OSINT CHEAT SHEET

OSINT CHEAT SHEET - List OSINT Tools

See Jieyab Wiki pages

Contains information about OSINT tips, OSINT branches and knowledge about intelligence

See Jieyab Gitbook

Contains information about OSINT tips, write up usage resouces and more tips about OSINT and OSINT branch

image

Contains a list of OSINT tools, OSINT tips, datasets, Maltego transform and others. There are free and paid tools you can use and owner is not responsible (take your own risks), only for knowledge or educational purposes. Apologies if some of the resources are no longer available or contain errors, as the owner does not regularly check the status of these resources, If there is new information, the owner will add it to this repo along with the category. If you want to read about techniques and intelligence some have already been added to the Wiki page Jieyaboo Wiki The owner will add them back. If there are any errors let us know thank you.

Tips & Trick Safe Guide Using Resources

  • Use virtual machine, fake host or docker machine

  • Use private network e.g vpn, tor, p2p

  • Use second account (not you real account)

  • Read ToS the resouces

  • Enable your firewall, AV and IDS on your host or machine

  • Strict your browser with the privacy extension disable js, ads and more

  • Dont upload your private files make sure you have clean personal file in folder

  • Scan the files will you download

  • Encrypt your network traffic, message and disk

  • Beware about attachments such as docx, xlsm or macro documents (Check macros don't immediately press enable, check properties file to do strict mode)

  • Beware about malicious script like programm lang always check will you run it

These Resources Are Recommend For

  • IT Security

  • CTF Player

  • Journalist

  • Investigator

  • Cyber Crime

  • Researcher & Annalist

  • Law Enforcer

  • General

Linux Distribution For OSINT

You can build it with VM or Live USB make sure you have sandbox machine

EXIF TOOL COMMAND

Exif tag name and data type

Artist string

Author string

Caption string

Categories string

Collections string

DateTime date

DPP lang-alt

EditStatus string

FixtureIdentifier string

Keywords string

Notes string

ObjectCycle string

OriginatingProgram string

Rating real

Rawrppused boolean

ReleaseDate string

ReleaseTime string

RPP lang-alt

Snapshots string

Tagged boolean

More : man exiftool (Run on your terminal)

Site :

Write metadata

  • exiftool -tagname="string" file

example : exiftool -Author="Bayu" test.txt

you can add multiple tag and multiple file

Delete metadata

  • exiftool -tagname="" file

example : exiftool -Author="" test.txt

Delete mass metadata

  • exiftool -all="" file

example : exiftool -all="" file

#Usage : man exiftool or read documentation exiftool.org

Not there are tag no writetable, make sure tagname can write

Automated tool by David Bombal

!Note

Use fresh file, if your file has been compressed or edit metadata you got a default metadata You can use xmp format for edit, write and delete metadata Check the documentation

SOCMINT

Collection Dataset

Forums & Sites

Site and forums OSINT community arround world

Meta Search

Code Search

*Pro Tips

Try search on forum like programmer forums, web framework forums, social media and other things. Use a google dork to easy way find information with site target

Competitive Programming

File & FTP

Social Media Search and Monitoring

Social Media Management and Content Discovery

Hastag & Keyword Analysis

Hastag and keyword analysis in search engine, social media or other platform (Text Intel)

Web Intelligence

*Tips web cache

Use this if google cache was gone (no index sites)

https[:]//www[.]google[.]com/search?q=cache:<url of interest>

Analysing URLs

Researching Cyber Threats

IoT Search Engines

IP Addresses

  • Whats my ip This tools can show your ip address isp provider

  • Ip 2 location This tools can show your ip address isp provider and geo location

  • unwiredlabs Dataset about IP around world

Wireless Network

SOC & Threat Hunting

Tips

You can find the file hash or other threat indicator

Automation Dorking

Github

Github Dork

Dorking

Dorking is a wonderful thing, you can use this technique to search for anything such as index of a website, looking for live online camera server and other specifics, as for dorking commands that you can do for example

  1. intitle: Search for specific titles

  2. inurl: Search for specific urls or paths

  3. intext: Search for specific words or contects

  4. filetype: Search for files

  5. site: Search from a specified target

  6. Wildcard or symbol * (star) Find all web pages, for example: seccodeid*

  7. Define:term Search for all things with specified terms, example define:seccodeid

  8. cache page Take a snapshot of an indexed page. Google uses this to find the right page for the query you're looking for. Website or target specifically

  9. allintext: Searches for specific text contained on a web page

  10. allinurl: Find various keywords in a URL

  11. allintitle: Restricts results to those containing all terms specified in a title

