From 1bd66322764ceff479558f66cc28ca951252c9c4 Mon Sep 17 00:00:00 2001 From: Cyb_detective <66636466+cipher387@users.noreply.github.com> Date: Wed, 10 Nov 2021 20:36:00 +0300 Subject: [PATCH] Update README.md --- README.md | 86 +++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 74 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index cd80ac9..07b30f7 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@

Datasets

Passwords, emails, phone numbers

People search

+

Sock Puppets

NOOSINT tools

Tools collection

VirtualMachines/Linux distributions

@@ -133,6 +134,7 @@
Rzjets.net — user updated online database (census) of civilian jet and turbojet aircraft
Globe.adsbexchange.com — tracking flights on a map
Transtats.bts.gov — flight schedules and data on the actual departure/arrival times of flights in the U.S. for more than 30 years (!)) +
Legrooms for Google Flights — An extension that displays the size of the legroom between the seats next to the flight information. @@ -250,8 +252,7 @@
Pastvu.com — View historical photos taken at a particular location on a map.
Mapnificent — Choose a city on the world map, then select an address on the map and see what places you can get to by public transport in a certain time interval (range from 1 to 90 minutes)
Find Food Support — find places where you can get free food by address (USA) - - +
WhoDidIt — Click on an area on the OpenStreetMap to get a list of nicknames of users who have made changes on it (with dates). @@ -265,6 +266,7 @@

Twitter

+
Twitter account detector — A simple and fast Chrome extension that finds all Twitter accounts on a site.
Follower Wonk/Compare — this service allows you to find out how many followers two (or three) Twitter accounts have in common.
Tweepsmap Unfollows — displayed unsubscribed accounts (list for the one week available for free) @@ -303,7 +305,7 @@
Noxinluencer — youtube channels comparing
YouTube MetaData Viewer
YouTube comment Finder - +
Montage.meedan.com — Search #YouTube video by date (uploaded or recording) and by geolocation.
Github icon Slash Tags — tool for recommending YouTube tags and displaying related statistical data from search keyword(s)
YouTube playlist len — Find out the total time of all the videos in playlist
Anylizer.com — watch frame by frame YouTube and Vimeo) @@ -320,6 +322,7 @@

TikTok

+
Tiktok Timestamp — determines the time of publication of the video to the nearest second. Just copy the link.
TikStats — detailed statistics on the growth dynamics of subscribers, likes, and video views for the TikTok account @@ -440,6 +443,7 @@

Spotify

+
Zspotify — Spotify track downloader. Download mp3 by link or by keywords
Chosic.com — analyze the playlist on Spotiify, calculate the prevailing mood, genres, decades and favorite artists @@ -463,6 +467,7 @@

