Subliminal Hacking
The Art and Science of Social Engineering



Categories

December 27, 2012

OSINT Tools … Recommendations List

Free OSINT Tools.

With the New Year fast approaching I thought now would be a great time to post the first draft of some recommended Open Source Intelligence (OSINT) gathering tools and resources. I will look to maintain this list overtime and have it grow, so if you come across something you think should be on the list, drop me an email or leave a comment for consideration.

The reconnaissance phase of any engagement is very important and can often save you alot of time and of course money. If you are really lucky you may even find the information you are looking for freely available posted online. Either way the information you find will only be as good as the tools you use, so with this in mind here is the list based on tools I have come across over the years or have been recommended by other InfoSec peeps.

* Please note even though the aim is to provide information for free OSINT Tools, some may require a subscription or commercial fee.
  • Spokeo – People search engine and free white pages finds phone, address, email, and photos. Find people by name, email, address, and phone for free.
  • theHarvester – This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
  • Foca – FOCA 3.2 Free is a fingerprinrint and information gathering tool for pentesters. It searchs for servers, domains, URLS and public documents and print out discoverd information in a network tree. It also searches for data leaks such as metadata, directory listing, unsecure HTTP methods, .listing or .DS_Store files, actived cache in DNS Serves, etc…
  • Shodan – Search for computers based on software, geography, operating system, IP address and more
  • Maltego – Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.
  • Deep Magic – Search for DNS records and other fun stuff
  • Jigsaw – Jigsaw is a prospecting tool used by sales professionals, marketers and recruiters to get fresh and accurate sales leads and business contact information.
  • Hoovers – Search over 85 million companies within 900 industry segments; Hoover’s Reports Easy-to-read reports on key competitors, financials, and executives
  • Market Visual – Search Professionals by Name, Company or Title
  • FoxOne Scanner – Non- Invasive and Non-Detectable WebServer Reconnaissance Scanner
  • Creepy – creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services.
  • Recorded Future – Recorded Future intelligence analysis tools help analysts understand trends in big data, and foresee what may happen in the future. Groundbreaking algorithms extract temporal and predictive signals from unstructured text. Recorded Future organizes this information, delineates results over interactive timelines, visualizes past trends, and maps future events– all while providing traceability back to sources. From OSINT to classified data, Recorded Future offers innovative, massively scalable solutions.
  • MobiStealth – Mobistealth Cell Phone Spy Software empowers you to get the answers you truly want and deserve. Including a host of advanced surveillance features, our Cell Phone Spy Software secretly monitors all cell phone activities and sends the information back to your Mobistealth user account.
  • Snoopy – Snoopy is a distributed tracking and profiling framework
  • Stalker – STALKER is a tool to reconstruct all captured traffic (wired or wireless alike) and parse out all of the “interesting” information disclosures.  It goes beyond just grabbing passwords and emails out of the air as it attempts to build a complete profile of your target(s).  You would be amazed at how much data you can collect in 15 minutes.
  • LinkedIn Maps – Your professional world. Visualized. Map your professional network to understand the relationships between you and your connections
  • LittleSis – LittleSis is a free database of who-knows-who at the heights of business and government.
  • Entity Cube – EntityCube is a research prototype for exploring object-level search technologies, which automatically summarizes the Web for entities (such as people, locations and organizations) with a modest web presence.
  • TinEye – TinEye is a reverse image search engine currently in beta. Give it an image and it will tell you where the image appears on the web.
  • Google Hacking DB – Google Search Query Fu to find the secret sauce
  • ServerSniff – ServerSniff.net – Your free “Swiss Army Knife” for networking, serverchecks and routing with many many little toys and tools for administrators, webmasters, developers, powerusers und security-aware users.
  • MyIPNeighbours – My IP Neighbors lets you find out if any other web sites (“virtual hosts”) are hosted on a given web server.
  • Social Mention – Social Mention is a social media search engine that searches user-generated content such as blogs, comments, bookmarks, events, news, videos, and more
  • Glass Door – Search jobs then look inside. Company salaries, reviews, interview questions, and more – all posted anonymously by employees and job seekers.
  • NameCHK – Check to see if your desired username or vanity url is still available at dozens of popular Social Networking and Social Bookmarking websites.
  • Scythe – The ability to test a range of email addresses (or account names) across a range of websites (e.g. social media, blogging platforms, etc) to find where those targets have active accounts.
  • Recon-NG – A nice Python Script that automates recon on LinkedIn, Jigsaw, Shodan and some search engine fu.
