The number of OSINT tools and services is constantly growing (image via osintframework.com)
Definition:
(intentionally left blank)
Types of OSINT:
- Offensive
- Defensive
Terminologies:
- Gray-literature
- Google dorking
Site to checkout:
- Dumpster-diving
- OSINT browser hardening
- HTTrack (extension)
- KeePass (password manager tool)
- Thispersondoesnttexist.com
- 33mail.com
- tineye.com
Common OSINT cycle:
Planning > Gathering > Analyzing > Dissemination(Reporting) > Feedback(from customer)
Fact checking tools (https://toolbox.google.com/factcheck, https://www.bellingcat.com)
Twitter example (https://www.omnisci.com/demos/tweetmap)
Search Engines:
- Google.com (using google dorking)
- google.com/cse
- Bing.com (advanced options)
- Yahoo.com
- Duckduckgo.com
- Startpage.com
- Yandex.com
- Baidu.com
- Search.goo.ne.jp
- Parseek.com
- Tor search engines. (watch search without tor-connection? Use: ahmia.fi OR darksearch.io)
Social Networks:
- Twitter (Tweetmap)
- Linkedin (scraping tools)
- Instagram (stalkfest.com)
- Snapchat (map.snapchat.com)
Email:
- Hunter.io (gives email format)
- Trumail.io (check email valid or not)
Usernames search:
- Namecheckr.io
- Knowem.com
- https://rslookup.com
- https://intelx.io
- https://leakcheck.net
- https://snusbase.com
- https://haveibeenpwned.com
- https://leakpeek.com
- https://breachchecker.com
- https://leak-lookup.com
- https://weleakinfo.to
- https://leakcheck.io
- http://scylla.sh
- http://scatteredsecrets.com
- https://joe.black/leakengine.html
- https://services.normshield.com/data-breach
- https://www.dehashed.com/search?query=
- https://leakedsource.ru/main/
- https://leaked.site/
- https://ghostproject.fr/
- https://haveibeenpwned.com/unifiedsearch/[email protected]
- https://haveibeensold.app/
- https://vigilante.pw/
- https://nuclearleaks.com/
- https://hashes.org/
- https://leak.sx/
- https://leakcorp.com/login
- https://private-base.info/
- https://4iq.com/
- haveibeenpwned.com β check in leaked databases
- emailrep.io β find websites where account has been registered by email
- dehashed.com β checking mail in leaked databases
- @Smart_SearchBot β find full name, DoB, address and phone number
- pwndb2am4tzkvold.onion β search in pwndb, also search by password
- intelx.io β multifunctional search engine, the search is also carried out on the darknet
- @mailsearchbot β search in database, gives password partially
- @shi_ver_bot β breached passwords
- @info_baza_bot β show from what base mail leaked, 2 free scans
- leakedsource.ru β show from what base mail leaked
- mostwantedhf.info β find skype account
- email2phonenumber (t) β automatically collects data from account recovery pages, and finds the phone number
- spiderfoot.net (r) β automatic search using a huge number of methods, tool available in the cloud with registration
- reversegenie.com β find location, first letter of the name and phone numbers
- @last4mailbot β bot will find the last 4 digits of the Sberbank clientβs phone number
- searchmy.bio β find instagram account with email in description
- leakprobe.net β it will find nickname and source of leaked database
Sites that find information on a specific request, which can be anything, mail or even a password
- search.carrot2.org β cluster search engine, identifies objects or categories associated with the word in the search query
- boardreader.com β search engine on forums
- searchcode.com β search by code in open repositories
- swisscows.com β semantic search engine
- intelx.io β will find email addresses, domains, URLs, IP addresses, CIDR, bitcoin addresses, IPFS hashes, etc
- publicwww.com β search by source page code, you can search for nicknames, mail, trackers, wallets, website addresses, etc
- psbdmp.ws β search in pastebin
- kribrum.io β social-media search engine
PS: This is not the final version.
OSCP notes : https://oscp.infosecsanyam.in/