API tools faq
paste
Guest User

Osint

a guest
Jul 22nd, 2022
8,761
2
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.03 KB | None | 2 0
raw download clone embed print report
  1. OSINT TOOLS
  2. www.spydialer.com
  3. www.spytox.com
  4. www.fastpeoplesearch.com
  5. www.truepeoplesearch.com
  6. www.usersearch.org
  7. www.intelx.io
  8. www.verify-email.org
  9. https://www.shodan.io
  10. https://scans.io
  11. http://www.exfiltrated.com/querystart.php
  12. https://www.ipfingerprints.com
  13. https://centralops.net/co/EmailDossier.aspx
  14. https://tools.epieos.com/email.php
  15. https://start.me/p/b5Aow7/asint_collection
  16. https://start.me/p/b5YMq7/socmint
  17. Osintframwork.com
  18. https://www.projecthoneypot.org/list_of_ips.php
  19. http://zone-h.org/archive
  20. https://www.dnsstuff.com/tools
  21. https://mxtoolbox.com
  22. https://dnsdumpster.com
  23. http://www.insecam.org
  24. http://www.earthcam.com
  25. https://sno.phy.queensu.ca/~phil/exiftool
  26. http://www.reverse-image-search.com
  27. http://www.imagebrief.com
  28. https://www.google.com/imghp
  29. http://airportwebcams.net
  30. https://builtwith.com
  31. http://www.isearch.com/
  32. http://www.fortypoundhead.com/tools_dpw.asp
  33.  
  34. TIP:-31- This contains various information about domain names and networks:
  35. https://www.robtex.com
  36.  
  37. TIP:-32- Search for all the possible email addresses + subdomains + Get information from netcraft + Perform a Whois lookup:
  38. dmitry -iwnse target.com
  39.  
  40. TIP:-33- you can also use dmitry to perform a simple port scan:
  41. dmitry -p target.com -f -b
  42.  
  43. TIP:-34- figure out whether an IP address we have found is a honeypot or a real system:
  44. https://honeyscore.shodan.io/
  45.  
  46. TIP:-35- this awesome service will allow you to discover, monitor, and analyze publicly available devices:
  47. https://censys.io/
  48.  
  49. TIP:-36- you can use this scan The ACK scan to show unfiltered and filtered ports instead of open and closed ports:
  50. nmap -sA x.x.x.x
  51.  
  52. TIP:-37- you can Use Shodan to find internet connected devices,it scan for common ports + performs banner grabbing then displays devices accessible over the web,including routers + network device + webcams + surveillance device + traffic cams + SCADA systems:
  53. https://shodan.io
  54. -useful resources:
  55. -1-Shodan Queries.txt:
  56. https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/1-part-100-article/google/Shodan%20Queries.txt
  57. -2-Information Gathering with Shodan.pdf:
  58. https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/2-part-100-article/new_articles/Information%20Gathering%20with%20Shodan.pdf
  59. -3-Passive Data Collecting: Shodan.pdf:
  60. https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/8-part-100-article/62_article/Passive%20Data%20Collecting:%20Shodan.pdf
  61.  
  62. TIP:-38-Reverse DNS Lookup:
  63. https://hackertarget.com/reverse-dns-lookup
  64.  
  65. TIP:-39-hidden wiki:
  66. http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page
  67.  
  68. TIP:-40- Darknet search engines & websites:
  69. -1-Ahmia:http://msydqstlz2kzerdg.onion
  70. -2-Candle:http://gjobqjj7wyczbqie.onion
  71. -3-Torch:http://xmh57jrzrnw6insl.onion
  72. -4-Grams:http://grams7enufi7jmdl.onion
  73. -5-not Evil:http://hss3uro2hsxfogfq.onion
  74. -6-DuckDuckGo:https://3g2upl4pq6kufc4m.onion
  75. -7-Searx:http://lqdnpadpys4snom2.onion
  76. -8-EasyCoin:http://easycoinsayj7p5l.onion
  77. -9-WeBuyBitcoins:http://jzn5w5pac26sqef4.onion
  78. -10-OnionWallet:http://ow24et3tetp6tvmk.onion
  79. -11-Atlayo;http://atlayofke5rqhsma.onion
  80. -12-BlackBook:http://blkbook3fxhcsn3u.onion
  81. -13-Daniel’s Chat:http://danschatjr7qbwip.onion
  82. -14-Onion Mail:http://p6x47b547s2fkmj3.onion
  83. -15-RetroShare chat server:http://chat7zlxojqcf3nv.onion
  84. -16-TorBox:http://torbox3uiot6wchz.onion
  85. -17-Mail2Tor:http://mail2tor2zyjdctd.onion
  86.  
