Hackers Rest
  • Hacker's Rest
  • Tools & Cheatsheets
    • Cybersecurity YouTube Channels
  • Hacking Methodology
  • Hands-on Practice
  • Fundamentals
    • Network Fundamentals
    • Computer Fundamentals
  • Unix
    • Unix Fundamentals
    • Hardening & Setup
      • TMUX/Screen Cheatsheet
    • Red Team Notes
      • Enumeration
      • Getting Access
      • Privilege Escalation
      • Pivoting/Lateral Movement
      • Data Exfiltration
      • Persistence
    • Vim
  • Windows
    • Windows Fundamentals
    • PowerShell
    • Hardening & Setup
    • Red Team Notes
      • Enumeration
      • Getting Access
      • Privilege Escalation
      • Pivoting/Lateral Movement
      • Persistence
      • Data Exfiltration
      • Active Directory
        • Enumeration
        • Getting Access
        • Privilege Escalation
        • Persistence
      • Kerberos
      • Impacket
  • MacOS
    • MacOS Basics
    • Hardening & Configuration
    • Red Team Notes
      • Enumeration
      • Getting Access
      • Privilege Escalation
      • Persistence
  • Web
    • Burp Suite
    • DNS
    • Web Notes
      • Enumeration
      • Web Filter Bypass
      • Command Injection
      • Subdomain/Virtual Host Enumeration
      • The Web Application Hacker's Handbook
  • Mobile
    • iOS
    • Android
  • OS Agnostic
    • Basic Enumeration
    • Cryptography & Encryption
    • Network Hardware
    • OS Agnostic
    • OSINT
    • Password Cracking
      • Gathering the Hashes
      • Wordlist Manipulation
      • Cracking the Hashes
    • Pivoting
      • Chisel
      • Plink.exe
      • SSH
      • Sshuttle
      • Socat
    • Reverse Engineering & Binary Exploitation
      • Buffer Overflow
    • Scripting
      • Script Language Syntax
    • SQL
    • SSH & SCP
    • Steganography
    • Wireless
  • Unsorted
Powered by GitBook
On this page
  • OSINT Multitool
  • Google Account Enumeration
  • Multipurpose
  • Domain/IP Recon
  • Mail server blacklist enumerator
  • Dark web exposure
  • New acquisitions
  • Email
  • Social Media
  • Social media search engine
  • Accounts registered by email
  • Enumerate usernames
  • Twitter
  • Instagram
  • Facebook
  • Skype
  • Forums
  • Pastebin
  • Advanced Search
  • Search with results grouped by topic
  • Search by Region/ Augmented keyword search
  • Source code search engines
  • Credential Leak Sites

Was this helpful?

Edit on GitHub
  1. OS Agnostic

OSINT

PreviousOS AgnosticNextPassword Cracking

Last updated 4 years ago

Was this helpful?

OSINT Multitool

Google Account Enumeration

This writeup from Sector035 gives a detailed walk through of how to get a wealth of information from a Google account such as a @gmail.com email address.

Some of the steps for doing this require you to actually sign in to a Google account, and to add the target as a contact. A burner account or sock puppet are recommended if you are doing this for a real engagement.

https://developers.google.com/identity/sign-in/web/people https://developers.google.com/people/api/rest/v1/people/get

Multipurpose

  • https://shodan.io/

  • https://www.zoomeye.org/

  • https://leakix.net/

  • https://www.yougetsignal.com/

  • https://intelx.io/

  • https://pentest-tools.com/

  • https://osintframework.com/

RiskIQ’s Community Edition -

Threat Hunter

  • Access the most comprehensive internet data sets available to track adversaries across the internet

  • Pivot across passive DNS, WHOIS, SSL certificates, web trackers, and more

  • Enrich internal controls and logs to uncover, understand, and respond to external threats

  • Monitor threat infrastructure for changes or new, similar artifacts

Threat Defender

  • Understand your Digital Footprint® and how you’re exposed from the outside in

  • Discover unknown assets, exposures, and vulnerabilities

  • Get alerts when your brand or trademarked terms appear in new domains and WHOIS contact information

  • View digital assets details such as domain attributes, IP address, and registrant details

https://censys.io/ - Attack surface enumeration

Discover every asset in your attack surface, known or unknown.

