Exploit Notes
Exploit Notes

Exploits related to Reconnaissance

Others

Email Analysis
Google Dorks
IMINT (Image Intelligence) and GEOINT (Geospatial Intelligence)
OSINT (Open Source Intelligence)
Person Investigation
Port Scan
Reconnaissance
Social Engineering
Subdomain Discovery

OSINT (Open Source Intelligence)

Last modified: 2023-03-02

Network OSINT Reconnaissance Web

Open-soruce intelligence is the collection and analysis of data gathered from open sources to produce actionable intelligence.

Frameworks


Comprehensive Tools

  • DeHashed

  • FOFA

    A search engine for the global cyberspace.

  • Have I Been Pwned

  • MetaDefender Cloud

    An advanced threat detection and prevention platform.

  • OSINT Tools

  • Shodan

    A search engine that lets users search for various types of servers connected to the internet using a variety of filters.

  • Spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    python3 sf.py -l 127.0.0.1:5001

    Then access to http://127.0.0.1:5001 in browser.

  • Threat Intelligence Platform

    Find detailed information about a host and its underlying infrastructure in seconds through the Threat Intelligence Platform web interface.

  • ViewDNS.info

    It provides Reverse IP Lookup, finds WHOIS records, so on. Checks other domains on the same IP.


Websites

  • Cisco Talos

    One of the largest commercial threat intelligence teams in the world.

  • NerdyData

    Get a list of websites that use certain source (HTML/Javascript source code e.g. Googla Analytics code).

  • Security Headers

    Scan websites.

  • urlscan.io

    URL and website scanner.

  • URLhaus

    A project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.

  • Wappalyzer

It identifies technologies on websites.

  • Wayback Machine

    It provides archived web pages.

    • Research Old Information

      1. robots.txt, sitemap.xml, and other interesting files.

      2. Directories

      3. URL parameters

      4. API keys

    • Useful Tools

      • Waybackurls

        Fetch all URLs that the Wayback Machine knows about for a domain.


IP Address

  • AbuseIPDB

    A project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.

  • Censys Search

    It provides information of specific IP addresses and domains.

  • Cloudflare Radar

    Up to date Internet trends and insight.


MAC Address

  • MAC Address Lookup

    It provides you information about any MAC Address of a networking card installed into your computer or any other device.


Malware

  • MalShare

    A community driven public malware repository that works to provide free access to malware samples and tooling to the infomation.

  • MalwareBazaar

    A project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.


Indicators of Compromise (IOCs)

  • ThreatFox

    A platform from abuse.ch with the goal of sharing indicators of compromise (IOCs) associated with malware with the infosec community, AV vendors and threat intelligence providers.


Botnet

  • Feodo Tracker

    A project of abuse.ch with the goal of sharing botnet C&C servers associated with Dridex, Emotet (aka Heodo), TrickBot, QakBot (aka QuakBot / Qbot) and BazarLoader (aka BazarBackdoor).


SSL

  • Qualys

    This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.

  • SSLBL

    A project of abuse.ch with the goal of detecting malicious SSL connections, by identifying and blacklisting SSL certificates used by botnet C&C servers. In addition, SSLBL identifies JA3 fingerprints that helps you to detect & block malware botnet C&C communication on the TCP layer.


Email Address


Adversary Tactics

MITRE

Twitter GitHub

Tools by HDKS

Fuzzagotchi

Automatic web fuzzer.

aut0rec0n

Auto reconnaissance CLI.

Hash Cracker

Hash identifier.