mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-22 19:03:04 +00:00
153 lines
6.7 KiB
Markdown
153 lines
6.7 KiB
Markdown
# Open-source Intelligence (OSINT)
|
|
|
|
Open-source intelligence (OSINT) is data collected from open source and publicly available sources. The following are a few OSINT resources and references:
|
|
|
|
## Passive Recon Tools:
|
|
- [AMass](https://github.com/OWASP/Amass)
|
|
- [Deepinfo (commercial tool)](https://deepinfo.com)
|
|
- [Exiftool](https://www.sno.phy.queensu.ca/~phil/exiftool/)
|
|
- [ExtractMetadata](http://www.extractmetadata.com)
|
|
- [Findsubdomains](https://findsubdomains.com/)
|
|
- [FOCA](https://elevenpaths.com)
|
|
- [IntelTechniques](https://inteltechniques.com)
|
|
- [Maltego](https://www.paterva.com/web7/)
|
|
- [Recon-NG](https://github.com/lanmaster53/recon-ng)
|
|
- [Scrapy](https://scrapy.org)
|
|
- [Screaming Frog](https://www.screamingfrog.co.uk)
|
|
- [Shodan](https://shodan.io)
|
|
- [SpiderFoot](http://spiderfoot.net)
|
|
- [theHarvester](https://github.com/laramies/theHarvester)
|
|
- [Visual SEO Studio](https://visual-seo.com/)
|
|
- [Web Data Extractor](http://www.webextractor.com)
|
|
- [Xenu](http://home.snafu.de)
|
|
- [ParamSpider](https://github.com/devanshbatham/ParamSpider)
|
|
|
|
|
|
## Open Source Threat Intelligence
|
|
- [Awesome Threat Intelligence](https://github.com/santosomar/awesome-threat-intelligence) - A curated list of awesome Threat Intelligence resources. This is a great resource and I try to contribute to it.
|
|
|
|
## OSINT Source Highlights
|
|
| Website | Description |
|
|
|---------------------|--------------------|
|
|
| shodan.io | Server |
|
|
| google.com | Dorks |
|
|
| wigle.net | WiFi Networks |
|
|
| grep.app | Codes Search |
|
|
| app.binaryedge | Threat Intelligence|
|
|
| onyphe.io | Server |
|
|
| viz.greynoise.io | Threat Intelligence|
|
|
| censys.io | Server |
|
|
| hunter.io | Email Addresses |
|
|
| fofa.info | Threat Intelligence|
|
|
| zoomeye.org | Threat Intelligence|
|
|
| leakix.net | Threat Intelligence|
|
|
| intelx.io | OSINT |
|
|
| app.netlas.io | Attack Surface |
|
|
| searchcode.com | Codes Search |
|
|
| urlscan.io | Threat Intelligence|
|
|
| publicwww.com | Codes Search |
|
|
| fullhunt.io | Attack Surface |
|
|
| socradar.io | Threat Intelligence|
|
|
| binaryedge.io | Attack Surface |
|
|
| ivre.rocks | Server |
|
|
| crt.sh | Certificate Search|
|
|
| vulners.com | Vulnerabilities |
|
|
| pulsedive.com | Threat Intelligence|
|
|
|
|
### Website Exploration and "Google Hacking"
|
|
- censys : https://censys.io
|
|
- Certficate Search: https://crt.sh/
|
|
- ExifTool: https://www.sno.phy.queensu.ca/~phil/exiftool
|
|
- Google Hacking Database (GHDB): https://www.exploit-db.com/google-hacking-database
|
|
- Google Transparency Report: https://transparencyreport.google.com/https/certificates
|
|
- Huge TLS/SSL certificate DB with advanced search: https://certdb.com
|
|
- netcraft: https://searchdns.netcraft.com
|
|
- SiteDigger: http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx
|
|
- Spyse: https://spyse.com
|
|
|
|
### Data Breach Query Tools
|
|
- BaseQuery: https://github.com/g666gle/BaseQuery
|
|
- Buster: https://github.com/sham00n/buster
|
|
- h8mail: https://github.com/khast3x/h8mail
|
|
- LeakLooker: https://github.com/woj-ciech/LeakLooker
|
|
- PwnDB: https://github.com/davidtavarez/pwndb
|
|
- Scavenger: https://github.com/rndinfosecguy/Scavenger
|
|
- WhatBreach: https://github.com/Ekultek/WhatBreach
|
|
|
|
### IP address and DNS Lookup Tools
|
|
- [bgp](https://bgp.he.net/)
|
|
- [Bgpview](https://bgpview.io/)
|
|
- [DataSploit (IP Address Modules)](https://github.com/DataSploit/datasploit/tree/master/ip)
|
|
- [Domain Dossier](https://centralops.net/co/domaindossier.aspx)
|
|
- [Domaintoipconverter](http://domaintoipconverter.com/)
|
|
- [Googleapps Dig](https://toolbox.googleapps.com/apps/dig/)
|
|
- [Hurricane Electric BGP Toolkit](https://bgp.he.net/)
|
|
- [ICANN Whois](https://whois.icann.org/en)
|
|
- [Massdns](https://github.com/blechschmidt/massdns)
|
|
- [Mxtoolbox](https://mxtoolbox.com/BulkLookup.aspx)
|
|
- [Ultratools ipv6Info](https://www.ultratools.com/tools/ipv6Info)
|
|
- [Viewdns](https://viewdns.info/)
|
|
- [Umbrella (OpenDNS) Popularity List](http://s3-us-west-1.amazonaws.com/umbrella-static/index.html)
|
|
|
|
### Social Media
|
|
* [A tool to scrape LinkedIn](https://github.com/dchrastil/TTSL)
|
|
* [cree.py](https://github.com/ilektrojohn/creepy)
|
|
|
|
### Acquisitions and
|
|
- [OCCRP Aleph](https://aleph.occrp.org/) - The global archive of research material for investigative reporting.
