Github/installable/run:

OSINT VM (tracelabs.org) - The Trace Labs team created a specialized OSINT VM specifically to bring
together the most effective OSINT tools and customized scripts. access to the most popular OSINT tools
and scripts all neatly packaged under one roof.

https://github.com/sherlock-project/sherlock - Hunt down social media accounts by username

across social networks **NEEDS TESTING

https://github.com/soxoj/maigret Maigret collect a dossier on a person by username only, checking for

accounts on a huge number of sites and gathering all the available information from web pages. No API
keys required. Maigret is an easy-to-use and powerful fork of Sherlock.

Currently supported more than 2000 sites (full list), search is launched against 500 popular sites in
descending order of popularity by default. Also supported checking of Tor sites, I2P sites, and domains
(via DNS resolving).

https://github.com/WebBreacher/WhatsMyName - Similar to Teams app

http://www.edge-security.com/theharvester.php - The objective of this program is to gather emails,

subdomains, hosts, employee names, open ports and banners from different public sources like search
engines, PGP key servers and SHODAN computer database
https://github.com/m4ll0k/infoga - Infoga is a tool gathering email accounts informations
(ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and
check if emails was leaked using haveibeenpwned.com API.

https://github.com/michenriksen/aquatone - Aquatone is a tool for visual inspection of websites across

a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.

https://github.com/lanmaster53/recon-ng - Recon-ng is a full-featured reconnaissance framework

designed with the goal of providing a powerful environment to conduct open source web-based
reconnaissance quickly and thoroughly. Recon-ng has a look and feel similar to the Metasploit
Framework, reducing the learning curve for leveraging the framework. However, it is quite different.
Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-
based open source reconnaissance.

https://github.com/evilsocket/xray - XRay is a tool for network OSINT gathering, its goal is to make some
of the initial tasks of information gathering and network mapping automatic.

https://github.com/darkoperator/dnsrecon - DNSRecon is a Python port of a Ruby script that I wrote to

learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend
the functionality of the original tool and in the process re-learn how DNS works and how could it be
used in the process of a security assessment and network troubleshooting.

https://github.com/OJ/gobuster - Gobuster is a tool used to brute-force: URIs (directories and files) in

web sites; DNS subdomains (with wildcard support); Virtual Host names on target web servers; Open
Amazon S3 buckets

https://github.com/darryllane/Bluto - DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card
Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account
Enumeration | MetaData Harvesting
http://www.edge-security.com/theharvester.php - The objective of this program is to gather emails,
subdomains, hosts, employee names, open ports and banners from different public sources like search
engines, PGP key servers and SHODAN computer database.

https://github.com/hrbrmstr/gdns - Tools to work with the Google DNS over HTTPS (DoH) API

https://github.com/aboul3la/Sublist3r - Sublist3r is a python tool designed to enumerate subdomains of

websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for
the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as
Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal,
ThreatCrowd, DNSdumpster and ReverseDNS.

https://github.com/infosec-au/altdns - Altdns is a DNS recon tool that allows for the discovery of
subdomains that conform to patterns. Altdns takes in words that could be present in subdomains under
a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of. From
these two lists that are provided as input to altdns, the tool then generates a massive output of
"altered" or "mutated" potential subdomains that could be present. It saves this output so that it can
then be used by your favourite DNS bruteforcing tool. Alternatively, the -r flag can be passed to altdns
so that once this output is generated, the tool can then resolve these subdomains (multi-threaded) and
save the results to a file. Altdns works best with large datasets. Having an initial dataset of 200 or more
subdomains should churn out some valid subdomains via the alterations generated

https://github.com/Sw4mpf0x/Kraken - Kraken is a tool to help make your web interface testing

workflow more efficient. This is done by using Django, Apache, and a MySql database to store and
organize web interface screenshots and data. This allows you and your team to take notes and track
which hosts have been tested simultaniously. Once you are finished, you can view these notes you took
and generate reports in the Reports section.

https://github.com/amq/firefox-debloat - This list aims to block core Firefox features which actively leak

data to third-party services (as opposed to attempts of sites to track you or otherwise passively collect
information). As it isn't always easy to draw a strict line, the most critical passive data faucets like
WebRTC are also mentioned.We are not breaking the browsing experience, so you won't find things like
spoofing referrers and canvas properties here.

https://github.com/dxa4481/Snapper - A security tool for grabbing screenshots of many web hosts. This
tool is useful after DNS enumeration or after enumerating web hosts via nmap or nessus. A sample
output can be seen here: https://security.love/Snapper/output

https://github.com/mrcoles/full-page-screen-capture-chrome-extension - A simple Google Chrome

extension that takes a screen capture of a full web page.

