OSINT-Cheat-sheet

OSINT CHEAT SHEET - List OSINT Tools Github Badge

See Jieyab Wiki pages

Contains information about OSINT tips, OSINT branches and knowledge about intelligence

Wiki

See Jieyab Gitbook

Contains information about OSINT tips, write up usage resouces and more tips about OSINT and OSINT branch

Wiki

image

Contains a list of OSINT tools, OSINT tips, datasets, Maltego transform and others. There are free and paid tools you can use and owner is not responsible (take your own risks), only for knowledge or educational purposes. Apologies if some of the resources are no longer available or contain errors, as the owner does not regularly check the status of these resources, If there is new information, the owner will add it to this repo along with the category. If you want to read about techniques and intelligence some have already been added to the Wiki page Jieyaboo Wiki The owner will add them back. If there are any errors let us know thank you.

Tips & Trick Safe Guide Using Resources

These Resources Are Recommend For

Linux Distribution For OSINT

You can build it with VM or Live USB make sure you have sandbox machine

EXIF TOOL COMMAND

Exif tag name and data type

Artist string

Author string

Caption string

Categories string

Collections string

DateTime date

DPP lang-alt

EditStatus string

FixtureIdentifier string

Keywords string

Notes string

ObjectCycle string

OriginatingProgram string

Rating real

Rawrppused boolean

ReleaseDate string

ReleaseTime string

RPP lang-alt

Snapshots string

Tagged boolean

More : man exiftool (Run on your terminal)

Site :

Write metadata

you can add multiple tag and multiple file

Delete metadata

Delete mass metadata

#Usage : man exiftool or read documentation exiftool.org

Not there are tag no writetable, make sure tagname can write

Automated tool by David Bombal

!Note

Use fresh file, if your file has been compressed or edit metadata you got a default metadata You can use xmp format for edit, write and delete metadata Check the documentation

SOCMINT

Collection Dataset

Forums & Sites

Site and forums OSINT community arround world

Meta Search

Code Search

*Pro Tips

Try search on forum like programmer forums, web framework forums, social media and other things. Use a google dork to easy way find information with site target

List endpoint Github for search code

Endpoint list Github

Competitive Programming

File & FTP

Social Media Search and Monitoring

Social Media Management and Content Discovery

Hastag & Keyword Analysis

Hastag and keyword analysis in search engine, social media or other platform (Text Intel)

Web Intelligence

*Tips web cache

Use this if google cache was gone (no index sites)

https[:]//www[.]google[.]com/search?q=cache:<url of interest>

Analysing URLs

There is a resouces to investigae malicious link and bypass url shortlink

Researching Cyber Threats

IoT Search Engines

IP Addresses

Wireless Network

SOC & Threat Hunting

Tips

You can find the file hash or other threat indicator

Automation Dorking

Github

Github Dork

Dorking

Dorking is a wonderful thing, you can use this technique to search for anything such as index of a website, looking for live online camera server and other specifics, as for dorking commands that you can do for example

  1. intitle: Search for specific titles
  2. inurl: Search for specific urls or paths
  3. intext: Search for specific words or contects
  4. filetype: Search for files
  5. site: Search from a specified target
  6. Wildcard or symbol * (star) Find all web pages, for example: seccodeid*
  7. Define:term Search for all things with specified terms, example define:seccodeid
  8. cache page Take a snapshot of an indexed page. Google uses this to find the right page for the query you’re looking for. Website or target specifically
  9. allintext: Searches for specific text contained on a web page
  10. allinurl: Find various keywords in a URL
  11. allintitle: Restricts results to those containing all terms specified in a title
  12. link: List of web pages that have links to the specified URL
  13. ( ) Pipe. This is a logical operator, “tips” will show all the sites which contain either, or both words
  14. (+) Used to concatenate words, useful to detect pages that use more than one specific key
  15. (-) Minus operator avoids showing results that contain certain words, e.g. security -trails will show pages that use “security” in their text, but not those that have the word “trails”

Example

Dorking Other Search Engine

Bash Dorking Script

Example

Google Advanced Search Tools

Other Search Engines

Internet Archive

Web Defacement Archive

Data Breached OSINT

Crack Jurnals

Search Jurnals

Blogs Search Engine

*You can also use Google dork to search blogger profile

Tracking Website Changes

Company Reconnaissance Sites (Passive)

People Searching

Family People Search

Phone Numbers

Pro Tips

If you has found the person phone number you can check at data breach, e wallet, social media, email address (via reset password), getcontact, truecaller, ipqs, fraud checker and last trying to dork or search any info into social media too

Public Records

Finding Usernames

Social Networks

Google Queries for Facebook

Group Search: site:facebook.com inurl:group

Group Wall Posts Search: site:facebook.com inurl:wall

Pages Search: site:facebook.com inurl:pages

Public Profiles: allinurl: people ‘name’ site:facebook.com

Facebook Query Language (FQL)

