OSINT

Sock Puppets

Creating an Effective Sock Puppet for OSINT Investigations Introduction

https://jakecreps.com/2018/11/02/sock-puppets/jakecreps.com

The Art Of The Sock

The Art Of The SockSecjuice

Reddit My process for setting up anonymous sockpuppet accounts

Fake Name Generator

Get a whole new identity at the Fake Name GeneratorFake Name Generator

This Person Does not Exist

This Person Does Not Exist

Privacy.com

Privacy — Seamless & Secure Online Card PaymentsPrivacy

Email OSINT

Hunter.io

Find email addresses in seconds • Hunter (Email Hunter)Hunter

Phonebook.cz

Phonebook.cz - Intelligence X

VoilaNorbert

Email Finder: Free 50 Verified Email Addresses - VoilaNorbertNorbert

Email-Hippo

Email Address Verifier - Validate and Check In Real Time

Email-Checker

Email Checker - Verify Email Address Online

Clearbit-Connect

Clearbit Connect - Supercharge Gmail™

Password OSINT

PWDQuery

pwd query

h8mail

GitHub - khast3x/h8mail: Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related emailGitHub

Breachdirectory

BreachDirectory - Check If Your Email or Username was Compromised

Dehashed

DeHashed — #FreeThePassword

WeLeakInfo

https://weleakinfo.to/v2/weleakinfo.to

LeakCheck

LeakCheck - Find out if your credentials have been compromised

SnusBase

Snusbase Database Search Enginepublicdbhost

Scylla.sh

https://scylla.sh/scylla.sh

Have I Been Pwned

Have I Been Pwned: Check if your email has been compromised in a data breach

Breached Credentials

# https://github.com/hmaverickadams/breach-parse
bash breach-parse.sh @company.com company.com "BreachCompilation/"

Image OSINT

Google Image Search

Google Images

Yandex

https://yandex.com/yandex.com

TinEye

TinEye Reverse Image Search

Jeffreys Image Metadata Viewer

Jeffrey Friedl's Image Metadata Viewer

GeoGuessr

GeoGuessr - Let's explore the world!

GeoGuessr The Top Tips Tricks and Techniques

GeoGuessr- The Top Tips, Tricks and TechniquesThe Digital Labyrinth

Username OSINT

NameChk

Namechk - Username and Domain Name Checker - Search All Domain Names and User Names to see if they're availableNamechk

WhatsMyName

WhatsMyName Web

NameCheckup

NameCheckup - Find Available Username

People OSINT

WhitePages

WhitepagesWhitepages

TruePeopleSearch

https://www.truepeoplesearch.com/www.truepeoplesearch.com

FastPeopleSearch

https://www.fastpeoplesearch.com/www.fastpeoplesearch.com

FastBackgroundCheck

Fast Background Check - People Search, Address Search & Phone LookupFastBackgroundCheck.com

WebMii

Webmii

PeekYou

PeekYou - People Search Made EasyPeekYou.com

411

WhitepagesWhitepages

Spokeo

Spokeo - People Search | White Pages | Reverse Phone LookupSpokeo

ThatsThem

Free People Search | Reverse Phone Lookup | ThatsThemThatsThem.com

Voter-Records

https://voterrecords.comvoterrecords.com

TrueCaller

Truecaller - Leading Global Caller ID & Call Blocking AppTruecaller

Caller-ID-Test

CallerID Test - Test your CallerID / CNAM for free

Infobel

International-Infobel-Annuaire téléphonique

Social Media OSINT

# Twitter
from:username since:2019/03/01 until:2019/04/01
to:username
@username
geocode:$geo_code,10km

Twitter-Advanced-Search

https://twitter.com/search-advancedTwitter

Social Bearing

Twitter Analytics for Tweets, Timelines & Twitter Maps | Social Bearing

Twitonomy

Twitonomy: Twitter #analytics and much more...

Sleeping Time

Sleeping TimeSleeping Time

Mention Mapp

Mentionmapp Analytics | Social Network Analysis & InsightsMentionmapp Analytics | Social Network Analysis & Insights

Tweetbeaver

https://tweetbeaver.com/tweetbeaver.com

SpoonBill

Spoonbill

Tinfoleak

tinfoleak | Free dossier of a twitter user

TweetDeck

TweetDeckTweetDeck

Sowdust

SOWsearch has moved!

