- Open Source Intelligence (OSINT) investigations often involve using a variety of tools and techniques to collect and analyze publicly available information. Here are some popular OSINT tools and resources that can be useful for conducting investigations:
-
- Search Engines: Traditional search engines like Google, Bing, and Yahoo can be powerful tools for gathering information. Utilize advanced search operators to refine your searches.
- Social Media Platforms: Use platforms like Twitter, Facebook, Instagram, and LinkedIn to gather information, but remember to respect privacy settings and terms of service.
- Search Engine Operators: Google Dorks and other search engine operators help you conduct advanced and specific searches to find relevant data.
- Maltego: This tool allows you to visualize and link information across various data sources, helping to create a graphical representation of relationships and connections.
- TheHarvester: It’s a tool for gathering email addresses, subdomains, hosts, employee names, open ports, and banners from different public sources like search engines, PGP key servers, and more.
- Shodan: A search engine for Internet-connected devices. It can be used to discover servers, routers, and other devices that are exposed to the internet.
- Wayback Machine: The Internet Archive’s Wayback Machine allows you to view past versions of websites. This can be useful for tracking changes and historical data.
- DNS Lookup Tools: Tools like DNSDumpster and DNSlytics can help you gather information about domains, IP addresses, and DNS records.
- WHOIS Lookup: Tools like WHOIS and DomainTools allow you to find information about domain ownership and registration.
- Email Verification Tools: Tools like Hunter and Verify-Email.org can help you verify email addresses.
- Geospatial Tools: Services like Google Maps and Google Earth can provide geospatial information. GIS tools can also be helpful for mapping and geospatial analysis.
- Data Mining Tools: Tools like Import.io and ParseHub can help scrape data from websites.
- Digital Forensics Tools: Tools like Autopsy and Sleuth Kit are useful for analyzing digital artifacts and extracting information from devices.
- Social Media Analysis Tools: Tools like Hootsuite, Brandwatch, and Social Mention can help you monitor and analyze social media content and trends.
- Public Records Databases: Websites like PublicData.com and the National Archives can provide access to a wide range of public records.
- Dark Web Tools: Tools like Tor and OnionScan can be used to access and monitor the dark web. However, be cautious when navigating the dark web due to its potentially illegal or harmful content.
- Custom Scripts and Programming: Some investigators develop custom scripts or use programming languages like Python to automate data collection and analysis.
All Tools OSINT DeepFind
https://osint.rocks/
https://www.hudsonrock.com/threat-intelligence-cybercrime-toolsPhone Number Investigation
Facebook: https://ru-ru.facebook.com/login/identify/ Twitter: https://twitter.com/account/begin_password_reset Instagram: https://www.instagram.com/accounts/password/reset/ LinkedIn: https://www.linkedin.com/uas/request-password-reset Google: https://accounts.google.com/signin/v2/identifier MicroSoft: https://login.live.com/login.srf
… Several popular Telegram bots designed to check phone numbers against various leaks: https://avclick.me/v/AVinfoBot, https://gb.sbs/, https://t.me/QuickOSINT_Robot, https:// t.me/UniversalSearchBot.
Software for such geology is publicly available: Trape: https://github.com/boxug/trape.git TrackUrl: https://github.com/Mauladen/TrackUrl Seeker: https://github.com/thewhiteh4t/seeker.git IPlogger: https://iplogger.ru/location-tracker/
Search for business entities on the map by phone number can be done through the service https://yandex.ru/maps/. Find registered Russian companies by phone number — follow the link https://e-ecolog.ru/phone/+123456789.
Using Google Dorks to Verify a Phone Number. One of the easiest ways to check is to use the Google phonebook located at the link: “https://www.google.com/search?hl=en&pb=r&btnG=Search+PhoneBook&q=+123456789“. Other search options can be external services: https://demo.phoneinfoga.crvx.fr/#/ and https://intelx.io/tools?tab=telephone.
You can do this on the sites: https://audience.yandex.ru/ https://ads.google.com/ https://target.my.com/
These include such Western services as: Infotracer: https://infotracer.com/; Pipl: https://pipl.com/. Or Russian developments, for example, TelPoisk: https://интернет-розыск.рф/telpoisk
https://irbis.espysys.com/
Username Investigation
https://blackbird-osint.herokuapp.com/
https://whatsmyname.app/
https://www.social-searcher.com/
https://github.com/webbreacher/whatsmyname
https://t.me/osint_maigret_bot
https://github.com/soxoj/maigret
https://docs.google.com/spreadsheets/d/17f_O3qnKBDRJkIlpR2FEy4IugCpQS0m2tOMY0HK_qDc/edit?usp=sharing
http://www.likasoft.com/ru/document-search/
Email Investigation
https://epieos.com/ https://seon.io/ https://intelx.io/ https://haveibeenpwned.com/ Telegram channel Leak data email,number and ip https://leakcheck.io/ https://spycloud.com/check-your-exposure/ https://scatteredsecrets.com/ https://leakix.net/graph https://leaked.domains/Info/
Link: https://start.me/p/b5gEPe/email-osint
Telegram Investigation
Google Search
- Use a command site:t.me “search term” or site:telegram.me “search term” in the Google search bar. It brings results with the keyword in posts, hashtags, or links. Investigators can use all types of information as search terms, including names, emails, phones, social links, etc.