https://github.com/psal/anonymouth - Anonymouth is a Java-based application that aims to give users

to tools and knowledge needed to begin anonymizing documents they have written. It does this by firing
up JStylo libraries (an author detection application also develped by PSAL) to detect stylometric patterns
and determine features (like word length, bigrams, trigrams, etc.) that the user should remove/add to
help obsure their style and identity. Java 7 is required to run Anonymouth.

https://exiftool.org/ - ExifTool is a platform-independent Perl library plus a command-line application for

reading, writing and editing meta information in a wide variety of files.

http://www.edge-security.com/metagoofil.php - Metagoofil is an information gathering tool designed

for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target
company.
https://www.elevenpaths.com/innovation-labs/technologies/foca - FOCA (Fingerprinting Organisations
with Collected Archives) is a tool used mainly to find metadata and hidden information in the
documents its scans. These documents may be on web pages and can be downloaded and analyzed with
FOCA.

https://www.codetwo.com/freeware/outlook-export/ - CodeTwo Outlook Export is a free tool for

exporting data from Microsoft Outlook to CSV text files. The program allows exporting much more data
than offered by the built-in export feature in Outlook, allowing the export of non-standard user-defined
fields from Outlook

https://www.impulseadventure.com/photo/jpeg-snoop.html - JPEGsnoop is a free Windows application

that examines and decodes the inner details of JPEG, MotionJPEG AVI and Photoshop files. It can also be
used to analyze the source of an image to test its authenticity.

https://geosetter.de/en/main-en/ - GeoSetter is a freeware tool for Windows (requires Internet Explorer

10 or higher) for showing and changing geo data and other metadata (IPTC/XMP/Exif) of image files (e.g.
images taken by digital cameras).

https://github.com/ghirensics/ghiro - Images contain tons of information, Ghiro extracts these

information from provided images and display them in a nicely formatted report. Dealing with tons of
images is pretty easy, Ghiro is designed to scale to support gigs of images. All tasks are totally
automated, you have just to upload you images and let Ghiro does the work.

https://github.com/needmorecowbell/sniff-paste - Multithreaded pastebin scraper, scrapes to mysql

database, then reads pastes for noteworthy information. Use sniff-paste.py to go through the entire
process of collection, logging, and harvest automatically. The scraper can be set to a paste limit of 0 to
scrape indefinitely. If scraped indefinitely, press ctrl + c to stop scraping, any useful information will be in
the database, along with a link back to the original paste it was found in.

https://github.com/sqren/fb-sleep-stats - A small tool to show the potential privacy implications modern

social media have. By tracking online/offline status of people on Facebook, it is possible to get an
accurate image of their sleep pattern. Read the blog post: https://medium.com/@sqrendk/how-you-
can-use-facebook-to-track-your-friends-sleeping-habits-505ace7fffb6

https://github.com/paulgb/Treeverse - Treeverse is a tool for visualizing and navigating Twitter

conversation threads. It is available as a browser extension for Chrome and Firefox.

https://github.com/misterch0c/twitterBFTD - Twitter back from the death looks in a user tweets history
for domain names that are available for registration.

https://github.com/michenriksen/birdwatcher - Birdwatcher is a data analysis and OSINT framework for

Twitter. Birdwatcher supports creating multiple workspaces where arbitrary Twitter users can be added
and their Tweets harvested through the Twitter API for offline storage and analysis. Birdwatcher comes
with several modules which can be invoked to further enrich collected data or work with it, e.g.
Retrieving user's Klout score, generating social graphs between users and weighted word clouds based
on their Tweets.

http://vicenteaguileradiaz.com/tools/ - The most complete open-source tool for Twitter intelligence

analysis

https://github.com/digitalmethodsinitiative/dmi-tcat - The Digital Methods Initiative Twitter Capture

and Analysis Toolset (DMI-TCAT) allows one to retrieve and collect tweets from Twitter and to analyze
them in various ways. SEE REQUIREMENTS/NEED API KEY
https://github.com/twintproject/twint - Twint is an advanced Twitter scraping tool written in Python
that allows for scraping Tweets from Twitter profiles without using Twitter's API.

https://github.com/UberKitten/TweetVacuum - Chrome extension to scrape a user's entire timeline,

bypassing the Twitter API 3200 tweet limit.

https://github.com/vysecurity/LinkedInt - Providing you with Linkedin Intelligence. NEEDS HUNTER.IO

API KEY

https://github.com/dchrastil/ScrapedIn - this tool assists in performing reconnaissance using the

LinkedIn.com website/API. Provide a search string just as you would on the original website and let
ScrapedIn do all the dirty work. Output is stored as an XLSX file, however it is intended to be used with
Google Spreadsheets.