Intelx-Facebook-Search

Tools - Intelligence X

Wopita

https://wopita.com/

Code-of-a-Ninja

Find Instagram User ID - Fastest way to get Instagram account numeric ID by username.

InstaDP

Instadp - View Insta dp at full size - Instagram profile picture downloader

ImgInn

download instagram stories highlights, photos and videos online - ImgInn.com

Snap-Map

Snap MapSnap Map

Website OSINT

BuiltWith

https://builtwith.com/builtwith.com

Domain-Dossier

Free online network tools - traceroute, nslookup, dig, whois lookup, ping - IPv6

DNSlytics-Reverse-IP

Reverse IP - Find websites hosted on the same IP address, server or subnet

SpyOnWeb

SpyOnWeb.com Research Tool - Internet Competitive Intelligence

VirusTotal

VirusTotalVirusTotal

Visual-Ping

Website checker, website change detection, monitoring and alertsvisualping

Back Link Watch

Backlinks Checker Tool - Backlink Watch

viewdns.info

https://viewdns.info/viewdns.info

Pentest Tools Subdomain Finder

Free subdomain finder online 🛡️ find subdomains of domainPentest-Tools.com

Spyse

Spyse — Internet Assets Search Engine

crt.sh

crt.sh | Certificate Search

Shodan

ShodanShodan

Wayback Machine

Wayback Machine

Business OSINT

AI-HIT

The Company Database | aiHit

Open Corporates

OpenCorporates :: The Open Database Of The Corporate World

Wireless OSINT

WiGLE

WiGLE: Wireless Network Mapping

Working with OSINT Tools

Linux Tools

theHarvester -d tesla.com -b all
recon-ng

h8mail

GitHub - khast3x/h8mail: Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related emailGitHub

breach-parse

GitHub - hmaverickadams/breach-parse: A tool for parsing breached passwordsGitHub

Twint

GitHub - twintproject/twint: An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.GitHub

Subfinder

GitHub - projectdiscovery/subfinder: Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.GitHub

Assetfinder

GitHub - tomnomnom/assetfinder: Find domains and subdomains related to a given domainGitHub

httprobe

GitHub - tomnomnom/httprobe: Take a list of domains and probe for working HTTP and HTTPS serversGitHub

Amass

GitHub - OWASP/Amass: In-depth Attack Surface Mapping and Asset DiscoveryGitHub

GoWitness

Installation · sensepost/gowitness WikiGitHub

Hunchly

Hunchly - OSINT Software for Cybersecurity, Law Enforcement, Journalists, Private Investigators and more.

OSINT Automation Foundations

#!/bin/bash

domain=$1
RED="\033[1;31m"
RESET="\033[0m"

info_path=$domain/info
subdomain_path=$domain/subdomains
screenshot_path=$domain/screenshots

if [ ! -d "$domain" ];then
    mkdir $domain
fi

if [ ! -d "$info_path" ];then
    mkdir $info_path
fi

if [ ! -d "$subdomain_path" ];then
    mkdir $subdomain_path
fi

if [ ! -d "$screenshot_path" ];then
    mkdir $screenshot_path
fi

echo -e "${RED} [+] Checkin' who it is...${RESET}"
whois $1 > $info_path/whois.txt

echo -e "${RED} [+] Launching subfinder...${RESET}"
subfinder -d $domain > $subdomain_path/found.txt

echo -e "${RED} [+] Running assetfinder...${RESET}"
assetfinder $domain | grep $domain >> $subdomain_path/found.txt

#echo -e "${RED} [+] Running Amass. This could take a while...${RESET}"
#amass enum -d $domain >> $subdomain_path/found.txt

echo -e "${RED} [+] Checking what's alive...${RESET}"
cat $subdomain_path/found.txt | grep $domain | sort -u | httprobe -prefer-https | grep https | sed 's/https\?:\/\///' | tee -a $subdomain_path/alive.txt

echo -e "${RED} [+] Taking dem screenshotz...${RESET}"
gowitness file -f $subdomain_path/alive.txt -P $screenshot_path/ --no-http

OSINT Flowcharts

Search Engine OSINT

site:github.com
Term1 AND Term2
Term1 OR Term2
Term1 * Term3
site:tesla.com password filetype:pdf
site:tesla.com -www -shop
filetype:pdf  inurl:file  intext:password

Google Advanced Search

Google Advanced SearchGoogle

Google Search Guide

Yandex

https://yandex.com/yandex.com

DuckDuckGo

DuckDuckGo — Privacy, simplified.DuckDuckGo