Domain/IP Recon

  • https://domainbigdata.com/

  • https://viewdns.info/

  • http://bgp.he.net/

  • https://rapiddns.io/

  • https://dnsdumpster.com/

  • https://www.whoxy.com/

  • http://whois.domaintools.com/

https://www.robtex.com/ - Good for geo-location of IP origin

Robtex is used for various kinds of research of IP numbers, Domain names, etc

Robtex uses various sources to gather public information about IP numbers, domain names, host names, Autonomous systems, routes etc. It then indexes the data in a big database and provide free access to the data.

https://opendata.rapid7.com/sonar.fdns_v2/

Project Sonar produces a Forward DNS dataset every week or so. This data is created by extracting domain names from a number of sources and then sending an ANY query for each domain. The sources used to build the list of domains include:

  • Reverse DNS (PTR) Records

  • Common Name and SubjectAltName fields from SSL Certificates

  • HTML elements and Location headers seen in HTTP responses

  • Zone files from COM, INFO, ORG, NET, BIZ, INFO and other TLDs

  • Zone files from gTLDs

The data format is a gzip-compressed JSON file, where each line of the file is a JSON document with attributes for the record name, type, value and time of resolution.

Mail server blacklist enumerator

  • http://multirbl.valli.org/

Dark web exposure

  • https://immuniweb.com/radar/

New acquisitions

  • https://crunchbase.com/

Email

  • https://hunter.io/

    • Email Domain enumeration

  • https://emkei.cz/

    • Fake email sender

Social Media

Social media search engine

  • https://kribrum.io/

    • This page is in Russian!

Accounts registered by email

  • emailrep.io

Enumerate usernames

  • https://whatsmyname.app/

Twitter

  • https://tinfoleak.com/

Instagram

  • https://www.searchmy.bio/

Facebook

Skype

  • https://mostwantedhf.info/

Forums

  • https://boardreader.com/

Pastebin

  • https://psbdmp.ws/

Advanced Search

Search with results grouped by topic

  • https://search.carrot2.org/

Search by Region/ Augmented keyword search

  • https://swisscows.com/

Source code search engines

  • https://publicwww.com/

    • Can search by language or feature

  • https://searchcode.com/

    • Search public repositories

  • https://www.shhgit.com/

    • Searches for "secrets" inside git code repos

    • FOSS version at https://github.com/eth0izzle/shhgit

Credential Leak Sites

Run by Troy Hunt, haveibeenpwned.com is one of the best for checking whether an email address has been involved in a credential breach.

Not all of these sites below are trustworthy. Do not enter any credentials that are in use, or you plan to use into any searches!

  • https://link-base.org/index.php

  • http://xjypo5vzgmo7jca6b322dnqbsdnp3amd24ybx26x5nxbusccjkm4pwid.onion/

  • http://pwndb2am4tzkvold.onion

  • https://weleakinfo.to/

  • https://www.dehashed.com/search?query=

  • https://rslookup.com

  • https://leakcheck.net

  • https://snusbase.com

  • https://leakpeek.com

  • https://breachchecker.com

  • https://leak-lookup.com

  • https://weleakinfo.to

  • https://leakcheck.io

  • http://scylla.sh

  • http://scatteredsecrets.com

  • https://joe.black/leakengine.html

  • https://services.normshield.com/data-breach

  • https://leakedsource.ru/main/

  • https://leaked.site/

  • https://ghostproject.fr/

  • https://haveibeensold.app/

  • https://vigilante.pw/

  • https://nuclearleaks.com/

  • https://hashes.org/

  • https://leak.sx/

  • https://leakcorp.com/login

  • https://private-base.info/

  • https://4iq.com/

  • https://intelx.io

  • https://leakprobe.net

If you like this content and would like to see more, please consider buying me a coffee!

OSINT Framework
Mind map of many many OSINT tools and websites
LogoGetting a Grasp on GoogleID’sMedium
LogoHave I Been Pwned: Check if your email has been compromised in a data breach