OSINT Tools

OSINT Tools


🖼️ Image & Location OSINT

  • exiftool <img>: Extracts metadata from images. Great for geolocation, device info, timestamps.

    • Tip: Run on multiple formats (.jpg, .png, .tiff) and check for GPS tags.

📧 Email & Breach Hunting

  • Tools:

    • theHarvester: Harvest emails from public sources.

    • breach-parse + h8mail: Correlate emails against breach compilations.

    • breach-parse - https://github.com/hmaverickadams/breach-parse

    • Tip: Automate .txt cleanup with regex filters to remove duplicates and false positives.

👤 Username Enumeration

  • Tools:

    • whatsmyname, sherlock: Scan platforms for a given username.

    • Tip: Combine results with breach data checks for credential reuse tracing.

📱 Phone Number OSINT

  • phoneinfoga: Scan and serve data on numbers. Great for mapping possible VoIP, carrier, and location.

    • Tip: Use with temporary numbers to avoid legal/data use issues.

📢 Social Media Intelligence

  • Twint: Twitter scraping without API limitations.

    • Tip: Filter by date, keywords, or followers to isolate threat signals.

Twint - https://github.com/twintproject/twint

🌐 Website & Subdomain Enumeration

  • Tools:

    • Subfinder, Assetfinder, Amass: Discover hidden infrastructure.

    • httprobe, gowitness: Check live status and visually snapshot them.

    • whois: Basic domain intel.

Subfinder - https://github.com/projectdiscovery/subfinder

Assetfinder - https://github.com/tomnomnom/assetfinder

httprobe - https://github.com/tomnomnom/httprobe

Amass - https://github.com/OWASP/Amass

GoWitness - https://github.com/sensepost/gowitness/wiki/Installation

Comments

Post a Comment

Popular posts from this blog

TryHackMe Learning Path From Beginner to Expert

Image
  TryHackMe Learning Path From Beginner to Expert A comprehensive TryHackMe learning path with organized sections on Introductory Rooms, Linux Fundamentals, Networking, Forensics, CTF challenges, Scripting, and more. This repo provides a structured approach to mastering cybersecurity skills through TryHackMe. Name of Topic Number of Rooms Introductory Rooms 10 Network Basics 4 Forensics 5 Networking 7 Linux Fundamentals 5 Special Events 9 Easy CTF 58 Privilege Escalation 13 Hard CTF 38 Scripting 8 Active Directory 5 Basic Rooms 9 Misc 35 Steganography 6 Reverse Engineering 11 Web 27 Crypto & Hashes 5 Medium CTF 73 Reconnaissance 10 Tooling 17 Malware Analysis 7 Wifi Hacking 1 PCAP Analysis 4 Android 1 Buffer Overflow 4 Windows 7 Windows Fundamentals 3 Total Rooms 389 Intro Rooms   TryHackMe | Welcome   TryHackMe | How to use TryHackMe   TryHackMe | Tutorial   TryHackMe | OpenVPN   TryHackMe | Learning Cyber Security   TryHackMe | Starting Out In Cy...
Read More >>

90-Day Cybersecurity Study Plan

Image
90-DayCybersecurity Study Plan 📚 Table of Contents Introduction Goals and Audience Daily BreakdownDay 1-7: Network+ Concepts Day 8-14: Security+ Concepts Day 15-28: Linux Tutorials Day 29-42: Python Day 43-56: Traffic Analysis Day 57-63: Git Day 64-70: ELK Day 71-77: GCP or AWS or Azure Day 85-90: Hacking 📘 Introduction Welcome to the  90 Days of Cybersecurity  challenge! This repository provides a structured, 90-day self-paced study plan designed to help learners build a strong foundation in cybersecurity. Whether you're a beginner looking to break into the field or a professional aiming to sharpen your skills, this roadmap offers a wide range of curated resources, hands-on tasks, and learning materials. The daily modules cover essential and advanced topics, including: Networking fundamentals (Network+) Security principles (Security+) Linux basics and shell scripting Python programming for security tasks Traffic analysis and packet inspection Version control with Git SIEM t...
Read More >>

Comprehensive Metasploitable2 Exploitation Walkthrough

Image
Comprehensive Metasploitable2 Exploitation Walkthrough This educational walkthrough demonstrates how to identify and exploit common vulnerabilities in the Metasploitable2 virtual machine using tools like Nmap, Telnet, FTP, VNC, PostgreSQL, and Apache Tomcat via Metasploit. Designed for ethical hacking practice, it guides learners through real-world exploitation techniques to highlight the importance of securing exposed services. Introduction: Metasploitable2 , developed by Rapid7 , is a valuable tool designed for developing and executing exploits against vulnerable systems. This walkthrough outlines the step-by-step process of exploiting different ports on Metasploitable2 for educational purposes. Discovery Phase: The default login credentials for the Metasploitable2 machine is msfadmin:msfadmin. Press enter or click to view image in full size Metasploitable2 Machine Identifying the victim’s IP address using the `ifconfig` command. Press enter or click to view image in full size Utiliz...
Read More >>