OSINT

Sock Puppets

Creating an Effective Sock Puppet for OSINT Investigations Introduction

https://jakecreps.com/2018/11/02/sock-puppets/jakecreps.com

The Art Of The Sock

https://www.secjuice.com/the-art-of-the-sock-osint-humint/www.secjuice.com

Reddit My process for setting up anonymous sockpuppet accounts

Fake Name Generator

https://www.fakenamegenerator.com/www.fakenamegenerator.com

This Person Does not Exist

Privacy.com

Privacy.com Virtual Cards – Secure, Temporary Cardsprivacy.com

Email OSINT

Hunter.io

Find email addresses and send cold emails • HunterHunter

Phonebook.cz

Phonebook.cz - Intelligence Xphonebook.cz

VoilaNorbert

Email Finder: Free 50 Verified Email Addresses - VoilaNorbertNorbert

Email-Hippo

Free Email Address Verifier: Verify An Email Address In Real Timetools.verifyemailaddress.io

Email-Checker

Email Checker - Verify Email Address Onlineemail-checker.net

Clearbit-Connect

Chrome Web Storechrome.google.com

Password OSINT

PWDQuery

https://pwdquery.xyz/pwdquery.xyz

h8mail

GitHub - khast3x/h8mail: Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related emailGitHub

Breachdirectory

https://breachdirectory.org/index.htmlbreachdirectory.org

Dehashed

DeHashed — #FreeThePassworddehashed.com

WeLeakInfo

https://weleakinfo.to/v2/weleakinfo.to

LeakCheck

LeakCheck - Find out if your credentials have been compromisedleakcheck.io

SnusBase

Snusbase Database Search Enginepublicdbhost

Scylla.sh

https://scylla.sh/scylla.sh

Have I Been Pwned

Have I Been Pwned: Check if your email address has been exposed in a data breachHave I Been Pwned

Breached Credentials

# https://github.com/hmaverickadams/breach-parse
bash breach-parse.sh @company.com company.com "BreachCompilation/"

Image OSINT

Google Image Search

Google Imagesimages.google.com

Yandex

YandexYandex

TinEye

https://tineye.com/tineye.com

Jeffreys Image Metadata Viewer

http://exif.regex.info/exif.cgiexif.regex.info

GeoGuessr

GeoGuessr - Let's explore the world!www.geoguessr.com

GeoGuessr The Top Tips Tricks and Techniques

GeoGuessr- The Top Tips, Tricks and TechniquesThe Digital Labyrinth

Username OSINT

NameChk

Namechk - Username and Domain Name Checker - Search All Domain Names and User Names to see if they're availableNamechk

WhatsMyName

https://whatsmyname.app/whatsmyname.app

NameCheckup

namecheckup.com - Find Available Username TESTnamecheckup.com

People OSINT

WhitePages

Whitepages® - Official Site | Find People, Phone Numbers, Addresses & MoreWhitepages

TruePeopleSearch

https://www.truepeoplesearch.com/www.truepeoplesearch.com

FastPeopleSearch

https://www.fastpeoplesearch.com/www.fastpeoplesearch.com

FastBackgroundCheck

https://www.fastbackgroundcheck.com/www.fastbackgroundcheck.com

WebMii

Webmiiwebmii.com

PeekYou

PeekYou - Free People Search Engine | Find Anyone OnlinePeekYou.com

411

411 - White Pages | Find Phone Numbers, People, Addresses & Morewww.411.com

Spokeo

Spokeo - People Search | White Pages | Reverse Phone LookupSpokeo

ThatsThem

Free People Search | Reverse Phone Lookup | ThatsThemThatsThem.com

Voter-Records

Voter Registration Recordsvoterrecords.com

TrueCaller

Truecaller – Identify Unknown Callers & Block Spam CallsTruecaller

Caller-ID-Test

Site Maintenancecalleridtest.com

Infobel

Annuaire mondial des entreprises | Infobelwww.infobel.com

# Twitter
from:username since:2019/03/01 until:2019/04/01
to:username
@username
geocode:$geo_code,10km

Twitter-Advanced-Search

https://twitter.com/search-advancedX (formerly Twitter)

