Home » General Security » Online OSINT tools

Online OSINT tools

I realized the other day when doing some OSINT research that I’ve collected quite the set of tools online. My bookmarks are getting a little out of hand so for my own reference, I figured I’d dump them into a blog post  so when I’m trying to remember what tool I used for what – it will be easier to find and also give an idea of what I use. This list does NOT include tools like nmap, maltego, whois, nslookup, etc. – it’s a collection of online tools only.

People/Companies

  • For people, the first thing I do is a Google search, with their name in quotes – like “bob smith”. This will usually give you lots of initial data and starting points. I will often go beyond just the .com and use the regional google for whatever country they are located in – this will sometimes give you more details.
  • Sometimes  you can also get additional details through bing and duckduckgo as well – but digging past the first few pages of google will often times give you what you really need. If you’ve got someone with a somewhat dark past – the next thing to fire-up is tor and do some searching on the dark web

Servers/Sites

  • https://rtsak.com/ip-lookup & http://robtex.com– Can get you some good info if you have a server IP, domain, etc., Can list other sites hosted on the same servers, using same nameservers – which can come in handy, graphs & DNSBL info.
  • https://viewdns.info – has lots of tools. My favorite go to for reverse whois lookup when you are trying to tie an entity to other domains.
  • https://www.dnstree.com – actually uses robtex.com for some of it’s info – you can enter a domain or IP and get lots of details.
  • http://domaininfoapi.org – great tool for getting tons of info related to a domain name.
  • https://www.yougetsignal.com/ – meh, it’s ok and sometimes gives me info but usually ends up at a dead end. I will use this after trying other resources first.
  • http://dnstrails.com/ – great tool for when you can’t find current info on a domain. It sometimes will provide historical data.
  • https://who.is/ – another tool to find historical data – but often requires you to pay to get the data.
  • https://shodan.io – great when you are looking for related info on servers, networks, open ports, etc.
  • https://censys.io – Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.

Other