Skip to content

OSINT cheat sheet, list OSINT tools, dataset, article, book and OSINT tips

Notifications You must be signed in to change notification settings

hudsonrock-partnerships/OSINT-Cheat-sheet

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OSINT CHEAT SHEET - List OSINT Tools

Github Badge

Contains a list of OSINT tools, OSINT tips, datasets, Maltego transform and others. There are free and paid tools you can use and owner is not responsible, only for knowledge or educational purposes. Sorry if some of the resources have closed the service or error owner doesn't always check what's going on with the resources here, thank you

Tips and trick safe guide using resources

  • Use virtual machine, fake host or docker image
  • Use private network e.g vpn, tor, p2p
  • Use second account (not you real account)
  • Read ToS the resouces
  • Enable your firewall and IDS
  • Dont upload your private files make sure you have clean personal file in folder

Linux Distribution for OSINT

You can build it with VM or Live USB make sure you have sandbox machine

EXIF TOOL COMMAND

Exif tag name and data type

Artist string

Author string

Caption string

Categories string

Collections string

DateTime date

DPP lang-alt

EditStatus string

FixtureIdentifier string

Keywords string

Notes string

ObjectCycle string

OriginatingProgram string

Rating real

Rawrppused boolean

ReleaseDate string

ReleaseTime string

RPP lang-alt

Snapshots string

Tagged boolean

More : man exiftool (Run on your terminal)

Site :

Write metadata

  • exiftool -tagname="string" file

example : exiftool -Author="Bayu" test.txt

you can add multiple tag and multiple file

Delete metadata

  • exiftool -tagname="" file

example : exiftool -Author="" test.txt

Delete mass metadata

  • exiftool -all="" file

example : exiftool -all="" file

#Usage : man exiftool or read documentation exiftool.org

Not there are tag no writetable, make sure tagname can write

Automated tool by David Bombal

!Note

Use fresh file, if your file has been compressed or edit metadata you got a default metadata You can use xmp format for edit, write and delete metadata Check the documentation

SOCMINT

Collection Dataset

Forums & Sites

General Search

Meta Search

Code Search

Competitive Programming

File & FTP

Social Media Search and Monitoring

Social Media Management and Content Discovery

Web Intelligence

Analysing URLs

Researching Cyber Threats

IoT Search Engines

IP Addresses

  • Whats my ip This tools can show your ip address isp provider
  • Ip 2 location This tools can show your ip address isp provider and geo location

Wireless Network

SOC & Threat Hunting

Tips

You can find the file hash or other threat indicator

Automation Dorking

Github Dork

Dorking

Dorking is a wonderful thing, you can use this technique to search for anything such as index of a website, looking for live online camera server and other specifics, as for dorking commands that you can do for example

  1. intitle: Search for specific titles
  2. inurl: Search for specific urls or paths
  3. intext: Search for specific words or contects
  4. filetype: Search for files
  5. site: Search from a specified target
  6. Wildcard or symbol * (star) Find all web pages, for example: seccodeid*
  7. Define:term Search for all things with specified terms, example define:seccodeid
  8. cache page Take a snapshot of an indexed page. Google uses this to find the right page for the query you're looking for. Website or target specifically
  9. allintext: Searches for specific text contained on a web page
  10. allinurl: Find various keywords in a URL
  11. allintitle: Restricts results to those containing all terms specified in a title
  12. link: List of web pages that have links to the specified URL
  13. (|) Pipe. This is a logical operator, | "tips" will show all the sites which contain either, or both words
  14. (+) Used to concatenate words, useful to detect pages that use more than one specific key
  15. (-) Minus operator avoids showing results that contain certain words, e.g. security -trails will show pages that use "security" in their text, but not those that have the word "trails"

Example

".mlab.com password"
"access_key"
"access_token"
"amazonaws"
"api.googlemaps AIza"
"api_key"
"api_secret"
"apidocs"
"apikey"
"apiSecret"
"app_key"
"app_secret"
"appkey"
"appkeysecret"
"application_key"
"appsecret"
"appspot"
"auth"
"auth_token"
"authorizationToken"
"aws_access"
"aws_access_key_id"
"aws_key"
"aws_secret"
"aws_token"
"AWSSecretKey"
"bashrc password"
"bucket_password"
"client_secret"
"cloudfront"
"codecov_token"
"config"
"conn.login"
"connectionstring"
"consumer_key"
"credentials"
"database_password"
"db_password"
"db_username"
"dbpasswd"
"dbpassword"
"dbuser"
"dot-files"
"dotfiles"
"encryption_key"
"fabricApiSecret"
"fb_secret"
"firebase"
"ftp"
"gh_token"
"github_key"
"github_token"
"gitlab"
"gmail_password"
"gmail_username"
"herokuapp"
"internal"
"irc_pass"
"JEKYLL_GITHUB_TOKEN"
"key"
"keyPassword"
"ldap_password"
"ldap_username"
"login"
"mailchimp"
"mailgun"
"master_key"
"mydotfiles"
"mysql"
"node_env"
"npmrc _auth"
"oauth_token"
"pass"
"passwd"
"password"
"passwords"
"pem private"
"preprod"
"private_key"
"prod"
"pwd"
"pwds"
"rds.amazonaws.com password"
"redis_password"
"root_password"
"secret"
"secret.password"
"secret_access_key"
"secret_key"
"secret_token"
"secrets"
"secure"
"security_credentials"
"send.keys"
"send_keys"
"sendkeys"
"SF_USERNAME salesforce"
"sf_username"
"site.com" FIREBASE_API_JSON=
"site.com" vim_settings.xml
"slack_api"
"slack_token"
"sql_password"
"ssh"
"ssh2_auth_password"
"sshpass"
"staging"
"stg"
"storePassword"
"stripe"
"swagger"
"testuser"
"token"
"x-api-key"
"xoxb "
"xoxp"
[WFClient] Password= extension:ica
access_key
bucket_password
dbpassword
dbuser
extension:avastlic "support.avast.com"
extension:bat
extension:cfg
extension:env
extension:exs
extension:ini
extension:json api.forecast.io
extension:json googleusercontent client_secret
extension:json mongolab.com
extension:pem
extension:pem private
extension:ppk
extension:ppk private
extension:properties
extension:sh
extension:sls
extension:sql
extension:sql mysql dump
extension:sql mysql dump password
extension:yaml mongolab.com
extension:zsh
filename:.bash_history
filename:.bash_history DOMAIN-NAME
filename:.bash_profile aws
filename:.bashrc mailchimp
filename:.bashrc password
filename:.cshrc
filename:.dockercfg auth
filename:.env DB_USERNAME NOT homestead
filename:.env MAIL_HOST=smtp.gmail.com
filename:.esmtprc password
filename:.ftpconfig
filename:.git-credentials
filename:.history
filename:.htpasswd
filename:.netrc password
filename:.npmrc _auth
filename:.pgpass
filename:.remote-sync.json
filename:.s3cfg
filename:.sh_history
filename:.tugboat NOT _tugboat
filename:_netrc password
filename:apikey
filename:bash
filename:bash_history
filename:bash_profile
filename:bashrc
filename:beanstalkd.yml
filename:CCCam.cfg
filename:composer.json
filename:config
filename:config irc_pass
filename:config.json auths
filename:config.php dbpasswd
filename:configuration.php JConfig password
filename:connections
filename:connections.xml
filename:constants
filename:credentials
filename:credentials aws_access_key_id
filename:cshrc
filename:database
filename:dbeaver-data-sources.xml
filename:deployment-config.json
filename:dhcpd.conf
filename:dockercfg
filename:environment
filename:express.conf
filename:express.conf path:.openshift
filename:filezilla.xml
filename:filezilla.xml Pass
filename:git-credentials
filename:gitconfig
filename:global
filename:history
filename:htpasswd
filename:hub oauth_token
filename:id_dsa
filename:id_rsa
filename:id_rsa or filename:id_dsa
filename:idea14.key
filename:known_hosts
filename:logins.json
filename:makefile
filename:master.key path:config
filename:netrc
filename:npmrc
filename:pass
filename:passwd path:etc
filename:pgpass
filename:prod.exs
filename:prod.exs NOT prod.secret.exs
filename:prod.secret.exs
filename:proftpdpasswd
filename:recentservers.xml
filename:recentservers.xml Pass
filename:robomongo.json
filename:s3cfg
filename:secrets.yml password
filename:server.cfg
filename:server.cfg rcon password
filename:settings
filename:settings.py SECRET_KEY
filename:sftp-config.json
filename:sftp-config.json password
filename:sftp.json path:.vscode
filename:shadow
filename:shadow path:etc
filename:spec
filename:sshd_config
filename:token
filename:tugboat
filename:ventrilo_srv.ini
filename:WebServers.xml
filename:wp-config
filename:wp-config.php
filename:zhrc
HEROKU_API_KEY language:json
HEROKU_API_KEY language:shell
HOMEBREW_GITHUB_API_TOKEN language:shell
jsforce extension:js conn.login
language:yaml -filename:travis
msg nickserv identify filename:config
org:Target "AWS_ACCESS_KEY_ID"
org:Target "list_aws_accounts"
org:Target "aws_access_key"
org:Target "aws_secret_key"
org:Target "bucket_name"
org:Target "S3_ACCESS_KEY_ID"
org:Target "S3_BUCKET"
org:Target "S3_ENDPOINT"
org:Target "S3_SECRET_ACCESS_KEY"
password
path:sites databases password
private -language:java
PT_TOKEN language:bash
redis_password
root_password
secret_access_key
SECRET_KEY_BASE=
shodan_api_key language:python
WORDPRESS_DB_PASSWORD=
xoxp OR xoxb OR xoxa
s3.yml
.exs
beanstalkd.yml
deploy.rake
.sls
AWS_SECRET_ACCESS_KEY
API KEY
API SECRET
API TOKEN
ROOT PASSWORD
ADMIN PASSWORD
GCP SECRET
AWS SECRET
"private" extension:pgp