  • Pushpin – Awesome little Python script that will identify every tweet, flicker pic and Youtube video within an area of a specific Geo address.
  • Silobreaker – Enterprise Semantic Search Engine, allows virtualisation of data, analytics and exploration of key data.
  • Google Trends – See what are the popular related topics people are searching for. This will help widen your search scope.
  • Google Alerts – Google Alerts are email updates of the latest relevant Google results (web, news, etc.) based on your queries.
  • Addict-o-matic – Nice little search aggregator. Allows you to enter a search term and build a page from search and social networking sites.
  • PasteLert – PasteLert is a simple system to search pastebin.com and set up alerts (like google alerts) for pastebin.com entries. This means you will automatically recieve email whenever your term(s) is/are found in new pastebin entries!
  • Kurrently – Real Time Search Engine for Social Media.
  • CheckUsernames – Check for usernames across 160 Social Networking Sites.
  • Whos Talkin – social media search tool that allows users to search for conversations surrounding the topics that they care about most.
  • 192 – Search for People, Businesses and Places in the UK.
  • Esearchy – Esearchy is a small library capable of searching the internet for email addresses. It can also search for emails within supported documents.
  • TouchGraph SEO – Java based tool for importing and visualising various data types.
  • TalkBack – Talkback is a web-based system to view trending vulnerability and security research data mined from social-media.
  • Tweet Archivist – Tweets are ephemeral. Tweets disappear. Why? That’s the way Twitter is designed. Tweet Archivist can save those tweets before they’re gone. Now, to be clear, Tweet Archivist is not an archive of every tweet ever tweeted. It doesn’t have a database of all tweets.
  • Whoisology – Handy little search engine based on Whois data to identify domains owned by a specific contact.
  • Carrot2 – Nice little visualisation search engine.
  • iSeek – Another handy search engine that break results down into easy to manage categories.
  • GlobalFileSearch – An FTP Search Engine that may come in handy.
  • NerdyData – Neat search engine that works at the source code level.
  • OneMillionTweetMap – Provides visual confirmation of tweets where geotags are enabled, also provides heatmaps for heavy tweet areas.
  • SpiderFoot – The main objective of SpiderFoot is to automate this process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the security testing itself.
  • Username Search – Handy site that will search multiple sites for usernames, email addresses and phone numbers.
  • PlaTO – Searchable list for sites that store credentials in plaintext (taken from Plaintext Offenders)
  • GitRob – Handy OSINT tool for finding interesting things related to an organisation in GitHub
  • LeakedIn – Aggregator site for data samples lost or disclosed online
  • Default Passwords List – Great list on CIRT.net of default passwords for various devices which often comes in handy.
  • Searchcode – Handy source code search engine to find code thats been shared online. May contain usernames, passwords, specific strings, etc.
  • Echosec – Location-based search platform based on social media and other information.
  • Sublist3r – Python tool that is designed to enumerate subdomains of websites using search engines.
  • Knowem – KnowEm allows you to check for the use of your brand, product, personal name or username instantly on over 500 popular and emerging social media websites.
  • Tinfoleak – Get detailed info about Twitter users with this handy python script
  • StalkScan – Find publicly available Facebook info, that not usually easy to see
  • InSpy – InSpy is a python based LinkedIn enumeration tool
  • Domain Hunter – Python tool that can query the Expireddomains.net search engine for expired/available domains with a previous history of use. It then optionally queries for domain reputation against services like BlueCoat and IBM X-Force.
  • DNS Twist – Nice tool for finding similar looking domains for typosquating, phishing, etc.
  • BitSquat – Nice little python script to help find bitsquating domain opportunities.
  • CignoTrack – Corporate espionage tool for testing privacy and security using OSINT and social engineering.
  • UINames – Nice tool for generating fake persona information (includes images for the associated persona.
  • NameCheckUp – NameCheckup is a search tool that allows users to check social media username availability over many social networks and sites and check domain availability at the same time.

Its not listed above, but of course popular Social Networks such as Facebook, Twitter, LinkedIn and alike have a wealth of information. Of course also consider older sources that are now less popular, its amazing what people leave behind on stuff like MySpace. Also remember that search engines show you stuff thats popular, not perhaps the obscure stuff you are searching for, so get creative with your search queries and use the various tools at your disposal.

Lastly I will add alot of Social Engineers dont have alot of global exposure, so do your homework of where you are targeting. If you are targeting Japan for example their number 1 Social Network is not Facebook, so you need to do recon in the right places, and put in the extra legwork to gain the relevant access.

