/OSINT_TIPS

This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of TIPS reach 1000 TIPS .Learn Ethical Hacking and penetration testing.and of course OSINT

MIT LicenseMIT

THIS REPOSITORY CONTAIN 114 OSINT TIPS.

THE REPOSITORY GONNA GET DAILY UPDATES AND THE NUMBER OF TIPS WILL GET HIGHER EVERY DAY.

A very useful repository for ethical hackers & osint lovers & penetration testers & red teamers.

MORE TO COME

Support.

Your generous donations will keep me motivated.

Paypal: Donate via Paypal

TIP:-1- Directory of Malicious IPs:

https://www.projecthoneypot.org/list_of_ips.php

TIP:-2- you can visite this website if you want To see a list of websites that have been hacked before:

http://zone-h.org/archive

TIP:-3- you can use this website to see the IP address on a map and shows the ISP:

https://ipintel.io/

TIP:-4-Netcraft is a popular security scanner site that gives detailed information(IPv6, domain register, name server, DNS admin,(SPF),Site technology,hosting provider) about target website:

https://searchdns.netcraft.com

TIP:-5- a very useful free service that offers various DNS,networking,and e-mail analysis tools:

https://www.dnsstuff.com/tools

TIP:-6-This website gives you as a hacker a detailed DNS information about a target domain name such as:DNS lookup,MX lookup,WHOIS lookup,Sender Policy Framework (SPF)lookup,and DNS propagation,authoritative name server of the target domain name

https://mxtoolbox.com

TIP:-7- you can find DNS servers,and MX records about arget domain for free :

https://dnsdumpster.com

TIP:-8- This is the world biggest directory of online surveillance security cameras:

http://www.insecam.org

TIP:-9-This is a global network of live cameras providing live streaming video from different countries in the world for free:

http://www.earthcam.com

TIP:-10- using this tool you can read,write,and edit meta-information in a wide variety of files:

https://sno.phy.queensu.ca/~phil/exiftool

TIP:-11- TinEye is a reverse image search engine,You can search by image or URL,more than 24 billion images have already been indexed:

http://www.tineye.com

TIP:-12- Conduct a reverse image search with Google,Bing,and Yandex:

http://www.reverse-image-search.com

TIP:-13- Reverse Image Search:

http://www.imagebrief.com

TIP:-14- a search engine created by google for image reverse searches:

https://www.google.com/imghp

TIP:-15- Google custom search engine: 300+ Social Networking Sites:

https://cse.google.com/cse/publicurl?key=AIzaSyB2lwQuNzUsRTH-49FA7od4dB_Xvu5DCvg&cx=001794496531944888666:iyxger-cwug&q=%22%22

TIP:-17- Google custom search engine:250+ Video Sharing Sites:

https://cse.google.com/cse/publicurl?key=AIzaSyB2lwQuNzUsRTH-49FA7od4dB_Xvu5DCvg&cx=001794496531944888666:ctbnemd5u7s&q=%22%22

TIP:-18-Google custom search engines:File Sharing Sites Search:

https://cse.google.com/cse/publicurl?key=AIzaSyB2lwQuNzUsRTH-49FA7od4dB_Xvu5DCvg&cx=001794496531944888666:hn5bcrszfhe&q=%22%22

TIP:-19- you can use this awesome search engine to locate different file types online:

http://www.faganfinder.com/filetype

TIP:-20- you can use this awesome search engine to locate different file types online ,using 11 file-hosting websites + You can select the file type:

http://www.general-search.com

TIP:-21- you can use this awesome search engine to locate different file types online,60 file-hosting sites simultaneously + download 500MB daily:

https://sharedir.com

TIP:-21- all wordlists from every dns enumeration tool:

https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056/

TIP:-22- Google Hacking Master List.pdf:

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/1-part-100-article/google/Google%20Hacking%20Master%20List.pdf

TIP:-23- Complete Google Dorks List in 2019 For Ethical Hacking and Penetration Testing.pdf:

