20618
Every day I write about #osint (Open Source Intelligence) tools and techniques. Also little bit about forensics and cybersecurity in general. Work in https://t.me/netlas
COPYSEEKER
A reverse image search system that searches only for exact copies of the original image (in some cases determining the date it first appeared on the Internet).
https://copyseeker.net/discovery
#osint #socmint
HackerNewsRemovals
Every day dozens of posts (sometimes quite interesting) are removed from Hacker News by moderators. You can find them in this repository (updated automatically from the beginning of 2024).
https://github.com/vitoplantamura/HackerNewsRemovals
Creator twitter.com/vplanta
LeaksSearch
Command line #Python tool for searching by keyword in leaked passwords databases (ProxyNova, LocalFile).
https://github.com/JoelGMSec/LeakSearch
Creator twitter.com/JoelGMSec
WGEN
Online free AI tool which offers many possibilities to generate wordlists for different purposes.
Dozens of different settings, wordlists import, export to JSON, self-hosted version and other features.
https://app.wgen.io/
Tip by twitter.com/intigriti
Content Security Police Evaluator
Enter a list of websites URLs and check if their Content Security Policy (CSP) is potentially vulnerable to cross-site scripting attacks.
https://csp-evaluator.withgoogle.com/
Tip by twitter.com/intigriti
Free Online APK Analyzer
Upload any APK file (Android app) and view:
- requested permissions
- activities
- content providers
- broadcast receivers
- services
and more.
https://sisik.eu/apk-tool
ADVERSE MEDIA SEARCH
Enter the type of person and select one of more than a dozen types of information (view pic) you want to find about them so that the service will generate a search query for you with relevant keywords.
https://www.no-nonsense-intel.com/adverse-media-search-tool
Creator twitter.com/nononsenseintel
PyHTools
#Python toolkit for diffirent #cybersecurity purposes:
- change mac address
- scan ip range in the network;
- scan directories (with wordlist)
- scan vulnerabilities
- scan valid subdomains (with wordlist)
and more
https://github.com/dmdhrumilmistry/pyhtools
Creator twitter.com/dmdhrumilmistry
Github repos with lists of links to .onion zone domains (Part 2):
https://github.com/Scully-D/onion
https://github.com/RENANZG/My-Onion-Links
https://github.com/BigggChungus/onion-links
https://github.com/INFINITRONX/TORLINK
https://github.com/new-dark-web-links/2024
https://github.com/lightdarkmaster/OnionLinks
https://github.com/Hackers4urHelp/Onion-Links-Repository
#darknet
Jump Over Firewall Finding Original IP
Short article by twitter.com/ott3ly:
Firewall Basics
WAF Recon
Method #1 – Shodan
Method #2 – Censys
Method #3 – Security Trails
Final Tips
https://ott3rly.com/jump-over-firewall-finding-origin-ip/
GeoSpy + OpenStreetMap search = super power
https://publication.osintambition.org/geospy-openstreetmap-search-super-power-a5c0a4028cdc
A 1-minute way to geolocate road signs that show the distance to the nearest cities
https://publication.osintambition.org/a-1-minute-way-to-geolocate-road-signs-that-show-the-distance-to-the-nearest-cities-9e8d4d08b93b
How to geolocate public transport photo using OverPass Turbo and AI
https://publication.osintambition.org/how-to-geolocate-public-transport-photo-using-overpass-turbo-and-ai-32fd3dfc1849
Incident Response Plan Template (by counteractive)
- Assess
- Initiate Response
- Investigate
- Remediate
- Communicate
- Recover
https://github.com/counteractive/incident-response-plan-template/blob/master/during.md
#dfir
KALI LINUX NETWORKING COMMANDS
Mini cheat sheet for article
logicTech/kali-linux-networking-commands-in-2024-63fd6fc86b0c" rel="nofollow">https://medium.com/@logicTech/kali-linux-networking-commands-in-2024-63fd6fc86b0c by logicTech
#linux #kalilinux #cybersecurity
DORKI
A partially free online tool that allows to collect search results from different search engines (Alexandria, Yahoo, Wikispecies, Yep, Wiby etc) and export them to JSON/TXT.
dorki.io
Creator twitter.com/CytadelEu
Tip by twitter.com/fattselimi
FindeMail
Search emails by company domain (tree types of search: standard, leaks and logs).
Partly free.
https://findemail.io/
Tip by twitter.com/akaclandestine
HASHTRAY
Get Gravatar profile info by email.