  12. link: List of web pages that have links to the specified URL

  13. (|) Pipe. This is a logical operator, | "tips" will show all the sites which contain either, or both words

  14. (+) Used to concatenate words, useful to detect pages that use more than one specific key

  15. (-) Minus operator avoids showing results that contain certain words, e.g. security -trails will show pages that use "security" in their text, but not those that have the word "trails"

Example

Dorking Other Search Engine

Bash Dorking Script

Example

  • Bash Dorking Script

Google Advanced Search Tools

Other Search Engines

Internet Archive

Data Breached OSINT

Crack Jurnals

Search Jurnals

Blogs Search Engine

*You can also use Google dork to search blogger profile

Tracking Website Changes

Company Reconnaissance Sites (Passive)

People Searching

Family People Search

Phone Numbers

Pro Tips

If you has found the person phone number you can check at data breach, e wallet, social media, email address (via reset password), getcontact, truecaller, ipqs, fraud checker and last trying to dork or search any info into social media too

Public Records

Finding Usernames

Social Networks

Google Queries for Facebook

Group Search: site:facebook.com inurl:group

Group Wall Posts Search: site:facebook.com inurl:wall

Pages Search: site:facebook.com inurl:pages

Public Profiles: allinurl: people 'name' site:facebook.com

Facebook Query Language (FQL)

Photos By - https://www.facebook.com/search/taget_id/photos-by

Photos Liked - https://www.facebook.com/search/taget_id/photos-liked

Photos Of - https://www.facebook.com/search/taget_id/photos-of

Comments - https://www.facebook.com/search/taget_id/photos-commented

Friends - https://www.facebook.com/search/taget_id/friends

Videos Tagged - https://www.facebook.com/search/taget_id/videos

Videos By - https://www.facebook.com/search/taget_id/videos-by

Videos Liked - https://www.facebook.com/search/taget_id/videos-liked

Videos Commented - https://www.facebook.com/search/taget_id/videos-commented

Events Attended - https://www.facebook.com/search/taget_id/events-joined

Relatives - https://www.facebook.com/search/taget_id/relatives

or you can use dork for spesific example

id site:facebook.com

page site: facebook.com

id site:facebook.com *

page site: facebook.com *

The Ultimate Facebook Investigation Tool

OnlyFans

OSINT Adult or Porn (18+)

Note is for investigator like search scandal, deepfake porn or blackmail and porn actress

Pro Tips

Searching for scandal or blackmail or deepfake porn doesn't have to be on the listed sites, there are many perpetrators uploading on several platforms You need to do massive scrapping to collect this information, but there are times when they do it on platforms such as telegram, X or adult sites, you can search using dork, regex and other things

Steam

Slack

Office365

Keybase

VK

Bluesky

Instagram

Thread

Microsoft OneDrive

Pinterest

Reddit

Youtube

Mastodon

Twitter

Twitter Search Engine

Snapchat

LinkedIn

Google queries for LinkedIn

Public Profiles: site:linkedin.com inurl:pub

Updated Profiles: site:linkedin.com inurl:updates

Company Profiles: site:linkedin.com inurl:companies

MySpace

Google queries for MySpace

Profiles: site: myspace.com inurl:profile

Blogs: site:myspace.com inurl:blogs

Videos: site:myspace.com inurl:vids

Jobs: site:myspace.com inurl:jobs

Videos: site:myspace.com 'TARGET NAME' 'videos'

Comments: site:myspace.com 'TARGET NAME' 'comments'

Friends: site:myspace.com 'TARGET NAME' 'friends'

Tiktok

Parler

Monitoring & Alerting

EXIF Analysis

Email Tracking

PGP or GPG Keybase

Shodan Query Options

https://pen-testing.sans.org/blog/2015/12/08/effective-shodan-searches

https://danielmiessler.com/study/shodan/#gs.VBVsyo0

Capturing Information

OSINT Online Tool

Telegram Tool

Search channel, username, bot and anymore

Telegram Tips

*Change the hash value, username, phone number on the endpoint or url's

Telegra OSINT

Document and Slides Search OSINT

Real-Time Search, Social Media Search, and General Social Media Tools

Image Search

Image Analysis

Stock Images

Video Search and Other Video Tools

Geospatial Research and Mapping Tools

Conveter tool

*This for you have data like .shp and .kml or geojson and want to viewer or convert with the spesific tool for you analsis or sciene and other

Geojson viewer

3D Map & Building

Guides

Nearby Map From Geospatial

Fact Checking

Guide

Server Information Gathering Also Web

CTF Analysis & Exploit

  • Cybercheff The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

  • dcode Awesome site for decode, encode, detect cipher and anymore

  • Bettercap Framework to perform MITM (Man in the Middle) attacks.