https://github.com/leapsecurity/InSpy - InSpy is a python based LinkedIn enumeration tool.

https://github.com/0x09AL/raven - Raven is a Linkedin information gathering tool that can be used by

pentesters to gather information about an organization employees using Linkedin. Currently is not being
maintained

https://bhattsameer.github.io/numspy/ - REQ http://www.way2sms.com/ - A python module for

sending free sms as well as finding details of mobile number via website Way2sms

------------------------------------------------------------------------------------------

Username Lookup

https://whatsmyname.app/ - This tool allows you to enumerate usernames across many websites

https://www.gotinder.com/@%3Cusername%3E – Tinder Username Lookup

https://keybase.io/ - Keybase is an open source app. Keybase comes with everything you need to
manage your identity, create secure chats, and share files privately. It's free. Over 100,000 people have
joined Keybase so far to prove their identities, and it's growing rapidly. **NEEDS VALIDATION OF
AUTHENTICITY**

------------------------------------------------------------------------------------------

PEOPLE SEARCH

https://infotracer.com/ - Name, Email, phone, username, address, plate, vin, IP. NEEDS PAYMENT, 7-
DAY TRIAL FOR $3.95 THEN RECURRING MONTHLY $19.05. VALIDATED ACCURATE/LEGIT/NON-SCAM BY
VP

https://www.theknot.com/registry/couplesearch - Find a couple's wedding registry and website.

Possibly US only

https://registry.thebump.com/babyregistrysearch - Baby Registry Finder

https://www.melissa.com/v2/lookups/ - Everything Address. 1000 credits free, $30/10,000

https://www.spokeo.com/ - $20/mo NOT TESTEDbut superficial/free results were accurate

https://radaris.com/ - Mostly US. Good Social Media and video & images sresults for Canada

https://infotracer.com/ - A+ BB rep and significant online reputation. Mostly US but gives local results as
well (deep web search). Premium/Subscription service $3.95 7d Trial then $19.05USD/mo after if not
cancelled
https://webmii.com/ - US but web results returned for local/global

https://www.familysearch.org/ - Mormon Family Database

https://www.ancestry.ca/ - $14.99-$129.99

https://rocketreach.co/ - People Search

------------------------------------------------------------------------------------------

EMAIL ADDRESSES

https://hunter.io/ - Finds emails attached to a domain. Such as Calgary.ca would return city of Calgary
employee emails. 10 free per search, or $50/mo for 500 searches/mo up to $399/mo for 30k searches

Emails

https://melissa.com/v2/lookups/emailcheck/email/ - 1000 free credits on signup, plus 1000 top up each

month. Mostly USA, some CA features. Address lookup tools also. NEEDS ACCOUNT

https://www.voilanorbert.com/ - Like hunter.io but can specify person name

https://dash.maildb.io/search/domain same as hunter.io/voilanorbert. 10 free credits on free plan.

https://www.skymem.info/ - found 1885 @calgary.ca. Start with 5 as preview. To get the 1885 results
was “Buy this email list: $7.97”

http://metricsparrow.com/toolkit/email-permutator/ - Email Permutator+ generates email possibilities

using name and domain

https://www.readnotify.com/ - tells if someone reads an email. Uses MITM method of send to them
they send to recipient

https://emailrep.io/ - Simple email reputation

https://www.mailboxvalidator.com/demo - similar to emailrep

https://mxtoolbox.com/ - mail toolbox

------------------------------------------------------------------------------------------

PHONE NUMBERS

https://www.slydial.com/ - Slydial is a free voice messaging service that connects you directly to
someone's mobile voicemail. Slydial is a service of MobileSphere

https://www.numberingplans.com/ - International Numbering Plans is specialised in world-wide

(tele)communications related numbering plans, and offers a range of on-line services for a variety of
market segments in the global telecommunications sector. Most on-line services are free of charge for
personal or limited use. 

https://www.thisnumber.com/ - ThisNumber is an international directory of white pages, yellow pages,

phone books, and online directory inquiries.

https://www.wayp.com/ - International telephone directory, inquiry names, addresses, telephones and

faxes.

https://calleridtest.com/ - Fast and accurate Caller ID (CNAM) as well as location, line type and more.
Our direct access to telecom data ensures accuracy.
https://thatsthem.com/reverse-phone-lookup

------------------------------------------------------------------------------------------

BUSINESSES/CORPORATE

http://corporationscanada.ic.gc.ca/eic/site/cd-dgc.nsf/eng/home - Canada Corporate Lookup

https://open.canada.ca/data/en/dataset/0032ce54-c5dd-4b66-99a0-320a7b5e99f2 - Canada Corporate