|
|
### Whois
|
|
WHOIS information is based upon a tree hierarchy. ICANN (IANA) is the authoritative registry for all of the TLDs and is a great starting point for all manual WHOIS queries.
|
|
|
|
- ICANN: http://www.icann.org
|
|
- IANA: http://www.iana.com
|
|
- NRO: http://www.nro.net
|
|
- AFRINIC: http://www.afrinic.net
|
|
- APNIC: http://www.apnic.net
|
|
- ARIN: http://ws.arin.net
|
|
- LACNIC: http://www.lacnic.net
|
|
- RIPE: http://www.ripe.net
|
|
|
|
### BGP looking glasses
|
|
- BGP4: http://www.bgp4.as/looking-glasses
|
|
- BPG6: http://lg.he.net/
|
|
|
|
### DNS
|
|
- dnsenum - https://code.google.com/p/dnsenum
|
|
- dnsmap: https://code.google.com/p/dnsmap
|
|
- dnsrecon: https://www.darkoperator.com/tools-and-scripts
|
|
- dnstracer: https://www.mavetju.org/unix/dnstracer.php
|
|
- dnswalk: https://sourceforge.net/projects/dnswalk
|
|
|
|
## The OSINT Framework
|
|
- [OSINT Framework](https://osintframework.com)
|
|
|
|
|
|
## Dark Web OSINT Tools
|
|
### Dark Web Search Engine Tools
|
|
- [Ahmia Search Engine](https://ahmia.fi) and [their GitHub repo](https://github.com/ahmia/ahmia-site)
|
|
- [DarkSearch](https://darksearch.io) and their [GitHub repo](https://github.com/thehappydinoa/DarkSearch)
|
|
- [Katana](https://github.com/adnane-X-tebbaa/Katana)
|
|
- [OnionSearch](https://github.com/megadose/OnionSearch)
|
|
- [Search Engines for Academic Research](https://www.itseducation.asia/deep-web.htm)
|
|
- [DarkDump](https://github.com/josh0xA/darkdump)
|
|
|
|
### Tools to Obtain Information of .onion Links
|
|
- [H-Indexer](http://jncyepk6zbnosf4p.onion/onions.html)
|
|
- [Hunchly](https://www.hunch.ly/darkweb-osint)
|
|
- [Tor66 Fresh Onions](http://tor66sewebgixwhcqfnp5inzp5x5uohhdy3kvtnyfxc2e5mxiuh34iid.onion/fresh)
|
|
|
|
### Tools to scan onion links
|
|
- [Onioff](https://github.com/k4m4/onioff)
|
|
- [Onion-nmap](https://github.com/milesrichardson/docker-onion-nmap)
|
|
- [Onionscan](https://github.com/s-rah/onionscan)
|
|
|
|
### Tools to Crawl Dark Web Data
|
|
- [TorBot](https://github.com/DedSecInside/TorBot)
|
|
- [TorCrawl](https://github.com/MikeMeliz/TorCrawl.py)
|
|
- [OnionIngestor](https://github.com/danieleperera/OnionIngestor)
|
|
|
|
### Other Great Intelligence Gathering Sources and Tools
|
|
- Resources from Pentest-standard.org - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Intelligence_Gathering
|
|
|
|
### Active Recon
|
|
- Tons of references to scanners and vulnerability management software for active reconnaissance - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Vulnerability_Analysis
|