  • Yersinia A framework for layer 2 attacks

  • FeatherDuster An automated, modular cryptanalysis tool

  • Hash Extender A utility tool for performing hash length extension attacks

  • Hashcat Password cracking

  • DLLInjector Inject dlls in processes

  • Metasploit Penetration testing software and exploit

  • Pwntools CTF framework and exploit development library

  • ROPgadget Framework for ROP exploitation

  • Exiftool Read, write and edit file metadata

  • Malzilla Malware hunting tool

  • Zmap An open-source network scanner.

  • Nmap Net mapping and port scanner

  • Wireshark Analyze the network dumps

  • Apktool Android Decompiler

  • Ninja Binary Binary analysis framework

  • Binwalk Analyze, reverse engineer, and extract firmware images

  • GDB The GNU project debugger

  • GEF Advanced debugging capabilities for exploit devs & reverse engineers on Linux

  • IDA Most used Reversing software

  • PEDA Python Exploit Development Assistance for GDB

  • Radare2 UNIX-like reverse engineering framework and command-line toolset

  • Windbg Windows debugger distributed by Microsoft

  • Boomerang Decompile x86 binaries to C

  • Detox A Javascript malware analysis tool

  • SmartDeblur Restoration of defocused and blurred photos/images

  • HitPaw Enhance image, video and media quality with AI is free and paid

  • ImageMagick Tool for manipulating images

  • Exiv2 Image metadata manipulation tool

  • Stegbreak Launches brute-force dictionary attacks on JPG image

  • Steghide Hide data in various kind of images

  • Stegsolve Apply various steganography techniques to images

  • SearchSploit Command line search tool for Exploit-DB

  • Exploitalert List exploiting and vuln

  • Lollabs Windows exploiting

  • GtfoBins Linux exploiting

  • Hacktricks List exploit and vuln cheat sheet walkthrough

  • Payload all the things Example and payload injection

  • All about bug bounty Bypasses, payloads, Reconnaissance and etc

  • Bug Bounty Tips bug bounty reconnaissance

  • DnsSpy Desktop NET debugger and assembly editor

  • regex101 Tips for Regex

  • Search CTF Writeups Find and explore CTF solutions and writeups 35,000+ writeups

  • ippsec - WU CTF List write up CTF mostly HTB

Zero Day

Cryptocurrency Investigation

Crypto Market & Analysis

Transaction Analysis

Guide

Cell Investigation

Pro Tips

If you has found the person phone number you can check at data breach, e wallet, social media, email address (via reset password), getcontact, truecaller, ipqs, fraud checker and last trying to dork or search any info into social media too

IMEI Investigation

Chat Apps Investigation

WhatsApp

Telegram

Build Sockpuppet Accounts

Build your sockpuppet account and proctect your privacy

Build your own deepfake

*Generate your deepfake (is taking longer time, need high gpu)

Virtual Camera or Camera Replacement

FakeGPS Location

Social Network and blogging

  • Wordpress

  • Blogger

  • Medium

  • Facebook

  • Instagram

  • Linkedin

  • Rocket Reach

  • Etc

Enhance Image Quality

Locations Data Mapping

Discord Server Search

Darkweb Search Engines

Darkweb Intelligence

Guide

Digital Forensics

*Pro Tips

You can analysis of hash, header, signature, evtx, ip, byte, file format, memory dumping, network, system process, start up apps, background apps

Write Your Investigation

Securing Your Privacy

Payment

Password Manager

Guide for Surveillance

Fraud Checker

Content Removal & Strict Media Content

Search people missing and abuse, strict content, removing, takedown and minimize your data on the internet

*NB : Please read carefully and check the ToS or privacy statment. Its taking to long, you need to patiently. For this point, your data is not guaranteed to be lost 100% on the internet, but this is to minimize the spread of your data and data breaches

Vehicle OSINT

VIN Checker

Public Transport

Aircraft Tracking

Ship Tracking & Maritim

Railways

GPT OSINT (AI)

Hardware and server

LLM Interface

Knowledge AI and ML

OSINT for Red Team

  • PayloadsAllThePDFs A list of crafted malicious PDF files to test the security of PDF readers and tools

  • resourcehacker Decompiler tools and change the icon logo for application

  • php exeoutput make your php script to executable file. php compiler for windows

  • python pyinstaller make your python script to executable file

  • python py2exe make your python script to executable file

  • 0day View 0day exploit list

  • cvexploits CVExploits Search comprehensive database for CVE exploits from across the internet.