Lookup

https://corporateinformation.com/Country-Industry-Research-Links.aspx?c=124&i=General – Various
useful links about Canadian Corporations and businesses.

https://rocketreach.co/ - People Search

https://ca.indeed.com/ - Company Reviews

https://www.corporationwiki.com/ - US Corporate Lookup

https://www.sec.gov/edgar.shtml - US All companies, foreign and domestic, are required to file

registration statements, periodic reports, and other forms electronically through EDGAR. Anyone can
access and download this information for free. Here you'll find links to a complete list of filings available
through EDGAR and instructions for searching the EDGAR database.

https://www.ripoffreport.com/ - Corporate Reputation Lookup

https://opencorporates.com/ - The largest open database of companies in the world

https://globaledge.msu.edu/global-resources - The Global Resource Directory offers a rich collection of

thousands of international business- and trade-related resources, which we have selected for their
content and usability and organized into the categories below to facilitate your research.

https://use.infobelpro.com/ - The most powerful business finder. 0-20-200/mo

https://www.dnb.com/ - Utilize AI-driven ESG intelligence built from deep coverage of private and public
company data to manage risk. (Registration Lookup)

https://www.glassdoor.ca/member/home/index.htm - Corporate Lookup

https://www.manta.com/ - Business Whitepages-style lookup

https://corp.owler.com/ - Hard-to-find company data, and strategic news alerts for savvy executives,
marketers and sales professionals NOT TESTED

https://ca.kompass.com/ - Business search by sector. Global B2B portal to find & contact products or
services suppliers

https://www.europages.co.uk/ - EU Corporate B2B

https://find-and-update.company-information.service.gov.uk/ - UK Corporate Lookup

https://www.gov.uk/get-information-about-a-company - UK Corporate Lookup

https://www.companiesintheuk.co.uk/ - UK Corporate Lookup

https://www.companieslist.co.uk/ - UK Corporate Lookup

http://www.rba.co.uk/sources/ - a list of evaluated resources on business information

https://ec.europa.eu/taxation_customs/vies/?locale=en - VIES VAT number validation

https://www.google.com/finance/ - Stocks

------------------------------------------------------------------------------------------

Password/Breaches

Haveibeenpwned

Dehashed

https://ashley.cynic.al/ - Ashley Maddison breach check tool

------------------------------------------------------------------------------------------

COMBO SERVICES

https://pentest-tools.com/alltools - As an anonymous user, you can do 2 Free Scans every 24 hours. This
allows you to test the Light version of our tools. $110 /month +

https://spyse.com/ whois + digital fingerprinter

http://timeline.knightlab.com/ - Make JS timeline

https://www.privacytools.io/ - privacytools.io provides services, tools and knowledge to protect your

privacy against global mass surveillance.

https://themanyhats.club/centralised-place-for-privacy-resources/ - Privacy related Resources

https://le-tools.com/ - Le-Tools.com provides open source softwares that have been created for
investigators, IT analysts and researchers

------------------------------------------------------------------------------------------

Domain Tools

WHOIS:
https://spyse.com/ whois + digital fingerprinter

https://centralops.net/co/DomainDossier.aspx

https://www.domainiq.com/

COME BACK LATER****

https://github.com/lanrat/certgraph - CertGraph crawls SSL certificates creating a directed graph where

each domain is a node and the certificate alternative names for that domain's certificate are the edges
to other domain nodes. New domains are printed as they are found. In Detailed mode upon completion
the Graph's adjacency list is printed.

DISCOVERY:

Shodan

https://urlscan.io/about/ - urlscan.io is a free service to scan and analyse websites. When a URL is
submitted to urlscan.io, an automated process will browse to the URL like a regular user and record the
activity that this page navigation creates. This includes the domains and IPs contacted, the resources
(JavaScript, CSS, etc) requested from those domains, as well as additional information about the page
itself. urlscan.io will take a screenshot of the page, record the DOM content, JavaScript global variables,
cookies created by the page, and a myriad of other observations. If the site is targeting the users one of
the more than 400 brands tracked by urlscan.io, it will be highlighted as potentially malicious in the scan
results.

https://redirectdetective.com - Redirect Detective is free tool that allows you to do a full trace of a URL
Redirect. It will show you the complete path a redirect takes to get to the end point.

https://analyzeid.com/ - Find Other Websites Owned By The Same Person. Type the address of your
target website and see if the owner operates other sites.

http://letmecheck.it/ - Misc network tools. TCP ping, tcp/icmp traceroute, port scan, http header, DIG,
MTU Test

------------------------------------------------------------------------------------------