Instagram

+
Instagram Location Search — Get the names and links to all the locations on Instagram tied to specific geographic coordinates.
Inflact Instagram Search — Instagram profiles search tool with the ability to filter results by number of subscribers, number of posts, gender, categories (personal blog, artist, product/service etc.)
Terra — Collect information about twitter and Instagram accounts @@ -490,7 +495,9 @@
Github icon
Social Analyzer — tool for searching nickname profiles on more than 300 sites
Social Media Salary Calculator — for YouTube, TikTok, Instagram - +
FindMyBID — Toolkit for collecting data from social networks +
Social Analyzer — extension for Google Chrome that simplifies and speeds up daily monitoring of social networks. Create your own list of keywords and regularly check what's new and related to them. +
Khalil Shreateh Social Applications — More than 20 tools to extend the standard functionality of #Facebook, #TikTok, #Instagram, #Twitter (information gathering, random pickers for contests, content downloaders etc.) @@ -509,11 +516,13 @@
Github icon
Investigator Recon Tool — web based handy-#recon tool that uses different #GoogleDorking techniques and some open sources service to find juicy information about target websites. It helps you quickly check and gather information about the target domain name. +
find+ | Regex Find-in-Page Tool — extension for Chrome that helps you quickly find pieces of text on a web page that match a certain regular expression
Core SERP Vitals — adds a bit of information from CrUX API to the standard Google search results
WhatRuns — extension, which discover what runs a website: frameworks, Analytics Tools, Wordpress Plugins, Fonts.
BGPView — web-browsing tool and an API that lets you gather information about the current state and structure of the internet, including ASNs, IP addresses, IXs, BGP Downstream & Upstream Peers, and much more
Google Chrome webpage Regexp search +
Regex Checker — Search and highlight (in webpage): Emails, Phone numbers, Dates, Prices, Addresses
Redirect Detective — tool that allows you to do a full trace of a URL Redirect
Wheregoes.com — tool that allows you to do a full trace of a URL Redirect
Spyoffers.com — tool that allows you to do a full trace of a URL Redirect @@ -524,6 +533,7 @@
moarTLS Analyzer — addon which check all links on the webpage and show list of non-secure links.
MMHDAN — Calculate a fingerprint of a website (HTML, Favicon, Certificate in SHA1, SHA256, MD5, MMH3) and create the quick links to search it in IOT search engines
HypeStat Analyzer Plugin — Shows estimate daily website traffic, Alexa rank, average visit duration and used techhologies. +
Hackertarget — 14 tools for gathering information about domain using Hackerarget API (http://hackertarget.com)
Github icon
AnalyticsRelationships — command line #tool for to search for links between domains by Google Analytics ID
Webemailextractor.com — extract email's and phone numbers from the website or list of website @@ -540,6 +550,7 @@
Neilpatel backlinks analyzer — find out how many sites are linking to a certain web page
Github icon
Site Dorks +
Google (universal) Dork Builder — Quick create queries with advanced search operator for Google, Bing, Yandex etc. Copy dorks from Google Hacking Database. Save dorks in your own database
Github icon
0xdork — Very light and simple #Python tool for Google Dorking @@ -553,27 +564,46 @@

