SBORRA TOOLS by mavic_pro
awesome list of stalking and osint tools
XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic.
HTTP Server, X-Powered-By and Location headers.
HTTP and HTTPS robots.txt disallowed entries.
HTTPS certificates chain ( with recursive subdomain grabbing from CN and Alt Names ).
HTML title tag.
DNS version.bind. and hostname.bind. records.
MySQL, SMTP, FTP, SSH, POP and IRC banners.
https://github.com/evilsocket/xray
Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps.
https://github.com/ilektrojohn/creepy
Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to social engineer, use the Social-Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng! https://github.com/lanmaster53/recon-ng
Snitch is a tool which automate information gathering process for specified domain. Using build-in dork categories, this tool helps gather specified informations domain which can be found using web search engines. It can be quite useful in early phases of pentest.
https://github.com/Smaash/snitch
DATASPLOIT
Performs OSINT on a domain / email / username / phone and find out information from different sources. Correlate and collaborate the results, show them in a consolidated manner.
Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. related to the target.
Use specific script / launch automated OSINT for consolidated data.
Performs Active Scans on collected data.
Generates HTML, JSON reports along with text files.
https://github.com/DataSploit/datasploit
GEOTWEET
##Social engineering tool for human hacking Another way to use Twitter and instagram. Geotweet is an osint application that allows you to track tweets and instagram and trace geographical locations and then export to google maps. Allows you to search on tags, world zones and user (info and timeline)
https://github.com/Pinperepette/Geotweet_GUI
SHERLOCK
Find usernames across social networks https://github.com/sherlock-project/sherlock
Photon can extract the following data while crawling:
URLs (in-scope & out-of-scope)
URLs with parameters (example.com/gallery.php?id=2)
Intel (emails, social media accounts, amazon buckets etc.)
Files (pdf, png, xml etc.)
Secret keys (auth/API keys & hashes)
JavaScript files & Endpoints present in them
Strings matching custom regex pattern Subdomains & DNS related data https://github.com/s0md3v/Photon
Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowlege, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.
https://github.com/jofpin/trape
TWINT
An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.
https://github.com/twintproject/twint
SpiderFoot is an open source intelligence (OSINT) automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, network subnet, ASN, e-mail address or person's name.
SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you.
https://github.com/smicallef/spiderfoot
tinfoleak is an open-source tool within the OSINT (Open Source Intelligence) and SOCMINT (Social Media Intelligence) disciplines, that automates the extraction of information on Twitter and facilitates subsequent analysis for the generation of intelligence. Taking a user identifier, geographic coordinates or keywords, tinfoleak analyzes the Twitter timeline to extract great volumes of data and show useful and structured information to the intelligence analyst.
https://github.com/vaguileradiaz/tinfoleak
Instaloader downloads public and private profiles, hashtags, user stories, feeds and saved media, downloads comments, geotags and captions of each post, automatically detects profile name changes and renames the target directory accordingly, allows fine-grained customization of filters and where to store downloaded media.
https://github.com/instaloader/instaloader
PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.
https://github.com/sundowndev/PhoneInfoga
GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets https://github.com/BishopFox/GitGot
Powerful and user-friendly password hunting tool.
Use h8mail to find passwords through different breach and reconnaissance services, or local breaches such as Troy Hunt's "Collection1" and the infamous "Breach Compilation" torrent.
https://github.com/khast3x/h8mail
Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source
(search engines, pgp key servers and shodan) and check if emails was leaked using haveibeenpwned.com API. Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.
https://github.com/m4ll0k/Infoga
linkedin2username Tool: Generate username lists from companies on LinkedIn https://github.com/initstring/linkedin2username
Twitter Intelligence OSINT project performs tracking and analysis of the Twitter
https://github.com/batuhaniskr/twitter-intelligence
Socialscan offers accurate and fast checks for email address and username usage on online platforms.
Given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms. Its speed also makes it suitable for bulk queries involving hundreds of usernames and email addresses.
https://github.com/iojw/socialscan
pwnedOrNot uses haveibeenpwned v3 api to test email accounts and tries to find the password in Pastebin Dumps.
https://github.com/thewhiteh4t/pwnedOrNot
KARMA Find leaked emails with your passwords.
https://github.com/decoxviii/karma
SMWYG
This tool allows you to perform OSINT and reconnaissance on an organisation or an individual. It allows one to search 1.4 Billion clear text credentials which was dumped as part of BreachCompilation leak. This database makes finding passwords faster and easier than ever before. https://github.com/Viralmaniar/SMWYG-Show-Me-What-You-Got
The Instagram OSINT Tool gets a range of information from an Instagram account that you normally wouldn't be able to get from just looking at their profile The information includes:
Username
Profile Name
URL
Followers
Following
Number of Posts
Bio
Profile Picture URL
Is Business Account?
