OSINT CHEAT SHEET

EXIF TOOL COMMAND

Exif tag name and data type

Author string

Caption string

Categories string

Collections string

DateTime date

DPP lang-alt

EditStatus string

FixtureIdentifier string

Keywords string

Notes string

ObjectCycle string

OriginatingProgram string

Rating real

Rawrppused boolean

ReleaseDate string

ReleaseTime string

RPP lang-alt

Snapshots string

Tagged boolean

More : man exiftool (Run on your terminal)

Site :

• Exiftool
• List tagname
• List tagnme 2
• List tagname 3

Write metadata

• exiftool -tagname="string" file

  example : exiftool -Author="Bayu" test.txt

you can add multiple tag and multiple file

Delete metadata

• exiftool -tagname="" file

  example : exiftool -Author="" test.txt

Delete mass metadata

• exiftool -all="" file

  example : exiftool -all="" file

Usage : man exiftool or read documentation exiftool.org

Not there are tag no writetable, make sure tagname can write

!Note

Use fresh file, if your file has been compressed or edit metadata you got a default metadata You can use xmp format for edit, write and delete metadata Check the documentation

SOCMINT

• Instagram Be carefull using this tool

• SOCMINT tool

• Graph Search

Collection Dataset

• Kaggle

Forums

• Bellingcat Discord
• Independent OSINT
• OSINT.Team
• Seccodeid
• /r/OSINT
• TraceLabs Slack

General Search

• ASK
• Baidu
• DuckDuckGo
• Yandex
• Infospace

Meta Search

• 100SearchEngines
• Bing vs. Google
• DADgogo
• Etools
• WebCrawler

Code Search

• Chromium Code Search
• Android Code Search
• Code Finder
• CodeSeek
• Debian Code Search
• Scala
• SearchCode
• SourceCodeOnline
• Woboq

Competitive Programming

• Hackerrank
• Code chef
• Code war

File & FTP

• Archie
• 4shared
• FileSearching
• File chef
• Global File Search
• Search Shared
• MMNT

Social Media Search and Monitoring

• AIDR
• Awario
• Brand24
• Mention
• Samdesk
• Social Links

Social Media Management and Content Discovery

• Agora pulse
• Buffer
• Coosto
• Falcon
• tailwind
• Revive Social

Web Intelligence

• Better Whois
• DNS History
• DNS Spy
• DNS Checker
• HackerTarget
• Shodan

Analysing URLs

• unfurl

Researching Cyber Threats

• Apility.io
• Alien Vault
• AutoShun
• Blacklist Check Tool
• Censys
• CVE Details
• IBM X-Force Exchange
• JoeSandbox Cloud
• Is It Hacked?
• Is It Phishing
• Kaspersky Threat
• Malware Domain List
• Malware URL Website
• Quttera
• Virus total
• Virus Share
• Web Cookies Scanner

IoT Search Engines

• LeakIX
• Binary Edge
• Purplepee.com
• Shodan
• Shodan Filters
• Shodan Scripts

IP Addresses

• Whats my ip This tools can show your ip address isp provider
• Ip 2 location This tools can show your ip address isp provider and geo location

Wireless Network

• Wigle Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers, netstumblers, and net huggers

SOC or Threat Hunting

• Alien Vault
• Exploit db
• AT&T

Dorking

Dorking is a wonderful thing, you can use this technique to search for anything such as index of a website, looking for live online camera server and other specifics, as for dorking commands that you can do for example

1. intitle: Search for specific titles
2. inurl: Search for specific urls or paths
3. intext: Search for specific words or contects
4. filetype: Search for files
5. site: Search from a specified target
6. Wildcard or symbol * (star) Find all web pages, for example: seccodeid*
7. Define:term Search for all things with specified terms, example define:seccodeid
8. cache page Take a snapshot of an indexed page. Google uses this to find the right page for the query you're looking for. Website or target specifically
9. allintext: Searches for specific text contained on a web page
10. allinurl: Find various keywords in a URL
11. allintitle: Restricts results to those containing all terms specified in a title
12. link: List of web pages that have links to the specified URL
13. (|) Pipe. This is a logical operator, | "tips" will show all the sites which contain either, or both words
14. (+) Used to concatenate words, useful to detect pages that use more than one specific key
15. (-) Minus operator avoids showing results that contain certain words, e.g. security -trails will show pages that use "security" in their text, but not those that have the word "trails"

example

intext:"hacking" site:seccodeid.com site:www.github.com ext:doc | ext:docx | ext:odt | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv

Google Advanced Search Tools

• Advanced google search
• Google Scholar
• Google Alerts
• Google Search History

Other Search Engines

• us.searchboth.net
• Archive.org
• Yandex
• Pastebin
• Topix.com
• search.carrot2.org/stable/search
• Shodan

Jurnals

• sciencedirect
• Scopus
• Sinta
• ieeexplore

Crack Jurnals

• SCI HUB This domain will always change

Blogs Search Engine

• Google Blog
• technorati
• omgili.com

DeepWeb Search Engines

• thehiddenwiki
• onion link
• MEMEX
• onion

Tracking Website Changes

• Changedetection
• Followthatpage

Company Reconnaissance Sites (Passive)

• whois
• Netcraft

People Searching

• spokeo
• 123people
• zoominfo
• peepdb
• reversegeni
• PDDIKTI
• SINTA

Phone Numbers

• argali
• ciddb
• cellrevealer
• spydialer
• Twilio
• Reverse lookup
• PhoneInfoga
• Sync
• National cell
• Getcontact

Public Records

• Public Record
• Fam Watchdog
• Crime Reports

Finding Usernames

• Namechk
• Knowem

Social Networks

• Facebook
• Facebook lookup id
• Sherlock

Google Queries for Facebook

Group Search: site:facebook.com inurl:group

Group Wall Posts Search: site:facebook.com inurl:wall

Pages Search: site:facebook.com inurl:pages

Public Profiles: allinurl: people ‘‘name’’ site:facebook.com

Facebook Query Language (FQL)

• Findmyfbid

Photos By - https://www.facebook.com/search/taget_id/photos-by

Photos Liked - https://www.facebook.com/search/taget_id/photos-liked

Photos Of - https://www.facebook.com/search/taget_id/photos-of

Comments - https://www.facebook.com/search/taget_id/photos-commented

Friends - https://www.facebook.com/search/taget_id/friends

Videos Tagged - https://www.facebook.com/search/taget_id/videos

Videos By - https://www.facebook.com/search/taget_id/videos-by

Videos Liked - https://www.facebook.com/search/taget_id/videos-liked

Videos Commented - https://www.facebook.com/search/taget_id/videos-commented

Events Attended - https://www.facebook.com/search/taget_id/events-joined

Relatives - https://www.facebook.com/search/taget_id/relatives

or you can use dork for spesific example

id site:facebook.com

page site: facebook.com

id site:facebook.com *

page site: facebook.com *

The Ultimate Facebook Investigation Tool

• Intel Technique
• Agora Pulse
• Commun.it
• DumpItBlue
• Fanpage Karma
• Facebook Search
• Facebook Search Tool
• Fb-sleep-stats
• Find my Facebook ID
• Lookup-ID.com
• SearchIsBack
• Wolfram Alpha Facebook Report

Instagram

• Hashtagify
• Iconosquare
• Picodash
• SnapMap
• Social Rank
• Toutatis
• Worldcam
• SearchMyBio

Pinterest

• Pingroupie

Twitter

• search.twitter.com
• twitter advanced
• twitter who_to_follow
• Alldaytrends A website where you can find trending hashtags.
• Backtweets BackTweets is a Twitter analytics tool that allows users to search through a Tweet archive.
• Blue Nod
• burrrd.
• doesfollow
• Fake Follower Check
• First Tweet
• Foller.me
• FollowCheck
• Followerwonk
• Geochirp
• GeoSocial Footprint
• GetTwitterID
• Gigatweeter
• Ground Signal
• HappyGrumpy
• Harvard TweetMap
• Hashtagify
• Hashtags.org
• ManageFlitter
• Mentionmapp
• MyTweetAlerts A tool to create custom email alerts based on Twitter search.
• Nations24
• OneMillionTweetMap
• Queryfeed
• Rank Speed
• Riffle
• RiteTag
• Sentiment140
• SnapBird
• Sleeping Time
• Social Bearing
• Social Rank First Follower
• Spoonbill
• Tagdef
• TeachingPrivacy
• Tinfoleak
• Trends24
• TrendsMap
• Ttrends
• twbirthday
• TwChat
• tweepsect
• TweetArchivist
• TweetDeck
• Tweeten
• TweetMap
• TweetMap
• TweetPsych
• Tweetreach
• TweetStats
• TweetTunnel
• Twellow
• Tweriod
• Twiangulate
• Twicsy
• Twilert
• Twipho
• Twitonomy
• TwitRSS
• Twitter Advanced Search
• Twitter Audit
• Twitter Chat Schedule
• Twitter Counter
• Twitterfall
• Twitter Search
• TWUBS Twitter Chat
• Schedule Warble