Domain/IP investigation

+
SubDomainsBrute — Very(!) fast and simple tool for subdomain bruteforce. It find 53 subdomains, scanned 31160 variations in 31 seconds.
@UniversalSearchBot — telegram bot finding information about email, russian phone number, domain or IP
Domain Investigation Toolbox — gather information about domain with 41 online tools from one page.
@iptools_robot — univsersal domain investigation Telegram bot
dorks.faisalahmed.me — online constructor of google dorks for searching "sensitive" wesite pages +
Raymond — Framework for gathering information about website
Pulsedive — A partially free website research tool. Collects detailed information about IP, whois, ssl, dns, ports, threats reports, geolocation, cookies, metadata (fb app id etc). Make screenshots and many others
Striker — Quick and simple tool for gathering information about domain (http headers, technologies, vulnerabilities etc).
SiteBroker — Domain investigation #python tool
DNSlytics — find out everything about a domain name, IP address or provider. Discover relations between them and see historical data +
FindMyAss (HostSpider) — Domain investigations toolkit +
Drishti — Nodejs toolkit for OSINT
passivedns.mnemonic.no — DNS history search by IP-adress or by domain name +
Fast Google Dorks Scan — Search the website for vulnerable pages and files with sensitive information using 45 types of Google Dorks. +
Turbolist3r — An improved and accelerated version of famous sublist3r. Looks for subdomains in 11 sources (see picture). It's possible to apply bruteforce (flag -b)
Gotanda — Google Chrome extension. 56 tools for domain, ip and url investigation in one
Ip Investigation Toolbox — type ip-adress once and gather information about it with 13 tools
ixss.warsong.pw — very old service for making XSS (Cross Site Scripting) faster and easier +
GoFindWhois — More than 180 online tool for domain investigaions in one. What's not to be found here: reverse whois, hosting history, cloudfare resolver, redirect check, reputation analyze. + +
Spyfu — tool to collect seo information about the domain, which provide a lot of data partly for free +
Cloudmare — Simple tool to find origin servers of websites protected by #Cloudflare, #Sucuri or #Incapsula with a misconfiguration DNS +
Lookyloo — Webapp allowing to scrape a website and then displays a tree of domains calling each other (redirects, frames, javascript, css, fonts, images etc)
Github icon
ReconFTW — tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Spyse.com — domain investigation toolbox
Github iconSpyse CLI — command line client for Spyse.com +
Domaintracker — webapp and mobile app, which helps you keep track of payment deadlines (expired dates) for domains (sends push notifications and notifications to email) +
Whois Domain Search Tool — A tool that allows you to query whois data for a site name in several domain zones at once. +
IP Neighbors — Find the hosting neighbors for a specific web site or hostname +
The Favicon Finder — Instantly finds the favicon and all .ico files on the site, and then generates links to download them quickly. +
SecretFinder — Tool for find sensitive data (apikeys, accesstoken,jwt,..) or search anything with #regexp on #javascript files
Github iconHostHunter — Tool to efficiently discover and extract hostnames providing a large set of target IP addresses. HostHunter utilises simple OSINT techniques to map IP addresses with virtual hostnames
Tor Whois +
Dnstwister — The anti-phishing domain name search engine and DNS monitoring service +
Dnstwist — Command line anti-phishing domain name search engine and DNS monitoring service +
CloudUnflare — Reconnaissance Real IP address for Cloudflare Bypass
Github icon
Ditto — Dsmall tool that accepts a domain name as input and generates all its variants for an homograph attack as output, checking which ones are available and which are already registered
RADB — Provides information collected from all the registries that form part of the Internet Routing Registry @@ -587,6 +617,7 @@
Github icon
Hussh — shell script for domain analyzing
Check any website to see in real time if it is blocked in China +
Ericom Page Risk Analysis — Get a detailed report with links to CSS, Javascript, Fonts, XHR, Images and domains web pages @@ -598,8 +629,8 @@
Expireddomains.net — lists of deleted and expired domains (last 7 days)
WhoisDS.com — database of domains registered in the last day
ptrarchive.com — search by 230 billion DNS records retrieved from 2008 to the present. - - +
PeeringDB — Freely available, user-maintained, database of networks, and the go-to location for interconnection data. +
IQWhois — Search whois data by address, city, name, surname, phonenumber @@ -634,6 +665,7 @@
Retire.js — GoogleChrome extension for scanning a web app for use of vulnerable JavaScript libraries
OpenLink Structured Data Sniffer — GoogleChrome extension which reveals structured metadata (Microdata, RDFa, JSON-LD, Turtle, etc.) embedded within HTML documents.
SIngle File — GoogleChrome, Firefox and MicrosoftEdge addon to save webpage in single html file +
Copy all links and image links to CSV or JSON — Download all links from current webpage in CSV (for open in #Excel) or JSON @@ -681,6 +713,10 @@
IQDB.org — reverse image search specially for anime art
pic.sogou.com — chinese reverse image search engine
Same Energy — reverse image search engine for finding beautiful art and photos in the same style as the original picture +
EveryPixel — Reverse image search engine. Search across 50 leading stock images agencies. It's possible to filter only free or only paid images. +
openi.nlm.nih.gov — Reverse image search engine for scientific and medical images +
BBC News Visual Search — Enter the name of the item and the service will show in which news stories and at what time interval it appeared +
Portrait Matcher — Upload a picture of a face and get three paintings that show similar people.
Image So Search — Qihoo 360 Reverse Images Search
Image Forensic (Ghiro Online) @@ -712,6 +748,7 @@
Cryptocurrency alerting — track spending and deposits in Bitcoin and Ethereum wallets
Learnmebitcoin.com — find transactions between two Bitcoin adresses
Coinwink.com — allows you to set up email notifications in case Bitcoin (or other #cryptocurrency) rate rises (falls) above (below) a certain value +
BlockCypher — Blockchain explorer for Bitcoin, Ethereum, Litecoin, DogeCoin, Dash. Getting into about address, transactions and block hashes, block number or wallet name. @@ -723,6 +760,7 @@

