20618
Every day I write about #osint (Open Source Intelligence) tools and techniques. Also little bit about forensics and cybersecurity in general. Work in https://t.me/netlas
OPEN INDEX
A stable and fast search engine for finding sites in the .onion zone.
ufll4rxvrbjjgpiq2fhw6zrqf6gbz7acmgzjtmcvbkb6tgnagld5biad[.]onion
(open link in Tor Browser/online Tor proxy tool)
Tip by twitter.com/DarkWebInformer
Wolfgang
Due to Twitter API limitations, many services for analysing Twitter user interactions have stopped working.
But you can find the same person's profile in BlueSky and see BlueSky interaction using this tool:
wolfgang.raios.xyz
Tip by twitter.com/Sector035
Fact-Checking & Verification
- Fact Checking tools
- Image Verification tools
- Training & Resources
https://github.com/cqcore/Fact-Checking-Verification
Contributor twitter.com/cqcore
Wayback Machine cheat sheet
- quick Archive org viewer
- Wayback Machine CDX API queries
- command line tools
- alternatives
- search Pastebin via Archive org
Text version https://github.com/cipher387/cheatsheets
YouTube Reverse Order Search Tool
Often the best content on the internet can have little more than zero views and likes. This tool allows to sort YouTube search results in reverse order by number of views or likes (NEW).
activetk.jp/tools/yt-not-well-known
Creator twitter.com/ActiveTK5929
Backup Files Finder
A template for the Nuclei vulnerability scanner (twitter.com/pdnuclei) that allows to search for backup files on a target site.
https://github.com/valaDevs/nuclei-backupfile-finder
Creator twitter.com/Vabro_
How to download only files with a specific extension from a site/directory:
wget -r -A .pdf -e robots=off -P pdf_dir {link to site/dir}
(view pic, may not work for some sites)
This simple instruction shows how to search for leaked credentials on website using Google Chrome's Developer Tool (and anything else using #regex).
https://github.com/h4x0r-dz/Leaked-Credentials/
Contributor twitter.com/h4x0r_dz
Tip by twitter.com/RootMoksha
Just to be clear. If you specify only the domain, only the main page of the site will be downloaded.
Use Katana, GoBuster, Waymore, Dirhunt (and other tools) to search for directories on the site.
FEAT (Factcheck Explorer Analysis Tool)
Analyses information on a wide variety of queries (most of what is written about lemons on the Internet is a lie😿):
- tag/source volume
- timeline of claims
- fact check details
- statistics
https://feat.onrender.com/
Creator twitter.com/GONZOs_int
The Wednesday Updates #2(2024), our new weekly series for delivering all updates from OSINT community.
Including the current affairs, Educational blogs and videos worth watching and Event updates.
https://osintambition.substack.com/p/the-wednesday-updates-556
Don't forget to subscribe to the newsletter.
Join @osintambition for more.
Why photo geolocating is one of the most important OSINT skills by @cybdetective
https://publication.osintambition.org/why-photo-geolocating-is-one-of-the-most-important-osint-skills-88a98f741d74
Join @osintambition for more.
#osint #geolocation #geoint #cybersec #infosec #investigations
Awesome Fuzzing by twitter.com/secfigo
Cloud Fuzzers
File Format Fuzzers
Network Protocol Fuzzers
Sandboxes
Anti fuzzing
Tutorials and Blogs
and more.
https://github.com/secfigo/Awesome-Fuzzing
#pentest #cybersecurity
Hurricane Electric BGP Toolkit
Search IPs, domains and ASNs associated with specific companies.
