### Username Investigation Tools (Bash) Source: https://context7.com/yogsec/osint-tools/llms.txt Tools for searching usernames across various social networks and websites. Includes Sherlock for comprehensive searches and Maigret for detailed analysis. Some tools may require installation via pip or git clone. ```bash # Using Sherlock to find username across social networks git clone https://github.com/sherlock-project/sherlock.git cd sherlock pip install -r requirements.txt python sherlock johndoe # Using Maigret for comprehensive username search pip install maigret maigret johndoe --all-sites --html # WhatsMyName web check # Visit: https://whatsmyname.app/ # Enter username and click search to check 500+ sites ``` -------------------------------- ### Access Tor Network and Analyze Hidden Services Source: https://context7.com/yogsec/osint-tools/llms.txt Safely access the Tor network using the Tor Browser and analyze hidden services with tools like Ahmia.fi and OnionScan. OnionScan requires Go installation. ```bash # Access Tor network # Download Tor Browser: https://www.torproject.org/download/ # Ahmia.fi - Tor search engine # Access via Tor: http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion # OnionScan for hidden service analysis go get github.com/s-rah/onionscan onionscan --verbose exampleonion.onion ``` -------------------------------- ### Image & Video Analysis Tools (Bash) Source: https://context7.com/yogsec/osint-tools/llms.txt Utilities for analyzing images and videos, including extracting EXIF metadata with ExifTool and performing reverse image searches. Supports Google Images and TinEye API. ExifTool can also be used to remove metadata. ```bash # Extract EXIF metadata with ExifTool exiftool image.jpg # Remove all metadata exiftool -all= image.jpg # Reverse image search via Google # https://images.google.com/ - upload image or paste URL # TinEye API reverse image search curl -X POST "https://api.tineye.com/rest/search/" \ -H "x-api-key: YOUR_KEY" \ -F "image=@photo.jpg" ``` -------------------------------- ### Domain Name Investigation Tools (Bash) Source: https://context7.com/yogsec/osint-tools/llms.txt Commands for analyzing domain ownership, DNS records, and SSL certificates. Includes WHOIS lookup, DNSDumpster for enumeration, and crt.sh for certificate transparency. Some tools require external services or API keys. ```bash # WHOIS lookup whois example.com # DNS enumeration with DNSDumpster # Visit: https://dnsdumpster.com/ # Enter domain to get DNS records, subdomains, and network map # Certificate transparency search with crt.sh curl "https://crt.sh/?q=example.com&output=json" | jq '.[] | {name_value, issuer_name}' # URLScan.io domain analysis curl -X POST "https://urlscan.io/api/v1/scan/" \ -H "Content-Type: application/json" \ -H "API-Key: YOUR_KEY" \ -d '{"url": "https://example.com", "visibility": "public"}' ``` -------------------------------- ### Query Threat Intelligence Databases Source: https://context7.com/yogsec/osint-tools/llms.txt Gather threat intelligence by querying platforms like VirusTotal, AlienVault OTX, and MISP using their respective APIs. Requires API keys for access and submission. ```bash # VirusTotal file/URL check curl --request POST \ --url "https://www.virustotal.com/api/v3/urls" \ --header "x-apikey: YOUR_KEY" \ --form "url=https://suspicious-site.com" # AlienVault OTX indicator lookup curl -H "X-OTX-API-KEY: YOUR_KEY" \ "https://otx.alienvault.com/api/v1/indicators/IPv4/8.8.8.8/general" # MISP threat sharing platform query curl -H "Authorization: YOUR_API_KEY" \ -H "Accept: application/json" \ "https://your-misp-instance/attributes/restSearch" \ -d '{"value": "malware.com"}' ``` -------------------------------- ### IP & MAC Address Investigation Tools (Bash) Source: https://context7.com/yogsec/osint-tools/llms.txt Tools for geolocating IP addresses, checking network ownership, and assessing IP reputation. Includes ipinfo.io for lookup, Shodan