Jump to content

Search the Community

Showing results for tags 'osint'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cyber Security
    • Application Security
    • Information Security
    • Network Security
    • Penetration Testing
    • Social Engineering
  • Computer Science
    • Hardware
    • Software
    • Operating Systems
    • Programming
    • IT, Engineering, Mathematics
    • Design, Modeling, Animation
  • General
    • Other Discussions
    • Linktionary
    • Media & Games

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 12 results

  1. https://github.com/Alb-310/Geogramint git clone https://github.com/Alb-310/Geogramint.git Geogramint is an OSINT tool that uses Telegram's API to find nearby users and groups. Inspired by Tejado's Telegram Nearby Map, which is no longer maintained, it aims to provide a more user-friendly alternative. Geogramint only finds Telegram users and groups which have activated the nearby feature. Per default it is deactivated. The tool is fully supported on Windows and partially supported on Mac OS and Linux distributions. On Windows With the installer: Click here! With Github: git clone https://github.com/Alb-310/Geogramint.git cd Geogramint/ pip3 install -r requirements.txt python3 geogramint.py Or depending on your installation : git clone https://github.com/Alb-310/Geogramint.git cd Geogramint/ pip install -r requirements.txt python geogramint.py On Mac OS and Linux With Github: git clone https://github.com/Alb-310/Geogramint.git cd Geogramint/ pip3 install -r requirements.txt python3 geogramint.py Or depending on your installation : git clone https://github.com/Alb-310/Geogramint.git cd Geogramint/ pip install -r requirements.txt python geogramint.py More details in the Wiki. Example Start by creating an API key for your Telegram account here. You will also need to put a profile picture on your account and, in your Privacy and Security settings, enable the profile picture for everyone. Launch Geogramint In the settings, write your information (api_id, api_hash and phone number) and then save Choose the location where you want to search, either by moving around the map or by using the search feature with coordinates in lat, lon format Telegram will send you a verification code, write it in the pop-up window (+ your two-step verification password if you have one) Then click Start Search All results will be displayed following: green for 500m yellow for 1000m orange for 2000m red for >3000m (NB: results can also be found in Geogramint/cache_telegram/ in json format + profiles pictures) Reset will clear the results and erase the cache_telegram More details in the Wiki.
  2. A lot of people use "people" search engines and Google dorks to find people or information about people, but you can actually find out quite a bit of information via public registries. Consider some of these: The Knot - Wedding Registry Search RegistryFinder - Baby Shows and Graduation Search MyRegistry - Wedding, Baby, and Gift List Search Amazon - Registries for Any Occasion Search Bed, Bath, and Beyond - Gift Registry Search The Bump - Baby Registry Search You can also find out PII of anyone in the United States who is registered to vote, by looking at local election registries. Does anyone know other registries to include?
  3. Sn1per is an opensource AIO offensive security framework that includes features such as: Attack Surface Discovery Penetration Testing Visual Recon IT Asset Inventory Vulnerability Management Web Application Scans Reporting OSINT Collection Continuous Scan Coverage Domain Takeover Tools There are also many help topics and integration guides listed directly in the README. Link to repository: https://github.com/1N3/Sn1per
  4. Shodan is an Internet of Things search engine that allows you to search and scan a wide variety of devices using a wide array of filters. Some will limit their information gathering to things that they see on the web. You can go beyond this, and Shodan is a tool to help with that: phones, controllers, refrigerators, etc. Shodan has powerful dashboards, community curated filters, and a powerful API to let you plug right into their platform. Here is a HackerSploit video covering some of the basics of Shodan: And if you want to check out the engine for yourself...well, here you go! Link to website: https://www.shodan.io/
  5. URLCrazy is a domain typo generator that looks useful for testing domain typos and variations, which can have a ton of uses: typo squatting, URL hijacking, phishing, etc. Other use cases might include detecting who is using variations of your domain name (to inform your users), which can help protect your brand and inform your users. Link to the repository: https://github.com/urbanadventurer/urlcrazy
  6. The Recon-ng Framework provides a web-based environment to conduct reconnaissance quickly and easily. It is written in python and has a look similar to Metasploit, is modular, and has a development guide for building new modules. Here is an included video introduction to help you learn more about and get started with Recon-ng: Link to the repository: https://github.com/lanmaster53/recon-ng
  7. emailrep.io is a simple tool with a nice API that will tell you information about an email address, including: Reputation Level Is it suspicious? References Is it blacklisted? Has its credentials been leaked? Has it been part of any data breach? Is it a spammer? Is it spoofable? And much more. A further description from their website states: As this is posted in pentesting, some of the offensive usecases of this tool might include: Conduct recon on a target to prepare for credential bruteforcing Constructing targeted phishing attacks Avoid the spam folder There are also defenses ways in which this tool might be used, like to detect phishing attacks, prevent fraud, require additional layer of verification during registration, etc. Check it out! Link to site: https://emailrep.io/
  8. Similar to the data breach search engine called "Have I Been Pwned", which you can learn more about here, DEHASHED is more granular with it's approach to exploring compromised assets. You are able to search on various types of fields behind just an email address or phone number, They also have monitoring services and an API, but what I especially like compared to "Have I Been Pwned" is their collection of data wells. Instead of listing all of the breaches on one static page, they allow you to search on them and display more analytics. According to DEHASHED, some benefits of using their service includes: Helps Prevent Account Compromise Aids in Identity Fraud Investigations Affordability Private Datasets Integrity Powerful Integrations You can learn more by checking out their site. Link to site: https://dehashed.com/
  9. Having your data being exposed via a breach that is no fault of your own is not fun. Luckily, there are some useful breach detection engines out there that you can utilize to see if your name or email address is associated with any known breaches from major sites. "Have I Been Pwned" is one of those engines. They keep a collection of all the large breaches that have happened and also allow you to subscribe to notifications if you are ever impacted by a future breach. They also have a restful API that you can integrate into your applications, should you wish to offer a feature that allows people to search for breaches. You can check if your email or phone has been in a data breach at their homepage. Link to site: https://haveibeenpwned.com/
  10. What are some dorks and APIs that you find useful for username/profile gathering? Post them all here! Here's a couple to get started. Amazon Usernames: https://www.google.com/search?q=site:amazon.com+%3Cusername%3E Github Usernames: https://api.github.com/users/%3Cusername%3E/events/public
  11. cwade12c

    Email Permutator+

    The email permutator is a quick tool used to generate permutations of common email addresses. You specify a first name, last name, optional middle name, optional nick name, and one or more domain names. It uses these inputs to generate permutations, which you can then use for.....whatever you'd like. Their site also suggests the following: Link: http://metricsparrow.com/toolkit/email-permutator/#
  12. This is a nice and quick information gathering tool to perform a reverse email lookup, to see who owns an email address and gather more information about them. From their site: Link: https://thatsthem.com/reverse-email-lookup
×
×
  • Create New...