  • rustcat Rustcat(rcat) - The modern Port listener and Reverse shell

  • criminalip Search information like ip, iot and other things

  • SearchSploit Command line search tool for Exploit-DB

  • Apk mirror Sites that provide downloads apk and version

  • apkpure Sites that provide downloads apk and version

  • pylingual PyLingual Python Decompiler

  • Phishious Secure Email Gateway (SEG) for phishing email header (escape detection)

  • Operative framework investigation OSINT framework, you can interact with multiple targets

  • Mod Login Credentials reuse

  • Cr3dOv3r Credential reuse

  • Crackmapexec Password Spray

  • Datasploit OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc

  • CloudFail DNS and old database records to find hidden IP's behind the CloudFlare network

  • cloudgazer Find Real IPs hidden behind Cloudflare with Criminal IP(criminalip.io), security OSINT Tool

  • Rustcan Port scanner

  • NMAP Port scanner

  • Getrails Dork hacking that work with Google, Duckduckgo and Torch

  • OWASP Maryam open-source framework based on OSINT and data gathering

  • Metabigor Intelligence tool, its goal is to do OSINT tasks and more but without any API key

  • OSINT BBOT A recursive internet scanner for hackers.

  • Spiderfoot A Scrapping web tool

  • Zeus-Scanner A web scanner

  • Zenrows Bypassing captcha and WAF

  • Scrapfly Bypassing captcha and WAF

  • capsolver Bypassing captcha and WAF

  • 2captcha Bypassing captcha and WAF

  • Puppeter For web scrapper and info gath

  • MOBSF Mobile Pentest Tool

  • RMS - Mobile Pentest Mobile Pentest Tool

  • Mortar Mortar evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

  • APK Leaks Decompile APK and find the sensitive info

  • Web copilot An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters

  • Nuclei template js template Nuclei template. Extract Data From JS ffile e.g key, endpoint, etc

  • Atlas Sql Tamper Suggester Open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code

  • Go Phish Gophish is a powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing.

  • Advanced SQL Injection A cheat sheet that contains advanced queries for SQL Injection of all types.

  • Payload all the things A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  • Hack Tricks The great sites for pentesting and recon cheat sheet

  • GAP-Burp-Extension Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist

  • Cloundflare Reconnaissance Real IP address for Cloudflare Bypass

  • Cloudmare Cloudflare, Sucuri, Incapsula real IP tracker.

  • emkei Free online fake mailer with attachments spoof email

  • GraphSpy Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

  • revshells Reverse Shell Generator

  • enum4linux Linux alternative to enum.exe for enumerating data from Windows and Samba hosts

  • vulmap Vulmap - Web vulnerability scanning and verification tools

  • HPING Hping network tool

  • AlliN A flexible scanner

  • KUNYU Kunyu, more efficient corporate asset collection

  • jwt tool A toolkit for testing, tweaking and cracking JSON Web Tokens

  • Jawir A toolkit for testing, tweaking and cracking JSON Web Tokens

  • jwt-secrets-list possible to help developers and DevOpses identify it by traffic analysis at the Wallarm NGWAF level

  • aparoid Static and dynamic Android application security analysis

  • sploitus Awesome exploit list like Exploit DB

  • thehacker recipe Awesome pentesting checklist and cheat

  • OPSEC Collection of OPSEC Tradecraft and TTPs for Red Team Operations

  • CSAF CSLAB Cyber Security Awareness Framework (CSAF)

  • hakoriginfinder Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

  • gmapsapiscanner Used for determining whether a leaked/found Google Maps API Key is vulnerable to unauthorized access by other applications or not

  • jsluice Extract URLs, paths, secrets, and other interesting bits from JavaScript

  • DisableFlagSecure Disable FLAG_SECURE on all windows, enabling screenshots in apps that normally wouldn't allow it, and disabling screenshot detection on Android 14+

  • trufflehog Find leaked credentials and Find and verify secrets

  • SecretFinder SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

  • uproot-JS Extract JavaScript files from burp suite project with ease

  • JS beautify vscode extension Beautify javascript, JSON, CSS, Sass, and HTML in Visual Studio Code

  • Bug bounty hunter javascript reccon Awesome trick and tips reccon web assets

  • Javascript reccon This is a simple guide to perform javascript recon in the bugbounty

  • Nuclei OSINT Templates Awesome list nuclei template for OSINT and reccon from web pages

  • Official Nuclei Templates List official nuclei templates available for pentesting

  • XRAY A powerful security assessment tool

  • aquasecurity vuln list Collect vulnerability information and save it in parsable format automatically