Lists

https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS 12 lists

HOW TO’s
http://www.catb.org/esr/faqs/smart-questions.html - How to ask questions the smart way

https://academy.plessas.net/store/g2R9AzTt - Subscribe and get an endless and categorized supply of

news and articles, including in mobile apps, social networks and the dark web. Curated by OSINT
experts, these resources are designed to help you discover the information that will help your
investigations. $5.99/mo;$65.00/yr USD

https://inteltechniques.com/links.html - Data Removal Workbook (PDF)

Data Removal Workbook (Online)
Credit Freeze Workbook (PDF)
Credit Freeze Workbook (Online)
pfSense Home Network Firewall
Apple iOS 15 Privacy Guide
GrapheneOS Installation Guide
Twilio VOIP Guide
Linphone VOIP Guide
GrapheneOS VOIP Calls Guide
VoIPSuite SMS App Guide

https://www.safeshepherd.com/handbook/privacy-basics - This Handbook aims to give you a single

source for the instructions you’ll need you remove your personal information from sites that expose
your information.

https://register.automatingosint.com/ - This is the only course, literally - you can’t get it anywhere else,
that teaches you how to write code to automatically extract and analyze data from the web and social
media. Join students from around the world from law enforcement, journalism, information security and
more.

http://online.wsj.com/public/resources/documents/TweetMetadata.pdf - Map of a Twitter Status

Object

https://academic.microsoft.com/ - Microsoft Acedemic

GUIDES BY TITLE - Research Guides at Harvard Library

arXiv.org e-Print archive - 1,978,106 scholarly articles in the fields of physics, mathematics, computer
science, quantitative biology, quantitative finance, statistics, electrical engineering and systems science,
and economics.

OSCP personal cheatsheet (liodeus.github.io) – Fantastic guide to OSCP enu+exploit

------------------------------------------------------------------------------------------

AMERICA ONLY

https://thatsthem.com/ **POSSIBLY INACCURATE, NO RESULTS FOR SELF EMAIL*

https://www.courtlistener.com/recap/ - Search our database of millions of PACER documents and

dockets.
https://www.advancedbackgroundchecks.com/ - Free People Search

https://www.zabasearch.com/ - Free* People Search and Public Information Search Engine! NOT TESTED

https://www.ussearch.com/ - US Search is your transparent and informative source for finding

addresses, phone numbers, and email addresses.

https://www.peekyou.com/ - People Search

https://www.intelius.com/ - People Search

------------------------------------------------------------------------------------------

DOCUMENTATION

https://www.hunch.ly/ - The Web Capture Tool Designed For Online Investigations. Never forget to
screenshot again. Hunchly automatically collects, documents, and annotates every web page you visit.

https://www.page2images.com/URL-Live-Website-Screenshot-Generator - Online Website Screenshot

Generator with URL input

https://archive.is/ - Archive.today is a time capsule for web pages!. It takes a 'snapshot' of a webpage
that will always be online even if the original page disappears.. It saves a text and a graphical copy of the
page for better accuracy and provides a short and reliable link to an unalterable record of any web page

https://www.magnetforensics.com/resources/web-page-saver// - MAGNET Web Page Saver is a perfect

tool for capturing how web pages look at a specific point in time. This is especially useful in situations
where the web pages need to be displayed in an environment where Internet access is not available
(such as a court room).WPS takes a list of URLs and saves scrolling captures (“snapshots”) of each page.
URLs can be typed in manually or imported from a text file or CSV file. WPS produces an easy-to-
navigate HTML report file containing the saved pages, with customizable options (such as including an
agency crest/logo and title for the report).WPS can also format captured data into a single SQLite
database file, and a custom artifact is saved to the output folder, enabling you to ingest that SQLite
database (or any WPS-generated SQLite database) into AXIOM.

https://fraps.com/ - Fraps is a universal Windows application that can be used with games using DirectX
or OpenGL graphic technology.  In its current form Fraps performs many tasks and can best be described
as:

Benchmarking Software - Show how many Frames Per Second (FPS) you are getting in a corner of your
screen.  Perform custom benchmarks and measure the frame rate between any two points.  Save the
statistics out to disk and use them for your own reviews and applications.
Screen Capture Software - Take a screenshot with the press of a key!  There's no need to paste into a
paint program every time you want a new shot.  Your screen captures are automatically named and
timestamped.

