OSINT Links & Tools

1. OSINT Links & Tools
2. https://www.osinttechniques.com/osint-tools.html
3. Maltego
4. https://www.maltego.com/downloads/
5. Recon-ng
6. https://github.com/lanmaster53/recon-ng
7. Google dorks
8. https://www.abw.gov.pl/download/1/2783/MidlerGarlickiMincewicz-PL.pdf
9. https://www.exploit-db.com/google-hacking-database
10.  
11. PHP Code saving POST data:
12. https://gist.github.com/magnetikonline/650e30e485c0f91f2f40
13.  
14. Certificates
15. https://www.certificate-transparency.org/what-is-ct
16. https://transparencyreport.google.com/https/certificates
17. https://certstream.calidog.io
18.  
19. Domains
20. Name Generation
21. https://github.com/elceef/dnstwist
22. Scoring / Ranking
23. https://www.alexa.com/siteinfo
24. WHOIS privacy / history
25. https://whois-history.whoisxmlapi.com and more
26. Ageing
27. https://www.expireddomains.net/
28. Web Archive
29. https://web.archive.org
30. Categorization
31. BlueCoat: http://sitereview.bluecoat.com/sitereview.jsp
32. Cisco: http://www.senderbase.org/home
33. McAfee: http://www.mcafee.com/us/threat-center.aspx
34. Trend Micro: https://global.sitesafety.trendmicro.com
35. Websense: http://csi.websense.com
36. Zscaler: http://zulu.zscaler.com
37.  
38. SE Tools
39. Evilginx (MITM Phishing Framework)
40. https://github.com/kgretzky/evilginx2
41. SET
42. https://github.com/trustedsec/social-engineer-toolkit
43. BeEF
44. https://github.com/beefproject/beef
45. GoPhish
46. https://github.com/gophish/gophish
47. https://docs.getgophish.com/user-guide/
48. KingPhisher
49. https://github.com/rsmusllp/king-phisher
50. https://king-phisher.readthedocs.io/en/latest/
51.  
52. Macro
53. VBA
54. https://docs.microsoft.com/en-us/dotnet/visual-basic/programming-guide/com-interop/walkthrough-calling-windows-apis
55. Accessing Clipboard
56. https://docs.microsoft.com/is-is/office/vba/access/concepts/windows-api/send-information-to-the-clipboard
57. Didier’s resources:
58. https://videos.didierstevens.com/2016/10/11/training-attacking-with-excel/
59. https://github.com/DidierStevens/DidierStevensSuite
60. https://blog.didierstevens.com
61. Obfuscation
62. https://github.com/sevagas/macro_pack
63. https://github.com/bonnetn/vba-obfuscator
64. EvilClippy (Obfuscation)
65. https://github.com/outflanknl/EvilClippy
66. https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant/
67. Unicorn (Macro generation and more)
68. https://github.com/trustedsec/unicorn
69. Macros from remote templates
70. https://github.com/mantvydasb/RedTeam-Tactics-and-Techniques/blob/master/offensive-security/initial-access/phishing-with-ms-office/inject-macros-from-a-remote-dotm-template-docx-with-macros.md
71.  
72. Metadata
73. https://exiftool.org/
74.  
75. Red Teamer Testing Tools
76. Wireshark: https://www.wireshark.org
77. Charles Proxy: https://www.charlesproxy.com
78. Burp: https://portswigger.net/burp
79.  
80. Malware samples
81. https://www.virustotal.com/
82. https://www.hybrid-analysis.com/file-collections
83. https://zeltser.com/malware-sample-sources/ (list)
84.  
85. Defender/Analyst tools
86. https://videos.didierstevens.com/2020/10/11/oledump-py-plugin_msg_summary/
87. https://blog.didierstevens.com/programs/oledump-py/
88. http://www.decalage.info/python/oletools
89. https://github.com/decalage2/oletools/wiki/olevba
90. https://gchq.github.io/CyberChef/ (encoder/decoder)
91. https://code.visualstudio.com/ (Free IDE released by Microsoft)
92. https://www.automateexcel.com/vba-code-indenter/ (VBA Code Indenter)
93. https://github.com/MalwareCantFly/Vba2Graph (VBA2Graph)
94. https://github.com/decalage2/ViperMonkey (VBA Emulation engine written in python)
95.  
96. ASR (Attack Surface Reduction) Rules
97. https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction