diff --git a/osint/README.md b/osint/README.md
index db0bb99..2cf49cd 100644
--- a/osint/README.md
+++ b/osint/README.md
@@ -25,8 +25,22 @@ Open-source intelligence (OSINT) is data collected from open source and publicly
 - [GOSINT](https://github.com/ciscocsirt/gosint) - a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence.
 - [Awesome Threat Intelligence](https://github.com/santosomar/awesome-threat-intelligence) - A curated list of awesome Threat Intelligence resources. This is a great resource and I try to contribute to it.
 
+## Active and Passive Reconnaissance Tips and Tools
 
-## IP address and DNS Lookup Tools
+### Passive Recon
+
+#### Website Exploration and "Google Hacking"
+* censys - https://censys.io
+* Spyse - https://spyse.com
+* netcraft - https://searchdns.netcraft.com
+* Google Hacking Database (GHDB) - https://www.exploit-db.com/google-hacking-database
+* ExifTool - https://www.sno.phy.queensu.ca/~phil/exiftool
+* Certficate Search - https://crt.sh/
+* Huge TLS/SSL certificate DB with advanced search - https://certdb.com
+* Google Transparency Report - https://transparencyreport.google.com/https/certificates
+* SiteDigger - http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx
+
+### IP address and DNS Lookup Tools
 - [bgp](https://bgp.he.net/)
 - [Bgpview](https://bgpview.io/)
 - [DataSploit (IP Address Modules)](https://github.com/DataSploit/datasploit/tree/master/ip)
@@ -41,4 +55,34 @@ Open-source intelligence (OSINT) is data collected from open source and publicly
 - [Viewdns](https://viewdns.info/) 
 - [Umbrella (OpenDNS) Popularity List](http://s3-us-west-1.amazonaws.com/umbrella-static/index.html) 
 
+#### Social Media
+* A tool to scrape LinkedIn: https://github.com/dchrastil/TTSL
+* cree.py	http://ilektrojohn.github.com/creepy
 
+#### Whois
+WHOIS information is based upon a tree hierarchy. ICANN (IANA) is the authoritative registry for all of the TLDs and is a great starting point for all manual WHOIS queries.
+* ICANN - http://www.icann.org
+* IANA - http://www.iana.com
+* NRO - http://www.nro.net
+* AFRINIC - http://www.afrinic.net
+* APNIC - http://www.apnic.net
+* ARIN - http://ws.arin.net
+* LACNIC - http://www.lacnic.net
+* RIPE - http://www.ripe.net
+
+### BGP looking glasses
+* BGP4 - http://www.bgp4.as/looking-glasses
+* BPG6 - http://lg.he.net/
+
+### DNS
+* dnsenum -	http://code.google.com/p/dnsenum
+* dnsmap - http://code.google.com/p/dnsmap
+* dnsrecon - http://www.darkoperator.com/tools-and-scripts
+* dnstracer - http://www.mavetju.org/unix/dnstracer.php
+* dnswalk - http://sourceforge.net/projects/dnswalk
+
+#### Other Great Intelligence Gathering Sources and Tools
+* Resources from Pentest-standard.org - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Intelligence_Gathering
+
+### Active Recon
+* Tons of references to scanners and vulnerability management software for active reconnaissance - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Vulnerability_Analysis