---

cover: >- https://images.unsplash.com/photo-1535210197479-59bc559c431d?crop=entropy&cs=srgb&fm=jpg&ixid=M3wxOTcwMjR8MHwxfHNlYXJjaHw4fHxmaW5kaW5nfGVufDB8fHx8MTY5MDg3Mjc4M3ww&ixlib=rb-4.0.3&q=85 coverY: 110

👣 OSINT

Osint Lists and collections.
## Maps, Geolocation, and Transport
- [Apps.skylens.io](https://apps.skylens.io): Posts with geotags from five social networks at once on one map (Twitter, YouTube, Instagram, Flickr, Vkontakte)
- [photo-map.ru](https://photo-map.ru): Search geotagged photos from VK.com
- Snapchat map
- [YouTube Geofind](https://www.youtube.com/geofind): View YouTube geotagged videos on a map
- Flickr Photo Map
- Flickr Common Map: Displays only Flickr photos distributed under a Creative Commons license (250 of the latest for each location)
- [I know where your cat lives](https://iknowwhereyourcatlives.com): Geotagged photos from Instagram with the #cat hashtag
- [Trendsmap.com](https://www.trendsmap.com): Explore most popular Twitter trends, hashtags, and users on the world map
- [Pastvu.com](https://pastvu.com): View historical photos taken at a particular location on a map
- BirdHunt: A tool to get a list of recent tweets made in a specific geolocation/radius
- [WikiShootMe](https://tools.wmflabs.org/wikishootme): Worldwide map of geotagged Wikipedia Creative Commons Images
- [The Painted Planet](http://www.paintedplanet.org): Click on a point on the map to get a list of landscapes by famous artists depicting the area
- [COPERNIX](https://copernix.io): Worldwide map of geolocated Wikipedia articles
- [WikiNearby](https://www.wikinearby.org): Enter geographic coordinates and language to get a list of Wikipedia articles about nearby streets, towns, stations, and other notable places
- [Huntel.io](https://www.huntel.io): Get a list of links to Facebook/Instagram locations linked to geographic coordinates

## Nature
- [Map View NGMDB](https://ngmdb.usgs.gov/mapview): Map for exploring geologic maps and articles from the NGMDB (National Geologic Map Database)
- [WAQI](https://waqi.info): World's Air Pollution: Real-time Air Quality Index map
- [GlobalFishingMap](https://globalfishingmap.com): Click on a point on the map and get data on the current fishing effort at that location
- [Natural Hazards Viewer](https://www.ncei.noaa.gov/data/global-natural-hazards-and-risks/hazard-viewer): Natural Hazards Viewer (worldwide)
- [Lightingmaps](https://www.lightningmaps.org): Lightning strikes in real time and historical data on thunderstorms
- [Light Pollution World Map](https://www.lightpollutionmap.info): Showing the degree of light pollution in different countries over time
- [Global Wetlands Map](https://www.globalwetlandsmap.org): Interactive map of wetlands worldwide
- [Fire MAP NASA](https://firms.modaps.eosdis.nasa.gov/map): Online map of fire hotspots around the world
- [Ocearch Shark Tracker](https://www.ocearch.org/tracker): Click on a shark on the world map and find out its name, size, and travel log
- [Surging Seas: Risk Zone Map](https://riskfinder.climatecentral.org): Map of points with a risk of significant sea level rise in the event of melting glaciers
- [USA Fishermap](https://www.usafishermap.org): Detailed map of freshwater bodies in the USA, including depth at different points
- [Mindat.org](https://www.mindat.org): Mineral maps for different countries
- [Ventusky.com](https://www.ventusky.com): Collection of weather maps (wind, rain, temperature, air pressure, humidity, waves, etc.)
- [Wunderground](https://www.wunderground.com): Weather history data
- [Rain Alarm](https://www.rain-alarm.com): Shows where it is raining on the map and provides notifications of approaching rain
- [Cyclocane](https://www.cyclocane.com): Click on a hurricane on the map and get detailed information about it
- [MeteoBlue](https://www.meteoblue.com): Weather stats data
- [Zoom.earth](https://zoom.earth): Worldwide map of rains, storms, fires, heats, winds, and other natural phenomena
- [NGDC Bathymetry map](https://www.ngdc.noaa.gov/mgg/bathymetry): Worldwide detailed interactive bathymetry map
- [Soar.earth](https://soar.earth): Collection of satellite, drone, and ecological maps
- [Geodesics on the Earth](https://geodesics.online): Finding the shortest path between two points on Earth
- [Google Earth](https://www.google.com/earth): 3D representation of Earth based on satellite imagery
- [Everymountainintheworld](https://www.everymountainintheworld.com): Map showing mountains worldwide with altitude information
- [Rivermap](https://www.rivermap.net): Online map with detailed information on Europe's rivers
- [Global Biodiversity Information Facility](https://www.gbif.org): Enter the name of an animal, bird, or plant to see a map of where it has been spotted
- [Natural Hazards Map](https://maps.avijoin.com): Assess the risk of flooding, earthquakes, and hail in a specific location
- [River Runner Global](https://www.river-runner.org): Trace the path of rainwater from a specific location to the world's oceans
- [Macrostrat's Geologic Map System](https://macrostrat.org): Integrates over 290 bedrock geologic maps into a single, multiscale database
- [Global Flood Database](https://www.floods.global): Detailed statistics on floods worldwide over the last 15 years