Photos By - https://www.facebook.com/search/taget_id/photos-by

Photos Liked - https://www.facebook.com/search/taget_id/photos-liked

Photos Of - https://www.facebook.com/search/taget_id/photos-of

Comments - https://www.facebook.com/search/taget_id/photos-commented

Friends - https://www.facebook.com/search/taget_id/friends

Videos Tagged - https://www.facebook.com/search/taget_id/videos

Videos By - https://www.facebook.com/search/taget_id/videos-by

Videos Liked - https://www.facebook.com/search/taget_id/videos-liked

Videos Commented - https://www.facebook.com/search/taget_id/videos-commented

Events Attended - https://www.facebook.com/search/taget_id/events-joined

Relatives - https://www.facebook.com/search/taget_id/relatives

or you can use dork for spesific example

id site:facebook.com

page site: facebook.com

id site:facebook.com *

page site: facebook.com *

The Ultimate Facebook Investigation Tool

OnlyFans

OSINT Adult or Porn (18+)

Note is for investigator like search scandal, deepfake porn or blackmail and porn actress

Pro Tips

Searching for scandal or blackmail or deepfake porn doesn’t have to be on the listed sites, there are many perpetrators uploading on several platforms You need to do massive scrapping to collect this information, but there are times when they do it on platforms such as telegram, X or adult sites, you can search using dork, regex and other things

Steam

Slack

Office365

Keybase

VK

Bluesky

Instagram

Thread

Microsoft OneDrive

Pinterest

Reddit

Youtube

Mastodon

Twitter

Twitter Search Engine

Snapchat

LinkedIn

Google queries for LinkedIn

Public Profiles: site:linkedin.com inurl:pub

Updated Profiles: site:linkedin.com inurl:updates

Company Profiles: site:linkedin.com inurl:companies

MySpace

Google queries for MySpace

Profiles: site: myspace.com inurl:profile

Blogs: site:myspace.com inurl:blogs

Videos: site:myspace.com inurl:vids

Jobs: site:myspace.com inurl:jobs

Videos: site:myspace.com ‘TARGET NAME’ ‘videos’

Comments: site:myspace.com ‘TARGET NAME’ ‘comments’

Friends: site:myspace.com ‘TARGET NAME’ ‘friends’

Tiktok

Parler

Monitoring & Alerting

EXIF Analysis

Email Tracking

PGP or GPG Keybase

Shodan Query Options

Capturing Information

OSINT Online Tool

Telegram Tool

Search channel, username, bot and anymore

Telegram Tips

*Change the hash value, username, phone number on the endpoint or url’s

Telegra OSINT

Document and Slides Search OSINT

*Scribd viewer

Real-Time Search, Social Media Search, and General Social Media Tools

Image Search

Image Analysis

Stock Images

Video Search and Other Video Tools

Geospatial Research and Mapping Tools

Conveter tool

*This for you have data like .shp and .kml or geojson and want to viewer or convert with the spesific tool for you analsis or sciene and other

Geojson viewer

3D Map & Building

Guides

Nearby Map From Geospatial

Fact Checking

Guide

Server Information Gathering Also Web

CTF Analysis & Exploit

Zero Day

Cryptocurrency Investigation

Crypto Market & Analysis

Transaction Analysis

Guide

Cell Investigation

Pro Tips

If you has found the person phone number you can check at data breach, e wallet, social media, email address (via reset password), getcontact, truecaller, ipqs, fraud checker and last trying to dork or search any info into social media too

IMEI Investigation

Chat Apps Investigation

WhatsApp

Telegram

Build Sockpuppet Accounts

Build your sockpuppet account and proctect your privacy

Build your own deepfake

*Generate your deepfake (is taking longer time, need high gpu)

Virtual Camera or Camera Replacement

*Beware, make sure installed on not primary device use device for research

FakeGPS Location

Social Network and blogging

Enhance Image Quality

Locations Data Mapping

Discord Server Search

Darkweb Search Engines

Darkweb Intelligence

Guide

Digital Forensics

*Pro Tips

You can analysis of hash, header, signature, evtx, ip, byte, file format, memory dumping, network, system process, start up apps, background apps

Write Your Investigation

Securing Your Privacy

Payment

Password Manager

Guide for Surveillance

Fraud Checker

Content Removal & Strict Media Content

Search people missing and abuse, strict content, removing, takedown and minimize your data on the internet

*NB : Please read carefully and check the ToS or privacy statment. Its taking to long, you need to patiently. For this point, your data is not guaranteed to be lost 100% on the internet, but this is to minimize the spread of your data and data breaches

Vehicle OSINT

VIN Checker

Public Transport

Aircraft Tracking

Ship Tracking & Maritim

Railways

GPT OSINT (AI)

Tips Prompt Injection (LLM Injection)

Hardware and server

LLM Interface

Knowledge AI and ML

OSINT for Red Team

Social Engineering (Social E)

