20618
Every day I write about #osint (Open Source Intelligence) tools and techniques. Also little bit about forensics and cybersecurity in general. Work in https://t.me/netlas
SearchPof
Google CSE to quick search profiles in:
Facebook
Twitter
Instagram
YouTube
Pinterest
Snapchat
https://searchpof.com/
#osint #socmint
Common Crawl a great source of old versions of sites along with archive.org
Search target domain with index.commoncrawl.org/
Open in browser
https://data.commoncrawl.org/ + filename of target URL
Unzip downloaded archive
Search files by domain and open in text editor
Cyberbro
Get information about IPs/domains from different sources:
- VirusTotal
- Shodan
- AbuseIPDB
- PhishTank
- ThreatFox
and more.
Self-hosted: https://github.com/stanfrbd/cyberbro
Demo: demo.cyberbro.net
Creator twitter.com/cyberbro_cti
An old but very effective #OSINT tip, which it is not a sin to be reminded of once again.
Thanks to twitter.com/OSINT_Tactical
Data Portals
Search by 599 portals around the world. Goverment data, professional registries, courts records, cadastral maps and more.
https://dataportals.org/search
#osint #geoint
According to a CyberNews research (blog.gitguardian.com/exposed-git-folders-exposed/) 2% of all web servers has .git directory exposed that may potentially contain sensitive data.
twitter.com/0x0SojalSec advice also check directories for other version control systems (Subversion, Mercurial, Darcs etc)
Nuclei Disaster Worldwide Map
- power reactor locations
- known locations of nuclear weapons
- states with nuclear weapons
- declassified US nuclear targets
nucleardisastermap.com
#geoint
NonProfit Explorer
USA 🇺🇸
1.9M Active Nonprofits
18M Tax Filings
Search by people/organization name or filling text.
projects.propublica.org/nonprofits/
Creator twitter.com/propublica
#osint
TGeocoder
Parse Telegram channels and extracts location data contained within the messages and finds the Lat/Lon coordinates of each event
OpenAI API key required.
Telegram API key required (do not use your important Telegram accounts to get the API key, there is a risk of blocking.).
https://github.com/MJCruickshank/TGeocoder
Creator twitter.com/MJ_Cruickshank
IUU Vessels List
Illegal, Unregulated, and Unreported (IUU) fishing vessel list.
Search detailed vessels profiles by current or historic name, callsign, owner, registration number.
https://www.iuu-vessels.org/Home/Search
#osint #geoint
OPENSKY
Open (free) air traffic data for research:
- live data
- historical data
- tracking 264K+ aircrafts
- scientific datasets
- #Python library https://github.com/open-aviation/pyopensky
http://opensky-network.org
#osint #geoint
World of orienteering maps collection
50000+ detailed topographic maps of various terrains around the world.
A source of a huge amount of additional information not found on Google Maps (including historical).
omaps.worldofo.com/gmaps.php
#osint #geoint
RepoAnalyzer
An online tool that automatically analyzes dozens of Github repository parameters and assesses how trustworthy a repository is.
repoanalyzer.site
Three checks per minute for free.
#github #socmint
Another source of old versions of web pages that is often forgotten is the Common Crawl Index https://commoncrawl.org/.
One of the best tools for downloading copies of pages from it is WayMore (also downloads data from other sources).
https://github.com/xnl-h4ck3r/waymore
Creator twitter.com/xnl_h4ck3r
Faceonlive
Another tool for reverse facial searches. Free shows only part of the links, but doesn't blur images (like some analogs) and allows to download them.
(celebrity photo is just an example, the service works with non-public faces too)
https://faceonlive.com/face-search-online/
#socmint
Short, but interesting list of sensitive data and bug bounty dorks from twitter.com/javobernardo.
https://github.com/fatguru/dorks
Clatscope Info Tool
A versatile #Python tool that can perform more than 20 #osint tasks:
IP Address/Phone Number/Email Lookups
Username Searches
WHOIS detailes
Robots.txt and sitemap.xml retrieval
Webpage metadata extraction
and more.
https://github.com/Clats97/ClatScope
When searching for a person by full name/nickname, check accounts in services popular in their country.
One way to find out them is to look at the country rankings of the most downloaded mobile apps in the categories:
- dating
- social
- communication
appfollow.io
PugRecon
Search by 1.6 billion subdomains scrapped from multiple public (and private) sources.
https://dash.pugrecon.celes.in/
Creator twitter.com/c3l3si4n 👏
MEIOC by twiter.com/AndreaDraghetti
#Python automation tool to extract information from EML files:
Headers
Detailed server relay hops (IP addresses involved)
Extracted URLS/domains
Attachments with calculated hashes.
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)
https://github.com/drego85/meioc
ALERT California🇺🇸
A site where you can view real-time images and video from surveillance cameras throughout California. For example, see smoke in Los Angeles right now.
https://cameras.alertcalifornia.org/?pos=33.4337_-117.2543_9
Catalogue of research databases
180+ countries.
Business, intellectual property and land registries, government databases, national media and more.
id.occrp.org/databases/
Creator twitter.com/OCCRP
#osint #geoint
OpenSupplyHub
Search worldwide supply chain data by facility name, country, company, product type and other filters.
https://opensupplyhub.org/
#osint
ShipSpotting
- 3M+ ships, inland vessels and lighthouses(!) photos
- advanced search with a lot of filters
- real time tracking map
and much more.
shipspotting.com
#osint #geoint
Blockchain Investigations Hub (list of articles)
Bitcoin Mixing Explained: Key Insights and Forensic Analysis Tips
Track Cryptocurrency Across Chains:
Using Blockchain to Track Ransomware Threat Actors
How to Track Cross-Blockchain Fund Movement
By twitter.com/ervin_zubic
#cryptoosint
Favihash
Get the hash of favicon of website (by url or file) and quick search it in Shodan, Censys and Virustotal.
favihash.com
Creator twitter.com/PredictaLabOff twitter.com/fs0c131y
Linkedin Profile Viewer
https://nubela.co/proxycurl/demo/linkedin-profile-viewer
Free shows profile picture and description in full + some information about experience and education. Useful for those who do not have a Linkedin account.
#osint #socmint