
GitHub
Reverse email search: Email Lookup tool.
Email Lookup
Reverse phone searh: Phone Lookup tool.
PhoneInfoga
Holehe OSINT: Email to Registered Accounts.
GitHub - megadose/holehe: holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
GitHub
Thephonebook: Phone numbers.
Find a Person | The Phone Book from BT
Hinter.io: Find email addreesses in secounds.
Find email addresses in seconds • Hunter (Email Hunter)
Hunter
411.com: Find Contact Information on yourself or anyone else.
Whitepages
Whitepages
Fonefinder: Fone Finder query form.
Fone Finder query form
Mac Address Lookup: Find MAC vendors.
MAC Address Lookup - MAC/OUI/IAB/IEEE Vendor Manufacturer Search

People Search

Images And Videos

megagoofil: Scan for documents from a domain (-d kali.org) that are PDF files (-t pdf), searching 100 results (-l 100), download 25 files (-n 25), saving the downloads to a directory (-o kalipdf), and saving the output to a file (-f kalipdf.html).
1
[email protected]:~# metagoofil -d kali.org -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html
2
3
******************************************************
4
* /\/\ ___| |_ __ _ __ _ ___ ___ / _(_) | *
5
* / \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
6
* / /\/\ \ __/ || (_| | (_| | (_) | (_) | _| | | *
7
* \/ \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
8
* |___/ *
9
* Metagoofil Ver 2.2 *
10
* Christian Martorella *
11
* Edge-Security.com *
12
* cmartorella_at_edge-security.com *
13
******************************************************
14
['pdf']
15
16
[-] Starting online search...
17
18
[-] Searching for pdf files, with a limit of 100
19
Searching 100 results...
20
Results: 21 files found
21
Starting to download 25 of them:
Copied!
metagoofil | Kali Linux Tools
Kali Linux

Recon

Web Archives

Last modified 2mo ago