intext:"hacking" site:seccodeid.com

inurl:login site:seccodeid.com

intext:username filetype:log

site:www.github.com ext:doc | ext:docx | ext:odt | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv

Dorking Other Search Engine

Bash Dorking Script

PRO TIPS!

You can add other headers, regex and search engine endpoints for refinement and to encode queries

  • BING SEARCH

WEB

for ((i=1;i<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0" "https://www.bing.com/search?pglt=2081&q=.php?id=" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep ".php?id" | sort -u ;done

Hunt Username

for ((i=1;1<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0;Accept: */*;Accept-Language: id,en-US;q-0.7,en;q-0.3;Accept-Encoding: gzip, deflate, br;Referer: https: //www.bing.com/;DNT: 1;Connection: keep-alive;Cookie: 1P_JAR=2023-11-05-19;Sec-Fetch-Dest:empty;Sec-Fetch-Mode:cors;Sec-Fetch-Site: same-origin;TE: trailers" "https://www.bing.com/search?pglt=2081&q=Jieyab89" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep -E "Jieyab89|github" | sort -u ;done

Hunt Username

for ((i=1;1<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0;Accept: */*;Accept-Language: id,en-US;q-0.7,en;q-0.3;Accept-Encoding: gzip, deflate, br;Referer: https: //www.bing.com/;DNT: 1;Connection: keep-alive;Cookie: 1P_JAR=2023-11-05-19;Sec-Fetch-Dest:empty;Sec-Fetch-Mode:cors;Sec-Fetch-Site: same-origin;TE: trailers" "Your Bing Request URL Header" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep -E "Jieyab89|github" | sort -u ;done
  • GOOGLE SEARCH

Hunt Username

for ((i=1;1<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0;Accept: */*;Accept-Language: id,en-US;q-0.7,en;q-0.3;Accept-Encoding: gzip, deflate, br;Referer: https: //www.google.com/;DNT: 1;Connection: keep-alive;Cookie: 1P_JAR=2023-11-05-19;Sec-Fetch-Dest:empty;Sec-Fetch-Mode:cors;Sec-Fetch-Site: same-origin;TE: trailers" "https://www.google.com/search?sourceid=chrome-psyapi2&ion=1&espv=2&ie=UTF-8&start=${i}0&q=Jieyab89" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep -E "Jieyab89|github" | sort -u ;done

WEB

for ((i=1;i<=10;i++));do curl -i -s -k -L -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0" "https://www.google.com/search?sourceid=chrome-psyapi2&ion=1&espv=2&ie=UTF-8&start=${i}0&q=.php?id=" | grep -Eo 'href="[^\"]+"' | grep -Po "(http|https)://[a-zA-Z0-9./?=_%:-]*" | grep ".php?id" | sort -u ;done

Google Advanced Search Tools

Other Search Engines

Internet Archive

Data Breached OSINT

Crack Jurnals

  • SCI HUB This domain will always change

Search Jurnals

Blogs Search Engine

Darkweb Search Engines

Tracking Website Changes

Company Reconnaissance Sites (Passive)

