From 8c87ab2a23441691739dde5359a10c9c4fb2f6d3 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Tue, 11 Aug 2020 15:28:55 -0400 Subject: [PATCH] Update README.md --- osint/README.md | 46 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/osint/README.md b/osint/README.md index db0bb99..2cf49cd 100644 --- a/osint/README.md +++ b/osint/README.md @@ -25,8 +25,22 @@ Open-source intelligence (OSINT) is data collected from open source and publicly - [GOSINT](https://github.com/ciscocsirt/gosint) - a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. - [Awesome Threat Intelligence](https://github.com/santosomar/awesome-threat-intelligence) - A curated list of awesome Threat Intelligence resources. This is a great resource and I try to contribute to it. +## Active and Passive Reconnaissance Tips and Tools -## IP address and DNS Lookup Tools +### Passive Recon + +#### Website Exploration and "Google Hacking" +* censys - https://censys.io +* Spyse - https://spyse.com +* netcraft - https://searchdns.netcraft.com +* Google Hacking Database (GHDB) - https://www.exploit-db.com/google-hacking-database +* ExifTool - https://www.sno.phy.queensu.ca/~phil/exiftool +* Certficate Search - https://crt.sh/ +* Huge TLS/SSL certificate DB with advanced search - https://certdb.com +* Google Transparency Report - https://transparencyreport.google.com/https/certificates +* SiteDigger - http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx + +### IP address and DNS Lookup Tools - [bgp](https://bgp.he.net/) - [Bgpview](https://bgpview.io/) - [DataSploit (IP Address Modules)](https://github.com/DataSploit/datasploit/tree/master/ip) @@ -41,4 +55,34 @@ Open-source intelligence (OSINT) is data collected from open source and publicly - [Viewdns](https://viewdns.info/) - [Umbrella (OpenDNS) Popularity List](http://s3-us-west-1.amazonaws.com/umbrella-static/index.html) +#### Social Media +* A tool to scrape LinkedIn: https://github.com/dchrastil/TTSL +* cree.py http://ilektrojohn.github.com/creepy +#### Whois +WHOIS information is based upon a tree hierarchy. ICANN (IANA) is the authoritative registry for all of the TLDs and is a great starting point for all manual WHOIS queries. +* ICANN - http://www.icann.org +* IANA - http://www.iana.com +* NRO - http://www.nro.net +* AFRINIC - http://www.afrinic.net +* APNIC - http://www.apnic.net +* ARIN - http://ws.arin.net +* LACNIC - http://www.lacnic.net +* RIPE - http://www.ripe.net + +### BGP looking glasses +* BGP4 - http://www.bgp4.as/looking-glasses +* BPG6 - http://lg.he.net/ + +### DNS +* dnsenum - http://code.google.com/p/dnsenum +* dnsmap - http://code.google.com/p/dnsmap +* dnsrecon - http://www.darkoperator.com/tools-and-scripts +* dnstracer - http://www.mavetju.org/unix/dnstracer.php +* dnswalk - http://sourceforge.net/projects/dnswalk + +#### Other Great Intelligence Gathering Sources and Tools +* Resources from Pentest-standard.org - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Intelligence_Gathering + +### Active Recon +* Tons of references to scanners and vulnerability management software for active reconnaissance - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Vulnerability_Analysis