## Aviation
- [Skyvector](https://skyvector.com): Tool for planning private flights and accessing data about the current situation in the sky
- [Flight Connections](https://www.flightconnections.com): Click on an airport on the map to see direct flight connections
- [World Aviation Accident Database 1962-2007](https://www.airsafe.com/events/db/index.htm)
- [World Aviation Accident Database 2008-2021](https://aviation-safety.net/database)
- [Rzjets.net](https://rzjets.net): User-updated online database of civilian jet and turbojet aircraft
- [Globe.adsbexchange.com](https://globe.adsbexchange.com): Track flights on a map
- [Transtats.bts.gov](https://transtats.bts.gov): Flight schedules and data on actual departure/arrival times of flights in the U.S.
- [Legrooms for Google Flights](https://chrome.google.com/webstore/detail/legrooms-for-google-fligh/bdlfaoffkcmjbmiicbajiflnhhnmfjgo): An extension that displays the size of the legroom between seats next to flight information
- [Flight Status Info](https://www.flightstats.com): Provides a list of airports by city name, flight schedules, and detailed information about flights

I hope this helps!

Fast Google Dorks Scan

https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan

$ ./FGDS.sh <DOMAIN>
$ proxychains bash ./FGDS.sh <DOMAIN>

Google

Google Dorks

https://cheatsheet.haax.fr/open-source-intelligence-osint/dorks/google_dorks/

https://www.searchenginejournal.com/google-search-operators-commands/215331/

intitle:index.of <TEXT>    // open directory listings

ext:php
inurl:%3F
site:*.*.*.<domain>
filetype:txt

Example

site:<DOMAIN> ext:php

Leaks

site:http://jsfiddle.net "<DOMAIN>"
site:http://codebeautify.org "<DOMAIN>"
site:http://codepen.io "<DOMAIN>"
site:http://pastebin.com "<DOMAIN>"

Example

site:http://jsfiddle.net | site:http://codebeautify.org | site:http://codepen.io | site:http://pastebin.com "<DOMAIN>"
site:http://jsfiddle.net | site:http://codebeautify.org | site:http://codepen.io | site:http://pastebin.com "<DOMAIN>" "demo" "test" "api"

Open Redirects

inurl:page= | inurl:url= | inurl:return= | inurl:next= | inurl:redir= | inurl:redirect= | inurl:target= | inurl:page= inurl:& inurl:http site:http://<DOMAIN>

Cloud Environments

site:http://s3.amazonaws.com "<DOMAIN>"
site:http://blob.core.windows.net "<DOMAIN>"
site:http://googleapis.com "<DOMAIN>"
site:http://drive.google.com "<DOMAIN>"