People Searching

Phone Numbers

Public Records

Finding Usernames

Social Networks

Google Queries for Facebook

Group Search: site:facebook.com inurl:group

Group Wall Posts Search: site:facebook.com inurl:wall

Pages Search: site:facebook.com inurl:pages

Public Profiles: allinurl: people ‘‘name’’ site:facebook.com

Facebook Query Language (FQL)

Photos By - https://www.facebook.com/search/taget_id/photos-by

Photos Liked - https://www.facebook.com/search/taget_id/photos-liked

Photos Of - https://www.facebook.com/search/taget_id/photos-of

Comments - https://www.facebook.com/search/taget_id/photos-commented

Friends - https://www.facebook.com/search/taget_id/friends

Videos Tagged - https://www.facebook.com/search/taget_id/videos

Videos By - https://www.facebook.com/search/taget_id/videos-by

Videos Liked - https://www.facebook.com/search/taget_id/videos-liked

Videos Commented - https://www.facebook.com/search/taget_id/videos-commented

Events Attended - https://www.facebook.com/search/taget_id/events-joined

Relatives - https://www.facebook.com/search/taget_id/relatives

or you can use dork for spesific example

id site:facebook.com

page site: facebook.com

id site:facebook.com *

page site: facebook.com *

The Ultimate Facebook Investigation Tool

OnlyFans

Steam

Slack

Office365

Instagram

Microsoft OneDrive

Pinterest

Reddit

Youtube

Twitter

Github

Snapchat

Twitter Search Engines

LinkedIn

Google queries for LinkedIn

Public Profiles: site:linkedin.com inurl:pub

Updated Profiles: site:linkedin.com inurl:updates

Company Profiles: site:linkedin.com inurl:companies

MySpace

Google queries for MySpace

Profiles: site: myspace.com inurl:profile

Blogs: site:myspace.com inurl:blogs

Videos: site:myspace.com inurl:vids

Jobs: site:myspace.com inurl:jobs

Videos: site:myspace.com ‘‘TARGET NAME’’ ‘‘videos’’

Comments: site:myspace.com ‘‘TARGET NAME’’ ‘‘comments’’

Friends: site:myspace.com ‘‘TARGET NAME’’ ‘‘friends’’

Tiktok

Parler

Monitoring & Alerting

EXIF Analysis

Documents

Email Tracking

Shodan Query Options

https://pen-testing.sans.org/blog/2015/12/08/effective-shodan-searches

https://danielmiessler.com/study/shodan/#gs.VBVsyo0

Capturing Information

OSINT TOOLS

OSINT Online Tool

Telegram Tool

Search channel, username anymore

Document and Slides Search

Real-Time Search, Social Media Search, and General Social Media Tools

Image Search

Image Analysis

Stock Images

Video Search and Other Video Tools

Geospatial Research and Mapping Tools

Nearby Map From Geospatial

Fact Checking

Server Information Gathering

CTF Analysis & Exploit

  • Cybercheff The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
  • Bettercap Framework to perform MITM (Man in the Middle) attacks.
  • Yersinia A framework for layer 2 attacks
  • FeatherDuster An automated, modular cryptanalysis tool
  • Hash Extender A utility tool for performing hash length extension attacks
  • Hashcat Password cracking
  • DLLInjector Inject dlls in processes
  • Metasploit Penetration testing software and exploit
  • Pwntools CTF framework and exploit development library
  • ROPgadget Framework for ROP exploitation
  • Exiftool Read, write and edit file metadata
  • Malzilla Malware hunting tool
  • Zmap An open-source network scanner.
  • Nmap Net mapping and port scanner
  • Wireshark Analyze the network dumps
  • Apktool Android Decompiler
  • Ninja Binary Binary analysis framework
  • Binwalk Analyze, reverse engineer, and extract firmware images
  • GDB The GNU project debugger
  • GEF Advanced debugging capabilities for exploit devs & reverse engineers on Linux
  • IDA Most used Reversing software
  • PEDA Python Exploit Development Assistance for GDB
  • Radare2 UNIX-like reverse engineering framework and command-line toolset
  • Windbg Windows debugger distributed by Microsoft
  • Boomerang Decompile x86 binaries to C
  • Detox A Javascript malware analysis tool
  • SmartDeblur Restoration of defocused and blurred photos/images
  • HitPaw Enhance image, video and media quality with AI is free and paid
  • ImageMagick Tool for manipulating images
  • Exiv2 Image metadata manipulation tool
  • Stegbreak Launches brute-force dictionary attacks on JPG image
  • Steghide Hide data in various kind of images
  • Stegsolve Apply various steganography techniques to images
  • SearchSploit Command line search tool for Exploit-DB
  • Exploitalert List exploiting and vuln
  • Lollabs Windows exploiting
  • GtfoBins Linux exploiting
  • Hacktricks List exploit and vuln cheat sheet walkthrough
  • Payload all the things Example and payload injection
  • All about bug bounty Bypasses, payloads, Reconnaissance and etc
  • Bug Bounty Tips bug bounty reconnaissance
  • DnsSpy Desktop NET debugger and assembly editor

