FREE OSINT TOOLS

With the New Year fast approaching I thought now would be a great time to post the
first draft of some recommended Open Source Intelligence (OSINT) gathering tools and
resources. I will look to maintain this list overtime and have it grow, so if you come
across something you think should be on the list, drop me an email or leave a comment
for consideration.
The reconnaissance phase of any engagement is very important and can often save you
alot of time and of course money. If you are really lucky you may even find the
information you are looking for freely available posted online. Either way the
information you find will only be as good as the tools you use, so with this in mind here
is the list based on tools I have come across over the years or have been recommended
by other InfoSec peeps.
* Please note even though the aim is to provide information for free OSINT Tools, some may require a subscription or commerci al
fee.

Spokeo People search engine and free white pages finds phone, address, email,
and photos. Find people by name, email, address, and phone for free.
theHarvester This tool is intended to help Penetration testers in the early stages
of the penetration test in order to understand the customer footprint on the
Internet. It is also useful for anyone that wants to know what an attacker can see
about their organization.
Foca FOCA 3.2 Free is a fingerprinrint and information gathering tool for
pentesters. It searchs for servers, domains, URLS and public documents and
print out discoverd information in a network tree. It also searches for data leaks
such as metadata, directory listing, unsecure HTTP methods, .listing or
.DS_Store files, actived cache in DNS Serves, etc
Shodan Search for computers based on software, geography, operating system,
IP address and more
Maltego Maltego is a unique platform developed to deliver a clear threat
picture to the environment that an organization owns and operates. Maltegos
unique advantage is to demonstrate the complexity and severity of single points
of failure as well as trust relationships that exist currently within the scope of
your infrastructure.
Deep Magic Search for DNS records and other fun stuff
Jigsaw Jigsaw is a prospecting tool used by sales professionals, marketers and
recruiters to get fresh and accurate sales leads and business contact information.
Hoovers Search over 85 million companies within 900 industry
segments; Hoovers Reports Easy-to-read reports on key competitors, financials,
and executives
Market Visual Search Professionals by Name, Company or Title
FoxOne Scanner Non- Invasive and Non-Detectable WebServer
Reconnaissance Scanner
Creepy creepy is an application that allows you to gather geolocation related
information about users from social networking platforms and image hosting
services.

Recorded Future Recorded Future intelligence analysis tools help analysts

understand trends in big data, and foresee what may happen in the future.
Groundbreaking algorithms extract temporal and predictive signals from
unstructured text. Recorded Future organizes this information, delineates results
over interactive timelines, visualizes past trends, and maps future events all
while providing traceability back to sources. From OSINT to classified data,
Recorded Future offers innovative, massively scalable solutions.
MobiStealth Mobistealth Cell Phone Spy Software empowers you to get the
answers you truly want and deserve. Including a host of advanced surveillance
features, our Cell Phone Spy Software secretly monitors all cell phone activities
and sends the information back to your Mobistealth user account.
Snoopy Snoopy is a distributed tracking and profiling framework
Stalker STALKER is a tool to reconstruct all captured traffic (wired or
wireless alike) and parse out all of the interesting information disclosures. It
goes beyond just grabbing passwords and emails out of the air as it attempts to
build a complete profile of your target(s). You would be amazed at how much
data you can collect in 15 minutes.
LinkedIn Maps Your professional world. Visualized. Map your professional
network to understand the relationships between you and your connections
LittleSis LittleSis is a free database of who-knows-who at the heights of
business and government.
Entity Cube EntityCube is a research prototype for exploring object-level
search technologies, which automatically summarizes the Web for entities (such
as people, locations and organizations) with a modest web presence.
TinEye TinEye is a reverse image search engine currently in beta. Give it an
image and it will tell you where the image appears on the web.
Google Hacking DB Google Search Query Fu to find the secret sauce
ServerSniff ServerSniff.net Your free Swiss Army Knife for networking,
serverchecks and routing with many many little toys and tools for
administrators, webmasters, developers, powerusers und security-aware users.
MyIPNeighbours My IP Neighbors lets you find out if any other web sites
(virtual hosts) are hosted on a given web server.
Social Mention Social Mention is a social media search engine that searches
user-generated content such as blogs, comments, bookmarks, events, news,
videos, and more
Glass Door Search jobs then look inside. Company salaries, reviews, interview
questions, and more all posted anonymously by employees and job seekers.
NameCHK Check to see if your desired username or vanity url is still
available at dozens of popular Social Networking and Social Bookmarking
websites.
Scythe The ability to test a range of email addresses (or account names) across
a range of websites (e.g. social media, blogging platforms, etc) to find where
those targets have active accounts. (creada en python)
Recon-NG A nice Python Script that automates recon on LinkedIn, Jigsaw,
Shodan and some search engine fu. (Viene en Kali)
Pushpin Awesome little Python script that will identify every tweet, flicker pic
and Youtube video within an area of a specific Geo address.
Silobreaker Enterprise Semantic Search Engine, allows virtualisation of data,
analytics and exploration of key data.