Abusing Google ID

https://medium.com/week-in-osint/getting-a-grasp-on-googleids-77a8ab707e4

Setup

1. Add a new contact to you google account (email address required)
2. Open developer tools and select the network tab
3. Reload the page
4. Set the right pane to request
5. Check all batchexecute packets

Example

https://contacts.google.com/_/ContactsUi/data/batchexecute?rpcids=OSOtuf&f.sid=-916332265175998083&bl=boq_contactsuiserver_20200707.13_p0&hl=en&soc-app=527&soc-platform=1&soc-device=1&_reqid=765234&rt=c

6. Watch out for a string like the following one

Example

[[["OSOtuf","[\"55fa738b0a752dc5\",\"117395327982835488254\"]",null,"generic"]]]

The Google ID's are always 21 characters long and starting with 10 or 11.

https://get.google.com/albumarchive/

https://www.google.com/maps/contrib/

h8mail

https://github.com/khast3x/h8mail

$ h8mail -t <EMAIL>

Photon

https://github.com/s0md3v/Photon

$ python3 photon.py -u https://<DOMAIN> -l 3 -t 100 --wayback

Recon-ng

Basic Commands

$ recon-ng
$ recon-ng -w <WORKSPACE>
[recon-ng][default] > workspaces create <WORKSPACE>
[recon-ng][default] > db schema
[recon-ng][default] > db insert domains
[recon-ng][default] > marketplace search
[recon-ng][default] > marketplace search <NAME>
[recon-ng][default] > marketplace info <NAME>
[recon-ng][default] > marketplace install <NAME>
[recon-ng][default] > marketplace remove <NAME>
[recon-ng][default] > modules search
[recon-ng][default] > modules load <MODULE>
[recon-ng][default][<MODULE>] > info
[recon-ng][default][<MODULE>] > options list
[recon-ng][default][<MODULE>] > options set <VALUE>
[recon-ng][default][<MODULE>] > run
[recon-ng][default] > keys list
[recon-ng][default] > keys add <KEY> <VALUE>
[recon-ng][default] > keys remove <KEY>

Ctrl+c unloads a module.

Social Analyzer

https://github.com/qeeqbox/social-analyzer

$ python3 app.py --cli --mode "fast" --username "<GIVENNAME> <SURNAME>" --websites "youtube facebook instagram" --output "pretty" --options "found,title,link,rate"

theHarvester

https://github.com/laramies/theHarvester

$ theHarvester -d <DOMAIN> -l 500 -b google -f myresults.html

Online tools

• Whatsmyname – This is my favourite one. It is pretty fast and shows only websites where the username is taken, which excludes a lot of visual noise.
• Instantusername – A pretty good username checker, but like all of them, still provides false results on some social networks. For example, on Tinder it might show that the username is taken, when, in fact, it is not. Checks more than 100 networks.
• Checkusernames – Another online username checker, but might have false results as well. For example, it might show that the username is not available, but when following the link you get to the 404 page (eg. Imgur, Flickr). Checks 160 social networks.
• Socialcatfish – This one checks across many resources, but it takes too long to generate a report, and in the end it requires payment to unlock the report.
• Search.illicit.services – Search engine for PII and leaked credentials from data brokers and breaches. Finds data leaks associated with usernames, if there are any.
• Social Searcher – Searches for username mentions on social networks.

Github Osint tools

• Maigret – A pretty advanced username checker which collects a dossier on a person by username from thousands of sites. Creates HTML reports and has a telegram bot.
• Blackbird – Another OSINT tool to search for accounts by username in social networks.
• Social Analyzer – A tool for analysing and finding a person's profile in 1000 social media \ websites with a vast number of features. Can be accessed in CLI and has a Web App.
• Sherlock – Hunts down social media accounts by username across social networks.
• Enola – A modern CLI tool written with Golang. Based on Sherlock, but returns more false positives.