Zero Day

Cryptocurrency Investigation

Cell Investigation

IMEI Investigation

Chat Apps Investigation

WhatsApp

Telegram

Build Sockpuppet Accounts

Build your sockpuppet account and proctect your privacy

Social Network and blogging

  • Wordpress
  • Blogger
  • Medium
  • Facebook
  • Instagram
  • Linkedin

Enhance Image Quality

Locations Data Mapping

Discord Server Search

Darkweb Intelligence

Digital Forensics

Write Your Investigation

Securing Your Privacy

Payment

Password Manager

Fraud Checker

Content Removal & Strict Media Content

Search people missing and abuse, strict content, removing, takedown and minimize your data on the internet

*NB : Please read carefully and check the ToS or privacy statment. Its taking to long, you need to patiently. For this point, your data is not guaranteed to be lost 100% on the internet, but this is to minimize the spread of your data and data breaches

Vehicle OSINT

VIN Checker

Aircraft Tracking

Ship Tracking

Railways

GPT OSINT

OSINT for Red Team

  • Phishious Secure Email Gateway (SEG) for phishing email header (escape detection)
  • Operative framework investigation OSINT framework, you can interact with multiple targets
  • Mod Login Credentials reuse
  • Cr3dOv3r Credential reuse
  • Crackmapexec Password Spray
  • Datasploit OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc
  • CloudFail DNS and old database records to find hidden IP's behind the CloudFlare network
  • cloudgazer Find Real IPs hidden behind Cloudflare with Criminal IP(criminalip.io), security OSINT Tool
  • Rustcan Port scanner
  • NMAP Port scanner
  • Getrails Dork hacking that work with Google, Duckduckgo and Torch
  • OWASP Maryam open-source framework based on OSINT and data gathering
  • Metabigor Intelligence tool, its goal is to do OSINT tasks and more but without any API key
  • OSINT BBOT A recursive internet scanner for hackers.
  • Spiderfoot A Scrapping web tool
  • Zeus-Scanner A web scanner
  • Zenrows Bypassing captcha and WAF
  • Scrapfly Bypassing captcha and WAF
  • capsolver Bypassing captcha and WAF
  • 2captcha Bypassing captcha and WAF
  • Puppeter For web scrapper and info gath
  • MOBSF Mobile Pentest Tool
  • RMS - Mobile Pentest Mobile Pentest Tool
  • Mortar Mortar evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
  • APK Leaks Decompile APK and find the sensitive info
  • Web copilot An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters
  • Nuclei template js template Nuclei template. Extract Data From JS ffile e.g key, endpoint, etc
  • Atlas Sql Tamper Suggester Open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code
  • Go Phish Gophish is a powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing.
  • Advanced SQL Injection A cheat sheet that contains advanced queries for SQL Injection of all types.
  • Payload all the things A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • Hack Tricks The great sites for pentesting and recon cheat sheet
  • GAP-Burp-Extension Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
  • Cloundflare Reconnaissance Real IP address for Cloudflare Bypass
  • Cloudmare Cloudflare, Sucuri, Incapsula real IP tracker.
  • emkei Free online fake mailer with attachments spoof email
  • GraphSpy Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI
  • revshells Reverse Shell Generator
  • enum4linux Linux alternative to enum.exe for enumerating data from Windows and Samba hosts
  • vulmap Vulmap - Web vulnerability scanning and verification tools
  • Active-Directory-Exploitation-Cheat-Sheet A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
  • HPING Hping network tool
  • AlliN A flexible scanner
  • KUNYU Kunyu, more efficient corporate asset collection
  • jwt tool A toolkit for testing, tweaking and cracking JSON Web Tokens
  • jwt-secrets-list possible to help developers and DevOpses identify it by traffic analysis at the Wallarm NGWAF level
  • aparoid Static and dynamic Android application security analysis
  • Active Directory Cheat Active Directory Pentesting Mind Map
  • sploitus Awesome exploit list like Exploit DB
  • thehacker recipe Awesome pentesting checklist and cheat
  • OPSEC Collection of OPSEC Tradecraft and TTPs for Red Team Operations
  • CSAF CSLAB Cyber Security Awareness Framework (CSAF)
  • hakoriginfinder Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
  • gmapsapiscanner Used for determining whether a leaked/found Google Maps API Key is vulnerable to unauthorized access by other applications or not
  • jsluice Extract URLs, paths, secrets, and other interesting bits from JavaScript
  • DisableFlagSecure Disable FLAG_SECURE on all windows, enabling screenshots in apps that normally wouldn't allow it, and disabling screenshot detection on Android 14+
  • trufflehog Find leaked credentials and Find and verify secrets
  • SecretFinder SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
  • uproot-JS Extract JavaScript files from burp suite project with ease
  • JS beautify vscode extension Beautify javascript, JSON, CSS, Sass, and HTML in Visual Studio Code
  • Bug bounty hunter javascript reccon Awesome trick and tips reccon web assets
  • Javascript reccon This is a simple guide to perform javascript recon in the bugbounty
  • Nuclei OSINT Templates Awesome list nuclei template for OSINT and reccon from web pages
  • Official Nuclei Templates List official nuclei templates available for pentesting
  • XRAY A powerful security assessment tool
  • villain C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells *maybe FUD
  • aquasecurity vuln list Collect vulnerability information and save it in parsable format automatically
  • trivy Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • aquasecurity Redhat vuln list Red Hat security advisories
  • Vuls Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go
  • OneForAll Awesome web reccon and subdomain, DNS reccon
  • Can I Take Over xyz A list of services and how to claim (sub)domains with dangling DNS records
  • Can I Take Over DNS A list of DNS providers and how to claim (sub)domains via missing hosted zones

