[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1501":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":46,"readmeContent":47,"aiSummary":48,"trendingCount":16,"starSnapshotCount":16,"syncStatus":49,"lastSyncTime":50,"discoverSource":51},1501,"awesome-osint-arsenal","rawfilejson\u002Fawesome-osint-arsenal","rawfilejson","🔍 Curated OSINT & recon toolkit for Kali Linux — 100+ tools, one-command installer, covering SOCMINT, GEOINT, network recon, dark web, forensics & more.","",null,"Shell",522,107,4,1,0,5,52,200,15,10.1,"MIT License",false,"main",true,[27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45],"cybersecurity","data-breach","ethical-hacking","goverment-data","hacking","information-gathering","infosec","intelligence","investigation","kali-linux","open-data","osint","osint-tool","osint-tools","penetration-testing","public-records","recon","reconnaissance","security-tools","2026-06-12 02:00:28","\u003Cdiv align=\"center\">\n\n\u003Cimg src=\"assets\u002Flogo.jpg\" width=\"860\" alt=\"OSINT Arsenal Logo\"\u002F>\n\n\u003Cbr\u002F>\n\n# 🔍 AWESOME OSINT ARSENAL\n\n### The Ultimate Open-Source Intelligence Toolkit\n\n\u003Cbr\u002F>\n\n[![Tools](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTools-1100%2B-FF4444?style=for-the-badge&logo=target&logoColor=white)](https:\u002F\u002Fgithub.com\u002Frawfilejson\u002Fawesome-osint-arsenal)\n[![Categories](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCategories-50%2B-0066CC?style=for-the-badge&logo=buffer&logoColor=white)](https:\u002F\u002Fgithub.com\u002Frawfilejson\u002Fawesome-osint-arsenal)\n[![Version](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FVersion-2.0-00CC66?style=for-the-badge&logoColor=white)](https:\u002F\u002Fgithub.com\u002Frawfilejson\u002Fawesome-osint-arsenal)\n[![Updated](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FUpdated-2025--2026-FF8800?style=for-the-badge&logoColor=white)](https:\u002F\u002Fgithub.com\u002Frawfilejson\u002Fawesome-osint-arsenal)\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-FFCC00?style=for-the-badge&logoColor=black)](LICENSE)\n[![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Frawfilejson\u002Fawesome-osint-arsenal?style=for-the-badge&color=gold&logo=github)](https:\u002F\u002Fgithub.com\u002Frawfilejson\u002Fawesome-osint-arsenal\u002Fstargazers)\n\n\u003Cbr\u002F>\n\n> **1100+ tools · 50+ categories · One-command Kali installer**\n>\n> *The most comprehensive OSINT toolkit on the internet — every tool includes installation instructions*\n\n\u003Cbr\u002F>\n\n### ⚡ One-Line Kali Linux Installer\n\n```bash\ncurl -sL https:\u002F\u002Fraw.githubusercontent.com\u002Frawfilejson\u002Fawesome-osint-arsenal\u002Fmain\u002Finstall_osint_arsenal.sh | sudo bash\n```\n\n*Or clone and run manually — see [Installation Guide](#%EF%B8%8F-installation-guide) below*\n\n\u003Cbr\u002F>\n\n\u003C\u002Fdiv>\n\n---\n\n> [!WARNING]\n> **DISCLAIMER:** This repository is for **educational and authorized security research only**.\n> Always obtain written permission before testing systems you do not own.\n> The authors are **not responsible** for any misuse of the tools or techniques listed here.\n> See the full [Legal Disclaimer](#%EF%B8%8F-legal-disclaimer) at the bottom.