Telegram

+
Telegago — Telegram search engine
Commentgram CSE — search by Telegram comments
Github icon @@ -756,6 +794,8 @@
Code Repository Google CSE — Google CSE for search 15 code repository services
Libraries.io — search by 4 690 628 packages across 32 different package managers
The Scraper — Simple tool for scrapping emails and social media accounts from the website's source code. +
Complete Email Scraper — Paste the link to the site and the bot finds the sitemap. The bot then goes through all the links on the site looking for email addresses (strings contains @). +
Python Code Checker — quick find errors in code
Github icon
Github Search — collection of Github investigation command line tools. Explore users, employes, endpoints,surveys and grab the repos
Sploitus — exploit and hacker's tools search engine @@ -797,8 +837,10 @@
Filesearching — old FTP servers search engine with filter by top-level domain name and filetype
3DFindit — tool for searching 3D models by 3560 3D CAD (computer aided design) and BIM (Building Information Model) catalogs.
Filechef — tool for searching different type of files (videos, application, documents, audio, images) +
Find Who Events — Google CSE for finding events by location (keywords) in #Facebook, #Eventbrite, #Xing, #Meetup, #Groupon, #Ticketmaster, #Yepl, #VK, #Eventective, #Nextdoor
buckets.grayhatwarfare.com — Amazon Public Buckets Search
osint.sh/buckets — Azure Public Buckets Search +
Listennotes — Podcast Search Engine
Github icon
Google Dorks List
SDorker — Type the Google Dork and get the list of the pages, that came up with this query. @@ -806,6 +848,7 @@
SEQE.me — online #tool for constructing search queries using advanced search operators simultaneously for five search engines
Bright Local Search Result Checker — shows what #Google search results look like for a particular query around the world (by exact address)
thereisabotforthat.com — search by catalog of 5151 bots for 17 different apps and platforms +
Auto Searcher — One by one types words from a given list into the search bar of #Google, #Bing, or another search engine
Github icon
Google Unlocked — browser extension uncensor google search results
Iconfinder.com — Icons Search Engine @@ -834,6 +877,7 @@
Greynoise.io
fofa.so
Thingful.net +
TheLordEye — Tool that searches for devices directly connected to the internet with a user specified query. It returns results for webcams, traffic lights, routers, smart TVs etc @@ -888,6 +932,8 @@
Afrobarometer — huge database of the results of sociological surveys conducted in African countries over the last 20 years
Arabbarometer — database of the results of sociological surveys conducted in the Arab countries of Africa and the Middle East in 2007-2018
dataset.domainsproject.org — dataset of 616 millions domains (16GB!) +
Stevemorse.org — Searching the Social Security Death Index +
UK Census Online — Database of deaths, births, and marriages. From 1841 to the beginning of the 21st century. Only the first and last names can be searched. @@ -908,12 +954,14 @@
DaProfiler — Get emails, social medias, adresses of peoples using web scraping and google dorking
Spy — Just another very quick and simple account checker by username (210 sites in list).
Hunter.io — can link to an article to find its author and his email address - +
SingleHire — Tool for search contacts by full name, location and job title. Shows phones, emails, #Linkedin, #Facebook, #Twitter and other social media profile
Github icon
Mailcat — find existing email addresses by nickname in 22 providers, > 60 domains and > 100 aliases +
SovaWeb — web version of a famous Russian bot in Telegram for searching by email, nickname, IMSI, IMEI, MSISDN, BTS, IP, BSSID
Github icon
Profil3r — search for profiles in social networks by nickname
Github icon
Aliens eye — Find links to social media accounts in 70 websites by username +
Thorndyke — Checks the availability of a specified username on over 200 websites
Github icon
Holehe — check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function @@ -926,7 +974,11 @@
Numverify API — free api for global phone number lookup and validation
Cybernews RockYour2021 — check if your data has been leaked
Spycloud.com — check for a particular email in data leaks. Shows how many addresses registered on a particular house have been scrambled +
Gravatar check — Just enter email and see what the person's Gravatar avatar looks like. +
UserFinder — tool for finding profiles by username
Reference of default settings of different router models (IP, username, password) +
Many Passwords — Default passwords for IoT devices and for web applications (for ex. MySQL and PostgreSQL admin panels) +
PassHunt — Command line tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords @@ -935,14 +987,13 @@