Connected to a FB account?
External URL
Joined Recently? Business Category Name
Is private?
Is Verified?
Downloads Public Photos
https://github.com/sc1341/InstagramOSINT
LittleBrother est un outil de collectes d'informations (OSINT) qui vise à effectuer des recherches sur une personne française, suisse, luxembourgeoise ou belge. Il fournit divers modules qui permettent des recherches efficaces. LittleBrother ne requiert pas de clé API ni d'identifiant de connexion. https://github.com/lulz3xploit/LittleBrother.
Aleph is a tool for indexing large amounts of both documents (PDF, Word, HTML) and structured (CSV, XLS, SQL) data for easy browsing and search. It is built with investigative reporting as a primary use case. Aleph allows cross-referencing mentions of well-known entities (such as people and companies) against watchlists, e.g. from prior research or public datasets.
CARDPWN OSINT Tool to find Breached Credit Cards Information https://github.com/itsmehacker/CardPwn
ENDORSER An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills.
https://github.com/eth0izzle/the-endorser
WhatBreach is an OSINT tool that simplifies the task of discovering what breaches an email address has been discovered in. WhatBreach provides a simple and effective way to search either multiple, or a single email address and discover all known breaches that this email has been seen in. From there WhatBreach is capable of downloading the database if it is publicly available, downloading the pastes the email was seen in, or searching the domain of the email for further investigation https://github.com/Ekultek/WhatBreach
Goca is a FOCA fork written in Go, which is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages, and can be downloaded and analyzed with Goca.
It is capable of analyzing a wide variety of documents, with the most common being Microsoft Office, Open Office, or PDF files, although it also analyzes Adobe InDesign or SVG files, for instance.
https://github.com/gocaio/goca
PAGODO The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and applications on the Internet.
https://github.com/opsdisk/pagodo
FACEBOOK LOCATION
Retrieve someones private Facebook location, using their public information.
https://github.com/joren485/Facebook-Location-OSINT
geOSINT is a script that searches for geotagged photos on social media and plots them on a map. This can be used to perform OSINT on a physical location. If an image is found, a red marker is placed on the map. By clicking on this marker you can view the identified image.
https://github.com/coldfusion39/geOSINT
INSTAGRAM LOCATION https://github.com/PaulSec/API-InstagramLocation
email2phonenumber
This tool helps automate discovering someone's phone number by abusing password reset design weaknesses and publicly available data. It supports 3 main functions: • "scrape" - scrapes websites for phone number digits by initiating password reset using the target's email address • "generate" - creates a list of valid phone numbers based on the country's Phone Numbering Plan publicly available information • "bruteforce" - iterates over a list of phone numbers and initiates password reset on different websites to obtain associated masked emails and correlate it to the victim's one https://github.com/martinvigo/email2phonenumber
UserRecon v1.0
Find usernames across over 75 social networks This is useful if you are running an investigation to determine the usage of the same username on different social networks. https://github.com/thelinuxchoice/userrecon
Buster is an advanced OSINT tool used to: • Get social accounts of an email using multiple sources(gravatar,about.me,myspace,skype,github,linkedin,previous breaches) • Get links to where the email was found using google,twitter,darksearch and paste sites • Get breaches of an email • Get domains registered with an email (reverse whois) • Generate possible emails and usernames of a person • Find the email of a social media account • Find emails from a username • Find the work email of a person https://github.com/sham00n/buster socialscan offers accurate and fast checks for email address and username usage on online platforms. Given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms. Its speed also makes it suitable for bulk queries involving hundreds of usernames and email addresses. https://github.com/iojw/socialscan
reddit-fetch
A simple program to fetch the top level comments of a reddit post Useful when you have threads like, • What are some of best resources that helped you with python? • What's your favorite album? This then gives the list of just the names of everything that you can save. https://github.com/nobodyme/reddit-fetch
Scavenger
