20618
Every day I write about #osint (Open Source Intelligence) tools and techniques. Also little bit about forensics and cybersecurity in general. Work in https://t.me/netlas
🤖 Botnadzor.com - a platform to detect bots in VK.com by account, post, or group. API and browser extensions are available.
❓ The project is designed to disclose the scale of hidden propaganda, misinformation publicly, and lies coming from seemingly real profiles of existing people. The photos on these profiles are stolen from dating sites or other social networks.
👉 Link: https://botnadzor.org/
👉 How to detect botnets and artificial content: https://sowel.soxoj.com/artificial-content-botnets
#botnet #sowel
Cloudflare Resolver
Free online tool. Enter the name of the domain protected by CloudFlare and the service will find subdomains that are not protected by CloudFlare.
http://www.skypeipresolver.net/cloudflare.php
Four ways to search Google for sites in a particular country (!all work roughly!):
1. Search by domain:
site:.gu
2. Change language settings:
Add to &hl=fr to URL
3. Search by IP range:
site:101.99.*.*
4. Use isearchfrom.com.
Phone Number Business Registries
48 links to phone business directories for different countries (mainly Europe), where you can find a variety of information about companies (and sometimes their owners).
https://start.me/p/2p1x6J/15-phone-number-business-register
Tip by twitter.com/OSINTech_
#osint #corpint
How to Market your OSINT Tool the Right Way
A detailed article on what methods (mostly free) it's can use to promote #osint tools.
https://www.osintteam.com/how-to-market-your-osint-tool/
by twitter.com/notjasonhowarth for twitter.com/OsintTeamBlog
Shreays Chavhan (twitter.com/shreyas_chavhan) Bug Bounty Roadmap
A detailed article in which a college graduate (computer science) tells what results ($15000) he achieved in 8 months and 600+ hours of hunting and self-study using only free educational materials.
https://shreyaschavhan.notion.site/Roadmap-I-followed-to-make-15-000-Bounties-in-my-first-8-months-of-starting-out-and-my-journey-98b1b9ff621645c0b97d1e774992f300
LAZYEGG
Tool for extracting different data from web pages:
- cookies
- leaked credentials
- domains
- ips
- images
- links
and more.
https://github.com/schooldropout1337/nuclei-templates/blob/main/lazyegg.py
Creator twitter.com/gudetama_bf
#python #osint
Trace Labs OSINT Field Manual
- ethics
- safety
- planning and preparation
- techniques
- resources
https://github.com/tracelabs/tofm/blob/main/tofm.md
Contributor twitter.com/TraceLabs
APK Url Grep
When gathering information about a company, it is worth researching not only its website, but also its mobile apps (to find subdomains of the main website and potentially related websites).
https://github.com/ndelphit/apkurlgrep
Creator twitter.com/gattardi
#go
Python for Cybersecurity
A collection of a few dozen small #Python scripts to solve various problems related to pentest and #cybersecurity.
Contributor hposton
https://github.com/hposton/python-for-cybersecurity
List of 12 free online #OSINT courses for beginners with detailed descriptions (by twitter.com/S_S_P_01).
https://sankalppatil12112001.medium.com/learn-osint-for-free-best-courses-available-online-5439164b219d
MONOLITH
Quick #rust tool which saves a web page with its associated JavaScript, CSS, images and other files.
Useful for automating website analyses (searching for sensitive data, subdomains, etc.).
To be used together with web crawlers (Katana etc)
https://github.com/Y2Z/monolith
Crafting Precise Questions for Effective OSINT Investigations (by twitter.com/ervin_zubic)
- Techniques for Developing Answerable Questions
- Identifying Key Concepts
- Ensuring Reproducibility/Transparency
- Exposing Hidden Threats with Advanced Search Methods
ervin.zubic/biggest-osint-investigation-mistake-youre-making-and-how-to-fix-it-9d0bed8c1058" rel="nofollow">https://medium.com/@ervin.zubic/biggest-osint-investigation-mistake-youre-making-and-how-to-fix-it-9d0bed8c1058
OriON
Linux Virtual Machine for #OSINT based on Ubuntu.
