Blog Archives

Link

Here’s a list of online OSINT tools and more. Some require payment.
I promise to update this list. There are still many sites I want to test before adding.

Social Media

https://sovip.io/?pa=1 – SoVIP Snapchat Search – may include NSFW photos

https://www.social-searcher.com/ Social Searcher
https://www.social-searcher.com/google-social-search/ Google Social Search

https://roadtolarissa.com/javascript/reddit-comment-visualizer/ Reddit Comment History

Photo Forensics

https://pimeyes.com/en Pimeyes Reverse Image Search

https://fotoforensics.com/ Foto Forensics

https://tineye.com TinEye Reverse Image Search

Network/Domain/IP/Website information

https://shodan.io – Search IoT, servers, SCADA, Network Appliances, etc.

https://www.sans.org/posters/google-hacking-and-defense-cheat-sheet/ SANS Google Dorking Cheat Sheet

https://hackertarget.com/ HackerTarget’s various IP and Domain lookup tools.

https://urlscan.io/ enumerate websites, get screenshots, HTTP redirects, and behavior. Great for reverse engineering URLs in phishing attacks.

Podcast/Books/etc (mostly Michael Bazzell)

https://inteltechniques.com/podcast.html – Best OSINT Podcast IMO

https://unredactedmagazine.com/ – Unredacted Magazine

https://inteltechniques.com/book1.html – Open Source Intelligence Techniques 9th edition

Multiple Tools

https://inteltechniques.com/tools/index.html – IntelTechniques Search Tools

https://start.me/p/rxRbpo/ti – @paranoid_ch1ck’s tools on start.me

https://start.me/p/L1rEYQ/osint4all – OSINT4ALL on start.me

https://start.me/p/wMdQMQ/tools – Technisette’s Tools page on start.me

https://osintframework.com/ – OSINT Framework (not a start.me page)

Maps – Location – Addresses

https://www.mapchannels.com/ – Various map types. Includes Dual Map and quad map features.

https://www.arcgis.com/apps/mapviewer/index.html – arcgis – local governments use this system for public parcel maps. Consider Googling: (county) (state) GIS Parcel Map

Breach Databases

https://haveibeenpwned.com/ Have I Been Pwned? is always a good starting point in an investigation.

https://intelx.io – Intelligence X

https://rapidapi.com/rohan-patra/api/breachdirectory – BreachDirectory API

https://dehashed.com/ – Dehashed

https://www.peopledatalabs.com/ – People Data Labs – Personal and business data purchased from various sources

https://psbdmp.ws/ – PSBDMP – Pastebin Dumps

Misc.

https://buckets.grayhatwarfare.com/ – Public Buckets AWS, Azure, and more.

https://search.censys.io/ – Asset and attack surface search

https://gchq.github.io/CyberChef/ – CyberChef – aka The Cyber Swiss Army Knife. Decode/Encode different text and file formats, encryption, and more.