Social Engineering

Active Directory

Webshell Bypass

Credential Access

Post Exploitation

Credential Dumping

Password crack

  • hashcat A tool brute and crack password hash
  • john A tool brute and crack password hash
  • thc hydra A tool brute and crack password
  • CiLocks Crack Interface lockscreen, Metasploit and More Android/IOS Hacking

Wordlists for all

Web fuzz wordlists

Generate wordlists

Generate subdomains and wordlists

Private Deployment

Generate subdomains and wordlists(offline)

Kali/Linux

Windows

Default Credentials

Local Enumeration

Privilage Escalation Cheat and check

  • Gfobins Awesome privilage escalation cheat and checklist
  • Lolbas Awesome privilage escalation cheat and checklist
  • Loonbins Awesome privilage escalation cheat and checklist
  • Mac OS privilage escalation Awesome privilage escalation cheat and checklist
  • PEASS NG Awesome automatic enum for privilage escalation cheat and checklist
  • wadcoms WADComs is an interactive cheat sheet, offensive security tools and their respective commands, to be used against Windows/AD environments
  • g0tmi1k linux priv esc Basic Linux Privilege Escalation

Audio OSINT

Audio enchange quality

OSINT Network

Detect a fake network and VPN

Medical OSINT

OSINT Military

Academic Search Tools

Academic Literature

Web Directory

Torrent

SDR OSINT

API for OSINT

Resources and collection for your make tool OSINT

Data Visualization

Emoji Investigation

OSINT Branding & Verify

NEWS OSINT

Search News Journalist and Documentary Sites

OSINT Keyword

Threat Actor & Criminal

OSINT for Politics and Geopolitics

OSINT politics and geopolitics, risk crisis

Maltego Transform List

OSINT Wildlife

OSINT Satellite

OSINT for Scraping and Data Collection

  • Zenrows Bypassing captcha and WAF
  • Scrapfly Bypassing captcha and WAF
  • capsolver Bypassing captcha and WAF
  • 2captcha Bypassing captcha and WAF
  • Puppeter For web scrapper and info gath
  • spiderfoot Automates OSINT for threat intelligence and mapping your attack surface.

OSINT IRC CHAT

About

OSINT cheat sheet, list OSINT tools, dataset, article, book and OSINT tips

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published