OSINT Cheat sheet

A collection of links for Open Source intelligence research, mostly focused on domain names instead of people or companies.

If you’re stuck with a OSINT challenge go through these links one by one and see if any extra info comes up that you’ve missed previously.

 

For websites and servers:

Google default link : Link

Google country specific link: Google UK

Google site: specific search: Google site

Yandex: Russian Search engine

Yandex site specific search: Yandex site search

Baidu: Chinese search engine

Bing: Bing

Bing IP search : See what else is hosted on the same IP

Millionshort: Omit results from the top 1 million most popular websites

whois; Details about the registrar

Web time machine : Internet time machine

Pastebin : Search through text dumps

Global File Search: Index of public ftp servers

Shodan : Internet of things

DNS Dumpster: More DNS info

dmitry : Kali tool, usage: dmitry HOSTNAME, does a lot of what the above sites does.

dig : Kali tool, usage : dig Target ANY

Robotex : Automated DNS loop and a bit more neatly presented

Hunter.io : Find e-mail addresses associated with a domain

Social Media:

Twitter search: Search for hashtags # or @ for users

Facebook : Facebook Search

Linkedin : Warning – if you are logged in then people will see that you have searched for them

Misc:

Guerrilla mail – E-mail common addresses such as admin@domain and see if any bounce backs or out of offices appear

  • Consider typos of things you are looking for
  • search for job postings for the org you are investigating
  • Are there related services which could be searched