osint

NOTE: this section is just for my reference and majority of the links I use are saved as bookmarks in browser. If you'd like me to share it, send a DM.

OWASP/Amass amass enum -d DOMAIN

subdomains osint

aboul3la/Sublist3r ./sublist3r.py -d DOMAIN
tomnomnom/assetfinder assetfinder [--subs-only] DOMAIN
darkoperator/dnsrecon dnsrecon -t brt -d DOMAIN
samyoyo/Bluto
laramies/theHarvester

Check for active sub-domains: tomnomnom/httprobe

Screenshot tool: sensepost/gowitness

email osint:

Clearbit Connect Chrome Extension

search engine osint

Google Advanced Search

Search Operators: google-advanced-search-operators

# *: wildcard
site:*.DOMAIN.com
-<keywordToOmit>
intext:<> | inurl:<> | intitle:<>
filetype: <>
keyword1 AND|OR|* keyword2
"keyword1 keyword2"

Twitter

twintproject/twint

from:USER
to:USER
@USER
since:YYYY-MM-DD
until:YYYY-MM-DD
geocode:GEO-CODE,<NUMBER>km

leaks osint

Radial01/PwnyCorral python pwnycorral.py -h
hmaverickadams/breach-parse ./breach-parse.sh @DOMAIN OUT.txt "PATH-to-BreachCompilationData"
laramies/theHarvester

username osint

sherlock-project/sherlock python3 sherlock.py USERNAME

phone-number osint

sundowndev/phoneinfoga phoneinfoga serve -p 9090

Previousuntested tools Nextexploit.py

Last updated 4 years ago

hashtagsubdomains osint

hashtagemail osint:

hashtagsearch engine osint

hashtagSearch Operators: google-advanced-search-operatorsarrow-up-right

hashtagsocial networking osint

hashtagTwitter

hashtagleaks osint

hashtagusername osint

hashtagphone-number osint