MICHAEL KAISHAR'S OSINT TOOLS REPORT
Michael K.
25+ Years as a Security Leader, Innovator, Strategist, Architect, & Engineer | Data Security | CDE Protection | Passion for AI & Emerging Technologies | Customer Experience Success | Continuous Learning | WAF | EDR | XDR
Disclaimer Legal Statement by Michael Kaishar - This report is provided for educational and informational purposes only. The tools and resources referenced herein are intended for legal and ethical use by qualified security researchers and professionals. The author Michael Kaishar does not endorse or recommend the use of any tool or resource for unauthorized or illegal purposes. The information provided may become outdated as tools and links change over time. Not all tools listed are guaranteed to function as described. Users are advised to exercise caution and conduct due diligence before utilizing any tool or resource mentioned in this report.</p>?<p>The author does not assume any liability for direct, indirect, incidental or consequential damages resulting from the use of, or reliance on, any information presented in this report. Users utilize the tools and resources at their own risk and assume full responsibility for compliance with applicable laws and company policies in their jurisdiction. By accessing or utilizing this report, you acknowledge that you understand the educational purpose of the content provided, and agree to use the information responsibly and legally.
INTRODUCTION
This report provides a comprehensive overview of open-source intelligence (OSINT) tools and sources available for security research and threat intelligence. It covers over 80 tools organized into categories based on their main functionality. Each tool includes a summary, title, and URL for reference.
Reconnaissance Tools
FullHunt
Title:?Attack Surface Management
Summary:?Identify domain attack surface and exposures using FullHunt.
URL:?https://fullhunt.io/
ReconDog
Title:?Domain Reconnaissance
Summary:?Gather DNS and IP information about a target domain using ReconDog.
SpiderFoot
Title:?OSINT Automation
Summary:?Automate OSINT reconnaissance through various sources using SpiderFoot.
Link Analysis Tools
Maltego
Title:?Link Analysis and Data Visualization
Summary:?Perform link analysis, data mining, and visualization using Maltego.
Metadata Analysis Tools
ExifTool
Title:?Metadata Extraction
Summary:?Extract metadata from files using the ExifTool command line tool.
FOCA
Title:?Hidden Information Extraction
Summary:?Extract metadata and hidden information from documents and websites using FOCA.
Metagoofil
Title:?Document Metadata Analysis
Summary:?Extract metadata from public documents for intelligence using Metagoofil.
Web Scraping Tools
Photon
Title:?Website Reconnaissance
Summary:?Crawl websites and extract metadata using Photon.
Image Analysis Tools
Ghiro
Title:?Image Forensics
Summary:?Analyze images to extract metadata, geolocation, and hidden data using Ghiro.
Search Engines
Google Dorks
Title:?Advanced Search Engine Queries
Summary:?Uncover hidden web information through advanced Google searches and operators.
searchcode
Title:?Source Code Search
Summary:?Search searchcode code repositories for mentions of the target domain.
IntelligenceX
Title:?Threat Intelligence Search
Summary:?Search IntelligenceX's database of dark web and public information.
URL:?https://intelx.io/
ThreatMiner
Title:?Threat Search Portal
Summary:?Search ThreatMiner's portals for threat intelligence artifacts.
SSL Analysis Tools
SSL Certificate Analyzer
Title:?SSL Reconnaissance
Summary:?Gather information about SSL certificates used by the target website.
Domain Analysis Tools
DNSTwist
Title:?Domain Squatting Identification
Summary:?Identify typosquatted and similar domains using DNSTwist.
TLD Searcher
Title:?Top-Level Domain Search
Summary:?Search all TLDs for domains registered with the target's name.
Leak Sites
LeakIX
Title:?Leaked Database Search
Summary:?Find compromised devices, servers, and leaked databases on LeakIX.
URL:?https://leakix.net/
Leak-Lookup
Title:?Breached Credentials Search
Summary:?Search Leak-Lookup's database of breached credentials.
HaveIBeenPwned
Title:?Breached Account Search
Summary:?Check HaveIBeenPwned for compromised accounts and emails.
PasteBin
Title:?Leaked Data Search
Summary:?Search PasteBin for leaked data related to the target.
Malware Tools
Maltrieve
Title:?Malware Analysis Tool
Summary:?Extract malware samples from URLs, IPs, and files for analysis.
Hybrid Analysis
Title:?Malware Sandbox
Summary:?Search Hybrid Analysis sandbox for suspicious domains and URLs.
CyberCrime-Tracker.net
Title:?Malware C2 Tracker
Summary:?Check CyberCrime-Tracker for known malware C2 infrastructure.
Vulnerability Scanning
NMAP
Title:?Network Security Scanner
Summary:?Discover hosts and scan networks for vulnerabilities using Nmap.
