OSINT tools

I realized the other day when doing some OSINT research that I’ve collected quite the set of tools online. My bookmarks are getting a little out of hand so for my own reference, I came up with a list. This list does NOT include tools like nmap, maltego, whois, nslookup, etc. – it’s a collection of online tools only.

People/Companies

• For people, the first thing I do is a Google search, with their name in quotes – like “bob smith”. This will usually give you lots of initial data and starting points. I will often go beyond just the .com and use the regional google for whatever country they are located in – this will sometimes give you more details.
• Sometimes you can also get additional details through bing and duckduckgo as well – but digging past the first few pages of google will often times give you what you really need. If you’ve got someone with a somewhat dark past – the next thing to fire-up is tor and do some searching on the dark web

Servers/Sites

• https://rtsak.com/ip-lookup & http://robtex.com– Can get you some good info if you have a server IP, domain, etc., Can list other sites hosted on the same servers, using same nameservers – which can come in handy, graphs & DNSBL info.
• https://viewdns.info – has lots of tools. My favorite go to for reverse whois lookup when you are trying to tie an entity to other domains.
• https://www.dnstree.com – actually uses robtex.com for some of it’s info – you can enter a domain or IP and get lots of details.
• http://domaininfoapi.org – great tool for getting tons of info related to a domain name.
• https://www.yougetsignal.com/ – meh, it’s ok and sometimes gives me info but usually ends up at a dead end. I will use this after trying other resources first.
• http://dnstrails.com/ – great tool for when you can’t find current info on a domain. It sometimes will provide historical data.
• https://who.is/ – another tool to find historical data – but often requires you to pay to get the data.

Other

• http://osintframework.com/ – this has TONS of options and can be used for everything from identity research to servers.
• https://inteltechniques.com/menu.html – This will hit multiple search engines at once if you don’t find what you need
• https://ahmia.fi (for tor searches)
• https://community.riskiq.com/ – so I haven’t actually used this yet, but it was mentioned by a co-worker. If I can ever get their registration page to work correctly I might give it a try.
• https://hashkiller.co.uk – this has come in handy a few times. Occasionally I come across a hash that I can feed this and get a result.

https://www.peerlyst.com/posts/osint-tools-colette-chamberland