Twitter Search Engines

• tweetpaths
• allmytweets
• Sleepingtime
• twicsy
• Twimemachine
• inteltechniques

LinkedIn

Google queries for LinkedIn

Public Profiles: site:linkedin.com inurl:pub

Updated Profiles: site:linkedin.com inurl:updates

Company Profiles: site:linkedin.com inurl:companies

MySpace

Google queries for MySpace

Profiles: site: myspace.com inurl:profile

Blogs: site:myspace.com inurl:blogs

Videos: site:myspace.com inurl:vids

Jobs: site:myspace.com inurl:jobs

Videos: site:myspace.com ‘‘TARGET NAME’’ ‘‘videos’’

Comments: site:myspace.com ‘‘TARGET NAME’’ ‘‘comments’’

Friends: site:myspace.com ‘‘TARGET NAME’’ ‘‘friends’’

Social Network Search Engines

• kurrently
• socialmention
• whostalkin
• twoogel
• social mention
• whostalkin

Monitoring & Alerting

• Pastebin Alerts
• HaveIBeenPwned
• breachorclear

Images Search Engine

• Images google
• Facesaerch
• Tineye
• Flickr
• 7photos
• Worldc
• Yandex

EXIF Analysis

• regex
• FindExif
• metapicz
• imageforensic
• metapicz
• jimpl
• pic2map

Documents

• Metashield Analyzer
• forensicswiki
• foca

Email Tracing

• ip-adress
• whatismyipaddress

Tracking People

• getnotify

IoT – Internet of Things

• Insecam
• Shodan

Shodan Query Options

https://pen-testing.sans.org/blog/2015/12/08/effective-shodan-searches

https://danielmiessler.com/study/shodan/#gs.VBVsyo0

Capturing Information

• DownloadHelper Firefox plugin that will assist in downloading all media from a website
• Exif Viewer
• HTTrack

OSINT TOOLS

• Shrelock
• Maltego
• OSINT Framework
• Creepy
• Twint
• Telegram OSINT
• Recon-Ng
• Metagoofil
• More

OSINT Github Tool

• tinfoleak
• migret
• mosint
• osint_stuff_tool_collection
• instaloctrack
• SpyScrap
• osintteye
• metagofil
• recon-ng
• Harvester
• Geo creepy
• trape
• ReconDog
• iKy
• Ghunt
• Moriarty-Project
• Mr.Holmes
• octosuite Advanced Github OSINT Framework
• Toutatis
• A tool for OSINT based threat hunting
• K𝚊𝚛𝚖𝚊 𝚟𝟸 is a Passive Open Source Intelligence
• Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
• OSINT tool that allows you to find a person's accounts and emails + breached email
• A tool to search Aviation-related intelligence from public sources
• PoC OSINT Discord user and guild information harvester
• Automate downloading archived deleted Tweets
• Discover the location of nearby Telegram users
• OSINT Tool on Twitter and Instagram
• The World's simplest facial recognition api for python and the command line
• Automation and automation of digital forensic tools

OSINT Online Tool

• Echosec
• Foller
• Tweet Deck
• Tweet Trips
• Tweet Tonomy
• Twinangulate
• Geosocial
• Hash tracking
• Bellingcat
• Socmint tool
• Spyse

