- The page is bare, really need to do a OSINT course ;)
- https://www.google.com/
- https://www.bing.com/
- https://duckduckgo.com/
- https://www.baidu.com/
- https://yandex.com/
site:hackdefense.com filetype:pdf
searchterm site:example.com
"search this string"
- Settings up a anonymous sockpuppet
- https://www.reddit.com/r/OSINT/comments/dp70jr/my_process_for_setting_up_anonymous_sockpuppet/
dig <DOMAIN> +short
- Check who owns the IP, where is it hosted?
whois <IP>
./spoofcheck.py <DOMAIN>
theHarvester -d <DOMAIN> -b google -l 500
whatsmyname -u <USERNAME>
sherlock <USERNAME>
- https://www.dehashed.com/
- https://www.weleakinfo.to/
- https://leakcheck.io/
- https://snusbase.com/
- https://scylla.sh/
- https://haveibeenpwned.com/
./breach-parse.sh @<DOMAIN> password.txt
h8mail -t <EMAIL>
h8mail -t <EMAIL> -bc "/opt/breach-parse/BreachCompilation/" -sk
- https://www.whitepages.com/
- https://www.truepeoplesearch.com/
- https://www.fastpeoplesearch.com/
- https://www.fastbackgroundcheck.com/
- https://webmii.com/
- https://peekyou.com/
- https://www.411.com/
- https://www.spokeo.com/
- https://thatsthem.com/
- https://www.truecaller.com/
- https://calleridtest.com/
- https://infobel.com/
- Can also check out logins, forget password and check for phone number!
phoneinfoga scan -n <COUNTRYCODE><PHONENUMBER>
- whois / dns etc
- https://centralops.net/co/
- https://spyonweb.com/
- https://dnslytics.com/reverse-ip
- https://viewdns.info/
- https://spyonweb.com/
- https://www.virustotal.com/
- Alert on changes on website: https://visualping.io/
- Look for backlinks: http://backlinkwatch.com/index.php
- Script that uses multiple tools to enumerate subdomains: https://github.com/Gr1mmie/sumrecon
- Gui tool: https://dnsdumpster.com/
sublister -domain <DOMAIN>
dnscan.py <DOMAIN>
whatweb <URL>
- https://images.google.com/
- https://yandex.com/images/
- https://tineye.com/
- Drag the image in
- Location data is already way more secure, but might still get something.
- http://exif.regex.info/exif.cgi
exiftool <img>
- https://www.geoguessr.com/
- https://somerandomstuff1.wordpress.com/2019/02/08/geoguessr-the-top-tips-tricks-and-techniques/
- https://twitter.com/search-advanced
- https://socialbearing.com/
- https://www.twitonomy.com/
- http://sleepingtime.org/
- https://mentionmapp.com/
- https://tweetbeaver.com/
- http://spoonbill.io/
- https://tinfoleak.com/
- https://tweetdeck.com/
twint -u <USER> -s <STRING>
- https://wopita.com/
- https://codeofaninja.com/tools/find-instagram-user-id/
- https://www.instadp.com/
- https://imginn.com/
- Check them out on LinkedIn / Twitter / Social media etc.
- https://opencorporates.com/
- https://www.aihitdata.com/
#!/bin/bash
domain=$1
RED="\033[1;31m"
RESET="\033[0m"
info_path=$domain/info
subdomain_path=$domain/subdomains
screenshot_path=$domain/screenshots
if [ ! -d "$domain" ];then
mkdir $domain
fi
if [ ! -d "$info_path" ];then
mkdir $info_path
fi
if [ ! -d "$subdomain_path" ];then
mkdir $subdomain_path
fi
if [ ! -d "$screenshot_path" ];then
mkdir $screenshot_path
fi
echo -e "${RED} [+] Checkin' who it is...${RESET}"
whois $1 > $info_path/whois.txt
echo -e "${RED} [+] Launching subfinder...${RESET}"
subfinder -d $domain > $subdomain_path/found.txt
echo -e "${RED} [+] Running assetfinder...${RESET}"
assetfinder $domain | grep $domain >> $subdomain_path/found.txt
#echo -e "${RED} [+] Running Amass. This could take a while...${RESET}"
#amass enum -d $domain >> $subdomain_path/found.txt
echo -e "${RED} [+] Checking what's alive...${RESET}"
cat $subdomain_path/found.txt | grep $domain | sort -u | httprobe -prefer-https | grep https | sed 's/https\?:\/\///' | tee -a $subdomain_path/alive.txt
echo -e "${RED} [+] Taking dem screenshotz...${RESET}"
gowitness file -f $subdomain_path/alive.txt -P $screenshot_path/ --no-http