Exploit Notes

OSINT (Open Source Intelligence)

Last modified: 2023-03-02

Network OSINT Reconnaissance Web

Open-soruce intelligence is the collection and analysis of data gathered from open sources to produce actionable intelligence.


Comprehensive Tools

  • DeHashed

  • FOFA

    A search engine for the global cyberspace.

  • Have I Been Pwned

  • MetaDefender Cloud

    An advanced threat detection and prevention platform.

  • OSINT Tools

  • Shodan

    A search engine that lets users search for various types of servers connected to the internet using a variety of filters.

  • Spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    python3 sf.py -l

    Then access to in browser.

  • Threat Intelligence Platform

    Find detailed information about a host and its underlying infrastructure in seconds through the Threat Intelligence Platform web interface.

  • ViewDNS.info

    It provides Reverse IP Lookup, finds WHOIS records, so on. Checks other domains on the same IP.


  • Cisco Talos

    One of the largest commercial threat intelligence teams in the world.

  • NerdyData

    Get a list of websites that use certain source (HTML/Javascript source code e.g. Googla Analytics code).

  • Security Headers

    Scan websites.

  • urlscan.io

    URL and website scanner.

  • URLhaus

    A project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.

  • Wappalyzer

It identifies technologies on websites.

  • Wayback Machine

    It provides archived web pages.

    • Research Old Information

      1. robots.txt, sitemap.xml, and other interesting files.

      2. Directories

      3. URL parameters

      4. API keys

    • Useful Tools

      • Waybackurls

        Fetch all URLs that the Wayback Machine knows about for a domain.

IP Address

  • AbuseIPDB

    A project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.

  • Censys Search

    It provides information of specific IP addresses and domains.

  • Cloudflare Radar

    Up to date Internet trends and insight.

MAC Address

  • MAC Address Lookup

    It provides you information about any MAC Address of a networking card installed into your computer or any other device.


  • MalShare

    A community driven public malware repository that works to provide free access to malware samples and tooling to the infomation.

  • MalwareBazaar

    A project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.

Indicators of Compromise (IOCs)

  • ThreatFox

    A platform from abuse.ch with the goal of sharing indicators of compromise (IOCs) associated with malware with the infosec community, AV vendors and threat intelligence providers.


  • Feodo Tracker

    A project of abuse.ch with the goal of sharing botnet C&C servers associated with Dridex, Emotet (aka Heodo), TrickBot, QakBot (aka QuakBot / Qbot) and BazarLoader (aka BazarBackdoor).


  • Qualys

    This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.


    A project of abuse.ch with the goal of detecting malicious SSL connections, by identifying and blacklisting SSL certificates used by botnet C&C servers. In addition, SSLBL identifies JA3 fingerprints that helps you to detect & block malware botnet C&C communication on the TCP layer.

Email Address

Adversary Tactics


Tools by HDKS


Automatic web fuzzer.


Auto reconnaissance CLI.

Hash Cracker

Hash identifier.