  • trivy Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

  • grype A vulnerability scanner for container images and filesystems

  • aquasecurity Redhat vuln list Red Hat security advisories

  • Vuls Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go

  • OneForAll Awesome web reccon and subdomain, DNS reccon

  • Can I Take Over xyz A list of services and how to claim (sub)domains with dangling DNS records

  • Can I Take Over DNS A list of DNS providers and how to claim (sub)domains via missing hosted zones

  • DevsecOps Secure Code Resource for developers, security professionals, and operations teams who want to learn about the world of DevSecOps

  • dwisiswant0 Nuceli Template Dir Awesome list and easy for search nuclei templates

  • dwisiswant0 CF-CHECK CloudFlare Checker written in Go

  • HTTP Docs Awesome guides protocol for transmitting hypermedia documents for pentester and developer

  • Devoper Mozila Awesome resouces guides protocol for transmitting hypermedia documents for pentester and developer

  • List Red Team Tool Cheat Sheet List cheat sheet for red team tools

  • Red Team Notes Good notes for red team

  • OSCP NOTES Awesome OSCP notes cheat sheet for your labs and exam or CTF

  • mytechnotalent Reverse-Engineering A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

  • Mobile Nuclei Template Nuclei template for static analysis mobile security assessments

  • Awesome Threat Intel A curated list of Awesome Threat Intelligence resources

  • Hacker Search Engine Awesome cheat for enumeration for pentester

  • tinyhack Awesome article and blog abaout hacking and android

  • compactbyte Awesome article and blog abaout hacking, reverse engineering and android

  • noxer About Noxer is a powerful Python script designed for automating Android penetration testing tasks within the Nox Player emulator.

  • Get-ReverseShell A solution to create obfuscated reverse shells for PowerShell.

  • OSCE 3 Guide Guide for OSCE 3 and OSEE (OSWE, OSEP, OSED, OSEE)

  • Enumerate IAM Enumerate the permissions associated with AWS credential set

  • Ired team Awesome list and notes for exploit, initial access and pentesting

  • Subt SubT is a tool to check if a subdomain is vulnerable to subdomain takeover. It uses subfinder to search for subdomains, dig to check CNAME, and curl to check status code

  • apk2url An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling

  • dogbolt Online decompiler

  • ezXSS ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting

  • grayhatwarfare Search AWS bucket

  • pivotnacci Pivot into the internal network by deploying HTTP agents

  • vulnshot Vulnerability Management From Nuclei CLI and tools for pentesting

  • Fierpa Lambda Android reverse engineering & automation framework

  • shellter a dynamic shellcode injection tool aka dynamic PE infector

  • Child Gatting Bypass android SSL pining with new PID

  • PentestingEverything Awesome checklist for bug bounties and other

  • busybox Escape from docker or container machine if you have get access the target like revshell but there is no apps or programm (binary) to run command

  • toybox Escape from docker or container machine if you have get access the target like revshell but there is no apps or programm (binary) to run command

  • frida Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers

  • Frida-Server Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers

  • codeshare Frida script Awesome list to help you mobile pentesting like root detection, function hooking and ssl pin bypass

  • Wireshark Viewing and dump protocol such as signal, http and other

  • greynoise Search CVE, IP

  • XSS Payload and Crafting Portswigger XSS payload list from Portswigger

  • SQL Injection Portswigger Cheat Sheet Sql Injection payload list from Portswigger

  • GitTools A repository with 3 tools for pwn'ing websites with .git repositories available

  • bytecodeviewer An advanced yet user friendly Java Reverse Engineering Suite

  • android-penetration-testing-cheat-sheet Android Penetration Testing Cheat Sheet

  • List of MIME types / Internet Media Types Awesome site for programming and hackers

  • mimetype Comprehensive list of all MIME types

  • zygisk-reflutter tool for reverse engineering Flutter-based applications for both rooted and non-rooted Android

  • httptoolkit Intercept, view & edit any HTTP traffic

  • LSPosed Android framework module best of mobile pentesting

  • kernelsu Rooted your android device

  • IOS Version Jailbreak Chart List table of IOS jailbreaking

  • ghidra cheat sheet Official Ghidra cheat sheet for shortcut

  • proxychains Securing your network and used for tunneling

  • loldrivers Open-source project that brings together vulnerable, malicious, and known malicious Windows drivers

  • pwnwiki Awesome cheat sheet and guide for hackers

  • lolapps Compendium of applications that can be used to carry out day-to-day exploitation

  • lolesxi Comprehensive list of binaries/scripts natively available in VMware ESXi that adversaries have utilised in their operations

