Find Leaked Information
BreachDirectory
Search by email, username, or email address to find leaked passwords, as well as their corresponding hashes.
Hunter
Search by domain or company name to find related domains. It also allows searching for emails associated with the name or company and verifying the existence of an email or a list of them.
TheHarvester: emails, domains, subdomains, IP’s.
Is a versatile open-source tool used for gathering valuable information, such as email addresses, subdomains, virtual hosts, open ports, and employee names, from various public sources on the internet. It is commonly used in cybersecurity and penetration testing for reconnaissance and information gathering about a target domain or organization.
https://github.com/laramies/theHarvester
PhoneBoock
This website searches for domains, emails, and URLs related to a specific domain.
https://phonebook.cz/
LeakedDomains: find domains and subdomains
This tool searches for leaked information related to a domain, email, username, password, phone number, and more.
Obtain Username related with an account in Linkedln
Linkedin2username
This tool generates username lists from companies on LinkedIn.
https://github.com/initstring/linkedin2username
Syntax:
1
linkedin2username.py [-h] [-p PASSWORD] [-n DOMAIN] [-d DEPTH] [-s SLEEP] username company
Tools for OSINT
FindTrack
FindTrack is a tool for Linux, whose purpose is the automation of OSINT with a Graphical Interface.
This tool has been designed and developed by Elisa Alises Núñez, as a final project of the Master’s (TFM) in Cybersecurity.
It is currently in its first functional version, with the following capabilities:
- Obtain social media profiles based on a known username (nickname).
- Obtain social media profiles based on a person’s first name and last name.
- Obtain Google Maps routes related to a person (first name and last name).
- Obtain Google Images URL related to a person (first name and last name).
- Obtain information about a mobile phone: existence, location, original carrier, time zone, etc.
- Obtain email addresses related to a domain.
- Obtain metadata from a photograph.
- Download images, comments, ID, etc., from an Instagram account (by username).
⚠️ When referring to a “person,” it can also include the name of a company or entity. ⚠️
Download: https://github.com/Creanyx0/FindTrack
FOCA
Is a tool used mainly to find metadata and hidden information in the documents its scans.
Is a network reconnaissance and intelligence gathering tool used for extracting metadata and hidden information from various file types and documents found on a network or website. FOCA specializes in gathering information about an organization’s infrastructure, such as domain names, email addresses, server names, open ports, and metadata embedded in documents.
Download: https://github.com/ElevenPaths/FOCA
Maltego
Maltego is a powerful open-source intelligence (OSINT) and data mining tool used for link analysis and information gathering. It provides a graphical interface that allows users to visualize and explore the relationships and connections between various entities, such as people, organizations, websites, IP addresses, and more. Maltego leverages public information sources and APIs to generate comprehensive reports and graphs, enabling cybersecurity professionals, researchers, and investigators to conduct thorough investigations and gain insights into complex data structures and relationships.
Download: https://www.maltego.com/downloads/
reconftw
“Reconftw” is a command-line tool designed for reconnaissance and information gathering during cybersecurity assessments and penetration testing. It automates the process of collecting valuable data about a target, such as subdomains, open ports, emails, and potential vulnerabilities.
Download: https://github.com/six2dez/reconftw
Shodan
Shodan is a search engine for internet-connected devices, allowing users to find information about open ports, services, and vulnerabilities on these devices.
Interesting repositories with tools
- https://github.com/unusualwork/red-team-tools
- https://osintframework.com/
- https://osint.link/