OSINT tools
Last updated
Last updated
Ruby tool that spiders websites and generates wordlists for use in dictionary attacks.
(included in Kali)
Metadata search tool that can search, download and analyze all documents on a domain and provide a list of metadata
Metadata often includes users, directories, printers, emails, passwords, operating systems/software and servers
From the site: "Hunter lets you find professional email addresses in seconds and connect with the people that matter for your business."
Provides various functions including DNS information and technologies being used on a site.
Massive directory of OSINT tools arranged by function
Lists all domains, email addresses, and URLs associated with a domain.
Module based framework for web information gathering
Run tool (Kali): recon-ng
Search available modules: marketplace search $keyword
Learn about available modules: marketplace info $modulename
Add a module: marketplace install module
Load module: modules load $modulename
Display required parameters: info
Configure options: options set $option
Execute module: run
Information from each module used is stored in a database
Exit module: back
Display information: show
Allows searching for computers and IoT devices
May reveal items that should be in scope but were not included by the client
Search by client name; devices outside the client's IP range are likely managed by third parties
Gathers emails, names, subdomains, IP addresses, and URLs from multiple search engines
Run with (Kali): Theharvester -d cisco.com -b google
-d: specifies the target domain
-b: specifies which data source to search
Regular lookup: whois somesite.com
Reverse lookup: whois $ipaddress
- a search engine for social media sites
- scans a user's Twitter feed and generates wordlists
- a script for generating username lists based on LinkedIn data