Just the code of my OSINT bot searching for sensitive data leaks on different paste sites. Search terms: • credentials • private RSA keys • Wordpress configuration files • MySQL connect strings • onion links • links to files hosted inside the onion network (PDF, DOC, DOCX, XLS, XLSX) https://github.com/rndinfosecguy/Scavenger
BaseQuery V1.5
I tuoi dati privati vengono scambiati e venduti su Internet mentre parliamo. Ogni giorno escono tonnellate di perdite che possono farti sentire impotente. Quasi tutte le password e altre informazioni sensibili sono state postate da qualche parte su Internet / Darknet per consentire a tutti gli occhi indiscreti di vedere, che ti piaccia o no. Haveibeenpwned è una risorsa per te per restringere in quali violazioni sono state esposte le tue informazioni. Questo è un ottimo inizio ma cosa succede se vuoi sapere esattamente a quali informazioni delle altre tue persone hanno accesso? BaseQuery è un programma tutto in uno che semplifica l'importazione e la ricerca attraverso migliaia di violazioni dei dati. Puoi trovare tutte le violazioni in cui sei stato esposto, in luoghi come RaidForums.com o D Database.today, importali in BaseQuery e cerca istantaneamente qualsiasi informazione relativa a te. https://github.com/g666gle/BaseQuery
PwnBin is a webcrawler which searches public pastebins for specified keywords. All pastes are then returned after sending completion signal ctrl+c. https://github.com/kahunalu/pwnbin
PasteHunter is a python3 application that is designed to query a collection of sites that host publicly pasted data. For all the pastes it finds it scans the raw contents against a series of Yara rules looking for information that can be used by an organisation or a researcher. https://github.com/kevthehermit/PasteHunter/
Snooper OSINT Reddit user activity analyzer https://github.com/NicholasDollick/Snooper
POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. Designed to be a lightweight and portable GUI program (to be carried within USBs or investigation VMs), it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box accepts typical indicators (URL, IP, MD5) and gives users the ability to perform basic OSINT data mining tasks in an iterable manner. https://github.com/netevert/pockint
TorCrawl.py is a python script to crawl and extract (regular or onion) webpages through TOR network. https://github.com/MikeMeliz/TorCrawl.py linkedin2username
OSINT Tool: Generate username lists from companies on LinkedIn. https://github.com/initstring/linkedin2username
TORBOT
- Onion Crawler (.onion).(Completed)
- Returns Page title and address with a short description about the site.(Partially Completed)
- Save links to database.(PR to be reviewed)
- Get emails from site.(Completed)
- Save crawl info to JSON file.(Completed)
- Crawl custom domains.(Completed)
- Check if the link is live.(Completed)
- Built-in Updater.(Completed)
- TorBot GUI(see branch front_end)
- Social Media integration.(not Started) ...(will be updated) https://github.com/DedSecInside/TorBot
ODIN aims to automate the basic recon tasks used by red teams to discover and collect data on network assets, including domains, IP addresses, and internet-facing systems. The key feature of ODIN is the data management and reporting. The data is organized in a database and then, optionally, that database can be converted into an HTML report or a Neo4j graph database for visualizing the data. https://github.com/chrismaddalena/ODIN
R3con1z3r is a lightweight Web information gathering tool with an intuitive features written in python. it provides a powerful environment in which open source intelligence (OSINT) web-based footprinting can be conducted quickly and thoroughly. Footprinting is the first phase of ethical hacking, its the collection of every possible information regarding the target. R3con1z3r is a passive reconnaissance tool with built-in functionalities which includes: HTTP header flag, Traceroute, Whois Footprinting, DNS information, Site on same server, Nmap port scanner, Reverse Target and hyperlinks on a webpage. The tool, after being provided with necessary inputs generates an output in HTML format. https://github.com/abdulgaphy/r3con1z3r
Skiptracer utilizes some basic python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget. https://github.com/xillwillx/skiptracer
Pagodo: The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and applications on the Internet. https://github.com/opsdisk/pagodo
Face Recognition
Recognize and manipulate faces from Python or from the command line with the world's simplest face recognition library. https://github.com/ageitgey/face_recognition
SPRY
- Saves profile images and content from each profile found in the directory that you ran the command from.
- Puts all found data into a single PDF (username-report.pdf) in the directory that you ran the command from.
- Progress DOTS and nice COLOURS assuming your terminal supports it.