for host search, and AbuseIPDB for reputation checks. MAC vendor lookup is also provided. ```bash # IPinfo lookup curl "https://ipinfo.io/8.8.8.8?token=YOUR_TOKEN" # Shodan host search pip install shodan shodan init YOUR_API_KEY shodan host 8.8.8.8 # AbuseIPDB reputation check curl -G "https://api.abuseipdb.com/api/v2/check" \ --data-urlencode "ipAddress=8.8.8.8" \ -H "Key: YOUR_API_KEY" \ -H "Accept: application/json" # MAC vendor lookup curl "https://api.macvendors.com/00:00:5e:00:53:af" ``` -------------------------------- ### Search Exploits and Vulnerabilities Source: https://context7.com/yogsec/osint-tools/llms.txt Find known exploits and vulnerabilities using command-line tools like 'searchsploit' and by querying databases like CVE Details and Rapid7. CVE Details requires API access for programmatic queries. ```bash # Search Exploit-DB searchsploit apache 2.4 # CVE Details API query curl "https://cveawg.mitre.org/api/cve/CVE-2021-44228" # Rapid7 vulnerability database # Visit: https://www.rapid7.com/db/ # Search by CVE, product, or vulnerability type ``` -------------------------------- ### Analyze Malicious Files with Online Services Source: https://context7.com/yogsec/osint-tools/llms.txt Submit suspicious files for automated malware analysis to services like VirusTotal, Hybrid Analysis, and Joe Sandbox using their APIs. Requires API keys for submission. ```bash # VirusTotal file upload curl --request POST \ --url "https://www.virustotal.com/api/v3/files" \ --header "x-apikey: YOUR_KEY" \ --form "file=@suspicious_file.exe" # Hybrid Analysis submission curl -X POST "https://www.hybrid-analysis.com/api/v2/submit/file" \ -H "api-key: YOUR_KEY" \ -F "file=@malware_sample.exe" \ -F "environment_id=120" # Joe Sandbox API submission curl -X POST "https://jbxcloud.joesecurity.org/api/v2/submission/new" \ -F "apikey=YOUR_KEY" \ -F "sample=@file.exe" ``` -------------------------------- ### Email Investigation Tools (Bash) Source: https://context7.com/yogsec/osint-tools/llms.txt Utilities for verifying email addresses, checking for data breaches, and discovering associated accounts. Includes Holehe for registration checks and HaveIBeenPwned API for breach information. Requires API keys for some services. ```bash # Using Holehe to check email registrations pip install holehe holehe test@example.com # HaveIBeenPwned API check curl -s "https://haveibeenpwned.com/api/v3/breachedaccount/test@example.com" \ -H "hibp-api-key: YOUR_API_KEY" \ -H "User-Agent: OSINT-Tool" # Hunter.io email verification curl "https://api.hunter.io/v2/email-verifier?email=test@example.com&api_key=YOUR_KEY" ``` -------------------------------- ### Extract Metadata with ExifTool Source: https://context7.com/yogsec/osint-tools/llms.txt Utilize ExifTool to extract comprehensive metadata from various file types like PDFs, DOCX, and JPGs. It supports recursive directory scanning and can extract hidden information. ```bash # ExifTool comprehensive metadata extraction exiftool -a -u -g1 document.pdf # Extract metadata from all files in directory exiftool -r -ext pdf -ext docx -ext jpg ./documents/ ``` -------------------------------- ### Encode and Decode Data with Bash and Python Source: https://context7.com/yogsec/osint-tools/llms.txt Perform common encoding and decoding tasks such as Base64 and URL encoding/decoding using command-line tools like 'base64' and Python scripts. CyberChef offers a comprehensive web-based toolkit. ```bash # Base64 encode/decode echo "secret message" | base64 echo "c2VjcmV0IG1lc3NhZ2UK" | base64 -d # URL encode/decode python3 -c "import urllib.parse; print(urllib.parse.quote('hello world'))" python3 -c "import urllib.parse; print(urllib.parse.unquote('hello%20world'))" # CyberChef - comprehensive encoding toolkit # Visit: https://gchq.github.io/CyberChef/ # Drag operations to recipe: Base64 Decode → Gunzip → From Hex ``` -------------------------------- ### Digital Currency Tracking Source: https://context7.com/yogsec/osint-tools/llms.txt Trace cryptocurrency transactions and analyze wallet addresses using blockchain explorers. ```APIDOC ## Digital Currency Tracking Trace cryptocurrency transactions and analyze wallet addresses. ### Blockchain.com Bitcoin Address Lookup **Method:** cURL **Endpoint:** `https://blockchain.info/rawaddr/` **Description:** Retrieve information about a Bitcoin address, including balance and transaction history. **Request Example:** ```bash curl "https://blockchain.info/rawaddr/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa" ``` ### Get Bitcoin Transaction Details **Method:** cURL **Endpoint:** `https://blockchain.info/rawtx/` **Description:** Retrieve detailed information about a specific Bitcoin transaction. **Request Example:** ```bash curl "https://blockchain.info/rawtx/TRANSACTION_HASH" ``` ### Etherscan Ethereum Address Lookup **Method:** cURL **Endpoint:** `https://api.etherscan.io/api` **Description:** Retrieve the balance of an Ethereum address using the Etherscan API. **Query Parameters:** - **module** (string) - Required - `account` - **action** (string) - Required - `balance` - **address** (string) - Required - The Ethereum address to query. - **tag** (string) - Optional - `latest` for current balance. - **apikey** (string) - Required - Your Etherscan API key. **Request Example:** ```bash curl "https://api.etherscan.io/api?module=account&action=balance&address=0x742d35Cc6634C0532925a3b844Bc9e7595f6B5c&tag=latest&apikey=YOUR_KEY" ``` ``` -------------------------------- ### Exploits & Vulnerabilities Source: https://context7.com/yogsec/osint-tools/llms.txt Search vulnerability databases and exploit repositories. ```APIDOC ## Exploits & Vulnerabilities Search vulnerability databases and exploit repositories. ### Search Exploit-DB **Method:** Command Line **Description:** Search the Exploit Database for known exploits. **Command:** ```bash searchsploit apache 2.4 ``` ### CVE Details API Query **Method:** cURL **Endpoint:** `https://cveawg.mitre.org/api/cve/` **Description:** Retrieve details for a specific CVE (Common Vulnerabilities and Exposures). **Request Example:** ```bash curl "https://cveawg.mitre.org/api/cve/CVE-2021-44228" ``` ### Rapid7 Vulnerability Database **Description:** A comprehensive database of vulnerabilities. Visit: https://www.rapid7.com/db/ **Usage:** Search by CVE ID, product name, or vulnerability type. ``` -------------------------------- ### Malicious File Analysis Source: https://context7.com/yogsec/osint-tools/llms.txt Submit suspicious files for automated malware analysis. ```APIDOC ## Malicious File Analysis Submit suspicious files for automated malware analysis. ### VirusTotal File Upload **Method:** cURL **Endpoint:** `https://www.virustotal.com/api/v3/files` **Description:** Upload a file to VirusTotal for analysis. **Headers:** - **x-apikey**: Your VirusTotal API key. **Form Data:** - **file**: The file to upload (use `@` prefix). **Request Example:** ```bash curl --request POST \ --url "https://www.virustotal.com/api/v3/files" \ --header "x-apikey: YOUR_KEY" \ --form "file=@suspicious_file.exe" ``` ### Hybrid Analysis Submission **Method:** cURL **Endpoint:** `https://www.hybrid-analysis.com/api/v2/submit/file` **Description:** Submit a file to Hybrid Analysis for automated malware analysis. **Headers:** - **api-key**: Your Hybrid Analysis API key. **Form Data:** - **file**: The file to upload (use `@` prefix). - **environment_id**: The analysis environment ID. **Request Example:** ```bash curl -X POST "https://www.hybrid-analysis.com/api/v2/submit/file" \ -H "api-key: YOUR_KEY" \ -F "file=@malware_sample.exe" \ -F "environment_id=120" ``` ### Joe Sandbox API Submission **Method:** cURL **Endpoint:** `https://jbxcloud.joesecurity.org/api/v2/submission/new` **Description:** Submit a file to Joe Sandbox Cloud for analysis. **Form Data:** - **apikey**: Your Joe Sandbox API key. - **sample**: The file to submit (use `@` prefix). **Request Example:** ```bash curl -X POST "https://jbxcloud.joesecurity.org/api/v2/submission/new" \ -F "apikey=YOUR_KEY" \ -F "sample=@file.exe" ``` ``` -------------------------------- ### Track Digital Currency Transactions Source: https://context7.com/yogsec/osint-tools/llms.txt Monitor cryptocurrency transactions and analyze wallet addresses using public APIs from blockchain explorers like Blockchain.com and Etherscan. Requires API keys for some services. ```bash # Blockchain.com Bitcoin address lookup curl "https://blockchain.info/rawaddr/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa" # Get transaction details curl "https://blockchain.info/rawtx/TRANSACTION_HASH" # Etherscan Ethereum address lookup curl "https://api.etherscan.io/api?module=account&action=balance&address=0x742d35Cc6634C0532925a3b844Bc9e7595f6B5c&tag=latest&apikey=YOUR_KEY" ``` -------------------------------- ### Geolocation Tools (Bash) Source: https://context7.com/yogsec/osint-tools/llms.txt Utilities for identifying locations from coordinates and geographic data. Uses OpenStreetMap's Nominatim API for reverse geocoding and What3Words API for converting coordinates to addresses. Requires API keys for some services. ```bash # Convert coordinates to address curl "https://nominatim.openstreetmap.org/reverse?format=json&lat=40.7128&lon=-74.0060" # What3Words address lookup curl "https://api.what3words.com/v3/convert-to-3wa?coordinates=51.521251,-0.203586&key=YOUR_KEY" ``` -------------------------------- ### Social Network Analysis Tools (Bash) Source: https://context7.com/yogsec/osint-tools/llms.txt Tools for monitoring social media presence and analyzing connections. Includes Sherlock for multi-platform username searches and Social Analyzer for comprehensive scans. Twitonomy is mentioned for Twitter/X profile analytics. ```bash # Sherlock multi-platform search python sherlock username --print-found # Social Analyzer comprehensive scan git clone https://github.com/qeeqbox/social-analyzer.git cd social-analyzer pip install -r requirements.txt python app.py --username "johndoe" --websites "all" # Twitter/X profile analysis with Twitonomy # Visit: https://www.twitonomy.com/ # Enter Twitter handle for analytics dashboard ``` -------------------------------- ### Metadata Extraction Source: https://context7.com/yogsec/osint-tools/llms.txt Extract hidden information from documents, images, and files using tools like ExifTool and FOCA. ```APIDOC ## Metadata Extraction Extract hidden information from documents, images, and files. ### ExifTool Comprehensive Metadata Extraction **Method:** Bash **Endpoint:** N/A **Description:** Use ExifTool to extract detailed metadata from various file types. **Command:** ```bash exiftool -a -u -g1 document.pdf ``` ### Extract Metadata from All Files in Directory **Method:** Bash **Endpoint:** N/A **Description:** Recursively extract metadata from PDF, DOCX, and JPG files in a specified directory. **Command:** ```bash exiftool -r -ext pdf -ext docx -ext jpg ./documents/ ``` ### FOCA Document Metadata Analysis (Windows) **Method:** GUI (Windows) **Endpoint:** N/A **Description:** Use FOCA (Fingerprinting Organizations with Collected Archives) to analyze document metadata, extract users, emails, and software versions. Download from: https://elevenpaths.com/foca **Usage:** Load documents into FOCA and initiate metadata extraction. ``` -------------------------------- ### Encoding & Decoding Source: https://context7.com/yogsec/osint-tools/llms.txt Transform data between various encoding formats for analysis. ```APIDOC ## Encoding & Decoding Transform data between various encoding formats for analysis. ### Base64 Encode/Decode **Method:** Bash **Description:** Encode or decode strings using Base64. **Encode Example:** ```bash echo "secret message" | base64 ``` **Decode Example:** ```bash echo "c2VjcmV0IG1lc3NhZ2UK" | base64 -d ``` ### URL Encode/Decode **Method:** Python 3 **Description:** Encode