From 33aa9686ac52b7d535292dcdbc077f7286baafcc Mon Sep 17 00:00:00 2001
From: Meitar M <meitarm@gmail.com>
Date: Thu, 7 Nov 2019 22:41:39 -0500
Subject: [PATCH] Start categorization of OSINT tools list.

---
 README.md | 68 +++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 46 insertions(+), 22 deletions(-)

diff --git a/README.md b/README.md
index 3eda3c1..d18428a 100644
--- a/README.md
+++ b/README.md
@@ -51,6 +51,12 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 * [Network Vulnerability Scanners](#network-vulnerability-scanners)
   * [Web Vulnerability Scanners](#web-vulnerability-scanners)
 * [OSINT Tools](#osint-tools)
+  * [Data broker and search engine services](#data-broker-and-search-engine-services)
+  * [Dorking tools](#dorking-tools)
+  * [Email search and analysis tools](#email-search-and-analysis-tools)
+  * [Metadata harvesting and analysis](#metadata-harvesting-and-analysis)
+  * [Network device discovery tools](#network-device-discovery-tools)
+  * [Source code repository searching tools](#source-code-repository-searching-tools)
 * [Online Resources](#online-resources)
   * [Online Code Samples and Examples](#online-code-samples-and-examples)
   * [Online Exploit Development Resources](#online-exploit-development-resources)
@@ -476,43 +482,61 @@ See also [awesome-industrial-control-system-security](https://github.com/hslatma
 
 ## OSINT Tools
 
-* [AQUATONE](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
-* [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool.
-* [Censys](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans.
 * [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
-* [dorkbot](https://github.com/utiso/dorkbot) - Command-line tool to scan Google (or other) search results for vulnerabilities.
-* [FOCA (Fingerprinting Organizations with Collected Archives)](https://www.elevenpaths.com/labstools/foca/) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures.
-* [GooDork](https://github.com/k3170makan/GooDork) - Command line Google dorking tool.
-* [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - Database of Google dorks; can be used for recon.
 * [GyoiThon](https://github.com/gyoisamurai/GyoiThon) - GyoiThon is an Intelligence Gathering tool using Machine Learning.
-* [Hunter.io](https://hunter.io/) - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
 * [Intrigue](http://intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
 * [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva.
-* [OWASP Amass](https://github.com/OWASP/Amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
 * [PacketTotal](https://packettotal.com/) - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Bro and Suricata IDS signatures under the hood).
-* [Shodan](https://www.shodan.io/) - World's first search engine for Internet-connected devices.
-* [SimplyEmail](https://github.com/SimplySecurity/SimplyEmail) - Email recon made fast and easy.
 * [Sn1per](https://github.com/1N3/Sn1per) - Automated Pentest Recon Scanner.
 * [Spiderfoot](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations.
+* [creepy](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool.
+* [gOSINT](https://github.com/Nhoya/gOSINT) - OSINT tool with multiple modules and a telegram scraper.
+* [image-match](https://github.com/ascribe/image-match) - Quickly search over billions of images.
+* [recon-ng](https://github.com/lanmaster53/recon-ng) - Full-featured Web Reconnaissance framework written in Python.
+* [sn0int](https://github.com/kpcyrd/sn0int) - Semi-automatic OSINT framework and package manager.
+
+### Data broker and search engine services
+
+* [Hunter.io](https://hunter.io/) - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
 * [Threat Crowd](https://www.threatcrowd.org/) - Search engine for threats.
 * [Virus Total](https://www.virustotal.com/) - Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
-* [ZoomEye](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components.
-* [creepy](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool.
+* [surfraw](https://github.com/kisom/surfraw) - Fast UNIX command line interface to a variety of popular WWW search engines.
+
+### Dorking tools
+
+* [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool.
+* [dorkbot](https://github.com/utiso/dorkbot) - Command-line tool to scan Google (or other) search results for vulnerabilities.
+* [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan GitHub repos/organizations for potential sensitive information leaks.
+* [GooDork](https://github.com/k3170makan/GooDork) - Command line Google dorking tool.
+* [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - Database of Google dorks; can be used for recon.
 * [dork-cli](https://github.com/jgor/dork-cli) - Command line Google dork tool.
 * [dorks](https://github.com/USSCltd/dorks) - Google hack database automation tool.
 * [fast-recon](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain.
-* [gOSINT](https://github.com/Nhoya/gOSINT) - OSINT tool with multiple modules and a telegram scraper.
-* [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan GitHub repos/organizations for potential sensitive information leaks.
-* [image-match](https://github.com/ascribe/image-match) - Quickly search over billions of images.
-* [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester.
 * [pagodo](https://github.com/opsdisk/pagodo) - Automate Google Hacking Database scraping.
-* [recon-ng](https://github.com/lanmaster53/recon-ng) - Full-featured Web Reconnaissance framework written in Python.
-* [sn0int](https://github.com/kpcyrd/sn0int) - Semi-automatic OSINT framework and package manager.
 * [snitch](https://github.com/Smaash/snitch) - Information gathering via dorks.
-* [surfraw](https://github.com/kisom/surfraw) - Fast UNIX command line interface to a variety of popular WWW search engines.
-* [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester.
-* [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information.
+
+### Email search and analysis tools
+
+* [SimplyEmail](https://github.com/SimplySecurity/SimplyEmail) - Email recon made fast and easy.
 * [WhatBreach](https://github.com/Ekultek/WhatBreach) - Search email addresses and discover all known breaches that this email has been seen in, and download the breached database if it is publicly available.
+
+### Metadata harvesting and analysis
+
+* [FOCA (Fingerprinting Organizations with Collected Archives)](https://www.elevenpaths.com/labstools/foca/) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures.
+* [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester.
+* [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester.
+
+### Network device discovery tools
+
+* [AQUATONE](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
+* [Censys](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans.
+* [OWASP Amass](https://github.com/OWASP/Amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
+* [Shodan](https://www.shodan.io/) - World's first search engine for Internet-connected devices.
+* [ZoomEye](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components.
+
+### Source code repository searching tools
+
+* [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information.
 * [Yar](https://github.com/Furduhlutur/yar) - Clone git repositories to search through the whole commit history in order of commit time for secrets, tokens, or passwords.
 
 ## Online Resources