Osint Tools
On this page there is a compilation of the best programs and websites to carry out osint research (Free).
Osintgram
It is used to investigate accounts on this social network in a simpler, more efficient and powerful way, only for Instagram, it is installed from a GitHub repository (https://github.com/Datalux/Osintgram).
We can find phone numbers, emails, list of followers and more, the installation is very simple, it can be installed in 5 minutes.
Maltego
Maltego is a service that has the potential to find information about people and companies on the Internet, allowing data to be cross-referenced to obtain profiles on social networks, email servers, etc.
It is mainly free but APIs can be added to make it more complete, it can be downloaded from the official website (https://www.maltego.com/downloads/).
Spiderfoot
It is a tool very similar to maltego, it allows us to see the collection of data that has been found from different web pages.
We can download it from a github repository very easily (https://github.com/smicallef/spiderfoot)
Nslookup
Tool used to Find all DNS records for a domain name using this online tool, This page is widely used because of its simple interface (https://www.nslookup.io/).
Hunter
It is a page similar to the previous ones, hunter.io provides us with phone numbers and emails that it finds on the domain we are looking for (https://hunter.io/search).
Shodan
Shodan is a search engine, a page that is used to find things on the Internet, searching from the IP of a server or a domain name, it provides us with information about open ports and the location, but if you have Shodan with a paid subscription you get more characteristics as vulnerabilities (https://www.shodan.io/).
Social Media
We don’t stop to think but by searching the social networks of a company or person we can find a lot of information such as: year of birth, pets, residence, job, name, surname and all this information can be used for a brute force dictionary. towards this person’s accounts.
Theharvester
The tool gathers names, emails, IPs, subdomains, and URLs by using multiple public resources. We can download from a github repository where it explains the functions of this application and how to install it (https://github.com/laramies/theHarvester).
PhoneInfoga
Phoneinfoga provides us with all the information it finds about where a mobile phone has been registered.
This application is on Google (https://demo.phoneinfoga.crvx.fr/#/) or can be downloaded from GitHub (https://github.com/sundowndev/phoneinfoga).
Have I Been Pwnd?
Very interesting page where it allows us to verify if our password is secure and how much it would cost a cyber criminal to find it with a brute force attack and this page also allows us to see if our email password has been leaked and from which database was leaked (https://haveibeenpwned.com/).
Recon-ng
This application is used to automatically collect information and network recognition.
It is downloaded from GitHub through the following link https://github.com/lanmaster53/recon-ng.
I hope it has been helpful to you :D. Argibeltza 10/23/2023