Google Trends See what are the popular related topics people are searching
for. This will help widen your search scope.
Google Alerts Google Alerts are email updates of the latest relevant Google
results (web, news, etc.) based on your queries.
Addict-o-matic Nice little search aggregator. Allows you to enter a search term
and build a page from search and social networking sites.
PasteLert PasteLert is a simple system to search pastebin.com and set up alerts
(like google alerts) for pastebin.com entries. This means you will automatically
recieve email whenever your term(s) is/are found in new pastebin entries!
Kurrently Real Time Search Engine for Social Media.
CheckUsernames Check for usernames across 160 Social Networking Sites.
Whos Talkin social media search tool that allows users to search for
conversations surrounding the topics that they care about most.
192 Search for People, Businesses and Places in the UK.
Esearchy Esearchy is a small library capable of searching the internet for email
addresses. It can also search for emails within supported documents.
TouchGraph SEO Java based tool for importing and visualising various data
types.
TalkBack Talkback is a web-based system to view trending vulnerability and
security research data mined from social-media.
Tweet Archivist Tweets are ephemeral. Tweets disappear. Why? Thats the
way Twitter is designed. Tweet Archivist can save those tweets before theyre
gone. Now, to be clear, Tweet Archivist is not an archive of every tweet ever
tweeted. It doesnt have a database of all tweets.
Whoisology Handy little search engine based on Whois data to identify
domains owned by a specific contact. ( Parecido a DomainTools)
Carrot2 Nice little visualisation search engine.
iSeek Another handy search engine that break results down into easy to
manage categories. ( araa web)
GlobalFileSearch An FTP Search Engine that may come in handy.
NerdyData Neat search engine that works at the source code level.

(Buscador de codigo)

OneMillionTweetMap Provides visual confirmation of tweets where geotags

are enabled, also provides heatmaps for heavy tweet areas.
SpiderFoot The main objective of SpiderFoot is to automate this process to the
greatest extent possible, freeing up a penetration testers time to focus their
efforts on the security testing itself.
Username Search Handy site that will search multiple sites for usernames,
email addresses and phone numbers. ( Parecido a DomainTools)
PlaTO Searchable list for sites that store credentials in plaintext (taken from
Plaintext Offenders)
GitRob Handy OSINT tool for finding interesting things related to an
organisation in GitHub +++++(Saca fallos en repositories de

GitHub)

LeakedIn Aggregator site for data samples lost or disclosed online

Default Passwords List Great list on CIRT.net of default passwords for various
devices which often comes in handy.

Its not listed above, but of course popular Social Networks such as Facebook, Twitter,
LinkedIn and alike have a wealth of information. Of course also consider older sources
that are now less popular, its amazing what people leave behind on stuff like MySpace.
Also remember that search engines show you stuff thats popular, not perhaps the
obscure stuff you are searching for, so get creative with your search queries and use the
various tools at your disposal.
Lastly I will add alot of Social Engineers dont have alot of global exposure, so do your
homework of where you are targeting. If you are targeting Japan for example their
number 1 Social Network is not Facebook, so you need to do recon in the right places,
and put in the extra legwork to gain the relevant access.