Skip to content

List of useful OSINT tools for information gathering. Especially for pentesters πŸ––

Notifications You must be signed in to change notification settings

Luci-d/OSINT-recon

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

13 Commits
Β 
Β 
Β 
Β 

Repository files navigation

OSINT-recon

Table of Contents

Feel free to contribute but read the rules before.

↑ Hosts/Ports

  • Spyse - a new search engine that provides fresh and precise data about different parts of the Internet. The data storeed in their own database so there is no need to wait for tedious scan. They provide following data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technologies, OS, AS, wide SSL/TLS DB and more.
  • Zoomeye - ZoomEye is a Cyberspace Search Engine recording information of devices, websites, services and components etc.
  • Nmap - everyone knows it. It's a free and open-source network scanner for probing computer networks, including host, service discovery and operating system detection.

↑ Subdomains

  • Sublist3r - python tool made for subdomains enumeration of websites using OSINT.
  • FindSubDomains - subdomain enumeration tool that collects subdomains from various data sources and validates the output through a few different tools.
  • Harvester - OSINT tool for E-mails, subdomains, IPs and names.
  • Findomain - Cross-platform subdomain enumeration tool. And Eduard Tolosa just cool guy.

↑ Digital Sertificates

  • CertDB - scans and collects tons of valuable information about SSL/TLS certificates. Maintains the biggest digital certificate DB i ever saw.
  • crt.sh - used to be the biggest digital certificates DB.

↑ DNS Lookup

  • DnsDumpster - FREE domain research tool that can discover hosts related to a domain.
  • DNStable - DNS lookup tool that shows enriched data about DNS records (TTL, first seen, etc..), interconnect the query with host, domain, ip...

↑ Whois

  • who.is - WHOIS, Domain Name, Website, and IP search.
  • ASlookup - Wide autonomous system lookup that shows bunch of additional data like: Organization, Domains on AS, Related ASNs, IPv4/IPv6 ranges, WHOIS
  • Domain Tools - Whois lookup and domain/ip historical data.

↑ Email

  • Hunter - one of the best from email hunters

About

List of useful OSINT tools for information gathering. Especially for pentesters πŸ––

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published