\n\n---\n\n## 📋 Table of Contents\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔭 Reconnaissance & Discovery\u003C\u002Fb> — click to expand\u003C\u002Fsummary>\n\n1. [Username & Social Media OSINT](#1-username--social-media-osint)\n2. [Email OSINT Tools](#2-email-osint-tools)\n3. [Phone Number OSINT](#3-phone-number-osint)\n4. [Domain & IP OSINT](#4-domain--ip-osint)\n5. [Geolocation & Maps OSINT](#5-geolocation--maps-osint)\n6. [Image & Video OSINT](#6-image--video-osint)\n7. [Facial Recognition & People Search](#7-facial-recognition--people-search)\n8. [Social Media Monitoring](#8-social-media-monitoring)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💥 Data Breaches & Leaks\u003C\u002Fb> — click to expand\u003C\u002Fsummary>\n\n9. [Data Breach & Leak Search Engines](#9-data-breach--leak-search-engines)\n10. [WikiLeaks, DDoSecrets & Whistleblower Platforms](#10-wikileaks-ddosecrets--whistleblower-platforms)\n11. [Password Cracking & Credential Tools](#11-password-cracking--credential-tools)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🕶️ Dark Web & Privacy\u003C\u002Fb> — click to expand\u003C\u002Fsummary>\n\n12. [Dark Web Search Engines & Tools](#12-dark-web-search-engines--tools)\n13. [Anonymous & Privacy Tools](#13-anonymous--privacy-tools)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>⚔️ Offensive Security\u003C\u002Fb> (Authorized Testing Only) — click to expand\u003C\u002Fsummary>\n\n14. [Web Application OSINT & Scanning](#14-web-application-osint--scanning)\n15. [Social Engineering & Phishing](#15-social-engineering--phishing)\n16. [Vulnerability Scanning & Exploitation](#16-vulnerability-scanning--exploitation)\n17. [Network & Wireless Tools](#17-network--wireless-tools)\n18. [Mobile Hacking & Phone Exploitation](#18-mobile-hacking--phone-exploitation)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🧠 Intelligence & Analysis\u003C\u002Fb> — click to expand\u003C\u002Fsummary>\n\n19. [AI-Powered OSINT & Free AI Tools](#19-ai-powered-osint--free-ai-tools)\n20. [Financial & Corporate Intelligence](#20-financial--corporate-intelligence)\n21. [Vehicle, Property & Public Records](#21-vehicle-property--public-records)\n22. [Metadata & Digital Forensics](#22-metadata--digital-forensics)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>👁️ Surveillance & Dorking\u003C\u002Fb> — click to expand\u003C\u002Fsummary>\n\n23. [IP Camera & Webcam OSINT](#23-ip-camera--webcam-osint)\n24. [Google Dorking Bible](#24-google-dorking-bible)\n25. [Credential & Data Dorking](#25-credential--data-dorking)\n26. [IP Tracking & Geolocation Links](#26-ip-tracking--geolocation-links)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🌐 Community & Platforms\u003C\u002Fb> — click to expand\u003C\u002Fsummary>\n\n27. [Telegram OSINT Bots & Channels](#27-telegram-osint-bots--channels)\n28. [Russian OSINT & Person Lookup Services](#28-russian-osint--person-lookup-services)\n29. [Social Media Searcher Platforms](#29-social-media-searcher-platforms)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🧰 Toolkits & Frameworks\u003C\u002Fb> — click to expand\u003C\u002Fsummary>\n\n30. [Termux Hacking Toolkit (Complete)](#30-termux-hacking-toolkit-complete)\n31. [Kali Linux OSINT Toolkit](#31-kali-linux-osint-toolkit)\n32. [All-in-One Hacking Frameworks](#32-all-in-one-hacking-frameworks)\n33. [Wordlist Generation & Brute Force](#33-wordlist-generation--brute-force)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🖥️ Hardware & Operating