or decode strings for URL compatibility. **Encode Example:** ```python python3 -c "import urllib.parse; print(urllib.parse.quote('hello world'))" ``` **Decode Example:** ```python python3 -c "import urllib.parse; print(urllib.parse.unquote('hello%20world'))" ``` ### CyberChef - Comprehensive Encoding Toolkit **Description:** A powerful web application for encoding, decoding, and analyzing data. Visit: https://gchq.github.io/CyberChef/ **Usage:** Drag and drop operations into the recipe list to perform transformations (e.g., Base64 Decode → Gunzip → From Hex). ``` -------------------------------- ### Phone Number Investigation Tools (Bash) Source: https://context7.com/yogsec/osint-tools/llms.txt Tools for investigating phone numbers, including identifying carriers and locations. PhoneInfoga is a command-line tool for scanning and analysis, with an option to run a web interface. Truecaller is mentioned for manual lookup. ```bash # Using PhoneInfoga git clone https://github.com/sundowndev/phoneinfoga.git cd phoneinfoga go build . ./phoneinfoga scan -n "+1234567890" # PhoneInfoga web interface ./phoneinfoga serve -p 8080 # Truecaller lookup (manual) # Visit: https://www.truecaller.com/ # Search phone number for caller identification ``` -------------------------------- ### Threat Intelligence Source: https://context7.com/yogsec/osint-tools/llms.txt Query threat databases and correlate indicators of compromise (IOCs). ```APIDOC ## Threat Intelligence Query threat databases and correlate indicators of compromise. ### VirusTotal URL Check **Method:** cURL **Endpoint:** `https://www.virustotal.com/api/v3/urls` **Description:** Submit a URL to VirusTotal for analysis. **Headers:** - **x-apikey**: Your VirusTotal API key. **Form Data:** - **url**: The URL to check. **Request Example:** ```bash curl --request POST \ --url "https://www.virustotal.com/api/v3/urls" \ --header "x-apikey: YOUR_KEY" \ --form "url=https://suspicious-site.com" ``` ### AlienVault OTX Indicator Lookup **Method:** cURL **Endpoint:** `https://otx.alienvault.com/api/v1/indicators/IPv4/` **Description:** Retrieve general information about an IPv4 indicator from AlienVault OTX. **Headers:** - **X-OTX-API-KEY**: Your AlienVault OTX API key. **Request Example:** ```bash curl -H "X-OTX-API-KEY: YOUR_KEY" \ "https://otx.alienvault.com/api/v1/indicators/IPv4/8.8.8.8/general" ``` ### MISP Threat Sharing Platform Query **Method:** cURL **Endpoint:** `https://your-misp-instance/attributes/restSearch` **Description:** Search for attributes (e.g., domain names, IPs) within your MISP instance. **Headers:** - **Authorization**: Your MISP API key. - **Accept**: `application/json` **Request Body (JSON):** - **value** (string) - The attribute value to search for. **Request Example:** ```bash curl -H "Authorization: YOUR_API_KEY" \ -H "Accept: application/json" \ "https://your-misp-instance/attributes/restSearch" \ -d '{"value": "malware.com"}' ``` ``` -------------------------------- ### Dark Web Investigation Source: https://context7.com/yogsec/osint-tools/llms.txt Safely search and monitor hidden services and onion sites using the Tor network and specialized tools. ```APIDOC ## Dark Web Investigation Search and monitor hidden services and onion sites safely. ### Access Tor Network **Description:** Use the Tor Browser to access the Tor network and browse .onion sites. Download from: https://www.torproject.org/download/ ### Ahmia.fi - Tor Search Engine **Description:** A search engine for the Tor network. **Access via Tor:** http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion ### OnionScan for Hidden Service Analysis **Method:** Go (Command Line) **Endpoint:** N/A **Description:** Analyze Tor hidden services for security vulnerabilities and information disclosure. **Installation:** ```bash go get github.com/s-rah/onionscan ``` **Usage:** ```bash onionscan --verbose exampleonion.onion ``` ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.