OSINT tools
OSINT tools
The most important tool here is your brain , when every tool betray you you will be able to reach your goal through social engineering as we say "Human stupidity can never be patched"
Maltego: http://www.paterva.com/web6/products/maltego.php" onclick="window.open(this.href);return false;
Casefile: http://www.paterva.com/web6/products/casefile.php" onclick="window.open(this.href);return false;
Shodan:http://www.shodanhq.com/
Metagoofil: http://www.edge-security.com/metagoofil.php" onclick="window.open(this.href);return false;
GHDB – the Google Hacking DataBase: http://www.exploit-db.com/google-dorks/" onclick="window.open(this.href);return false; ==> Maybe it now became old but by checking the example you may make your own google dorks to find what you are looking for ( nothing expire in the inerwebs )
Thefoca: http://www.downloadcrew.com/article/22211-foca_free" onclick="window.open(this.href);return false;
EXIF data viewer:http://www.exifdataviewer.com/
Passive recon : here firefox provides many addons for that so you can find them easily
Creepy: https://github.com/ilektrojohn/creepy" onclick="window.open(this.href);return false;
Tapir: https://github.com/pentestify/tapir" onclick="window.open(this.href);return false;
Facecrawler:https://github.com/seifreed/OSINT/blob/ ... crawler.py
Twittercrawler : https://github.com/seifreed/OSINT/blob/ ... crawler.py" onclick="window.open(this.href);return false;
Case study social media etc: https://github.com/cmlh/OSINT" onclick="window.open(this.href);return false;
OSINT + Python = Custom Hacking : http://www.simonroses.com/2013/05/osint ... m-hacking/" onclick="window.open(this.href);return false;
OSINtey: This tool was made to reduce the tedium in open source intelligence gathering engagements. https://github.com/stevie-holdway/osintey" onclick="window.open(this.href);return false;
some people may ignore the information gathering part in pentest while its the most important way and its the gate that give you access and make the work easier for you
Maltego: http://www.paterva.com/web6/products/maltego.php" onclick="window.open(this.href);return false;
Casefile: http://www.paterva.com/web6/products/casefile.php" onclick="window.open(this.href);return false;
Shodan:http://www.shodanhq.com/
Metagoofil: http://www.edge-security.com/metagoofil.php" onclick="window.open(this.href);return false;
GHDB – the Google Hacking DataBase: http://www.exploit-db.com/google-dorks/" onclick="window.open(this.href);return false; ==> Maybe it now became old but by checking the example you may make your own google dorks to find what you are looking for ( nothing expire in the inerwebs )
Thefoca: http://www.downloadcrew.com/article/22211-foca_free" onclick="window.open(this.href);return false;
EXIF data viewer:http://www.exifdataviewer.com/
Passive recon : here firefox provides many addons for that so you can find them easily
Creepy: https://github.com/ilektrojohn/creepy" onclick="window.open(this.href);return false;
Tapir: https://github.com/pentestify/tapir" onclick="window.open(this.href);return false;
Facecrawler:https://github.com/seifreed/OSINT/blob/ ... crawler.py
Twittercrawler : https://github.com/seifreed/OSINT/blob/ ... crawler.py" onclick="window.open(this.href);return false;
Case study social media etc: https://github.com/cmlh/OSINT" onclick="window.open(this.href);return false;
OSINT + Python = Custom Hacking : http://www.simonroses.com/2013/05/osint ... m-hacking/" onclick="window.open(this.href);return false;
OSINtey: This tool was made to reduce the tedium in open source intelligence gathering engagements. https://github.com/stevie-holdway/osintey" onclick="window.open(this.href);return false;
some people may ignore the information gathering part in pentest while its the most important way and its the gate that give you access and make the work easier for you
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: OSINT tools
the crawlers are pretty interesting....
here's one that would make a good addition to the FB one, been fiddling with it a bit lately:
https://github.com/milo2012/osintstalker" onclick="window.open(this.href);return false;
here's one that would make a good addition to the FB one, been fiddling with it a bit lately:
https://github.com/milo2012/osintstalker" onclick="window.open(this.href);return false;
Re: OSINT tools
This is just the beginning ^_^ I still have more to share and of course alot more to learn
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: OSINT tools
I might get over to efnet some day again and speak to a guy I have met in #ganja (don't ask why I have been there, I don't even smoke.. ), he's working in marketing/spamming with the focus on FB...maybe he will provide me his script used to mass verify email addresses connected to FB accounts...
Re: OSINT tools
You don t need to I think I have such a script somewhere will find it and share it
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: OSINT tools
oh, sweet...
Re: OSINT tools
Osint does require a discerning eye - you have to have some knowledge of the subject matter - the law, elements of the crime, technology capabilities, etc.
Presenting the data collected is also important - as you assemble the intel it has various levels of verification - as the data is being verified, it has to be presented in a way that people can use it as a puzzle piece, rather than all this text that has to be read through.
Geolocation is a issue for those who do OSint - search engines frequently catch your geolocation and then returns search results that are close to you - in effort to help users find local businesses. This means that google results can vary if you mask your cookies and also try the search of the same keywords at a later date.
DNR
Presenting the data collected is also important - as you assemble the intel it has various levels of verification - as the data is being verified, it has to be presented in a way that people can use it as a puzzle piece, rather than all this text that has to be read through.
Geolocation is a issue for those who do OSint - search engines frequently catch your geolocation and then returns search results that are close to you - in effort to help users find local businesses. This means that google results can vary if you mask your cookies and also try the search of the same keywords at a later date.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: OSINT tools
Indeed and an OSINT repport is almost like a pentest repport where you give your client everything but in a way that makes him understand it all, yup OSINT is like a puzzle and the work is to make that puzzle as simple as possible to the one seaking it and a sharp eye is always the most important for a successful work ^_^
Re: OSINT tools
someone check out - dumpmon.py http://raidersec.blogspot.com/2013/03/i ... -that.html" onclick="window.open(this.href);return false;
DNR
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: OSINT tools
interesting , downloaded...installed and ready to rock n roll when needed
Re: OSINT tools
maybe BB will let us install these tools server side
DNR
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: OSINT tools
oh that would be great but euh you know there are always servers somewhere like in China where we can install this if they are going to work on China :p not sure about that but you can tell me if that can be done or not because I have no idea yet about how things work exactelly and I do not want to do sthg from my head that doesn t respect the rules and hey DNR you have a pm plz check it and thx in advance ^_^