- Randomized pausing between lookups so you don't get blocked.
- Randomized list of +8500 User Agent strings in use by default (can override via -u arg).
- Proxy override via -p arg. https://github.com/jamesacampbell/spry
Facebook OSINT Collection and Analysis Tool Entro.py is a weekend project I made over a bet with a friend. It's designed to scrape Facebook chat statuses for active/last active time status, then output them to a (very basic) graph for an individual UID, resulting in a very accurate activity graph for a given user. Because Facebook leaks the last-active status for its chat users, you can get a fairly active picture of when someone is awake/asleep/at work, if they check Facebook at least a few times a day. https://github.com/andrew-vii/Entro.py
Swamp
An OSINT tool for discovering associated sites through Google Analytics Tracking IDs using a selection of APIs. https://github.com/jakecreps/swamp BridgeKeeper
Scrape employee names from search engine LinkedIn profiles. Convert employee names to a specified username format. https://github.com/0xZDH/BridgeKeeper
Spyse is a developer of complete DAAS (Data-As-A-Service) solutions for Internet security professionals, corporate and remote system administrators, SSL / TLS encryption certificate providers, data centers and business analysts. All Spyse online solutions are represented by thematic services that have a single platform for collecting, processing and aggregating information." spyse.com https://github.com/zeropwn/spyse.py
FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. https://github.com/thewhiteh4t/FinalRecon
OpenCorporatesCLI
The goal of this project is to easily locate information on businesses, in particular filing documents. This tool will search OpenCorporates to discover businesses with a matching name, then run a new search for each business found. The new search will pull all filing documents for the jurisdiction the business is registered in. https://github.com/skickar/OpenCorporatesCLI Fav-up
Lookups for real IP starting from the favicon icon and using Shodan. https://github.com/pielco11/fav-up
Scrummage is an OSINT tool that centralises your OSINT scans, leveraging powerful yet simple OSINT sites, drawing inspiration from the https://github.com/Netflix-Skunkworks/Scumblr project as well as the the OSINT framework, a high-level overview of a range of sites that can be used to search for a variety of things, which can be found at https://osintframework.com/ or https://github.com/lockfale/OSINTFramework. https://github.com/matamorphosis/Scrummage
DarkLight Core Engine
Core Engine for collecting onion domains and crawling from webpage based on Tor network https://github.com/bunseokbot/darklight SnapStory
A public SnapChat story downloader
https://github.com/sdushantha/SnapStory
Sowdust A Firefox extension for executing some Graph-like searches against Facebook https://github.com/sowdust/searchbook
Venemy works best when OSINT has been performed and you've identified the person's profile/username. From there, it's easy to extend the tool's functionality. While there is a search API endpoint, I would recommend confirming the profile manually before running anything. You can also use the brute-force module in the unauthenticated script if you know the person's name or username. https://github.com/mportatoes/venemy
Universal Reddit Scraper
Universal Reddit scraper using the Reddit API (PRAW). https://github.com/JosephLai241/Universal-Reddit-Scraper
OSINT Tool For Scraping Dark Websites https://github.com/itsmehacker/DarkScrape
OnionScan is a free and open source tool for investigating the Dark Web. For all the amazing technological innovations in the anonymity and privacy space, there is always a constant threat that has no effective technological patch https://github.com/s-rah/onionscan
OnionOFF An onion url inspector for inspecting deep web links https://github.com/k4m4/onioff
Photon can extract the following data while crawling: • URLs (in-scope & out-of-scope) • URLs with parameters (example.com/gallery.php?id=2) • Intel (emails, social media accounts, amazon buckets etc.) • Files (pdf, png, xml etc.) • Secret keys (auth/API keys & hashes) • JavaScript files & Endpoints present in them • Strings matching custom regex pattern • Subdomains & DNS related data https://github.com/s0md3v/Photon reddit-fetch
A simple program to fetch the top level comments of a reddit post https://github.com/nobodyme/reddit-fetch
ꓘamerka
The script creates a map of cameras, printers, tweets and photos based on your coordinates. Everything is clearly presented in form of interactive map with icons and popups. https://github.com/woj-ciech/kamerka
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. https://github.com/OWASP/Amass
Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. https://github.com/j3ssie/Osmedeus
Argos [BETA] - A simple method to manage targets
It's a very simple database tool based on tiny-db and very customiszable. https://github.com/Z33DD/Argos
ReconSpider ReconSpider is most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations and find out information from different sources.
https://github.com/bhavsec/reconspider
Omnibus An Omnibus is defined as a volume containing several novels or other items previously published separately and that is exactly what the InQuest Omnibus project intends to be for Open Source Intelligence collection, research, and artifact management.
