OSINT Tools
🔭

OSINT Tools

The Hunter’s Book of OSINT

Cyber Tools

HTTP Tools

Unfurl: break down URLs to their components

  • 2D version: https://dfir.blog/unfurl/
  • 3D version: https://dfir.blog/unfurl-3d/

OSINT Tools | GitHub Curated Reference

awesome-osint

  • URL: https://github.com/jivoi/awesome-osint
  • 9f8bb33d44ae4550bfcc863430453da8
    image

    4d57eb337670421badc9454452f63b63
    image
We need to start with awesome-osint because it contains a great list of public threat intel resources. {.is-success}

Yelp Threat Intel

  • URL: https://github.com/Yelp/threat_intel
  • 6c55aac2f13f46ea97dfd80fd5dc8396
    image

    472c6f06e4654ab9a73c273cefbfb423
    image

Amazing python tool that acts as a wrapper for useful APIs: Umbrella Investigate, VirusTotal API v2.0 and ShadowServer API

CertStream

  • URL: https://github.com/huydhn/certstream-analytics
  • 89d5cf81402f4cbda11bf90777e01c39
    image

    1ef1bcddff3f4c27aa0423e7380749a7
    image

A great tool to perform analysis on domain strings: IDNA decoder, homoglyphs decoder, word segmentation, etc.

r3con1z3r

  • URL: https://github.com/abdulgaphy/r3con1z3r
  • d9ba6c0324174266bfbda0239f1952b3
    image

    d0519dd580b441f793fb1a82aab2c030
    image

This tool allows for quick an easy to read reports on specific domains. By default, it outputs a HTML file with plain text information on the domain.

Gotanda OSINT

  • URL: https://github.com/HASH1da1/Gotanda
  • d91e4db95fba491d954d7fa65ae4cbe2
    image

    ccaedf9241eb47cb87f70d7e42f77ce7
    image

Gotanda is OSINT(Open Source Intelligence) Web Extension for Firefox/Chrome. This Web Extension could search OSINT information from some IOC in web page (IP, Domain, URL, SNS, etc.).

List of supported engines

Name
URL
Category
Domain Tools
https://whois.domaintools.com/
whois Lookup
Security Trails
https://securitytrails.com/
whois lookup
whoisds
https://whoisds.com/
whois lookup
ThreatCrowd
https://www.threatcrowd.org/
Domain, IPv4
AbuseIPDB
https://www.abuseipdb.com/
IPv4
HackerTarget
https://hackertarget.com/
IPv4
Censys
https://censys.io/
IP, Domain
Shodan
https://shodan.io/
IP, Domain
FOFA
https://fofa.so/
IP, Domain
VirusTotal
https://virustotal.com/
IP, Domain, URL,Hash
GreyNoise
https://viz.greynoise.io/
IPv4
IPAlyzer
https://ipalyzer.com/
IPv4
Tor Relay Search
https://metrics.torproject.org/
IP,Domain
Domain Watch
https://domainwat.ch/
Domain, Email,whois lookup
crt.sh
https://crt.sh/
SSL-certificate
SecurityHeaders
https://securityheaders.com/
URL, Domain
DNSlytics
https://dnslytics.com/
IPv4,IPv6,ASN
URLscan
https://urlscan.io/
URL
Ultratools
https://www.ultratools.com/
IPv6
Wayback Machine
https://web.archive.org
URL
aguse
https://www.aguse.jp/
URL
check-host
https://check-host.net/
URL
CIRCL
https://cve.circl.lu/
CVE
FortiGuard
https://fortiguard.com/
CVE
Sploitus
https://sploitus.com/
CVE
Vulmon
https://vulmon.com/
CVE
CXSecurity
https://cxsecurity.com/
CVE
Vulncode-DB
https://www.vulncode-db.com/
CVE
Malshare
https://malshare.com/
MD5 Hash
ThreatCrowd
https://www.threatcrowd.org/
IP,Domain
Hybrid Analysis
https://www.hybrid-analysis.com/
hash
Twitter
https://twitter.com/
SNS, w/TimeLine
Qiita
https://qiita.com
SNS
GitHub
https://github.com
SNS
Facebook
https://www.facebook.com/
SNS, w/TimeLine
Instagram
https://www.instagram.com/
SNS
LinkedIn
https://linkedin.com/
SNS
Pinterest
https://www.pinterest.jp
SNS
reddit
https://www.reddit.com/
SNS

Hawk

  • URL: https://github.com/T0pCyber/hawk
  • 19c4579315a444008d3b9b3c18656587
    image

    4f000177045c4f49a4da92a1e4a78ff7
    image

Powershell Based tool for gathering information related to O365 intrusions and potential Breaches.

The Hawk module has been designed to ease the burden on O365 administrators who are performing a forensic analysis in their organization.

It does NOT take the place of a human reviewing the data generated and is simply here to make data gathering easier.

OSINT Online Services

RiskIQ

Threat Intelligence Platform that allows you to connect multiple third party services and brings petabytes of internet intelligence directly to your fingertips. RiskIQ does offer a community edition which is free and allows you to gather information on different IOC either via the GUI or API. You can investigate threats by pivoting through attacker infrastructure data, understand your digital assets that are internet-exposed, and map and monitor your external attack surface.

image
  • API Reference and Testing: https://api.riskiq.net.
Note: The API has two sections, the full RiskIQ platform section which uses an api_key and api_secret and the RiskIQ Community API section (aka PassiveTotal) where you can use your community account API base on user_name and api_key. The latter won’t work with the former.