Section 1: Note Keeping Tools for OSINT
Effective note-keeping is the backbone of successful OSINT investigations. In this section, we will explore the tools used for note-keeping. Discover how these tools work, how can they help to organize the collected data in an efficient way which can be later used for analysis, and a lot more.
KeepNote: http://keepnote.org/
CherryTree: https://www.giuspen.com/cherrytree/
Joplin: https://joplinapp.org/
Notion: https://www.notion.so/
Greenshot: https://getgreenshot.org/
Flameshot: https://github.com/flameshot-org/flameshot
Section 2: Sock Puppets and Anonymity
Explore the concept of sock puppets and anonymity in online investigations. This is an Alternate Identity used for OSINT so that we do not draw attention to ourselves. These accounts on social media look legitimate and have some posts and data of their own that should not tie back to us and keep us anonymous from any kind of trackback.
Sock Puppets
Intro to Creating an Effective Sock Puppet: https://web.archive.org/web/20210125191016/https://jakecreps.com/2018/11/02/sock-puppets/The Art Of The Sock: https://www.secjuice.com/the-art-of-the-sock-osint-humint/
My Process for Setting up Anonymous Sock Puppet Accounts(reddit): https://www.reddit.com/r/OSINT/comments/dp70jr
Anonymity
Fake Name Generator: https://www.fakenamegenerator.com/This Person Does not Exist: https://www.thispersondoesnotexist.com/
Privacy.com 1: https://privacy.com/
Section 3: Search Engine and Image OSINT
Use different search engines like Google, Bing, Yandex, and DuckDuckGo for gathering information. Each search engine has its capabilities Yandex is better than Google in terms of image searching as I have used it and gives better results than Google. Also, TinEye works great for reverse image searching.
Search Engines
Google: https://www.google.com/Google Advanced Search: https://www.google.com/advanced_search
Bing: https://www.bing.com/
Bing Search Guide: https://www.bruceclay.com/blog/bing-google-advanced-search-operators/
DuckDuckGo: https://duckduckgo.com/
DuckDuckGo Search Guide: https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/
Image
Google Image Search: https://images.google.comYandex: https://yandex.com
TinEye: https://tineye.com
Section 4: Email, Password, and Username OSINT
Tools like Hunter.io 2, Dehashed, NameChk, and Email Hippo can be used for email and username investigation, along with password-checking resources. Some of them are paid services but they are worth it like Dehashed giving them a try can be very useful if you are investigating a large group of people and the company they work for.
Email
Hunter.io 2: https://hunter.io/Phonebook.cz: https://phonebook.cz/
VoilaNorbert: https://www.voilanorbert.com/
Email Hippo: https://tools.verifyemailaddress.io/
Email Checker: https://email-checker.net/validate
Clearbit Connect: https://chrome.google.com/webstore/...percha/pmnhcgfcafcnkbengdcanjablaabjplo?hl=en
Password
Dehashed: https://dehashed.com/WeLeakInfo: https://weleakinfo.io/
LeakCheck: https://leakcheck.io/
SnusBase: https://snusbase.com/
Scylla.sh: https://scylla.so/
HaveIBeenPwned: https://haveibeenpwned.com/
Username
NameChk: https://namechk.com/WhatsMyName: https://whatsmyname.app/
NameCheckup: https://namecheckup.com/
Section 5: People and Social Media OSINT
Social media is a goldmine of publicly available information. This focuses on harnessing data from various platforms like Twitter, Facebook, and LinkedIn, providing insights into individuals’ online presence. These resources allow investigators, researchers, and analysts to track digital footprints, behavioral patterns, and connections, forming a critical aspect of understanding an individual’s or entity’s digital identity and activities.
People OSINT
WhitePages: https://www.whitepages.com/TruePeopleSearch: https://www.truepeoplesearch.com/
FastPeopleSearch: https://www.fastpeoplesearch.com/
FastBackgroundCheck: https://www.fastbackgroundcheck.com/
WebMii: https://webmii.com/
PeekYou: https://peekyou.com/
411: https://www.411.com/
Spokeo: https://www.spokeo.com/
That’s Then: https://thatsthem.com/
Voter Records: https://www.voterrecords.com
TrueCaller: https://www.truecaller.com/
Social Media OSINT
Twitter Advanced Search: https://twitter.com/search-advancedSocial Bearing: https://socialbearing.com/
Twitonomy: https://www.twitonomy.com/
Tinfoleak: https://tinfoleak.com/
TweetDeck: https://tweetdeck.com/
IntelligenceX Facebook Search: https://intelx.io/tools?tab=facebook
Code of a Ninja: https://codeofaninja.com/tools/find-instagram-user-id/
InstaDP: https://instadp.io/
ImgInn: https://imginn.com/
Snapchat Maps: https://map.snapchat.com
Section 6: Website and Business OSINT
Here are some detailed resources like BuiltWith, Shodan, and OpenCorporates for investigating websites and businesses, along with their technological footprint. My personal favorites are BuiltWith, Shodan, Wayback Machine, also the Wappalyzer a chrome extension is also great you should give all of them a try!
Website OSINT
BuiltWith: https://builtwith.com/Domain Dossier: https://centralops.net/co/
DNSlytics: https://dnslytics.com/reverse-ip
SpyOnWeb: https://spyonweb.com/
Virus Total: https://www.virustotal.com/
Visual Ping: https://visualping.io/
View DNS: https://viewdns.info/
Pentest-Tools Subdomain Finder: https://pentest-tools.com/information-gathering/find-subdomains-of-domain#
Spyse: https://spyse.com/
crt.sh: https://crt.sh/
Shodan: https://shodan.io
Wayback Machine: https://web.archive.org/
Business OSINT
Open Corporates: https://opencorporates.com/AI HIT: https://www.aihitdata.com/
Section 7: Working with OSINT Tools
Finding more information about a website, business, etc. can be more useful so here are some tools like Subfinder, Amass, and httprobe, offering guidance on their usage for OSINT purposes which can save a lot of time, we can even run these tools simultaneously while we are investigating something else.
breach-parse: https://github.com/hmaverickadams/breach-parse
httprobe: https://github.com/tomnomnom/httprobe
Subfinder: https://github.com/projectdiscovery/subfinder
Assetfinder: https://github.com/tomnomnom/assetfinder
Amass: https://github.com/OWASP/Amass
GoWitness: https://github.com/sensepost/gowitness/wiki/Installation