  87. TIP:-41-Searches through git repositories for high entropy strings and secrets,digging deep into commit history:
  88. -1-setup:
  89. pip install truffleHog
  90. -2-usage:
  91. trufflehog --regex --entropy=False https://github.com/dxa4481/truffleHog.git
  92.  
  93. TIP:-42- SSLScrape | A scanning tool for scaping hostnames from SSL certificates:
  94. -1-setup:
  95. git clone https://github.com/cheetz/sslScrape.git && cd sslScrape && pip install ndg-httpsclient && pip install python-masscan
  96. -2-usage:
  97. python sslScrape.py [CIDR Range]
  98.  
  99. TIP:-43- This awesome website lists street webcams from around the world:
  100. https://www.openstreetcam.org/map
  101.  
  102. TIP:-44- This is a list of unsecured IP cameras:
  103. https://reolink.com/unsecured-ip-camera-list
  104.  
  105. TIP:-45- webcam directory,We offer regional webcam-listings for (almost) every place on earth:
  106. http://www.the-webcam-network.com
  107.  
  108. TIP:-46- Thingful is a search engine for the Internet of Things:
  109. https://www.thingful.net
  110.  
  111. TIP:-47- Get the cached page of any URL from several sources:
  112. http://www.cachedpages.com/
  113.  
  114. TIP:-48- Download the entire Wayback Machine archive for a given URL:
  115. -setup:
  116. pip install waybackpack
  117. -usage:
  118. waybackpack dol.gov -d ~/Downloads/dol-wayback --to-date 1996
  119.  
  120. TIP:-49- retrieves archived web pages from the different public Internet archives:
  121. http://oldweb.today
  122.  
  123. TIP:-50- this website capture,preserve,and make accessible UK central government information published on the web.since 1996 to the present.The archived contents include videos, tweets, and web pages.:
  124. http://www.nationalarchives.gov.uk/webarchive/
  125.  
  126. TIP:-51- extract hidden information from videos uploaded to YouTube,like the upload date/time and thumbnails:
  127. https://citizenevidence.amnestyusa.org
  128.  
  129. TIP:-52-Enumerate S3 buckets via certstream,domain,or keywords:
  130. -1-setup:
  131. go get github.com/nuncan/slurp && cd slurp && go build
  132. -2-usage:
  133. slurp domain <-t|--target> google.com will enumerate the S3 domains for a specific target.
  134. slurp keyword <-t|--target> linux,golang,python will enumerate S3 buckets based on those 3 key words.
  135.  
  136. TIP:-53- View all tweets from any Twitter user on one page. Fast, Free and Easy. Great for viewing, searching and archiving old tweets:
  137. https://www.allmytweets.net
  138.  
  139. TIP:-54- Trendsmap is a mashup of location-based tweets and a map interface. You can zoom, pan, and jump to locales to see what the trending topics are:
  140. https://www.trendsmap.com
  141.  
  142. TIP:-55- Foller.me is a Twitter analytics application that gives you rich insights about any public Twitter profile:
  143. http://foller.me/
  144.  
  145. TIP:-56- Want to know the source of a quote? The app will help you find out who was the first person who shared a link, video, quote or any piece of text :
  146. http://ctrlq.org/first/
  147.  
  148. TIP:-57- View your followers & discover follower insights of any twitter user.Filter & sort followers by their follower count,interest scores, key words,language & more (a maximum of 10,000 followers can be loaded).):
  149. https://socialbearing.com/search/followers
  150.  
  151. TIP:-58- Analyze a Twitter user’s followers:
  152. https://moz.com/followerwonk/analyze
  153.  
  154. TIP:-59-Simple Twitter Profile Analyzer,Tweets metadata scraper & activity analyzer:
  155. https://github.com/x0rz/tweets_analyzer
  156.  
  157. TIP:-60-Tinfoleak.com is a website where you can get detailed info about a Twitter user:
  158. https://tinfoleak.com
  159.  