- Use a command “t.me/joinchat” “search term”. It helps to find links to Telegram chats on other websites and social media with a keyword related to a specific topic.
Online Tools, General Search
- Lyzem Search: the service finds information in channels, groups, bots, messages, and on Telegram’s blogging platform Telegraph
- Custom Google Search Tools (Telegago, Commentgram, Osint Me, here, here): the engines look for the keywords in contacts, public and private channels and groups, Telegraph, messages, and bots.
Channels and Groups Search
Channels:
Groups:
Both Sources:
Bots for Investigations:
- @BotoDetective: the bot allows to search for users using a phone number, name, social networks, email, password, or a photo
- @TgScanRobot:the bot shows basic profile details and groups that a user is a member of
- @username_to_id_bot: the bot helps to find IDs of users, groups, or channels
- @userinfobot: this bot shows basic user’s info
- @creationdatebot: this one shows a creation date of any account in Telegram
Investigators need to create an account to view non-public channels and groups. It’s recommended to use new SIM cards, VPNs, and if possible, new phones with no contacts on them. Telegram has many privacy settings that are needed to be enabled for any research.
Company Investigation
https://techjournalism.medium.com/osint-checklist-for-company-investigations-86c3752c095dMilitary Intelligence Blog by Igor
https://medium.com/@ibederov_en/military-intelligence-using-osint-methods-4aae1df2d812Google Dorks
Name: “<XXX XXX>” (☎ OR ☏ OR ✆ OR 📱)"username*com"Number: https://www.google.com/search?hl=en&pb=r&btnG=Search+PhoneBook&q=+91XXXXXX To find people within GitHub code:
site:http://github.com/orgs/*/people online resumes of a person:
inurl:resume “john smith” intext:resume “john smith”
people with a specific job title and location: site:http://linkedin.com/in "<job title>" (☎ OR ☏ OR ✆ OR 📱) +"<location>"
Trello site:http://trello.com password + admin OR username specific documents within a website or domain namesite: <domain> filetype:PDF Instead of ‘filetype:’ you can also use the abbreviation for extention, which is: ‘ext:’XLS files within government websites:
filetype:xls site:.gov
filetype:"xls | xlsx | doc | docx | txt | pdf" site:.gov
filetype:"doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml"Indexed documents that contain the phrase ‘confidential’ or ‘top secret’ within open Amazon S3 buckets:
site:http://s3.amazonaws.com confidential OR "top secret"confidential login information within XLS files:
s3 site:http://amazonaws.com filetype:xls password copies of databases via Google
ext:sql intext:”– phpMyAdmin SQL Dump”
Social Media Tweet was shared on other media"text of a tweet" -site:https://twitter.comsearch messages and/or links for a specific username
@dutch_osintguy -site:twitter.com/dutch_osintguy Important Operators cache:<keyword> inurl:<keyword> allinurl:<keyword> site:<keyword> intitle:<keyword> allintitle :<keyword> intext:<keyword> allintext:<keyword> filetype: <keyword>
Find files under a domain name:
<keyword> site:<website.com> filetype: pdf,xlsx,docx
Find all indexed pages for a specific domain:
site:<website.com>
Find subdomains for a specific domain:
site:<*.website.com> -www
Finding non HTTPS web pages:
site:<website.com> -inurl:https
Social Media
Find social profiles or searching for a keyword from multiple websites at once:
<keyword> (site:facebook.com | site:twitter.com | site:linkedin.com)
Find open webcams
intitle:"webcamXP" inurl:8080
Find plain text passwords on Pastebin:
site:pastebin.com "@gmail.com password"
To find admin passwords:
site:pastebin.com "admin password"
Find vulnerability reports from multiple tools:
intitle:"report" ("qualys" | "acunetix" | "nessus" | "netsparker" | "nmap") filetype:html
Some other google dorks that you can use to find information about yourself or your website are:
- <your_name> filetype:pdf
- <your_name> intext:<phone_number> |<email> |<address>
- site:<your_website> filetype:”doc | xls | txt | pdf”
- ip:<your_servers_IP> filetype:”doc | xls | txt | pdf”