OSINT Tools and Resources

Online sources that should be searched include:

• Government, financial, or other regulatory sites that provide information on mergers and acquisitions, names of key persons, and supporting data

• Usenet newsgroups, particularly postings from the target's employees looking for help with particular technologies

• LinkedIn, Jigsaw, and other websites that provide employee information

• Job search websites, especially ones for technical positions that provide a list of the technologies and services that must be supported by a successful applicant

• Historic or cached content, retrieved by search engines (cache:url in Google, or WayBack Machine at www.archive.org)

• Country- and language-specific social and business related sites (refer to http://searchenginecolossus.com)

• Sites that aggregate and compare results from multiple search engines, such as Zuula (www.zuula.com)

• Corporate and employee blogs, as well as personal blogs of key employees

• Social networks (LinkedIn, Facebook, and Twitter)

• Sites that provide lookups of DNS, route, and server information, especially, DNSstuff (www.dnsstuff.com), ServerSniff (www.serversniff.net), Netcraft (www.netcraft.com), and myIPneighbors.com

• Shodan (www.shodanHQ.com), sometimes referred to as the "hacker's Google"; Shodan lists Internet-accessible devices and allows the tester to search for devices with known vulnerabilities

• Password dumpsites (pastebin, search using site:pastebin.com "targetURL")

Websites

• OSINT Framework

• IntelTechiques OSINT Tool

• OSINT Tools for Intelligence - Molfar

• Creepy

• OSINT Tools

• https://epieos.com/