Be Sociable, Share!



    About the Author

    Dale Pearson
    has worked in IT since 1998, Infosec since 2004, and studied and performed hypnosis, mentalism etc since 2009. Dale is a full time Red Teamer with a love of social engineering and qualified hypnotherapist. He spends a great deal of time researching the various skills and techniques that make up the art and science of Social Engineering.




    35 Comments


    1. […] The reconnaissance phase of any engagement is very important and can often save you alot of time and of course money. If you are really lucky you may even find the information you are looking for freely available posted online.  […]


    2. […] Essential OSINT Tools for Social Engineering as recommended by Dale Pearson of Subliminal Hacking for harnessing the powers of Internet Recon. Open Source Intelligence Gathering.  […]


    3. […] Update: Check out my OSINT Tools Recommendation List. […]


    4. […] Essential OSINT Tools for Social Engineering as recommended by Dale Pearson of Subliminal Hacking for harnessing the powers of Internet Recon. Open Source Intelligence Gathering.  […]


    5. Osint tools ready to start the job of open source intelligence analyst … professional.


    6. […] With this in mind and the ever increasing usage of wireless technologies and a couple of requests from people I thought it would be a great idea to put together another recommendations list of tools, hardware and resources for anyone looking to get into wireless auditing or adding wireless attack vectors to their current attack methodology (similar to my OSINT  Tools Recommendations List). […]


    7. Here’s another tool (called TouchGraph SEO Browser) that you may want to add to the list:
      http://www.touchgraph.com/seo


    8. […] Essential OSINT Tools for Social Engineering as recommended by Dale Pearson of Subliminal Hacking for harnessing the powers of Internet Recon. Open Source Intelligence Gathering.  […]


    9. Dale

      Nicely recommended.


    10. Matt

      Try http://talkback.volvent.org as well. It mines social media for people talking about vulnerabilities and also picks up trending IT security tweets.


    11. […] Essential OSINT Tools for Social Engineering as recommended by Dale Pearson of Subliminal Hacking for harnessing the powers of Internet Recon. Open Source Intelligence Gathering.  […]


    12. […] visitors to the site will be familiar with the post on recommended OSINT tools, and one of those tools mentioned is Maltego. Maltego is an awesome tools that uses the power of […]


    13. […] Essential OSINT Tools for Social Engineering as recommended by Dale Pearson of Subliminal Hacking for harnessing the powers of Internet Recon. Open Source Intelligence Gathering.  […]


    14. Also check out SpiderFoot – http://www.spiderfoot.net

      SpiderFoot can target a domain name, hostname, IP address or netblock, using nearly 40 open source intelligence data sources to provide intelligence on your target.


    15. […] Essential OSINT Tools for Social Engineering as recommended by Dale Pearson of Subliminal Hacking for harnessing the powers of Internet Recon.  […]


    16. degrigis

      Hey Dale add this to the list: https://8ack.de/plato/
      It’s a browseable and searchable page for easier access to the entries of plaintextoffenders.com.
      You can easily check if a website stores your password in plain or not.


    17. Dale

      Looks handy, thanks for sharing.


    18. Dale

      Nice recommendation, thanks for sharing.


    19. […] Essential OSINT Tools for Social Engineering as recommended by Dale Pearson of Subliminal Hacking for harnessing the powers of Internet Recon. Open Source Intelligence Gathering.  […]


    20. […] from mentioning Maltego in my recommended OSINT Tools List, I have never gone into any detail about this awesome tool from Paterva. The main reason for this […]


    21. […] Essential OSINT Tools for Social Engineering as recommended by Dale Pearson of Subliminal Hacking for harnessing the powers of Internet Recon. Open Source  […]


    22. Hello Dale, can you add Tinfoleak to the list?

      You can download this tools and find additional info here:
      http://www.vicenteaguileradiaz.com/tools/

      Thank’s!


    23. Dale

      Added, great little tool thanks for making me aware.


    24. Matt

      A HUGE repository of OSINT custom online tools:

      https://inteltechniques.com/menu.html


    25. Dale

      Yup Michael has a wealth of tools and recommendations worth checking out.


    26. […] Source : OSINT Tools – Recommendations List | Subliminal Hacking […]


    27. […] of an Open Source Intelligence (OIST) gathering resource tool. Creepy is just one of the many OIST tools available. Cree.py is written in Python coding language with its source code available […]


    28. Asocialduck

      Please add Cignotrack



    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.