2018-08-07 16:40:04 -04:00
# Open-source intelligence (OSINT)
2018-01-17 22:45:47 -05:00
Open-source intelligence (OSINT) is data collected from open source and publicly available sources. The following are a few OSINT resources and references:
2020-05-22 01:45:22 -04:00
## Passive Recon Tools:
2020-08-26 20:09:25 -04:00
- [AMass ](https://github.com/OWASP/Amass )
2020-07-28 21:17:17 -04:00
- [Buscador VM ](https://inteltechniques.com/buscador )
- [Exiftool ](https://www.sno.phy.queensu.ca/~phil/exiftool/ )
- [ExtractMetadata ](http://www.extractmetadata.com )
- [Findsubdomains ](https://findsubdomains.com/ )
- [FOCA ](https://elevenpaths.com )
- [IntelTechniques ](https://inteltechniques.com )
2018-08-07 16:33:50 -04:00
- [Maltego ](https://www.paterva.com/web7/ )
2019-11-14 13:05:20 -05:00
- [Recon-NG ](https://github.com/lanmaster53/recon-ng )
2018-08-07 16:33:50 -04:00
- [Scrapy ](https://scrapy.org )
- [Screaming Frog ](https://www.screamingfrog.co.uk )
2020-07-28 21:17:17 -04:00
- [Shodan ](https://shodan.io )
- [SpiderFoot ](http://spiderfoot.net )
- [theHarvester ](https://github.com/laramies/theHarvester )
- [Visual SEO Studio ](https://visual-seo.com/ )
2018-08-07 16:40:04 -04:00
- [Web Data Extractor ](http://www.webextractor.com )
2020-07-28 21:17:17 -04:00
- [Xenu ](http://home.snafu.de )
2020-05-22 01:45:22 -04:00
## Open Source Threat Intelligence
- [GOSINT ](https://github.com/ciscocsirt/gosint ) - a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence.
- [Awesome Threat Intelligence ](https://github.com/santosomar/awesome-threat-intelligence ) - A curated list of awesome Threat Intelligence resources. This is a great resource and I try to contribute to it.
2020-08-11 15:28:55 -04:00
## Active and Passive Reconnaissance Tips and Tools
2020-05-22 01:45:22 -04:00
2020-08-11 15:28:55 -04:00
### Passive Recon
#### Website Exploration and "Google Hacking"
* censys - https://censys.io
* Spyse - https://spyse.com
* netcraft - https://searchdns.netcraft.com
* Google Hacking Database (GHDB) - https://www.exploit-db.com/google-hacking-database
* ExifTool - https://www.sno.phy.queensu.ca/~phil/exiftool
* Certficate Search - https://crt.sh/
* Huge TLS/SSL certificate DB with advanced search - https://certdb.com
* Google Transparency Report - https://transparencyreport.google.com/https/certificates
* SiteDigger - http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx
### IP address and DNS Lookup Tools
2020-05-22 01:45:22 -04:00
- [bgp ](https://bgp.he.net/ )
- [Bgpview ](https://bgpview.io/ )
- [DataSploit (IP Address Modules) ](https://github.com/DataSploit/datasploit/tree/master/ip )
- [Domain Dossier ](https://centralops.net/co/domaindossier.aspx )
- [Domaintoipconverter ](http://domaintoipconverter.com/ )
- [Googleapps Dig ](https://toolbox.googleapps.com/apps/dig/ )
- [Hurricane Electric BGP Toolkit ](https://bgp.he.net/ )
- [ICANN Whois ](https://whois.icann.org/en )
- [Massdns ](https://github.com/blechschmidt/massdns )
- [Mxtoolbox ](https://mxtoolbox.com/BulkLookup.aspx )
- [Ultratools ipv6Info ](https://www.ultratools.com/tools/ipv6Info )
- [Viewdns ](https://viewdns.info/ )
- [Umbrella (OpenDNS) Popularity List ](http://s3-us-west-1.amazonaws.com/umbrella-static/index.html )
2020-08-11 15:28:55 -04:00
#### Social Media
* A tool to scrape LinkedIn: https://github.com/dchrastil/TTSL
* cree.py http://ilektrojohn.github.com/creepy
#### Whois
WHOIS information is based upon a tree hierarchy. ICANN (IANA) is the authoritative registry for all of the TLDs and is a great starting point for all manual WHOIS queries.
* ICANN - http://www.icann.org
* IANA - http://www.iana.com
* NRO - http://www.nro.net
* AFRINIC - http://www.afrinic.net
* APNIC - http://www.apnic.net
* ARIN - http://ws.arin.net
* LACNIC - http://www.lacnic.net
* RIPE - http://www.ripe.net
### BGP looking glasses
* BGP4 - http://www.bgp4.as/looking-glasses
* BPG6 - http://lg.he.net/
### DNS
* dnsenum - http://code.google.com/p/dnsenum
* dnsmap - http://code.google.com/p/dnsmap
* dnsrecon - http://www.darkoperator.com/tools-and-scripts
* dnstracer - http://www.mavetju.org/unix/dnstracer.php
* dnswalk - http://sourceforge.net/projects/dnswalk
#### Other Great Intelligence Gathering Sources and Tools
* Resources from Pentest-standard.org - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Intelligence_Gathering
2018-08-07 16:34:22 -04:00
2020-08-11 15:28:55 -04:00
### Active Recon
* Tons of references to scanners and vulnerability management software for active reconnaissance - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Vulnerability_Analysis