1. OSINT Framework
While OSINT Framework isn't a
tool to be run on your servers, it's a very useful way to get valuable
information by querying free search engines, resources, and tools
publicly available on the Internet. They are focused on bringing the
best links to valuable sources of OSINT data.
2. CheckUserNames
CheckUserNames is an online
OSINT tool that can help you to find usernames across over 170 social
networks. This is especially useful if you are running an investigation
to determine the usage of the same username on different social
networks.
It can be also used to check for brand company names, not only individuals.
3. HaveIbeenPwned
HaveIbeenPwned can
help you to check if your account has been compromised in the past. This
site was developed by Troy Hunt, one of the most respected IT security
professionals of this market, and it's been serving accurate reports
since years.
4. BeenVerified
BeenVerified is another
similar tool that is used when you need to search people on public
internet records. It can be pretty useful to get more valuable
information about any person in the world when you are conducting an IT
security investigation and a target is an unknown person.
5. Censys
Censys is a wonderful search engine
used to get the latest and most accurate information about any device
connected to the internet, it can be servers or domain name
6. BuiltWith
BuiltWith is a cool way to detect which technologies are used at any website on the internet.
7. Google Dorks
While investigating people or companies, a lot of IT security newbies
forget the importance of using traditional search engines for recon and
intel gathering.
In this case, Google Dorks can be your best friend. They have been there since 2002 and can help you a lot in your intel reconnaissance.
8. Maltego
Is an amazing tool to track down footprints of any target you need to
match. This piece of software has been developed by Paterva, and it's
part of the Kali Linux distribution.
Using Maltego will allow you to launch reconnaissance testes against specific targets.
9. Recon-Ng
Recon-ng comes
already built in the Kali Linux distribution and is another great tool
used to perform quickly and thoroughly reconnaissance on remote targets.
10. theHarvester
theHarvester
is another great alternative to fetch valuable information about any
subdomain names, virtual hosts, open ports and email address of any
company/website.
11. Shodan
Shodan is a network security monitor and search engine focused on the deep web & the internet of things.
12. Jigsaw
Jigsaw is
used to gather information about any company employees. This tool works
perfectly for companies like Google, Linkedin, or Microsoft, where we
can just pick up one of their domain names (like google.com), and then
gather all their employee's emails on the different company departments.
SpiderFoot is one of the
best reconnaissance tools out there if you want to automate OSINT and
have fast results for reconnaissance, threat intelligence, and perimeter
monitoring.
14. Creepy
Creepy is a geo-location
OSINT tool for infosec professionals. It offers the ability to get full
geolocation data from any individuals by querying social networking
platforms like Twitter, Flickr, Facebook, etc.
15. Nmap
Nmap is one of
the most popular and widely used security auditing tools, its name means
"Network Mapper". Is a free and open source utility utilized for
security auditing and network exploration across local and remote hosts.
16. WebShag
WebShag is a
great server auditing tool used to scan HTTP and HTTPS protocols. Same
as other tools, it's part of Kali Linux and can help you a lot in your
IT security research & penetration testing.
17. OpenVAS
OpenVAS (Open Vulnerability
Assessment System) is a security framework that includes particular
services and tools for infosec professionals.
18. Fierce
Fierce is an IP and
DNS recon tool written in PERL, famous for helping IT sec professionals
to find target IPs associated with domain names.
19. Unicornscan
Unicornscan is
one of the top intel gathering tools for security research. It has also a
built-in correlation engine that aims to be efficient, flexible and
scalable at the same time.
20. Foca
FOCA
(Fingerprinting Organizations with Collected Archives) is a tool
written by ElevenPaths that can be used to scan, analyze, extract and
classify information from remote web servers and their hidden
information.
21. ZoomEye
ZoomEye is a Chinese IoT OSINT
search engine that allows users to grab public data from exposed
devices and web services. In order to build its database it uses Wmap
and Xmap, and then runs extensive fingerprinting against all the
information found, ultimately presenting it to users in a filtered and
curated way for easy visualization.
22. Spyse
Spyse is another OSINT search engine
that lets anyone grab critical information about any website in the
world. Quite simply, Spyse is an infosec crawler that gets useful
information for red and blue teams during the reconnaissance process.
23. IVRE
This infosec tool is frequently overlooked, but it has great
potential in boosting your infosec discovery and analysis processes. IVRE is an open source tool that's built on a base of popular projects like Nmap, Masscan, ZDNS, and ZGrab2.
Metagoofil
is another great intel-reconnaissance tool that aims to help infosec
researchers, IT managers, and red teams to extract metadata from
different types of files
While a lot of OSINT tools focus on data found on public files such
as PDF, .DOC, HTML, .SQL, etc., there are other tools that are
specifically designed to extract critical Open Source Intelligence data
from image, video and audio files.
Exiftool reads, writes and extracts metadata from the following types of files
Fuente: securitytrails.com/blog/osint-tools