  • lothardware Hardware is a resource collection that provides guidance on identifying and utilizing malicious hardware and malicious devices

  • boostsecurityio How development tools commonly used in CI/CD pipelines can be used to achieve arbitrary code execution

  • List of mime type List indicates the nature and format of a document, file, or assortment of bytes

  • subdosec vulnshot Awesome web based tool for subdomain enum

  • IOS Tweak Cydia Repo Updated Awesome tweak and package for pentesting IOS

  • beeceptor Create mock server, alternatife for burp collaborator

  • objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

  • Fiddler Uncover software bugs when HTTP communication is involved. The Fiddler set of tools helps you promptly identify errors to effectively fix them. Easily (like burp)

  • privacyspace For Android mobile pentest. This is an Xposed module. The function of this module is to "hide" the apps, which can achieve the "Second space" function of MIUI

  • Dopamine Dopamine is a semi-untethered jailbreak for iOS 15 and 16

  • SSL bypass check A comprehensive Frida script for bypassing root detection, SSL certificate pinning, and Frida detection mechanisms in Android applications.

  • PSPY Linux Enumeration host or monitor linux processes without root permissions

  • MT.CN Android to rebuild apk and modified apk

  • winmerge Compare android apk like rebuild or any things (like diff command)

  • GhidraMCP ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients

  • burpscan Automate unauthenticated web application security testing with Burp Suite

  • nowafpls Burp Plugin to Bypass WAFs through the insertion of Junk Data

  • caido Security testing tools intercepting request like burp

  • MobileApp-Pentest-Cheatsheet mapped OWASP Mobile Risk Top 10 for conducting pentest.

  • Facial Recognition Attack's - Checklist Awesome checklist for pentesting Liveness and mobile apps face verif

  • A guide AV Evasion A guide for bypass AV or evading AV technique

  • jadx-ai-mcp Plugin for JADX to integrate MCP server

  • TrickyStore This module is used for modifying the certificate chain generated for android key attestation

  • susfs4ksu-module An addon root hiding service for KernelSU

  • Powershell-Scripts-for-Hackers-and-Pentesters An List of my Powershell scripts, commands and Blogs for windows Red Teaming.

  • Sn1per Discover hidden assets and vulnerabilities in your environment pentesting toolkit

  • Pulse-MCP-Awesome list tool and guide List tools for information gathering network reconnaissance and more offensive security

  • kitploit A website contain IT Security news and how to exploit

  • cheatsheet - Offsec A awesome toos and tips and trick for red teamer

  • search public bucket Search public bucket like aws and other

  • Amazon cloud search google cse

  • Amazon cloud search google cse 2

  • Post Leak Search for sensitive data in Postman public library

  • cyscan A url web scanner to enumerate resouces and gather some information

  • investigator A dork command list to gather information like leak password and other things

  • attackerkb Search about exploit guide and payload

  • Kernel-PWN A cool stuff to learn about kernel exploit from basic - hard

  • Argus The Ultimate Information Gathering Toolkit

  • API Hudson rock Awesom API for find credential leak and find some initial access

  • coalitioninc Explore vulnerabilities, find their details and insights in a unified platform

  • censys A platform for reccon web or domain

  • IOS Pentesting Most usable tools for iOS penetration testing

  • Find Pasted Text Awesome search engine to search pasted text

  • leakradar Instant search across 2 B+ plain-text info-stealer credentials; email, domain, metadata queries, monitoring & API

  • subdomainradar All-in-one recon platform: 50+ data sources for subdomain discovery, port & vulnerability scans, screenshots, and API access

  • rootAVD Script to root AVDs running with QEMU Emulator from Android Studio

  • Magisk A module to hide su or root detection

  • Shamiko A module to hide su or root detection

  • KernelSU A Kernel based root solution for Android

  • KernelSU Next An advanced Kernel based root solution for Android

  • unlocktool A software tool for unlock ubl all brand mobile phone

  • ncunlock A software tool for unlock ubl mobile phone like xiaomi, oneplus and other (It doesn't always work, if it doesn't work you need to pay too)

  • CloakQuest3r Uncover the true IP address of websites safeguarded by Cloudflare & Others

Social Engineering (Social E)

Active Directory

Webshell Bypass

Post Exploitation

Credential Dumping

Credentials Leak

Password crack

  • hashcat A tool brute and crack password hash

  • john A tool brute and crack password hash

  • thc hydra A tool brute and crack password

  • CiLocks Crack Interface lockscreen, Metasploit and More Android/IOS Hacking

  • crackstation Awesome database password crack and identifier

  • Hashes Awesome database password crack and identifier

  • Hashes Escrow You can earn money or make a password crack request with community help (Pay)

  • Search that hash A tool brute and crack password hash

  • Medusa A tool brute and crack password hash

  • crackmapexec Automates gathering information, executing advanced password attacks, and performing post-exploitation activities like lateral movement.