(search by company name)
https://bgp.he.net/
Creator twitter.com/henet
#osint
OSINT Methods for Map Investigations
An article from twitter.com/Hadess_security that uses illustrated examples to show how to work with different #geoint services:
- find the distance between two places
- simulate sun shadows
- live weather tracking
etc.
https://redteamrecipe.com/osint-method-for-map-investigations
Awesome BlueSky
- charts, graphs and stats
- feeds
- migration
- alternative clients
- other tools
https://github.com/fishttp/awesome-bluesky
Tip by twitter.com/Sector035
Investigating the target website files cheat sheet
- WGET commands (most important for #osint)
- Katana commands (main)
- Tools to analyze downloaded files
Text version and other cheat sheets: https://github.com/cipher387/cheatsheets
Don't forget that it's not just archive org that has a free API, but other web archives as well. Their list is available in the API for OSINT repository.
https://github.com/cipher387/API-s-for-OSINT
Facebook search tips from twitter.com/henkvaness
- find people in groups
- find professionals
- search for specific time range
- reading feed chronologically
- search exact text matches
and more.
https://gijn.org/resource/social-search-techniques-using-facebook-from-henk-van-ess/
#socmint #osint
This article on my Medium blog is for those who have already heard something about Nuclei, but haven't yet figured out how this awesome network scanner works.
cyb_detective/using-nuclei-for-osint-5-minute-basic-guide-f8764424902b" rel="nofollow">https://medium.com/@cyb_detective/using-nuclei-for-osint-5-minute-basic-guide-f8764424902b
EXTRACTIFY
Very fast and simple #Go tool.
Extract:
- urls
- parameters
- endpoints
From:
- url
- list of urls
- local file
https://github.com/SharokhAtaie/extractify
Creator twitter.com/sharo_k_h
Tip by twitter.com/RootMoksha
Online tools to identify a location from an uploaded photo using AI:
http://geospy.web.app
http://usersearch.org (GeoSpy integration)
http://huggingface.co/spaces/ydshieh/Kosmos-2
http://picarta.ai
http://labs.tib.eu/geoestimation/
GeoGuessr GPT https://fireintel.medium.com/advanced-geolocation-with-chatgpt-df1d4c11c9a6
3 main techniques for automating document search and analysis on a company’s website
In this article I explain the usefulness of the wget flags --no-parents and --spider for #osint + ways to search for dirs on the site and automatically analyse files.
cyb_detective/3-main-techniques-for-automating-document-search-and-analysis-on-a-companys-website-66e5c3f5c87c" rel="nofollow">https://medium.com/@cyb_detective/3-main-techniques-for-automating-document-search-and-analysis-on-a-companys-website-66e5c3f5c87c
How to download the entire directory (with files and subdirectories) from a specific server/site:
wget -r --no-parent {site . com/dir} -P results
(view pic and replace path)
Tip by twitter.com/RootMoksha and Ibrahim Husic
Simple but efficient regular expression for fast text analysis:
grep -P '(?<!^)(?<!\. )[A-Z][a-z]+' text.txt
Finds all words that begin with a capital letter but are not the beginning of a sentence (highlights key information).
OSINT for Investigations
List of tools and data sources for gathering information about:
Wars
Terrorism
Cyber Crime
Organized Crime
and more.
https://github.com/CScorza/OSINTInvestigation
Contributor @cscorzaosint
101++ Linux Commands
Free ebook by @bobbyiliev_
Disk and File System Management
Text Readers & Editors
User and Group Management
File System Permissions
SSH
Cronjobs
Package Management
and more.
https://github.com/bobbyiliev/101-linux-commands-ebook
#linux #cli
Open Directory Finder
A tool that generates queries to different search engines (Google, StartPage, FilePursuit) to find direct links to download different files (movies, books, videos, images etc).
ewasion.github.io/opendirectory-finder/
Google Hacking: Google Dorks for Sensitive Information
Detailed article from twitter.com/S_S_P_01 with a lot of examples of interesting google dorks.
https://sankalppatil12112001.medium.com/google-hacking-google-dorks-for-sensitive-information-f1d5a8eedb32
7 main ways to search possible related websites using IP search engines
1. IDs of analytics and ads platforms
2. Affiliate programs IDs
3. Subdomains
4. Whois contacts
5. Files mentions
6. SSL certificates
7. Favicon
Read more:
https://github.com/netlas-io/netlas-cookbook#search-related-websites