Social Bearing

Creating a Twitter Search & Analytics toolTom Elliott

Twitonomy

Twitonomy: Twitter #analytics and much more...www.twitonomy.com

Sleeping Time

http://sleepingtime.org/sleepingtime.org

Mention Mapp

สล็อต888 เว็บตรง ลิขสิทธิ์แท้ รวมเดโม่ PG slot PP JILI JOKERpinkboxtexas

Tweetbeaver

https://tweetbeaver.com/tweetbeaver.com

SpoonBill

Spoonbill – Stay Updated with Profile ChangesSpoonbill

Tinfoleak

tinfoleak | Free dossier of a twitter usertinfoleak.com

TweetDeck

https://tweetdeck.com/tweetdeck.com

Sowdust

SOWsearch has moved!sowdust.github.io

Intelx-Facebook-Search

Tools - Intelligence Xintelx.io

Wopita

https://wopita.com/wopita.com

Code-of-a-Ninja

Find Instagram User ID – Get Instagram numeric ID by usernamecodeofaninja.com

InstaDP

Instadp - Instagram Profile Picture Downloader & Anonymous IG ViewerInsta Story Viewer

ImgInn

https://imginn.com/imginn.com

Snap-Map

Snapchat - Say It In A SnapSnapchat

Website OSINT

BuiltWith

BuiltWithBuiltWith

Domain-Dossier

Free online network tools - traceroute, nslookup, dig, whois lookup, ping - IPv6centralops.net

DNSlytics-Reverse-IP

Reverse IP - Find websites hosted on the same IP address, server or subnetdnslytics.com

SpyOnWeb

https://spyonweb.com/spyonweb.com

VirusTotal

VirusTotalVirusTotal

Visual-Ping

Visualping: #1 Website change detection, monitoring and alertsvisualping.io

Back Link Watch

Backlink Watch - Free Real-time Backlinks Checker Toolbacklinkwatch.com

viewdns.info

https://viewdns.info/viewdns.info

Pentest Tools Subdomain Finder

Free subdomain finder online 🛡️ find subdomains of domainPentest-Tools.com

Spyse

https://spyse.com/spyse.com

crt.sh

crt.sh | Certificate Searchcrt.sh

Shodan

https://shodan.ioshodan.io

Wayback Machine

Wayback Machineweb.archive.org

Business OSINT

AI-HIT

The Company Database | aiHit Datawww.aihitdata.com

Open Corporates

https://opencorporates.com/opencorporates.com

Wireless OSINT

WiGLE

WiGLE: Wireless Network Mappingwigle.net

Working with OSINT Tools

Linux Tools

theHarvester -d tesla.com -b all
recon-ng

h8mail

GitHub - khast3x/h8mail: Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related emailGitHub

breach-parse

GitHub - hmaverickadams/breach-parse: A tool for parsing breached passwordsGitHub

Twint

GitHub - twintproject/twint: An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.GitHub

Subfinder

GitHub - projectdiscovery/subfinder: Fast passive subdomain enumeration tool.GitHub

Assetfinder

GitHub - tomnomnom/assetfinder: Find domains and subdomains related to a given domainGitHub

httprobe

GitHub - tomnomnom/httprobe: Take a list of domains and probe for working HTTP and HTTPS serversGitHub

Amass

GitHub - owasp-amass/amass: In-depth attack surface mapping and asset discoveryGitHub

GoWitness

InstallationGitHub

Hunchly

Hunchly | Secure, Reliable Tools for Online Investigationhunch.ly

OSINT Automation Foundations

#!/bin/bash

domain=$1
RED="\033[1;31m"
RESET="\033[0m"

info_path=$domain/info
subdomain_path=$domain/subdomains
screenshot_path=$domain/screenshots

if [ ! -d "$domain" ];then
    mkdir $domain
fi

if [ ! -d "$info_path" ];then
    mkdir $info_path
fi

if [ ! -d "$subdomain_path" ];then
    mkdir $subdomain_path
fi

if [ ! -d "$screenshot_path" ];then
    mkdir $screenshot_path
fi

echo -e "${RED} [+] Checkin' who it is...${RESET}"
whois $1 > $info_path/whois.txt

echo -e "${RED} [+] Launching subfinder...${RESET}"
subfinder -d $domain > $subdomain_path/found.txt

echo -e "${RED} [+] Running assetfinder...${RESET}"
assetfinder $domain | grep $domain >> $subdomain_path/found.txt

#echo -e "${RED} [+] Running Amass. This could take a while...${RESET}"
#amass enum -d $domain >> $subdomain_path/found.txt

echo -e "${RED} [+] Checking what's alive...${RESET}"
cat $subdomain_path/found.txt | grep $domain | sort -u | httprobe -prefer-https | grep https | sed 's/https\?:\/\///' | tee -a $subdomain_path/alive.txt

echo -e "${RED} [+] Taking dem screenshotz...${RESET}"
gowitness file -f $subdomain_path/alive.txt -P $screenshot_path/ --no-http

OSINT Flowcharts

Search Engine OSINT

site:github.com
Term1 AND Term2
Term1 OR Term2
Term1 * Term3
site:tesla.com password filetype:pdf
site:tesla.com -www -shop
filetype:pdf  inurl:file  intext:password