  • mattw Hash identifier and hashcat mode cheat sheet

Wordlists for all

Pro Tips

You can make own wordlist within name, full name, dob, institution, pets name and give add numeric like 123, 1234 example admin123, admin1234 and other things be a creative or use a default password

Web fuzz wordlists

Generate wordlists

Generate subdomains and wordlists

Private Deployment

Generate subdomains and wordlists(offline)

Kali/Linux

Windows

Default Credentials

Local Enumeration

Privilage Escalation Cheat and check

  • Gfobins Awesome privilage escalation cheat and checklist

  • Lolbas Awesome privilage escalation cheat and checklist

  • Loonbins Awesome privilage escalation cheat and checklist

  • Mac OS privilage escalation Awesome privilage escalation cheat and checklist

  • PEASS NG Awesome automatic enum for privilage escalation cheat and checklist

  • PEAS NG Kali Linux Awesome automatic enum for privilage escalation cheat and checklist offc kali repo

  • wadcoms WADComs is an interactive cheat sheet, offensive security tools and their respective commands, to be used against Windows/AD environments

  • g0tmi1k linux priv esc Basic Linux Privilege Escalation

  • Windows Privilage Escalation Methods of escalating privilege on Windows-based machines and CTFs with examples

  • gtfoargs GTFOArgs is a curated list of Unix binaries that can be manipulated for argument injection, possibly resulting in security vulnerabilities

  • loobins Detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes

Hacking Playground

Awesome Burpsuite Extension

C2 & C4

Linux Distro Tool Lists

Hardware Pentesting

Lateral Movement & Pivoting

*Pro tips

If cannot connected with target check the port and the software version, you can change it

Audio OSINT

Audio enchange quality

Guide

OSINT Network

Detect a fake network, asn, ip geo, mobile carrier, whois ip, network traffic and VPN

Medical OSINT

OSINT Military

Simulator and Game

Tactical learn and some firearms knowledge

*Pro Tips

If you want to analyze the military for your research, you can learn about SALW, UXO, EO, Geopolitics, geospatial, signal intelligence, CSINT, security protocols on SALW, tools of war, geography, history, IT security and some programming and some research

OSINT Shadow Analysis

Analysis for IMINT and find the geolocation, azimuth and etc

Academic Search Tools

*Pro Tips

Check on category search jurnals

Web Directory

Torrent

SDR OSINT

API for OSINT

Resources and collection for your make tool OSINT

Data Visualization

Emoji Investigation

OSINT Branding & Verify

NEWS OSINT

Search News Journalist and Documentary Sites

Social Media Analytics

  • Facebook

  • Twitter

  • Instagram

  • Tiktok

  • Youtube

  • Quora

  • Linkedin

  • Reddit

  • Old forum

  • Local forum

Threat Actor & Criminal Search

Guides

OSINT for Politics and Geopolitics

OSINT politics and geopolitics, risk crisis

Terrorism & Radical

Maltego Transform List

OSINT Wildlife

OSINT Satellite

*Aditional Information coverage sat

Satellite
Resolution
Overpass Frequency

Planet Satellite

3 M

Daily

Sentinel-2 Satellite

10 M

Every 5 days

Landsat 8/9 Satellite

30 M

Every 16 days

Sentinel-3 Satellite

300 M

Daily

MODIS Satellite

250-1000 M

Daily

Google Maps Sat

15 - 30 CM

1 - 6 Year

Bing Maps

30 CM

1 - 3 Year

Apple Maps

15 - 30 CM

1 - 3 Year

Source: Bellingcat & GIJN

*TIPS

Understand every characteristic of satellites like, thermal satellites, enterprise satellites, live satellites. Each satellite has its own characteristics and there are some that are paid and produce good and fast resouces. And understand their uses, such as thermal satellites

  • Forest Fire Monitoring: Thermal satellites can detect heat from forest fires and monitor the extent and intensity of the fire.

  • Agriculture: Used to measure soil moisture and crop temperature to monitor agricultural conditions.

  • Climate Change Monitoring: Thermal satellites help in monitoring global temperature changes and climate phenomena such as El Niño.

  • Environmental Quality Monitoring: Observe ocean and land temperatures, which helps in monitoring environmental quality and ecosystem changes.

  • Natural Resource Mapping: Used to monitor surface temperatures and conditions, which is very useful in mapping geological, groundwater, and other natural resources.