Dozens command line pre-installed tools and different useful for investigation websites bookmarks.
https://github.com/Cl4r4-5/OriON
Tip by twitter.com/alexisolivo Creator twitter.com/NebulosaOriON_
(in Spanish 🇪🇸)
If no suitable panoramas were found for your photo location on Google Street View, try searching for the same location on Bing Street Side. The service has a large coverage area in the US and Europe.
#osint #geoint
HASHMOB
Multifunctional online tool to search password hashes.
Search for hashes (copy the text or load the list from a file, 500 hashes per hour for free), verify hashes against a certain algorithm, check password strength, download hashes lists.
hashmob.net
Business Registries around the world
Click on a country on the interactive map to get a link to the official government website where you can find out information about business entities in that country.
https://ebra.be/worldwide-registers/
#osint
When you do a search using the site: operator in Google or other search engines, don't forget that you can use it to search by part of an IP address or an exact IP address.
You can read more about how this can be useful in this article from twitter.com/wh1te_h0le:
cuncis/how-searching-by-ip-addresses-can-reveal-hidden-gems-e58b46e6fdc8" rel="nofollow">https://medium.com/@cuncis/how-searching-by-ip-addresses-can-reveal-hidden-gems-e58b46e6fdc8
browser.lol
A virtual browser inside your browser.
Useful for browsing suspicious websites or websites blocked in your country.
So far you can only run Chrome and Firefox, but other browsers (Tor etc) will be available soon.
ExportGram
A quick online tool that saves Instagram post's comments (+ usernames and number of likes) to CSV, Excel or JSON.
100 comments free.
https://exportgram.net/
#socmint
Python for AWAE (Advanced Web Attacks and Exploitation)
Quick notes about:
- os module
- urllib/urlib2
- requests
- lxml
- BeautifulSoup
and other #python packages.
https://github.com/shreyaschavhan/python-for-awae
Contributor twitter.com/shreyas_chavhan
MY OCEAN PRO
One of the most informative online map tool for exploring the seas and oceans. More than 277 datasets are available. For example:
- temperature
- salinity
- wave height
- sea ice
- acidity
- oxygen concentration
https://data.marine.copernicus.eu/viewer/expert
Creator twitter.com/CopernicusECMWF
A List of Hacker News's Undocumented Features and Behaviors
- filter posts below X points
- wayback (view the home page for a specific date)
- real-time full-text search
- topic lists
and more.
https://github.com/minimaxir/hacker-news-undocumented
Contributor twitter.com/minimaxir
Satellite Image & #OSINT
(Hunting from Space - #GEOINT — 2)
The article is about why satellite images are needed in OSINT and what services can be used to work with them.
https://snoop-ghost.medium.com/satellite-image-osint-%EF%B8%8F-54a78a267ff5
FAGAN FINDER
One of the oldest services for quick search by one keyword on different sites (since 2001!). Search for text information, pictures, video, audio, and group discussions.
+lots of tips on searching the internet and using different services
https://www.faganfinder.com/
Creator twitter.com/faganfinder
YouTube OSINT cheat sheet
- search tools
- browser extensions
- view metadata
- channel stats
- comments search
and more.
Text version and other cheats sheets:
https://github.com/cipher387/cheatsheets
Way Of Freedom. "Methods to access free internet"
A list of links to services and technical articles that will be useful for those living in countries with a high degree of internet censorship.
https://github.com/majidrezarahnavard/way_of_freedom/
Contributor majidrezarahnavard
Google Street View alternatives:
- Yandex Panoramas
- Bing Streetside
- Apple Look Around
- Baidu Total View
- Mapillary
- KartaView
List of recommended #OSINT newsletters from twitter.com/osintme:
Bullsh*t Hunting
Cyb Detective’s Substack
Digital Digging
Digital Investigations
Forensic OSINT Newsletter
OSINT Ambition
OSINT Jobs
OSINT Newsletter
Osint Team
Sector035
https://osintme.com/index.php/2024/05/17/list-of-recommended-osint-newsletters/
- Malware Collections
- Open Source Threat Intelligence tools
- Detection/Classification
- Online Scanners/Sandboxes
- Domain Analysis
- File Carving
- Deobfuscation
- Debugging and Reverse Engineering
https://github.com/rshipp/awesome-malware-analysis
Contributor Ryan Shipp