OSINT Resources (1) New
OSINT Resources (1) New
OSINT Resources (1) New
1. Sock Puppets:
� https://web.archive.org/web/20210125191016/https://jakecreps.com/2018/11/02/sock-
puppets/
� https://github.com/Marx-wrld/OSINT-Sock-Puppet
2. Anonymity:
3. Search engines:
� Google: https:https://www.google.com/
� DuckDuckGo:https://duckduckgo.com/
� DuckDuckGo Search
Guide:https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/
� Yandex:https://yandex.com
� TinEye:https://tineye.com
� Fotoforensics:https://www.fotoforensics.com/
5. Email Search:
� Hunter.io:https://hunter.io/
� Phonebook.cz:https://phonebook.cz/
� Data breach checker:https://haveibeenpwned.com/
� Email Hippo:https://tools.verifyemailaddress.io/
� Email Checker:https://email-checker.net/validate
� Dehashed:https://dehashed.com/
� WeLeakInfo:https://weleakinfo.io/
� LeakCheck:https://leakcheck.io/
� SnusBase:https://snusbase.com/
7. Username search:
� NameChk:https://namechk.com/
� WhatsMyName:https://whatsmyname.app/
� NameCheckup:https://namecheckup.com/
a. Install Python: Sherlock requires Python to run. If you don�t have Python
installed, you can download the latest version from the official Python website
(https://www.python.org/downloads/) and follow the installation instructions.
b. Install Git: Sherlock is available on GitHub, so you need Git to clone the
repository. If you don�t have Git installed, download it from the official website
(https://git-scm.com/downloads) and follow the installation instructions.
c. Open the Windows Command Prompt (CMD): Press the Windows key + R, type �cmd� in
the Run dialog box, and press Enter.
d. Navigate to the desired directory: Use the `cd` command to navigate to the
directory where you want to install Sherlock. For example, if you want to install
it in the �Downloads� folder, type the following command and press Enter:
How to execute? (follow the commands)
9. For the exiftool tutorial:
� You can refer to this article for the installation and working
processhttps://pwnb0y.medium.com/exiftool-a-meta-data-extractor-0f2a173b81c0
https://cyberwarehack.medium.com/installing-and-using-exiftool-on-linux-
25e9562a903c
10. Some OSINT investigation case studies I would want y�all to read: (Warning: not
for the sensitive ones!)
� Unmasked the identity of the founder and admins of a website used by thousands of
pedophiles using OSINT-https://claudia-perez-lopez.medium.com/osint-unmasked-the-
identity-of-the-founder-and-admins-of-a-website-used-by-thousands-of-pedophiles-
82ec8064ba7a(this article is now removed)
The purpose of sharing these case studies is to give you an example of how strong
OSINT is, how powerful your skills are, when utilized for the betterment of society
because we are the future.
� Subdomains
1. Google (Dorking): Using google syntax resources to narrow down pages or using
pre built resources:
2. dig
3. nmap
4. sublist3r
5. bluto
6. crt.sh
7. assetfinder
8.shodan
Special tool: OWASP AMASS once having a list of subdomains, use http probe to check
which are alive and accessible and gowitness to take screenshots of the pages
� Assetfinder:
� Crt:
Crt.sh
can be used to find sub and sub-sub domains uses signature based certificate search
to find all the certificates relating to that domain.
Owasp Amass :
https://github.com/owasp-amass/amass?tab=readme-ov-filehttps://medium.com/
@BrownBearSec/how-to-actually-use-amass-more-effectively-bug bounty-59e83900de02
Sublist3r:
Some test subdomains or private subdomains wont have public dns entries. Instead,
these private entries can be stored on the production server or a private internal
dns or a manual / etc/hosts file written by developer. In any case, we can try to
send requests to this private dns by sending requests to the website and use the
"host" header to specify this private dns. Since the request is sent to the web
server and interpreted there, we can use the server as a relay and use it's
internal dns record to find private testing servers/ subdomains.
We can use ffuf to fuzz the host header of an http request to a web server, further
we can use -fs to filter all the 404 or not found response by size as they may
still return a 200 code if the logic was done poorly.
� Fingerprinting:
Fingerprinting a website, i.e finding all the specifics of that website such as
Technologies and ports
1. nmap
3. whatweb: CLI tool to quickly get technologies and info about a website. [whatweb
vit.ac.in]
4. builtwith : an online tool that can pull detail about all the technologies a web
app is running.
5. netcat
6. BurpSuite
7. Security Headers
8. hosts
9. httpx
10. Centralops
11. dnslytics: find all the websites that are hosted from the same ip