Ex:

Ex Guides:

OSINT for Scraping and Data Collection

  • Zenrows Bypassing captcha and WAF

  • Scrapfly Bypassing captcha and WAF

  • capsolver Bypassing captcha and WAF

  • 2captcha Bypassing captcha and WAF

  • Puppeter For web scrapper and info gath

  • spiderfoot Automates OSINT for threat intelligence and mapping your attack surface.

  • TorBot Scrapping darkweb

  • TorCrawl Scrapping darkweb

  • Onioningestor Scrapping darkweb

  • selenium Web automation & site crawler

  • BeautifulSoup Open source and collaborative framework for extracting the data you need from websites.

  • BeautifulSoup Python library for pulling data out of HTML and XML files

  • scrapehero Web scarapper vendor

  • Google maps review scrapper Google maps review scrapper

  • Omkar List site for scrapper

  • torpy Python Tor client implementation of the Tor protocol. Torpy can be used to communicate with clearnet hosts or hidden services through the Tor Network

  • DARC Darkweb Crawler Project

  • browser-use A cool web browser for scarpping, automated mapping each element on web page

  • stagehand A cool web browser for scarpping, automated mapping each element on web page

  • playwright A powerful tool for testing and automating web browser interactions

  • G maps scrapper A tool for scrapping google maps data

  • Brave Search API Search data from brave search engine

  • anti-captcha Bypassing captcha and WAF

  • tailscale Possible to bypass WAF

OSINT IRC Chat

OSINT Historical

You can use for study academic literature, search book, people name, old archive and other

OSINT Art Collection

OSINT The Artists

OSINT Language

Slang Language

OSINT OPSEC

  • thgtoa The comprehensive guide for online anonymity and OpSec

  • HiddenVM HiddenVM — Use any desktop OS without leaving a trace.

  • OPSEC Roadmap The best DeFi, Blockchain and crypto-related OpSec researches and data terminals

  • OPSEC Guides Hardening tips and guide for OPSEC

  • BounceBack Stealth redirector for your red team operation security

  • OPSEC 101 A repository of advice and guides to share with friends and family who are concerned about their safety during online activities and the security of their devices

  • cqcore UK Find OSINT, OPSEC, Obfuscation, Privacy, Infosec & Digital Exposure Profiling educational material, with useful News, Blogs, Top Tips

  • Crypto OpSec SelfGuard RoadMap Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome.

  • Blockchain-dark-forest-selfguard-handbook Blockchain dark forest selfguard handbook. Master these, master the security of your cryptocurrency

  • Docker Build your docker image or virtual host

  • vmware Create your Virutal Machine or fake host. You can also make automated OS like scheduler to run service within anonymous network and etc for OPSEC

  • virtualbox Create your Virutal Machine or fake host. You can also make automated OS like scheduler to run service within anonymous network and etc for OPSEC

  • Google Cloud Create your own host or labs using Google cloud

  • Digital Ocean Create your own labs with high vga with rent digital ocean cloud

OSINT Journalism Project

Search Expert or Journalist

Guide Journalist

OSINT Detect Deepfake

OSINT Similarity (Plagiarism)

Check the similarity or plagiarism of the content and web apps or social media similarity

Text Analyzer

Audio Analyzer

Image and Vidio Analyzer

Website

Company

Social Media

Secure Code & Application

Linux Distribution Package Search

Fixing grub or recovery grub missing

Shortlink for OSINT

*Pro tips : You can use it with the social engineering and creating own tools

OSINT Jobs

IP CIDR Conveter

OSINT Data Broker List

This is list data broker, you can search or delete form data broker list on here

OSINT Software

This is for you searching software and searching alternative software

OSINT Barcode Reader

OSINT Measurement

Analyzing for MASINT e.g your image, vidio, building, maps, simulation, sat or sensor and other things (mapping location)

OSINT Financial (FININT)

OSINT Cryptography (Cipher)

Find the cipher and other conveter tools for decode

Other conveter

OSINT Game

Search person in game

OSINT Device for Device

Getting info for device and hardware info and emulator also emulator for pentesting mobile apps like Android

Smartphone & Devices (Check coverage)

IOS

Android

PC & Laptop

Device Name or Code Name

OSINT Cloud

Search file in cloud like Google drive and other

OSINT Property

Find the list and history about house property, price and etc

Custom CSE Search Engine (CSE)

OSINT Technique Tips

This is path for you learn OSINT

Browser List

Bookmark OSINT tools list

OSINT Astronomy

OSINT Playground

PreviousOSINT ResourcesNextHome