Active Directory

Webshell Bypass

Post Exploitation

Credential Dumping

Credentials Leak

Password crack

Wordlists for all

Pro Tips

You can make own wordlist within name, full name, dob, institution, pets name and give add numeric like 123, 1234 example admin123, admin1234 and other things be a creative or use a default password

Web fuzz wordlists

Generate wordlists

Generate subdomains and wordlists

Private Deployment

Generate subdomains and wordlists(offline)

Kali/Linux

Windows

Default Credentials

Local Enumeration

Privilage Escalation Cheat and check

Hacking Playground

Awesome Burpsuite Extension

C2 & C4

*Notes

There is C2 and C4 are paid and there is a validation and regulation for buying that tools. FUD? There is FUD C2 and C4 or u can custom the payload with undocumented Windows API and mask u shell code

Linux Distro Tool Lists

Hardware Pentesting

Lateral Movement & Pivoting

*Pro tips

If cannot connected with target check the port and the software version, you can change it

Audio OSINT

Audio enchange quality

Guide

OSINT Network

Detect a fake network, asn, ip geo, mobile carrier, whois ip, network traffic and VPN

Medical OSINT

OSINT Military

Simulator and Game

Tactical learn and some firearms knowledge

*Pro Tips

If you want to analyze the military for your research, you can learn about SALW, UXO, EO, Geopolitics, geospatial, signal intelligence, CSINT, security protocols on SALW, tools of war, geography, history, IT security and some programming and some research

OSINT Shadow Analysis

Analysis for IMINT and find the geolocation, azimuth and etc

Academic Search Tools

*Pro Tips

Check on category search jurnals

Web Directory

Torrent

SDR OSINT

API for OSINT

Resources and collection for your make tool OSINT

Data Visualization

Emoji Investigation

OSINT Branding & Verify

NEWS OSINT

Search News Journalist and Documentary Sites

Social Media Analytics

Threat Actor & Criminal Search

Guides

OSINT for Politics and Geopolitics

OSINT politics and geopolitics, risk crisis

Terrorism & Radical

Maltego Transform List

OSINT Wildlife

OSINT Satellite

*Aditional Information coverage sat

Satellite Resolution Overpass Frequency
Planet Satellite 3 M Daily
Sentinel-2 Satellite 10 M Every 5 days
Landsat 8/9 Satellite 30 M Every 16 days
Sentinel-3 Satellite 300 M Daily
MODIS Satellite 250-1000 M Daily
Google Maps Sat 15 - 30 CM 1 - 6 Year
Bing Maps 30 CM 1 - 3 Year
Apple Maps 15 - 30 CM 1 - 3 Year

Source: Bellingcat & GIJN

*TIPS

Understand every characteristic of satellites like, thermal satellites, enterprise satellites, live satellites. Each satellite has its own characteristics and there are some that are paid and produce good and fast resouces. And understand their uses, such as thermal satellites

Ex:

Ex Guides:

OSINT for Scraping and Data Collection

OSINT IRC Chat

OSINT Historical

You can use for study academic literature, search book, people name, old archive and other

OSINT Art Collection

OSINT The Artists

OSINT Language

Slang Language

OSINT OPSEC

OSINT Journalism Project

Search Expert or Journalist

Guide Journalist

OSINT Detect Deepfake

OSINT Similarity (Plagiarism)

Check the similarity or plagiarism of the content and web apps or social media similarity

Text Analyzer

Audio Analyzer

Image and Vidio Analyzer

Website

Company

Social Media

Secure Code & Application

Linux Distribution Package Search

Fixing grub or recovery grub missing

Shortlink for OSINT

*Pro tips : You can use it with the social engineering and creating own tools

OSINT Jobs

IP CIDR Conveter

OSINT Data Broker List

This is list data broker, you can search or delete form data broker list on here

OSINT Software

This is for you searching software and searching alternative software

OSINT Barcode Reader

OSINT Measurement

Analyzing for MASINT e.g your image, vidio, building, maps, simulation, sat or sensor and other things (mapping location)

OSINT Financial (FININT)

OSINT Cryptography (Cipher)

Find the cipher and other conveter tools for decode

Other conveter

OSINT Game

Search person in game

OSINT Device for Device

Getting info for device and hardware info and emulator also emulator for pentesting mobile apps like Android

Smartphone & Devices (Check coverage)

IOS

Android

PC & Laptop

Device Name or Code Name

OSINT Cloud

Search file in cloud like Google drive and other

OSINT Property

Find the list and history about house property, price and etc

Custom CSE Search Engine (CSE)

OSINT Technique Tips

This is path for you learn OSINT

Browser List

Bookmark OSINT tools list

OSINT Astronomy

OSINT Playground

OSINT Search Hacker Nickname

You can search nickname, hacker team and hacker archive like web defacement data and other

MISC

OSINT Drone Search

Search and find drone and drone footage