It is also possible to search by nickname (the tool automatically checks 455 nickname + domain combinations of the mail service to find the address associated with Gravatar accounts).
https://github.com/balestek/hashtray
Creator twitter.com/_balestek
Unmasking Crypto Money Laundering with OSINT & Blockchain Forensics (by twitter.com/ervin_zubic )
- Essential Blockchain Analytics Tools
- Crypto Money Laundering Techniques Exposed
- Practical Crypto Money Laundering Investigation Workflow
- OSINT for Crypto AML
ervin.zubic/unmasking-crypto-money-laundering-with-osint-blockchain-forensics-6e9bb9cd2d53" rel="nofollow">https://medium.com/@ervin.zubic/unmasking-crypto-money-laundering-with-osint-blockchain-forensics-6e9bb9cd2d53
HACKYX
#Cybersecurity search engine. There are already more than 23k #CTF writeup and #bugbounty reports indexed.
https://hackyx.io/
Creators twitter.com/aituglo twitter.com/Wlayzz Tip by twitter.com/IamRenganathan
CLI Tools to automate the creation of screenshots of web pages:
https://github.com/projectdiscovery/nuclei
https://github.com/sensepost/gowitness
https://github.com/RedSiege/EyeWitness
https://github.com/michenriksen/aquatone
Open-source Aviation✈️
- ADS-D data
- Airport data
- Tools and libraries
https://github.com/lucianosrp/open-source-aviation
Contributor twitter.com/luciano_srp
Google Dorks for Bug Bounty
- sensitive documents
- code leaks
- cloud storages
- login pages
- API Endpoints
- server errors
and more.
https://github.com/TakSec/google-dorks-bug-bounty
Contributor twitter.com/TakSec
Point-and-Click OSINT: Dark Web Scraping with GUI Tools (by twitter.com/ervin_zubic)
- Dark Web #Scraping: Privacy is Everything
- Gather Dark Web Intel: Scrape Search Results with ParseHub and Ahmia
- Configure ParseHub for Dark Web Scraping
ervin.zubic/point-and-click-osint-dark-web-scraping-with-gui-tools-c434164120d5" rel="nofollow">https://medium.com/@ervin.zubic/point-and-click-osint-dark-web-scraping-with-gui-tools-c434164120d5
How to use Telegram Phone Number Checker for #OSINT
Detailed guide from twitter.com/osintnewsletter on how to install #Python tool Telegram Phone Number Checker and get Telegram API key.
https://osintnewsletter.com/p/telegram-phone-number-checker
FRAVIA: The Art of Searching
Francesco Vianello (Fravia) was one of the first internet search professionals. In the early 2000s, he published his research on SearchLores com.
Here's a PDF version of this site with additions.
https://github.com/soxoj/FRAVIA
Contributor twitter.com/soxoj
Jump Over Firewall Finding Original IP
Short article by twitter.com/ott3ly:
Firewall Basics
WAF Recon
Method #1 – Shodan
Method #2 – Censys
Method #3 – Security Trails
Final Tips
https://ott3rly.com/jump-over-firewall-finding-origin-ip/
Automate OSINT Report Writing with ChatGPT | Intel Assistant Agent
A quick guide to learn how to save a lot of time.
Briefing Objectives
Output formats
Report Structure
Interaction Protocol
https://medium.com/osint-ambition/osint-analysis-with-chatgpt-augment-your-intel-reporting-with-intel-assistant-bot-c5bceb8ba41f
Author twitter.com/ervin_zubic https://mirror.xyz/ervinzubic.eth
Wayback Keyword Search
A simple #Python tool that allows you to download all pages of a certain website for a certain period of time and do keyword searches in them.
https://github.com/lorenzoromani1983/wayback-keyword-search
Creator twitter.com/lorenzoromani
Don't forget that there are many tools available to automate your search/work with dorks. Both online and for the command line. Both paid and free.
You can find a list of them in the "Dorks collection list" Github repository:
https://github.com/cipher387/Dorks-collections-list
🤔The Master of Search Art, philosopher, and reverse engineer—who am I referring to?
☝️This individual inspired me to become who I am today. He taught the art of Internet searching when Google was just emerging!
🌹He passed away on this day several years ago, yet his legacy remains invaluable, albeit a bit forgotten.
👉That’s why I decided to prepare and publish soon a free e-book featuring his best writings.
❓Curious to learn more? First, guess and write in the comments whom I'm talking about!👇
#community
Awesome Annual Security Reports
80+ PDF files of annual security (above all #cybersecurity) reports of various large companies (published in 2022, 2023 and 2024)
https://github.com/jacobdjwilson/awesome-annual-security-reports
Contributor twitter.com/jacobdjwilson