  160. TIP:-61-LinkedIn Contact Extractor:
  161. https://cse.google.com/cse/publicurl?cx=001394533911082033616:tm5y1wqwmme
  162.  
  163. TIP:-62- Pastebin Dumps:
  164. http://psbdmp.ws
  165.  
  166. TIP:-63- Tone Analyzer. This service uses linguistic analysis to detect joy, fear, sadness, anger, analytical, confident and tentative tones found in text:
  167. https://tone-analyzer-demo.mybluemix.net
  168.  
  169. TIP:-64- 411 is a leading white pages directory with phone numbers,people,addresses,and more. Find the person you're looking for and search public records ,you can search for people within the United States:
  170. https://www.411.co/
  171.  
  172. TIP:-65-Default Password:
  173. https://default-password.info/
  174.  
  175. TIP:-66- Router Passwords:
  176. http://routerpasswords.com
  177.  
  178. TIP:-67- Using this tool You can extract an OpenOffice document’smetadata:
  179. https://archive.codeplex.com/?p=oometaextractor
  180.  
  181. TIP:-68- this is a very useful and important site in the world of osint because it allows you to browse certificate transparency logs so you can find subdomains associated with certificates:
  182. https://crt.sh/
  183.  
  184. TIP:-69-:operative framework is a OSINT investigation framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules:
  185. https://github.com/graniet/operative-framework
  186.  
  187. TIP:-70-You can query PGP Public Key Servers to reveal user email addresses:
  188. https://pgp.mit.edu
  189. https://keyserver.ubuntu.com
  190. http://pgp.uni-mainz.de
  191.  
  192. TIP:-71- Enumerates various common service (SRV) records for a given domain name.exposing internal server endpoints:
  193. nmap --script dns-srv-enum --script-args dns-srv-enum.domain=facebook.com
  194.  
  195. TIP:-72-Fingerprinting FTP Services:
  196. nmap -Pn -sS -A -vvvv -p21 xx.xx.xx.xx --reason
  197.  
  198. TIP:-73- A python script that finds endpoints in JavaScript files:
  199. https://github.com/GerbenJavado/LinkFinder
  200.  
  201. TIP:-74- A tool to fastly get all javascript sources/files:
  202. https://github.com/003random/getJS
  203.  
  204. TIP:-75-The World's largest gravesite collection. Contribute, create and discover gravesites from all over the world. Find A Grave - Millions of Cemetery Records.:
  205. https://www.findagrave.com
  206.  
  207. TIP:-76- Checking whether a web server is an open proxy:
  208. nmap --script http-open-proxy -p8080 xx.xx.xx.xx
  209.  
  210. TIP:-77- Brute forcing SMTP passwords:
  211. nmap -p25 --script smtp-brute xx.xx.xx.xx
  212.  
  213. TIP:-78-Username Search for the most popular Social Media and Social Networking sites. Check for your brand, trademark, product or user name on 160 Social networks:
  214. http://checkusernames.com
  215.  
  216. TIP:-79-Use Namechk to search for an available username or domain and secure your brand across the internet as well as username registration:
  217. https://namechk.com
  218.  
  219. TIP:-80- Check domain & social username availability across multiple networks:
  220. https://www.namecheckr.com
  221.  
  222. TIP:-81- Username Search - Search username, email or phone number to find the identity across billions of profiles in all social networks:
  223. https://www.usersearch.org
  224.  
  225. TIP:-82- Email Hippo's online,free,email verification tool:
  226. https://tools.verifyemailaddress.io/
  227.  
  228. TIP:-83- Hunter is the leading solution to find and verify professional email addresses:
  229. https://hunter.io
  230.  
  231. TIP:-84- Email Checker is a free email verification tool. It helps you validate any email address online for free:
  232. https://email-checker.net
  233.  
  234. TIP:-85- Check if an e-mail address is valid or not. Find out why a mail bounces. Get technical information about a mail account and it's mail (SMTP) server:
  235. http://mailtester.com/testmail.php
  236.  
  237. TIP:-86- Improve your email sender reputation and reduce bounce rates: real-time email validation API and bulk email list cleaning. Free trial & 100% accuracy:
  238. https://www.email-validator.net
  239.  
  240. TIP:-87- Save time and energy - find the email address formats in use at thousands of companies:
  241. https://email-format.com
  242.  