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/1-part-100-article/google/Complete%20Google%20Dorks%20List%20in%202019%20For%20Ethical%20Hacking%20and%20Penetration%20Testing.pdf

TIP:-24-This awesome website lists live webcams from different places around the world:

http://123cam.com

TIP:-25- This is the largest database of airport webcams, Watch free livestreams from airport webcams around the world 24/7:

http://airportwebcams.net

TIP:-26- Search Engines Powered by Google:

-1-StartPage:https://www.startpage.com

-2-Lukol:https://www.lukol.com

-3-Mozbot:https://www.mozbot.com

TIP:-27- extract the URLs,images,scripts,iframes of target websites:

-1-Link Extractor:http://www.webtoolhub.com/tn561364-link-extractor.aspx

-2-Free URL Extractor:http://www.bulkdachecker.com/url-extractor

-3-Link Gopher:https://sites.google.com/site/linkgopher

TIP:-28- Identify the Technologies Used by the web application and get a detailed report:

https://builtwith.com

TIP:-29- this is a free search engine that allow you to find people by their name, phone number, and email address:

http://www.isearch.com/

TIP:-30- Default Password Lookup:

http://www.fortypoundhead.com/tools_dpw.asp

TIP:-31- This contains various information about domain names and networks:

https://www.robtex.com

TIP:-32- Search for all the possible email addresses + subdomains + Get information from netcraft + Perform a Whois lookup:

dmitry -iwnse target.com

TIP:-33- you can also use dmitry to perform a simple port scan:

dmitry -p target.com -f -b

TIP:-34- figure out whether an IP address we have found is a honeypot or a real system:

https://honeyscore.shodan.io/

TIP:-35- this awesome service will allow you to discover, monitor, and analyze publicly available devices:

https://censys.io/

TIP:-36- you can use this scan The ACK scan to show unfiltered and filtered ports instead of open and closed ports:

nmap -sA x.x.x.x

TIP:-37- you can Use Shodan to find internet connected devices,it scan for common ports + performs banner grabbing then displays devices accessible over the web,including routers + network device + webcams + surveillance device + traffic cams + SCADA systems:

https://shodan.io

-useful resources:

-1-Shodan Queries.txt:

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/1-part-100-article/google/Shodan%20Queries.txt

-2-Information Gathering with Shodan.pdf:

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/2-part-100-article/new_articles/Information%20Gathering%20with%20Shodan.pdf

-3-Passive Data Collecting: Shodan.pdf:

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/8-part-100-article/62_article/Passive%20Data%20Collecting:%20Shodan.pdf

TIP:-38-Reverse DNS Lookup:

https://hackertarget.com/reverse-dns-lookup

TIP:-39-hidden wiki:

http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page

TIP:-40- Darknet search engines & websites:

-1-Ahmia:http://msydqstlz2kzerdg.onion

-2-Candle:http://gjobqjj7wyczbqie.onion

-3-Torch:http://xmh57jrzrnw6insl.onion

-4-Grams:http://grams7enufi7jmdl.onion

-5-not Evil:http://hss3uro2hsxfogfq.onion

-6-DuckDuckGo:https://3g2upl4pq6kufc4m.onion

-7-Searx:http://lqdnpadpys4snom2.onion

-8-EasyCoin:http://easycoinsayj7p5l.onion

-9-WeBuyBitcoins:http://jzn5w5pac26sqef4.onion

-10-OnionWallet:http://ow24et3tetp6tvmk.onion

-11-Atlayo;http://atlayofke5rqhsma.onion

-12-BlackBook:http://blkbook3fxhcsn3u.onion

-13-Daniel’s Chat:http://danschatjr7qbwip.onion

-14-Onion Mail:http://p6x47b547s2fkmj3.onion

-15-RetroShare chat server:http://chat7zlxojqcf3nv.onion

-16-TorBox:http://torbox3uiot6wchz.onion

-17-Mail2Tor:http://mail2tor2zyjdctd.onion

TIP:-41-Searches through git repositories for high entropy strings and secrets,digging deep into commit history:

-1-setup:

pip install truffleHog

-2-usage:

trufflehog --regex --entropy=False https://github.com/dxa4481/truffleHog.git

TIP:-42- SSLScrape | A scanning tool for scaping hostnames from SSL certificates:

-1-setup:

git clone https://github.com/cheetz/sslScrape.git && cd sslScrape && pip install ndg-httpsclient && pip install python-masscan

-2-usage:

python sslScrape.py [CIDR Range]

TIP:-43- This awesome website lists street webcams from around the world:

https://www.openstreetcam.org/map

TIP:-44- This is a list of unsecured IP cameras:

https://reolink.com/unsecured-ip-camera-list

TIP:-45- webcam directory,We offer regional webcam-listings for (almost) every place on earth:

http://www.the-webcam-network.com

TIP:-46- Thingful is a search engine for the Internet of Things:

https://www.thingful.net

TIP:-47- Get the cached page of any URL from several sources:

http://www.cachedpages.com/

TIP:-48- Download the entire Wayback Machine archive for a given URL:

-setup:

pip install waybackpack

-usage:

waybackpack dol.gov -d ~/Downloads/dol-wayback --to-date 1996

TIP:-49- retrieves archived web pages from the different public Internet archives:

http://oldweb.today

TIP:-50- this website capture,preserve,and make accessible UK central government information published on the web.since 1996 to the present.The archived contents include videos, tweets, and web pages.:

http://www.nationalarchives.gov.uk/webarchive/

TIP:-51- extract hidden information from videos uploaded to YouTube,like the upload date/time and thumbnails:

https://citizenevidence.amnestyusa.org

TIP:-52-Enumerate S3 buckets via certstream,domain,or keywords:

-1-setup:

go get github.com/nuncan/slurp && cd slurp && go build

-2-usage:

slurp domain <-t|--target> google.com will enumerate the S3 domains for a specific target.

slurp keyword <-t|--target> linux,golang,python will enumerate S3 buckets based on those 3 key words.

TIP:-53- View all tweets from any Twitter user on one page. Fast, Free and Easy. Great for viewing, searching and archiving old tweets:

https://www.allmytweets.net

TIP:-54- Trendsmap is a mashup of location-based tweets and a map interface. You can zoom, pan, and jump to locales to see what the trending topics are:

https://www.trendsmap.com

TIP:-55- Foller.me is a Twitter analytics application that gives you rich insights about any public Twitter profile:

http://foller.me/

TIP:-56- Want to know the source of a quote? The app will help you find out who was the first person who shared a link, video, quote or any piece of text :

http://ctrlq.org/first/

TIP:-57- View your followers & discover follower insights of any twitter user.Filter & sort followers by their follower count,interest scores, key words,language & more (a maximum of 10,000 followers can be loaded).):

https://socialbearing.com/search/followers

TIP:-58- Analyze a Twitter user’s followers:

https://moz.com/followerwonk/analyze

TIP:-59-Simple Twitter Profile Analyzer,Tweets metadata scraper & activity analyzer:

https://github.com/x0rz/tweets_analyzer

TIP:-60-Tinfoleak.com is a website where you can get detailed info about a Twitter user:

https://tinfoleak.com

TIP:-61-LinkedIn Contact Extractor:

https://cse.google.com/cse/publicurl?cx=001394533911082033616:tm5y1wqwmme

TIP:-62- Pastebin Dumps:

http://psbdmp.ws

TIP:-63- Tone Analyzer. This service uses linguistic analysis to detect joy, fear, sadness, anger, analytical, confident and tentative tones found in text:

https://tone-analyzer-demo.mybluemix.net

TIP:-64- 411 is a leading white pages directory with phone numbers,people,addresses,and more. Find the person you're looking for and search public records ,you can search for people within the United States:

https://www.411.co/

TIP:-65-Default Password:

https://default-password.info/

TIP:-66- Router Passwords:

http://routerpasswords.com

TIP:-67- Using this tool You can extract an OpenOffice document’smetadata:

https://archive.codeplex.com/?p=oometaextractor

TIP:-68- this is a very useful and important site in the world of osint because it allows you to browse certificate transparency logs so you can find subdomains associated with certificates:

https://crt.sh/

TIP:-69-:operative framework is a OSINT investigation framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules:

https://github.com/graniet/operative-framework

TIP:-70-You can query PGP Public Key Servers to reveal user email addresses:

https://pgp.mit.edu

https://keyserver.ubuntu.com

http://pgp.uni-mainz.de

TIP:-71- Enumerates various common service (SRV) records for a given domain name.exposing internal server endpoints:

nmap --script dns-srv-enum --script-args dns-srv-enum.domain=facebook.com

TIP:-72-Fingerprinting FTP Services:

nmap -Pn -sS -A -vvvv -p21 xx.xx.xx.xx --reason

TIP:-73- A python script that finds endpoints in JavaScript files:

https://github.com/GerbenJavado/LinkFinder

TIP:-74- A tool to fastly get all javascript sources/files:

https://github.com/003random/getJS

TIP:-75-The World's largest gravesite collection. Contribute, create and discover gravesites from all over the world. Find A Grave - Millions of Cemetery Records.:

https://www.findagrave.com

TIP:-76- Checking whether a web server is an open proxy:

nmap --script http-open-proxy -p8080 xx.xx.xx.xx

TIP:-77- Brute forcing SMTP passwords:

nmap -p25 --script smtp-brute xx.xx.xx.xx

TIP:-78-Username Search for the most popular Social Media and Social Networking sites. Check for your brand, trademark, product or user name on 160 Social networks:

http://checkusernames.com

TIP:-79-Use Namechk to search for an available username or domain and secure your brand across the internet as well as username registration:

https://namechk.com

TIP:-80- Check domain & social username availability across multiple networks:

https://www.namecheckr.com

TIP:-81- Username Search - Search username, email or phone number to find the identity across billions of profiles in all social networks:

https://www.usersearch.org

TIP:-82- Email Hippo's online,free,email verification tool:

https://tools.verifyemailaddress.io/

TIP:-83- Hunter is the leading solution to find and verify professional email addresses:

https://hunter.io

TIP:-84- Email Checker is a free email verification tool. It helps you validate any email address online for free:

https://email-checker.net

TIP:-85- Check if an e-mail address is valid or not. Find out why a mail bounces. Get technical information about a mail account and it's mail (SMTP) server:

http://mailtester.com/testmail.php

TIP:-86- Improve your email sender reputation and reduce bounce rates: real-time email validation API and bulk email list cleaning. Free trial & 100% accuracy:

https://www.email-validator.net

TIP:-87- Save time and energy - find the email address formats in use at thousands of companies:

https://email-format.com

TIP:-88- This is a free e-mail permutator service:

http://metricsparrow.com/toolkit/email-permutator

TIP:-89- ipTRACKERonline's email header analysis tool allows you to track where that email actually originated from. This is a totally free email tracking tool:

https://www.iptrackeronline.com/email-header-analysis.php

TIP:-90- ZLOOKUP is world's best Reverse Phone Lookup tool. Identify all incoming calls. Find out who called. Enter Phone, get full name:

https://www.zlookup.com

TIP:-91- Identify an unknown phone caller with ReversePhoneLookup.com:

https://www.reversephonelookup.com

TIP:-92- Validate number format and look up provider & device type to reach verified users via voice & text. Free to use:

https://www.twilio.com/lookup

TIP:-93- Spy Dialer is the totally 100% seriously free reverse phone number lookup used by millions of people. NO membership required!:

https://www.spydialer.com

TIP:-94- This is an international reverse phone number lookup:

https://www.truecaller.com

TIP:-95-Creepy. A Geolocation OSINT Tool. Offers geolocation information gathering through social networking platforms:

https://www.geocreepy.com/

TIP:-96- Browse Opentopia's vast webcam database, containing thousands of live webcam views from around the world:

