OSINT Resources (1) New

Download as txt, pdf, or txt
Download as txt, pdf, or txt
You are on page 1of 7

Resources of OSINT P2P Session by Lakshay Hooda (CW-245):

1. Sock Puppets:

Read these articles for better understanding :

� Intro to Creating an Effective Sock Puppet:

� https://web.archive.org/web/20210125191016/https://jakecreps.com/2018/11/02/sock-
puppets/

� My Process for Setting up Anonymous Sock Puppet Accounts(reddit):


https://www.reddit.com/r/OSINT/comments/dp70jr/my_process_for_setting_up_anonymous_
sockpuppet/

� https://github.com/Marx-wrld/OSINT-Sock-Puppet

2. Anonymity:

� Fake Name Generator: https://www.fakenamegenerator.com/

� This Person Does not Exist:https://www.thispersondoesnotexist.com/

3. Search engines:

� Google: https:https://www.google.com/

� Google Advanced Search: https://www.google.com/advanced_search


� Bing: https://www.bing.com/

� Bing Search Guide: https://www.bruceclay.com/blog/bing-google-advanced-search-


operators/

� DuckDuckGo:https://duckduckgo.com/

� DuckDuckGo Search
Guide:https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/

4. Reverse search engine:

� Google Image Search:https://images.google.com

� Yandex:https://yandex.com

� TinEye:https://tineye.com

� Fotoforensics:https://www.fotoforensics.com/

5. Email Search:

� Hunter.io:https://hunter.io/

� Phonebook.cz:https://phonebook.cz/
� Data breach checker:https://haveibeenpwned.com/

� Email Hippo:https://tools.verifyemailaddress.io/

� Email Checker:https://email-checker.net/validate

6. Password search (these all are mostly paid):

� Dehashed:https://dehashed.com/

� WeLeakInfo:https://weleakinfo.io/

� LeakCheck:https://leakcheck.io/

� SnusBase:https://snusbase.com/

� LeakPeek:https://leakpeek.com/(Mr. Oops used this in his session)

7. Username search:

� NameChk:https://namechk.com/

� WhatsMyName:https://whatsmyname.app/

� NameCheckup:https://namecheckup.com/

8. Let�s go through the process of Sherlock tool:

To install Sherlock, a command-line tool for searching usernames across various


social media platforms, you can follow these steps to set it up on Windows CMD:
(showing on windows so that Cyber Ambassadors find it simple)

a. Install Python: Sherlock requires Python to run. If you don�t have Python
installed, you can download the latest version from the official Python website
(https://www.python.org/downloads/) and follow the installation instructions.

b. Install Git: Sherlock is available on GitHub, so you need Git to clone the
repository. If you don�t have Git installed, download it from the official website
(https://git-scm.com/downloads) and follow the installation instructions.

c. Open the Windows Command Prompt (CMD): Press the Windows key + R, type �cmd� in
the Run dialog box, and press Enter.

d. Navigate to the desired directory: Use the `cd` command to navigate to the
directory where you want to install Sherlock. For example, if you want to install
it in the �Downloads� folder, type the following command and press Enter:
How to execute? (follow the commands)
9. For the exiftool tutorial:

� You can refer to this article for the installation and working
processhttps://pwnb0y.medium.com/exiftool-a-meta-data-extractor-0f2a173b81c0

https://cyberwarehack.medium.com/installing-and-using-exiftool-on-linux-
25e9562a903c

10. Some OSINT investigation case studies I would want y�all to read: (Warning: not
for the sensitive ones!)

� Unmasked the identity of the founder and admins of a website used by thousands of
pedophiles using OSINT-https://claudia-perez-lopez.medium.com/osint-unmasked-the-
identity-of-the-founder-and-admins-of-a-website-used-by-thousands-of-pedophiles-
82ec8064ba7a(this article is now removed)

� Geolocating a Gang Leader Wanted by the FBI -


https://medium.com/@bendobrown/geolocating-a-gang-lord-wanted-by-the-fbi-an-osint-
explainer-68f9b2f020be

� Uncovering a hacker group:https://blog.sociallinks.io/a-real-osint-case-


uncovering-a-hacker-group/

The purpose of sharing these case studies is to give you an example of how strong
OSINT is, how powerful your skills are, when utilized for the betterment of society
because we are the future.

11. More resources:

� Resources and organizations:

Tracelabs.orghttps://www.osinttechniques.com/osint-tools.html Canary tokens

� Investigation: intelx.io (paid)

� exif data https://fotoforensics.com/jimpl.com

and exiftools in CLI

� Webapp Target Validation WHOIS, nslookup, dnsrecon

� Subdomains

1. Google (Dorking): Using google syntax resources to narrow down pages or using
pre built resources:
2. dig

3. nmap

4. sublist3r

5. bluto

6. crt.sh

7. assetfinder

8.shodan

9. tlsx for asn numbers

Special tool: OWASP AMASS once having a list of subdomains, use http probe to check
which are alive and accessible and gowitness to take screenshots of the pages

� Assetfinder:

Really fast subdomain finder written in go command: assetfinder tesla.com also


finds domains related to the sire, only to find subdomains use "--subs-only" or
grep from given domains(better)

� Crt:

Crt.sh

can be used to find sub and sub-sub domains uses signature based certificate search
to find all the certificates relating to that domain.

Owasp Amass :

https://github.com/owasp-amass/amass?tab=readme-ov-filehttps://medium.com/
@BrownBearSec/how-to-actually-use-amass-more-effectively-bug bounty-59e83900de02

Sublist3r:

CLI tool for Domain listing

command: sublist3r -d chennai.vit.ac.in -t 100


� Virtual host:

Some test subdomains or private subdomains wont have public dns entries. Instead,
these private entries can be stored on the production server or a private internal
dns or a manual / etc/hosts file written by developer. In any case, we can try to
send requests to this private dns by sending requests to the website and use the
"host" header to specify this private dns. Since the request is sent to the web
server and interpreted there, we can use the server as a relay and use it's
internal dns record to find private testing servers/ subdomains.

We can use ffuf to fuzz the host header of an http request to a web server, further
we can use -fs to filter all the 404 or not found response by size as they may
still return a 200 code if the logic was done poorly.

ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host:

FUZZ.acmeitsupport.thm" -u http://10.10.68.137 -fs {size}

� Fingerprinting:

Fingerprinting a website, i.e finding all the specifics of that website such as
Technologies and ports

1. nmap

2. wappalyzer: firefox extension like shodan to get web technologies

3. whatweb: CLI tool to quickly get technologies and info about a website. [whatweb
vit.ac.in]
4. builtwith : an online tool that can pull detail about all the technologies a web
app is running.

5. netcat

6. BurpSuite

7. Security Headers

8. hosts

9. httpx

10. Centralops

11. dnslytics: find all the websites that are hosted from the same ip

You might also like