cyber-security-resources/osint/README.md

Open-source Intelligence (OSINT)

Open-source intelligence (OSINT) is data collected from open source and publicly available sources. The following are a few OSINT resources and references:

Passive Recon Tools:

• AMass
• Exiftool
• ExtractMetadata
• Findsubdomains
• FOCA
• IntelTechniques
• Maltego
• Recon-NG
• Scrapy
• Screaming Frog
• Shodan
• SpiderFoot
• theHarvester
• Visual SEO Studio
• Web Data Extractor
• Xenu
• ParamSpider

The OSINT Framework

• OSINT Framework

Open Source Threat Intelligence

• GOSINT - a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence.
• Awesome Threat Intelligence - A curated list of awesome Threat Intelligence resources. This is a great resource and I try to contribute to it.

Active and Passive Reconnaissance Tips and Tools

Passive Recon

Website Exploration and "Google Hacking"

• censys - https://censys.io
• Spyse - https://spyse.com
• netcraft - https://searchdns.netcraft.com
• Google Hacking Database (GHDB) - https://www.exploit-db.com/google-hacking-database
• ExifTool - https://www.sno.phy.queensu.ca/~phil/exiftool
• Certficate Search - https://crt.sh/
• Huge TLS/SSL certificate DB with advanced search - https://certdb.com
• Google Transparency Report - https://transparencyreport.google.com/https/certificates
• SiteDigger - http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx

IP address and DNS Lookup Tools

• bgp
• Bgpview
• DataSploit (IP Address Modules)
• Domain Dossier
• Domaintoipconverter
• Googleapps Dig
• Hurricane Electric BGP Toolkit
• ICANN Whois
• Massdns
• Mxtoolbox
• Ultratools ipv6Info
• Viewdns
• Umbrella (OpenDNS) Popularity List

Social Media

• A tool to scrape LinkedIn: https://github.com/dchrastil/TTSL
• cree.py http://ilektrojohn.github.com/creepy

Whois

WHOIS information is based upon a tree hierarchy. ICANN (IANA) is the authoritative registry for all of the TLDs and is a great starting point for all manual WHOIS queries.

• ICANN - http://www.icann.org
• IANA - http://www.iana.com
• NRO - http://www.nro.net
• AFRINIC - http://www.afrinic.net
• APNIC - http://www.apnic.net
• ARIN - http://ws.arin.net
• LACNIC - http://www.lacnic.net
• RIPE - http://www.ripe.net

BGP looking glasses

• BGP4 - http://www.bgp4.as/looking-glasses
• BPG6 - http://lg.he.net/

DNS

• dnsenum - http://code.google.com/p/dnsenum
• dnsmap - http://code.google.com/p/dnsmap
• dnsrecon - http://www.darkoperator.com/tools-and-scripts
• dnstracer - http://www.mavetju.org/unix/dnstracer.php
• dnswalk - http://sourceforge.net/projects/dnswalk

Dark Web OSINT Tools

Dark Web Search Engine Tools

• Ahmia Search Engine and their GitHub repo
• DarkSearch and their GitHub repo
• Katana
• OnionSearch
• Search Engines for Academic Research
• DarkDump

Tools to Obtain Information of .onion Links

• H-Indexer
• Hunchly
• Tor66 Fresh Onions

Tools to scan onion links

• Onioff
• Onion-nmap
• Onionscan

Tools to Crawl Dark Web Data

• TorBot
• TorCrawl
• OnionIngestor

Other Great Intelligence Gathering Sources and Tools

• Resources from Pentest-standard.org - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Intelligence_Gathering

Active Recon

• Tons of references to scanners and vulnerability management software for active reconnaissance - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Vulnerability_Analysis