  243. TIP:-88- This is a free e-mail permutator service:
  244. http://metricsparrow.com/toolkit/email-permutator
  245.  
  246. TIP:-89- ipTRACKERonline's email header analysis tool allows you to track where that email actually originated from. This is a totally free email tracking tool:
  247. https://www.iptrackeronline.com/email-header-analysis.php
  248.  
  249. TIP:-90- ZLOOKUP is world's best Reverse Phone Lookup tool. Identify all incoming calls. Find out who called. Enter Phone, get full name:
  250. https://www.zlookup.com
  251.  
  252. TIP:-91- Identify an unknown phone caller with ReversePhoneLookup.com:
  253. https://www.reversephonelookup.com
  254.  
  255. TIP:-92- Validate number format and look up provider & device type to reach verified users via voice & text. Free to use:
  256. https://www.twilio.com/lookup
  257.  
  258. TIP:-93- Spy Dialer is the totally 100% seriously free reverse phone number lookup used by millions of people. NO membership required!:
  259. https://www.spydialer.com
  260.  
  261. TIP:-94- This is an international reverse phone number lookup:
  262. https://www.truecaller.com
  263.  
  264. TIP:-95-Creepy. A Geolocation OSINT Tool. Offers geolocation information gathering through social networking platforms:
  265. https://www.geocreepy.com/
  266.  
  267. TIP:-96- Browse Opentopia's vast webcam database, containing thousands of live webcam views from around the world:
  268. http://www.opentopia.com/hiddencam.php
  269.  
  270. TIP:-97-Iceland Live webcams: live webcam feeds from Iceland's:
  271. https://www.livefromiceland.is/webcams/geysir
  272.  
  273. TIP:-98- Fingerprinting a POP3 services by using Nmap:
  274. nmap -sV -p110,995 --script pop3-capabilities xx.xx.xx.xx --reason -vvvv
  275.  
  276. TIP:-99- Subdomain Takeover tool written in Go:
  277. https://github.com/haccer/subjack
  278.  
  279. TIP:-100- Find information on any domain name or website. Large database of whois information, DNS, domain names, name servers, IPs, and tools:
  280. https://who.is/
  281.  
  282. TIP:101- We can enumerate an HTTP target using the nikto,Nikto outputs information on the HTTPS certificate,the server banner,any security-related HTTP headers that may be missing:
  283. nikto -h https://target.com
  284.  
  285. TIP:-102- Reverse IP lookup,discover all the domains hosted on the target IP address:
  286. http://www.yougetsignal.com/tools/web-sites-on-web-server/
  287.  
  288. TIP:-103- Site metadata:
  289. http://desenmascara.me
  290.  
  291. TIP:-104- Collection of github dorks and helper tool to automate the process of checking dorks:
  292. https://github.com/techgaun/github-dorks
  293.  
  294. TIP:-105- Search Engine Subdomains Collector:
  295. msf > use auxiliary/gather/searchengine_subdomains_collector
  296. msf auxiliary(searchengine_subdomains_collector) > set TARGET yahoo.com
  297. TARGET => yahoo.com
  298. msf auxiliary(searchengine_subdomains_collector) > run
  299.  
  300. TIP:-106- A tool that can help detect and takeover subdomains with dead DNS records:
  301. -1-setup:
  302. go get github.com/anshumanbh/tko-subs
  303. -2-usage:
  304. ./tkosubs -domains=subdomains.txt -data=providers-data.csv -output=results.csv
  305.  
  306. TIP:-107- BreachAlarm scan the Internet for stolen password data posted by hackers & lets you know if your email & password combination has been compromised:
  307. https://breachalarm.com
  308.  
  309. TIP:-108- BriteVerify is an email verification platform that allows users to ensure addresses exist before sending their emails:
  310. https://www.briteverify.com
  311.  
  312. TIP:-109- Verify email address online using free email verification tool:
  313. https://verify-email.org
  314.  
  315. TIP:-110- ThatsThem's reverse email search finds the person associated to a specific email address:
  316. https://thatsthem.com/reverse-email-lookup
  317.  
  318. TIP:-111- ReverseGenie provides free phone number and email reverse lookup:
  319. http://www.reversegenie.com
  320.  
  321. Breach checker
  322.  
  323. https://breachdirectory.org
  324.  
  325. Unhash
  326.  
  327. https://hashtoolkit.com/decrypt-hash/?
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!