Realtime Video Capture Software - Have you ever wanted to record video while playing your favourite
game?  Come join the Machinima revolution!  Throw away the VCR, forget about using a DV cam, game
recording has never been this easy!  Fraps can capture audio and video up to 7680x4800 with custom
frame rates from 1 to 120 frames per second!

https://getsharex.com/ - See website. Multii-tool

https://getgreenshot.org/ - Greenshot is a light-weight screenshot software tool for Windows

http://timeline.knightlab.com/#make - TimelineJS is an open-source tool that enables anyone to build

visually rich, interactive timelines. Beginners can create a timeline using nothing more than a Google
spreadsheet

https://justpaste.it/ - Pastebin Alternative

https://pastebin.com/

------------------------------------------------------------------------------------------

MAPS

https://batchgeo.com/ - Map data using XLS

https://www.zeemaps.com/ - Create and publish interactive maps. Use maps for analysis and
presentations. Unlimited markers per map.3-level access control for each map: Viewer, Member and
Admin. Input from: Location(Search), Crowd Source, Google Spreadsheets, Microsoft Excel, CSV, KML,
GeoRSS feed or Copy-and Paste.

http://brianfolts.com/driver/ - The google maps streetview player will take in either a starting point and
end point, or a provided file of a route and provide a playthrough of the google streetview images that
are available. MAPS API KEY REQUIRED

------------------------------------------------------------------------------------------

OPSEC

https://www.fakenamegenerator.com/ - With 37 languages and 31 countries, the Fake Name Generator

is the most advanced name generator on the internet. Generate names, addresses, social security
numbers, credit card numbers, occupations, UPS tracking numbers, and more absolutely free.

https://backgroundchecks.org/justdeleteme/fake-identity-generator/ - Generate a fake name, address,

date of birth, username, password and biography. Can choose gender.

https://randomuser.me/ - A free, open-source API for generating random user data. Like Lorem Ipsum,
but for people.

https://cdn.jsdelivr.net/gh/Marak/faker.js@master/examples/browser/ - JS ID Generator

https://www.torproject.org/download/download-easy.html.en - TOR

https://geti2p.net/en/ - I2P

https://www.safetydetectives.com/best-vpns/ - After months of running speed tests, reading privacy

policies, and stress-testing all of the features of the many VPN services on the market, I ranked and
compared the top 10 VPNs based on security, ease of use, privacy features, and overall value. These are
those results.

http://www.useragentstring.com/pages/useragentstring.php - List of User Agent Strings

https://www.whatismybrowser.com/ - Shows UserAgent Information/Browser type. Shows JS, Cookies,

and other setting info

https://tools.tracemyip.org/user-agent-string-decoder/ - USER AGENT string decoder is a decoder tool

that allows translating a browser user agent string into data blocks.

https://proxycheck.haschek.at/ - Various proxy information. Can use on local proxy.

http://browserspy.dk/ - BrowserSpy.dk is the place where you can see just how much information your
browser reveals about you and your system.

https://www.ip2proxy.com/ - Detect anonymous proxies and VPNs

https://coveryourtracks.eff.org/ - Test your browser to see how well you are protected from tracking
and fingerprinting

------------------------------------------------------------------------------------------

DNS LEAK
https://ipleak.net/

https://dnsleak.com/

https://www.dnsleaktest.com/

http://ip-check.info/?lang=en

https://chrome.google.com/webstore/detail/webrtc-network-limiter/
npeicpdbkakmehahjeeohfdhnlpdklia - WebRTC Network Limiter

https://www.perfect-privacy.com/en/tests/check-ip - Use Perfect Privacy Check IP to check on your

externally visible IP addresses (IPv4 & IPv6) and other details of your Internet connection and browser
settings. Please use our DNS leak test to examine which DNS server you are using. The Perfect Privacy
Check IP test is also available using the URL checkip.perfect-privacy.com, there in addition with APIs for
automated tests.

http://www.tracemyip.org/ -  Instantly tracks visitors IP addresses, computer IDs & visitor IP address

changes in real-time. TraceMyIP.org is an advanced and absolutely private server-side website visitor
surveillance, website analytics and statistics service application that delivers exceptional features that
are not available on other website IP address data acquisition platforms.

https://noscript.net/ - The NoScript Firefox extension provides extra protection for Firefox, Seamonkey

and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and
other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).NoScript
also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a
browser.NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation
of security vulnerabilities (known, such as Meltdown or Spectre, and even not known yet!) with no loss
of functionality...

https://browserleaks.com/ - BrowserLeaks is all about browsing privacy and web browser fingerprinting.
Here you will find a gallery of web technologies security testing tools that will show you what kind of
personal identity data can be leaked, and how to protect yourself from this.
------------------------------------------------------------------------------------------

IMAGES/VIDEOS/DOCS

Google, Bing, Yahoo Search, Instagram, flickr, vimeo, liveleak

https://tineye.com/ - Reverse Image Search

https://infringement.report/api/raider-reverse-image-search/ - Reverse Image Search

http://karmadecay.com/ - Reverse Image Search of Reddit

https://chrome.google.com/webstore/detail/reveye-reverse-image-sear/
keaaclcjhehbbapnphnmpiklalfhelgf?hl=en - Perform a search by image. Choose between the image
search engines Google, Bing, Yandex, and TinEye. This extension allows to perform an inverse image
search by right-clicking onto any image in a web site.