Telegram Tool

Search channel, username anymore

• Telegago

Linkedin

Extension find email, people on profile Linkedin

• Find that lead

Document and Slides Search

• Authorstream
• Find-pdf-doc
• Free Full PDF
• PDF Search Engine
• RECAP
• SlideShare
• Scribd
• soPDF.com
• FileChef
• File Search Engine
• FilePursuit
• NAPALM FTP Indexer

Real-Time Search, Social Media Search, and General Social Media Tools

• Audiense
• Bottlenose
• Buffer
• Hootsuite
• Hashtatit
• Rival IQ
• SocialBakers
• SociaBlade
• Social Searcher
• Mail.Ru Social Network Search
• WATools
• Profil3r
• Oblivion

Image Search

• 7Photos
• Baidu Images
• Bing Images
• Clarify
• Flickr
• GoodSearch Image Search
• Google Image
• Image Identification Project
• MyPicsMap
• PhotoBucket
• Picsearch
• PicTriev
• StolenCameraFinder
• TinEye - Reverse image search engine.
• Websta
• Worldcam
• Yahoo Image Search
• Yandex Images
• Betaface
• Search4faces

Image Analysis

• ExifTool
• Exif Search
• FotoForensics
• Gbimg.org
• Ghiro
• ImpulseAdventure
• Jeffreys Image Metadata Viewer
• JPEGsnoop
• Metapicz
• Forensically
• DiffChecker
• ImgOps

Stock Images

• AlltheFreeStock
• Death to Stock
• Freeimages
• Freestocks.org
• Gratisography
• IM Free
• ISO Republic
• iStockphoto
• Kaboompics
• LibreStock
• Life of Pix
• NegativeSpace
• New Old Stock
• Pixabay
• Pexels
• Stocksnap
• Shutterstock
• tookapic
• Unsplash

Video Search and Other Video Tools

• Aol Videos
• Bing Videos
• Blinkx
• Clarify
• Clip Blast
• DailyMotion
• Deturl
• DownloadHealper
• Earthcam
• Insecam
• Frame by Frame Browser plugin that allows you to watch YouTube videos frame by frame.
• Geosearch
• Internet Archive: Open Source Videos
• LiveLeak
• Metacafe
• Metatube
• Montage
• Veoh
• Vimeo
• Voxalead
• Yahoo Video Search
• YouTube
• YouTube Data Viewer
• ccSUBS Download Closed Captions & Subtitles from YouTube
• YouTube Metadata
• YouTube Geofind
• Video Stabilization Methods

Geospatial Research and Mapping Tools

• Atlasify
• Batchgeo
• Bing Maps
• CartoDB
• Colorbrewer
• CrowdMap
• CTLRQ Address Lookup
• Dominoc925
• DualMaps
• GeoGig
• GeoNames
• Esri
• Flash Earth
• Google Earth
• Google Earth Pro
• Google Maps
• Google Maps Streetview Player
• Google My Maps
• GPSVisualizer
• GrassGIS
• Here
• Hyperlapse
• Inspire Geoportal
• InstantAtlas
• Instant Google Street View
• Kartograph
• Leaflet
• MapAList
• MapBox
• Mapbuildr
• Mapchart.net
• Maperitive
• MapHub
• MapJam
• Mapline
• Map Maker
• Mapquest
• Modest Maps
• NGA GEOINT
• OpenLayers
• Polymaps
• Perry Castaneda Library
• Open Street Map
• QGIS
• QuickMaps
• StoryMaps
• Scribble Maps
• Terrapattern
• Tableau
• Timescape
• View in Google Earth
• Wikimapia
• World Aeronautical Database
• WorldMap Harvard
• ViaMichelin
• Yahoo Maps
• Zeemaps
• Sentinel Hub
• Maxar
• USGS (EarthExplorer)
• Zoom Earth
• Remote Pixel
• SunCalc
• ArcGIS
• Pic2Map
• Mapillary
• KartaView
• Satellites Pro
• Liveuamap
• Descartes Labs
• Baidu Maps
• MapChecking
• Windy
• SOAR
• digiKam

Fact Checking

• About Urban Legends
• Captin Fact
• Check
• Citizen Desk
• Emergent
• Fact Check
• Full Fact
• MediaBugs
• Snopes The definitive Internet reference source for urban legends, folklore, myths, rumors, and misinformation.
• Verification Handbook
• Verification Junkie
• Verily