Loading...
Loading...
Open-Source Intelligence gathering techniques and tools for reconnaissance
Advanced Google search operators for information gathering
Search only within specific domain
site:example.comFind specific file types
filetype:pdf "confidential"Search in page titles
intitle:"index of" passwordSearch in URLs
inurl:admin site:example.comView Google's cached version
cache:example.comExclude specific terms
cybersecurity -jobsFind similar websites
related:example.comFind exposed password files
filetype:sql "password" OR "passwd" OR "pwd"Find configuration files
filetype:env "DB_PASSWORD"Find backup files
filetype:bak OR filetype:backupGather intelligence from social platforms
Search tweets from specific user and date range
from:username since:2024-01-01 until:2024-12-31Search tweets by location
near:"New York" within:15miFind LinkedIn profiles via Google
site:linkedin.com/in/ "security engineer" "New York"Search Facebook profiles
site:facebook.com "John Doe" "New York"Find Instagram posts by location
site:instagram.com "location:NYC"Search Reddit discussions
site:reddit.com "data breach" cybersecurityFind exposed credentials on GitHub
site:github.com "api_key" OR "password"Investigate domains, subdomains, and IP addresses
Get domain registration info
whois example.comQuery all DNS records
dig example.com ANY
nslookup -type=any example.comFind subdomains
subfinder -d example.com
amass enum -d example.comFind domains on same IP
curl "https://api.hackertarget.com/reverseiplookup/?q=1.2.3.4"Find domains via certificate transparency
curl "https://crt.sh/?q=%.example.com&output=json"Find ASN for IP address
whois -h whois.cymru.com " -v 1.2.3.4"View historical DNS records
curl "https://securitytrails.com/domain/example.com/history/a"Extract intelligence from images
Find image sources and usage
Google Images: images.google.com
TinEye: tineye.comExtract image metadata
exiftool image.jpgExtract GPS data from images
exiftool -gps* image.jpgConvert GPS to address
curl "https://maps.googleapis.com/maps/api/geocode/json?latlng=40.7128,-74.0060"Find other images of same person
PimEyes: pimeyes.com
FaceCheck: facecheck.idInvestigate individuals and usernames
Check username across platforms
https://namechk.com
https://knowem.comFind email addresses
https://hunter.io
https://phonebook.czInvestigate phone numbers
https://truecaller.com
https://phoneinfoga.comSearch public voter records
site:voterrecords.com "John Doe"Find court documents
site:*.gov "court records" "John Doe"Scrape LinkedIn profiles
linkedin-scraper -u "John Doe" -c "Company Name"Check for compromised credentials
Check email in breaches
curl "https://haveibeenpwned.com/api/v3/breachedaccount/email@example.com"Search breach database
https://dehashed.comCheck for leaked data
https://leakcheck.ioSearch multiple breach databases
https://breachdirectory.orgSearch dark web and pastes
https://intelx.ioEssential OSINT tools and commands
Email and subdomain harvesting
theHarvester -d example.com -b allAutomated reconnaissance framework
recon-ng
workspace create example
modules load recon/domains-hosts/hackertargetLink analysis and data mining
maltegoAutomated OSINT collection
spiderfoot -s example.comSearch internet-connected devices
shodan search "apache" country:"US"Internet-wide scanning
censys search "example.com"Metadata extraction and analysis
focaExtract metadata from public documents
metagoofil -d example.com -t pdf,doc -l 200Legal & Ethical Notice
Always respect privacy laws and obtain proper authorization before conducting OSINT investigations. Only use these techniques for legal purposes such as security research, penetration testing, threat intelligence, or authorized investigations.