List of all Open Source Intelligence tools in single place. This is just a start-up Git, it will improve with the time and space given to the author ;)
Maltego Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.
Shodan Shodan is an acronym for Sentient Hyper Optimized Data Access Network. Unlike traditional search engines that crawl the website to display results, Shodan attempts to grab data from the ports. Developed by John Matherly, Shodan is available as a free version as well as a professional, paid version. The free version provides up to 50 results, beyond which one needs to procure the paid version. Creative usage of the Shodan OSINT tool helps find the vulnerable services in a Web server, which is a very important aspect of the vulnerability assessment phase. Various filters such as country, port, operating system and host names are available with this tool.
Metagoofil Metagoofil is a very powerful OSINT information gathering tool, developed by Edge Security. In essence, Metagoofil is used to extract metadata from the target. It supports various file types, including pdf, doc, xls and ppt. This open source intelligence tool can also be used to extract MAC addresses from these files, thus giving the attacker a fair idea of what kind of network hardware is being used at the target installation. In tandem with the instincts and intelligence of the attacker, Metagoofil can be used to guess type of operating system, network names, and so on. A brute force attack can then be performed, once enough information is garnered from the metadata of the files. With the metadata obtained through Metagoofil, it is possible to extract path information, which can be used to map the network. The results are displayed in HTML format.
GHDB Google happens to be the most powerful OSINT tool for a user to perform attacks, and forms the basis for GHDB – the Google Hacking DataBase. Using Google, an SQL injection on a random website can be performed within 0.2 Google seconds. Specially crafted words given as input to Google are named as dorks, or googledorks. These GHDB dorks can be used to reveal vulnerable servers on the Internet, to gather sensitive data, vulnerable files that are uploaded, sub-domains, and so on. Effective usage of GHDB can make the hacking process considerably easier. Exploit DB maintains a collection of googledorks under a section named GHDB.
FOCA The FOCA is a network infrastructure mapping tool that can be used for OSINT. It can analyze metadata from various files, including doc, pdf and ppt files. FOCA can also enumerate users, folders, emails, software used, operating system, and other useful information. Customization options are also available in this OSINT tool. For more juicy information and details about insecure methods, there is a crawl option provided. The metadata can be extracted from a single file or from multiple files. The FOCA is thus a great tool in the reconnaissance phase, to extract information from the metadata. FOCA is a fingerprinrint and information gathering tool for pentesters. It searchs for servers, domains, URLS and public documents and print out discoverd information in a network tree. It also searches for data leaks such as metadata, directory listing, unsecure HTTP methods, .listing or .DS_Store files, actived cache in DNS Serves, etc…"
EXIF data viewers Smartphones and digital cameras use a standard to specify formats for images and sounds that are recorded using them. This standard is called the exchangeable image file format (EXIF). Various EXIF data viewers are available. They provide details such as type of camera, focal length, type of lens, and so on. Most importantly, EXIF data viewers provide the geo location information that is stored for each image. In fact, by default, all smartphones have the GPS setting switched on. So, this can potentially leak the location where the image was taken. The accuracy is such that the latitude and longitude will be provided by the EXIF data viewer when extracting the EXIF data, thus leaking very private information.
Social Engineer Toolkit Social Engineer Toolkit is an open source tool to perform online social engineering attacks. The tool can be used for various attack scenarios including spear phishing and website attack vectors. Social Engineer Toolkit works in an integrated manner with Metasploit. It enables the execution of client-side attacks and seamless harvesting of credentials. With Social Engineer Toolkit, one can backdoor an executable and send it to the victim. It can automatically create fake login pages of a given website and spawn a server to listen to returning connections.
Cyberstalking tools for reconnaissance There are several websites and OSINT tools available online that can be used to find public information about a particular person. The PeekYou and Lullar websites enable gathering of information about a person that is available on various social networking sites. The Wayback Machine is a website that can be used to find previous versions of webpages, enabling one to see websites in their earlier avatars. These reconnaissance tools come in handy for cyberstalking or executing social engineering attacks. EDGAR, the electronic data gathering, analysis and retrieval system, is another website providing access to company information that might otherwise be difficult to obtain. Then there is YouGetSignal, providing OSINT tools to check for phone numbers, IP addresses, whois data, geo location, tracing, and so on.
PeekYou and Lullar The PeekYou and Lullar websites enable gathering of information about a person that is available on various social networking sites.
Wayback Machine The Wayback Machine is a website that can be used to find previous versions of webpages, enabling one to see websites in their earlier avatars.
EDGAR EDGAR, the electronic data gathering, analysis and retrieval system, is another website providing access to company information that might otherwise be difficult to obtain.
YouGetSignal YouGetSignal, providing OSINT tools to check for phone numbers, IP addresses, whois data, geo location, tracing, and so on
Passive Recon Mozilla Firefox has a lot of security add-ons in the form of plugins. One such powerful OSINT plugin is Passive Recon. As the name suggests, this tool does not query the domain directly. In fact it looks up all the public databases for gathering as much information as possible about the target. Passive Recon passively provides whois information, MX records, DNS information, and other useful data. Significantly, due to the passive nature of Passive Recon, the owner of the domain you are querying is not alerted.
RECON-NG A full-featured Web Reconnaissance framework written in Python. • Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion
Censys.io Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet. Driven by Internet-wide scanning, Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.
The harvester This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization. https://github.com/laramies/theHarvester
OSR framework OSR framework ▪ pip install osrframework ▪ Developed in python 2.7 ▪ Integrates with maltego transforms ▪ "https://github.com/i3visio/osrframework Link: https://pypi.python.org/pypi/osrframework/0.13.2"
SpiderFoot-modules SpiderFoot-modules ▪ Python 2.7 ▪ BeautifulSoup ▪ DNSPython ▪ Socks ▪ Socket ▪ SSL ▪ CherryPy ▪ M2MCrypto ▪ Netaddr ▪ pyPDF
FootPrinting tool - Orb Orb• • python-whois - Python module for retrieving WHOIS information • python-dnspython - DNS toolkit for Python • python-nmap - Python interface to the Nmap port scanner Link: https://github.com/epsylon/orb
InstaRecon • InstaRecon • • Dnspython,ipaddress • ipwhois,python-whois • requests,shodan Link: https://github.com/vergl4s/instarecon