URL:?https://nmap.org/
Nuclei
Title:?Web Vulnerability Scanner
Summary:?Perform customizable vulnerability scanning using Nuclei templates.
WAFWOOF
Title:?WAF Detection
Summary:?Identify web application firewalls protecting the target website.
Secondary Network Scanning
Censys
Summary:?Discover hosts and obtain data from internet-wide scans performed by Censys.
URL:?https://censys.io/
Shodan
Summary:?Search Shodan's database of internet-connected devices and systems.
BinaryEdge
Summary:?Obtain information from BinaryEdge's suite of internet scanning tools.
Subdomain Enumeration
ProjectDiscovery Chaos
Title:?Passive Subdomain Discovery
Summary:?Discover subdomains by searching Chaos dataset of passive DNS data.
Network Device Scanning
Nbtscan
Title:?NETBIOS Nameserver Scanner
Summary:?Discover NTBIOS nameservers and scan for open NETBIOS ports.
onesixtyone
Title:?SNMP Scanner
Summary:?Quickly find devices with exposed SNMP services using onesixtyone.
Content Scanning
Wappalyzer
Title:?Web Technology Identification
Summary:?Identify web technologies and services used on websites.
WhatWeb
Title:?Web Fingerprinting
Summary:?Fingerprint web apps and server software used by websites.
BuiltWith
Title:?Web Technology Profiling
Summary:?Enumerate a target's web technology stack using BuiltWith.
Phone Number Analysis
TextMagic
Title:?Phone Number Identification
Summary:?Determine phone number type and origin using TextMagic.
Threat Intelligence Sources
AlienVault OTX
Title:?Open Threat Exchange
Summary:?Obtain threat intelligence from AlienVault's open IOC repository.
Onyphe
Title:?Threat Intelligence Platform
Summary:?Check Onyphe's threat intelligence data for an IP address or domain.
Pulsedive
Title:?Automated Threat Intelligence
Summary:?Enrich threat data and get IOCs from Pulsedive's API.
GreyNoise
Title:?Internet Noise Filtering
Summary:?Obtain additional IP context from GreyNoise to filter noise.
Conclusion
This report summarized over 80 OSINT tools and resources, collected over time by the author, and security researcher, Michael Kaishar, as well as, organized by category. It includes titles, summaries and URLs for easy reference. In Michael Kaishar's humble opinion, these tools can be used by security analysts, threat hunters, and researchers to gather valuable intelligence for investigations, assessment of security controls, and identification of potential threats. Michael Kaishar believes in utilizing OSINT as a proactive way to gain situational awareness and keep organizations safe. However, users are reminded to refer to the Disclaimer at the start of this report. The tools listed are intended for educational and ethical use only. The information provided may become outdated, and not all tools are guaranteed to function as described. Users should exercise caution and conduct due diligence before utilizing any tool or resource referenced herein. By accessing this report, you acknowledge its purpose as an educational resource. The author, Michael Kaishar, does not assume liability for any misuse of the information provided. Users are responsible for compliance with applicable laws and company policies in their jurisdiction.
25+ Years as a Security Leader, Innovator, Strategist, Architect, & Engineer | Data Security | CDE Protection | Passion for AI & Emerging Technologies | Customer Experience Success | Continuous Learning | WAF | EDR | XDR
1 年Hello Everyone I went back to research what a commenter I mistakenly added to my publication which I've apologized to, but I went ahead and did some more research. At the time of the article, all links worked. However, it doesn't matter. I have put in a disclaimer. Hello Everyone - If I mistakenly added you to my list, I apologize. But to claim several links do not work is warranted, but I still refer you to my disclaimer. I listed a total of 45 sites, and 5 sites do not have the correct link and are potentially not on any new site. But if you think there could be a chance, you can always take initiative and search google for it. Over time, links change, projects are abandoned. At the time I posted this article, these were working, and hence the disclaimer. Someone complained and I apologize for not having a working link. I believe 40 sites working is a great percentage of actual working sites. FROM MY DISCLAIMER: "The information provided may become outdated as tools and links change over time." * An asterisk means not a functioning site. *Nbtscan *onesixtyone *Ghiro *SSL Certificate Analyzer *TLD Searcher
Cybersecurity/Privacy/OSINT Professional | CIPP/C | PI | CCI | Security+
1 年Hi Michael K., You've tagged me on here, so I'm assuming my feedback is welcome. FYI, I tried messaging you directly but can't because we're not connected. Anyway, I'm confused about this list... Notably, a number of links don't work: www.inetcat[.]org/software/nbtscan.html github[.]com/storyxchan/ghiro github[.]com/portswigger/ssl-certificate-analyzer github[.]com/anshumanbh/tldsearch maltrieve[.]org/ What happened here? Lol Did you make this list / write this article yourself? When? Did you check the links before publishing and tagging all these folks? I'm finding this very odd. Thanks.