https://www.yandex.com/images/ - Stock Images/Search

https://www.pexels.com/ - The best free stock photos, royalty free images & videos shared by
creators/Search

https://app.photobucket.com/explore - Stock Images/Image Upload/Search

https://www.smugmug.com/ - Stock Image/Search

https://imgur.com/search - Stock images, Image Upload, Anonymous Image Share/Search

https://www.picsearch.com/ - Basic Image Search. Similar to Google/Bing photos

https://search.creativecommons.org/ - Stock Images

https://www.imageidentify.com/ - Identifies ojects by canning a picture of them. Hit and miss results.
Browser-based

http://camfindapp.com/ - Identifies objects by scanning a picture of them. Must download app.

http://places2.csail.mit.edu/explore.html - Images searchable by location (kitchen, waiting room,

stadium, etc)

https://www.webfx.com/tools/idgettr/ - Use the URL of your photostream to find the Flickr ID number
(also works for groups).

http://www.geocreepy.com/ - Creepy is a geolocation OSINT tool. Gathers geolocation related

information from online sources, and allows for presentation on map, search filtering based on exact
location and/or date, export in csv format or kml for further analysis in Google Maps.

EXIF:

http://exif.regex.info/exif.cgi - Jeffrey's Image Metadata Viewer

http://imgops.com/ - ImgOps is a meta-tool:   1.) Enter an image. 2.) Choose an online image utility. It
works best with our bookmarklet (ImgOps), or you can enter a URL above.   what is a bookmarklet. You
can also insert  http://imgops.com/  in front of any image URL.

http://metapicz.com/#landing -  VIEW YOUR METADATA

http://fotoforensics.com/ - Metadata Information and Image Manipulation (hidden pixels +)

https://www.sodapdf.com/ocr-pdf/ - OCR is a key tool for digitizing documents

https://www.i2ocr.com/ - i2OCR is a free online Optical Character Recognition (OCR) that extracts text
from images and scanned documents so that it can be edited, formatted, indexed, searched, or
translated.

https://www.onlineocr.net/ - PDF -> Word OCR/Convert

https://archive.org/details/opensource_movies - These thousands of videos were contributed by

Archive users and community members. These videos are available for free download.

http://deturl.com/ - View a video on YouTube. In the URL location box, select https://www. and replace
with pwn Get links to download the video ( no software,  no copy/paste! )

https://citizenevidence.amnestyusa.org/ - YouTube video information extraction. Title, description,

VideoID, upload date/time, thumbnails with R image search

https://tools.digitalmethods.net/netvizz/youtube/ - Misc YouTube Channel Tools

https://hooktube.com/ - A light-weight YouTube. Simply replace the domain in any YT link

with hooktube.com. https://youtube.com/watch?v=S6bOkFLrsAc becomes https://hooktube.com/
watch?v=S6bOkFLrsAc, etc.

http://insecam.org/en/ - The world biggest directory of online surveillance security cameras.

https://github.com/baywolf88/seeallthethings - OSINT webcam mapping project. Read the included files

for usage

https://www.earthcam.com/ - Live Webcams

https://shodan.io – IOT Database. Has cameras

https://docjax.com/ - Search over 320,577 documents from 3,296 websites. With the world's largest
document search engine, DocJax is the place to find the documents you need.

https://search.wikileaks.org/advanced - WikiLeaks Search https://search.wikileaks.org/plusd/

------------------------------------------------------------------------------------------

SOCIAL MEDIA

https://lookup-id.com/# - Looking for your Facebook profile ID / Group ID / Page ID

http://backtweets.com/ - SEARCH FOR ANY LINKS ON TWITTER

https://followerwonk.com/bio/?q=zero%20day&l=us - Who are you looking for? Whether it's new

talent, customers, or just friends, we help find whom you're after.

https://twitterfall.com/ - Twitterfall is a Twitter client specialising in real-time tweet searches. New

tweets fall into the page.

http://www.geochirp.com/main.php - GeoChirp helps you search for people Twittering for specific
things in a specific area.

https://www.hootsuite.com/ - Easily manage all your social media and get results with Hootsuite.
https://tweetdeck.twitter.com/ - The most powerful Twitter tool for real-time tracking, organizing, and
engagement. Reach your audiences and discover the best of Twitter.

https://twopcharts.com/ - Twitter profile rep information

https://twicsy.com/ - Get Hundreds of Followers and Likes on your Instagram page delivered quickly and
safely!