By providing an easy to use interactive command line application, users are able to create sessions to investigate various artifacts such as IP addresses, domain names, email addresses, usernames, file hashes, Bitcoin addresses, and more as we continue to expand. https://github.com/InQuest/omnibus
Insta Small proof of concept to show how to retrieve exact location of photos from instagram. At instagram.com you can only see approximate location like country and city. This script gets latitude and longitude from photos and next checks this values with GeoPy. Additionaly can count all hashtags https://github.com/woj-ciech/OSINT/tree/master/insta
OWASP Maryam OWASP Maryam is an Open-source intelligence(OSINT) and Web-based Footprinting modular framework based on the Recon-ng and written in Python https://github.com/saeeddhqan/Maryam
Numspy 1.0 A python module for sending free sms as well as finding details of mobile number via website Way2sms https://github.com/bhattsameer/numspy
facebook_ID_finder It's just a short python code for extracting the Facebook ID of a target. Useful for OSINT investigations or other stuff. https://github.com/thisislola/facebook_ID_finder
sn0int sn0int (pronounced /snoɪnt/) is a semi-automatic OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. sn0int is enumerating attack surface by semi-automatically processing public information and mapping the results in a unified format for followup investigations. https://github.com/kpcyrd/sn0int
gOSINT gOSINT is a multiplatform OSINT Swiss army knife in Golang. https://github.com/Nhoya/gOSINT
OSweep
You know that if you wasted time gathering all the IOCs for that one alert manually, it would have taken you half of your shift to complete and you would've got pwned regardless.
The fix? OSweep™. https://github.com/ecstatic-nobel/OSweep
OSINT-Search Script in Python that applies OSINT techniques by searching public data using email addresses, phone numbers, domains, IP addresses or URLs. https://github.com/am0nt31r0/OSINT-Search
Mitaka Mitaka is a browser extension for OSINT search which can: •Extract & refang IoC from a selected block of text.. •Search / scan it on various engines. https://github.com/ninoseki/mitaka
contact.sh An OSINT tool to find contacts in order to report security vulnerabilities. https://github.com/EdOverflow/contact.sh
Harpoon CLI tool for open source and threat intelligence https://github.com/Te-k/harpoon
TekDefense-Automater Automater is a tool that I originally created to automate the OSINT analysis of IP addresses. It quickly grew and became a tool to do analysis of IP Addresses, URLs, and Hashes https://github.com/1aN0rmus/TekDefense-Automater
OSINT OPSEC TOOL The OSINT OPSEC Tool monitors multiple 21st Century OSINT sources real-time for keywords, then analyses the results, generates alerts, and maps trends of the data, finding all sorts of info people probably don't want others to see... https://github.com/AxelSeg/osint-opsec-tool
Gasmask All in one Information gathering tool – OSINT https://github.com/twelvesec/gasmask
Sputnik OSINT Sputnik is an extension to quickly and easily search IPs, Domains, File Hashes, and URLs using free Open Source Intelligence (OSINT) resources. https://github.com/mitchmoser/sputnik
Birdwatcher Birdwatcher is a data analysis and OSINT framework for Twitter. Birdwatcher supports creating multiple workspaces where arbitrary Twitter users can be added and their Tweets harvested through the Twitter API for offline storage and analysis. Birdwatcher comes with several modules which can be envoked to further enrich collected data or work with it, e.g. Retrieving user's Klout score, generating social graphs between users and weighted word clouds based on their Tweets. https://github.com/michenriksen/birdwatcher
OSINT Graphical Analyzer (YOGA) Your OSINT Graphical Analyzer (YOGA) is a project to help people understand different courses of action to take based upon the data they have. Have a username? Click on it and review the attached/connected nodes for possible actions. https://github.com/WebBreacher/yoga
Recon Cat A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. https://github.com/daudmalik06/ReconCat
Seeker Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Read more on thewhiteh4t's Blog . Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a link which we will forward to the target https://github.com/thewhiteh4t/seeker
Carbon14 OSINT tool for estimating when a web page was written https://github.com/Lazza/Carbon14