People search

- - - +
GoFindWho People Search — More than 300 tools for gathering information about people in one. Search by name, username, phone, adress, company name.
That's them people search
Anywho — Search for people in #USA. Enter first and last name to get age, address, and part of phone number (free)
Usersearch.org — search people by nickname, phone or email
Ellis Island — online searchable database of 65 million arrivals to #NewYork between (late 19th and early 20th century).
recordsearch.naa.gov.au — National archives of #Australia +
SpyDialer — Free search contact information by phone number, name, address or email
Decoding Social Security Numbers in One Step
Inmate Database Search
Scamdigger.com — search in #scammers database by name, IP-adress, email or phone @@ -958,7 +1009,9 @@ - + +

Sock Puppets

+
Face Generator — Face Generator for creating #sockpuppets. Customize gender, age, head position, emotions, hair and skin color, makeup and glasses. @@ -971,8 +1024,14 @@
Webdext — An intelligent and quick web data extractor for #GoogleChrome. Support data extraction from web pages containing a list of objects such as product listing, news listing, search result, etc
Headlines.Sharethrough.com — analyzes headlines according to four indicators (strenghts, suggestions, engagement, impression) and gives a score from 1 to 100
Miteru — Experimental phishing kit detection tool. It collects phishy URLs from phishing info feeds and checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not +
Slideshare Downloader — A very simple and fast tool for downloading Slideshare presentations in PDF format (recommend to choose High quality at once)
Web history stat — detailed statistics of your browser history
@YTranslateBot — type text or resend messages to Telegram bot for translate it. +
Google Docs to Markdown online converter — just copy text to the site +
Talend API Tester Free Edition — tool that allows to quickly test requests to different APIs directly in the browser, send requests and inspect responses, validate API behavior +
Web--proxy — free web proxy +
RemindWhen — Simple app that reminds you on email if your favorite country opens for tourists from your country. +
Broken Link Checker — shows which links on the page are giving out errors. It helps to find sites that have been working recently but are no longer working.
Binvis — lets you visually dissect and analyze binary files. It's the interactive grandchild of a static visualisation online tool
Gdrive-copy — The standard functionality of #GoogleDrive does not allow you to copy an entire folder with all subfolders and files. But it can be done using third-party applications
unscreen.com — remove the background from an uploaded video @@ -987,6 +1046,7 @@
Developer search tool — Take the art of copy and paste from Stack Overflow to a new level of speed and productivity
Online tools — 55 tools for calculation hash functions, calculation file checksum, encoding and decoding strings
VERY QUICK and SIMPLE metadata online editor and remover +
Online metadata viewer and editor — High-quality and well-made. Support docx, xlsx, msg, pptx, jpeg, vsd, mpp.
Github icon
HTTP Cat — free #API to get pictures with cats for different HTTP response codes
Gitpod.io — run code from repositories on Github directly in a browser @@ -1015,6 +1075,7 @@
Osint Search Tools — Several hundred links for quick search in Social Media, Communties, Maps, Documents Search Engines, Maps, Pastes... Github icon
Scrummage — Ultimate OSINT and Threat Hunting Framework +
Github icon
Mr.Holmes — osint toolkit for gathering information about domains, phone numbers and social media accounts
@@ -1069,7 +1130,8 @@
Diffnow.com — Compares and finds differences in text, URL (html code downloaded by link), office documents (doc, docx, xls, xlsx, ppt, pptx), source code (C, C++, C#, Java, Perl, PHP and other), archives (RAR, 7-zip etc).
Dicom Viewer — view MRI or CT photo online (.DCM files)
Wenku — download documents from Baidu Wenku without registration - +
CompressedCrack — Simple tool for brute passwords for ZIP and RAR archives +
Encrytped ZIP file creator — Create ZIP archive online
Github icon
PDFX — get meta data of PDF files thrue command line
@mediainforobot — telegram bot to getting metadata from different types of files