OSINT tools
OSINT tools
I realized the other day when doing some OSINT research that I’ve collected quite the set of tools online. My bookmarks are getting a little out of hand so for my own reference, I came up with a list. This list does NOT include tools like nmap, maltego, whois, nslookup, etc. – it’s a collection of online tools only.
People/Companies
- For people, the first thing I do is a Google search, with their name in quotes – like “bob smith”. This will usually give you lots of initial data and starting points. I will often go beyond just the .com and use the regional google for whatever country they are located in – this will sometimes give you more details.
- Sometimes you can also get additional details through bing and duckduckgo as well – but digging past the first few pages of google will often times give you what you really need. If you’ve got someone with a somewhat dark past – the next thing to fire-up is tor and do some searching on the dark web
Servers/Sites
- https://rtsak.com/ip-lookup & http://robtex.com– Can get you some good info if you have a server IP, domain, etc., Can list other sites hosted on the same servers, using same nameservers – which can come in handy, graphs & DNSBL info.
- https://viewdns.info – has lots of tools. My favorite go to for reverse whois lookup when you are trying to tie an entity to other domains.
- https://www.dnstree.com – actually uses robtex.com for some of it’s info – you can enter a domain or IP and get lots of details.
- http://domaininfoapi.org – great tool for getting tons of info related to a domain name.
- https://www.yougetsignal.com/ – meh, it’s ok and sometimes gives me info but usually ends up at a dead end. I will use this after trying other resources first.
- http://dnstrails.com/ – great tool for when you can’t find current info on a domain. It sometimes will provide historical data.
- https://who.is/ – another tool to find historical data – but often requires you to pay to get the data.
Other
- http://osintframework.com/ – this has TONS of options and can be used for everything from identity research to servers.
- https://inteltechniques.com/menu.html – This will hit multiple search engines at once if you don’t find what you need
- https://ahmia.fi (for tor searches)
- https://community.riskiq.com/ – so I haven’t actually used this yet, but it was mentioned by a co-worker. If I can ever get their registration page to work correctly I might give it a try.
- https://hashkiller.co.uk – this has come in handy a few times. Occasionally I come across a hash that I can feed this and get a result.
https://www.peerlyst.com/posts/osint-tools-colette-chamberland
Comentários
Postar um comentário