http://www.opentopia.com/hiddencam.php

TIP:-97-Iceland Live webcams: live webcam feeds from Iceland's:

https://www.livefromiceland.is/webcams/geysir

TIP:-98- Fingerprinting a POP3 services by using Nmap:

nmap -sV -p110,995 --script pop3-capabilities xx.xx.xx.xx --reason -vvvv

TIP:-99- Subdomain Takeover tool written in Go:

https://github.com/haccer/subjack

TIP:-100- Find information on any domain name or website. Large database of whois information, DNS, domain names, name servers, IPs, and tools:

https://who.is/

TIP:101- We can enumerate an HTTP target using the nikto,Nikto outputs information on the HTTPS certificate,the server banner,any security-related HTTP headers that may be missing:

nikto -h https://target.com

TIP:-102- Reverse IP lookup,discover all the domains hosted on the target IP address:

http://www.yougetsignal.com/tools/web-sites-on-web-server/

TIP:-103- Site metadata:

http://desenmascara.me

TIP:-104- Collection of github dorks and helper tool to automate the process of checking dorks:

https://github.com/techgaun/github-dorks

TIP:-105- Search Engine Subdomains Collector:

msf > use auxiliary/gather/searchengine_subdomains_collector

msf auxiliary(searchengine_subdomains_collector) > set TARGET yahoo.com

TARGET => yahoo.com

msf auxiliary(searchengine_subdomains_collector) > run

TIP:-106- A tool that can help detect and takeover subdomains with dead DNS records:

-1-setup:

go get github.com/anshumanbh/tko-subs

-2-usage:

./tkosubs -domains=subdomains.txt -data=providers-data.csv -output=results.csv

TIP:-107- BreachAlarm scan the Internet for stolen password data posted by hackers & lets you know if your email & password combination has been compromised:

https://breachalarm.com

TIP:-108- BriteVerify is an email verification platform that allows users to ensure addresses exist before sending their emails:

https://www.briteverify.com

TIP:-109- Verify email address online using free email verification tool:

https://verify-email.org

TIP:-110- ThatsThem's reverse email search finds the person associated to a specific email address:

https://thatsthem.com/reverse-email-lookup

TIP:-111- ReverseGenie provides free phone number and email reverse lookup:

http://www.reversegenie.com

TIP:-112- Sublist3r is a Python-based script that can be utilized during domain harvesting.Some companies have very unique subdomains that can't be found in common word lists. this tool uses different "google dork" style search queries to gather subdomains .+The tool utilize APIs such as Google, Bing, Baidu, and ASK search engines. It also searches in NetCraft,Virustotal,ThreatCrowd,DNSdumpster,and reverseDNS.this tool also performs brute force attack using a specific wordlist:

-1-setup:

git clone https://github.com/aboul3la/Sublist3r.git && sudo pip install dnspython

-2-usage:

python sublist3r.py -d target.com -o results.txt

TIP:-113- we can use email addresses in:

-1-launching brute-force attack against:

-admin panel page

-websites login fields

-2-launching a phishing attack (against employees,random targets,specific person)

-3-password spraying attack

-4-get in to inside the company by searching for leaked info related to email addresses gathered,,,,,,,,,,,,,,,,,,,,,,etc

TIP:-114- why we should collect subdomains during penetration testing & REDTEAM operations:

-1- to expand your attack surface

-2-Some subdomains can indicate the type of server it is (vpn,mail,internal,test).

-3-Subdomains can provide information about where the target is hosting their servers.

-4-Many website owners may create subdomains to test new technology before applying it to the main site(beta.target.com). Such sites are insecure because they are used in the development stage and could be left open to attack.

-5-may the main domain is protected AND well secured but this should not necessarily applied be applied to the subdomains

-6-you may discover a subdomain that have errors that may lead to vulnerabilities(leaking info,subdomain takeovers)

-7-discovering subdomains will lead to discover additional IPs ,you can port scan those subdomains and you may find some ports that should not opened that may lead to the vulnerabilities .

-8-,,,,,,,,,,,,,,,,,,,etc