https://tinfoleak.com/ - Online Twitter Scraper

https://www.allmytweets.net/ - Online Twitter Scraper

https://www.omnisci.com/demos/tweetmap - OmniSci is a GPU (Graphics Processor Unit)-powered

database and visualization platform designed for lightning-fast, immersive data exploration that
eliminates the disconnect between analyst and data. By bringing the power of GPU supercomputing to
data analytics, OmniSci can query and visualize billions of records in milliseconds. Nothing in this demo is
pre-computed or pre-rendered.

https://onemilliontweetmap.com/ - This page displays last 24h geolocalized tweets delivered by public
twitter stream API. Each second, about fifty new tweets are added (and oldest tweets are removed to
keep only 24 hours on the map).

https://roadtolarissa.com/javascript/reddit-comment-visualizer/ - Reddit Comment Visualiser

https://www.social-searcher.com/ - Free Social Media Search Engine

https://www.social-searcher.com/google-social-search/

https://socialblade.com/ - Social Blade tracks user statistics for YouTube, Twitch, Instagram, and Twitter!
Get a deeper understanding of user growth and trends by utilizing Social Blade

https://pingroupie.com/ - Find Group Boards on Pinterest

https://cse.google.com/cse?cx=006368593537057042503:efxu7xprihg - Google CSE for Telegram links

https://del.icio.us/

https://blackplanet.com/

https://www.tumblr.com/tagged/search?sort=top

https://myspace.com/

https://www.periscope.tv/

------------------------------------------------------------------------------------------

BITCOIN/BLOCKCHAIN/CRYPTOCURRENCY

https://www.w3schools.com/browsers/default.asp - W3Schools has over 60 million monthly visits.

From the statistics below (collected since 2002) you can read the long term trends of browser usage.

https://www.dogpile.com/ - Search Engine https://infospace.com/

------------------------------------------------------------------------------------------

Search Engines: (NEEDS REVIEW)

GENERAL

Google – https://www.google.ca
inurl:ftp -inurl:http -inurl:https ftpsearchterm

Google Advanced - https://www.google.com/advanced_search

Bing – https://www.bing.com

DuckDuckGo - https://www.duckduckgo.com

Yahoo Advanced - https://search.yahoo.com/web/advanced

StartPage - https://www.StartPage.com

Yandex - https://www.yandex.com

Baidu - 百度一下，你就知道 (baidu.com) https://www.baidu.com

iBoogie - https://www.iboogie.com

iZito - https://www.izito.com

Bing vs Google - https://www.bvsg.com

Ixquick - https://www.ixquick.com

Advangle - https://www.advangle.com

Instya - http://www.instya.com/#/web/

Hulbee - https://hulbee.com/

META SEARCH
http://iseek.com/iseek/home.page

http://biznar.com/biznar/desktop/en/search.html

http://search.carrot2.org/stable/search

http://yippy.com/

https://www.etools.ch/

https://searx.me/

http://addictomatic.com/

http://www.whostalkin.com/

http://www.dmoz.org/

http://answerthepublic.com/
CODE SEARCH
https://publicwww.com/

https://searchcode.com/

https://nerdydata.com/search

GitHub - michenriksen/gitrob: Reconnaissance tool for GitHub organizations

https://github.com/techgaun/github-dorks

https://gitleaks.com/

------------------------------------------------------------------------------------------
NEEDS TO BE LOOKED INTO:
https://www.melissa.com/service/listware_online/uploadws.aspx

https://assetnote.io/continuous-security/index.html

https://censys.io/

Bitwarden Password Manager (Online)

KeePassXC Password Manager (Offline)
ProtonVPN VPN Service
ProtonMail Encrypted Email
Fastmail Business Email
SimpleLogin Masked Email
Protectli Home Firewall
Invizbox VPN Router
Slate Portable VPN Router
Beryl Portable VPN Router
Silent Pocket Faraday Bag
Camera Covers
YubiKey 2FA Device
Microphone Blocker

https://github.com/TeehanLax/Hyperlapse.js - This library was written to create dynamic hyper-lapse

(time-lapse with movement) sequences using Google Street View.

https://www.echosec.net/platform - Open-Source Intelligence Platform. The Echosec Systems Platform

gathers real-time data from thousands of online sources for robust intelligence and enhanced security

https://app.buzzsumo.com/home - Generate ideas from our index of 8 billion pieces of content (BETA)

NewspaperArchive | 15,681 Historic Newspaper Archives

NEWS

Flipboard - Stories from 28,875 topics personalized for you

You Got The News | YouGotTheNews | Sam Richter - Important: Do not use Internet Explorer. The
Engine will only work in Edge, Safari, or Chrome.
OTHER/NOT LISTED