Systems\u003C\u002Fb> — click to expand\u003C\u002Fsummary>\n\n34. [Hardware Hacking Tools](#34-hardware-hacking-tools)\n35. [OSINT Operating Systems](#35-osint-operating-systems)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>👨‍💻 Developer & Learning\u003C\u002Fb> — click to expand\u003C\u002Fsummary>\n\n36. [OSINT APIs & Developer Tools](#36-osint-apis--developer-tools)\n37. [Browser Extensions for OSINT](#37-browser-extensions-for-osint)\n38. [OSINT Learning Resources](#38-osint-learning-resources)\n39. [Awesome OSINT GitHub Repos](#39-awesome-osint-github-repos)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>⚡ Quick Reference\u003C\u002Fb> — click to expand\u003C\u002Fsummary>\n\n40. [One-Click Install Scripts](#40-one-click-install-scripts)\n41. [Top 50 Must-Have Tools](#41-top-50-must-have-tools-quick-reference)\n\n\u003C\u002Fdetails>\n\n---\n\n## ⚙️ Installation Guide\n\n> `install_osint_arsenal.sh` automates the full setup on **Kali Linux** — apt packages, pip tools, Go binaries, Ruby gems, and git-cloned tools all in one run.\n\n### Option A — Direct curl install\n\n```bash\ncurl -sL https:\u002F\u002Fraw.githubusercontent.com\u002Frawfilejson\u002Fawesome-osint-arsenal\u002Fmain\u002Finstall_osint_arsenal.sh | sudo bash\n```\n\n### Option B — Clone and run *(recommended — lets you inspect first)*\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Frawfilejson\u002Fawesome-osint-arsenal.git\ncd awesome-osint-arsenal\nchmod +x install_osint_arsenal.sh\nsudo bash install_osint_arsenal.sh\n```\n\n### What the script installs\n\n| Category | Examples |\n|:--------:|---------|\n| 📦 **apt packages** | nmap, masscan, wireshark, hydra, hashcat, aircrack-ng, nikto, sqlmap, binwalk, exiftool… |\n| 🐍 **Python pip** | sherlock, maigret, holehe, h8mail, socialscan, phoneinfoga, deepface, volatility3… |\n| 🐹 **Go binaries** | amass, subfinder, httpx, nuclei, katana, gobuster, onionscan, evilginx2… |\n| 💎 **Ruby gems** | wpscan |\n| 📂 **Git clones** | fsociety, hackingtool, zphisher, Storm-Breaker, Photon, SecLists, Responder, Orbit… |\n| ➕ **Extras added** | trufflehog, dnstwist, waybackpy, EyeWitness, crosslinked, osmedeus, FinalRecon… |\n| 🌐 **Services** | Tor daemon + proxychains4 (for dark web tools) |\n\n> All git-cloned tools are saved to `\u002Fopt\u002Fosint-arsenal\u002F`\n> Full install log saved to `\u002Fvar\u002Flog\u002Fosint-arsenal-install.log`\n\n---\n\n## 📊 Stats at a Glance\n\n\u003Cdiv align=\"center\">\n\n| 🛠️ Total Tools | 💻 CLI Tools | 📁 GitHub Repos | 🌐 Online Platforms | 🤖 AI Tools |\n|:-:|:-:|:-:|:-:|:-:|\n| **1100+** | **400+** | **300+** | **250+** | **25+** |\n\n| 🕶️ Dark Web Engines | 🖥️ OSINT OSes | 💥 Breach Engines | 🔍 Google Dorks | 📂 Categories |\n|:-:|:-:|:-:|:-:|:-:|\n| **17** | **17** | **25+** | **50+** | **41** |\n\n\u003C\u002Fdiv>\n\n---\n\n## 1. Username & Social Media OSINT\n\n> 🎯 Find accounts, profiles, and digital footprints across hundreds of platforms.\n>\n> **Pro tip:** Start with Sherlock for a quick sweep, then use Maigret for depth — it covers 3000+ sites.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **Sherlock** | Find usernames across 400+ social networks | `pip install sherlock-project` |\n| **Maigret** | Advanced Sherlock fork — 3000+ sites | `pip install maigret` |\n| **Namechk** | Username & domain availability checker | [namechk.com](https:\u002F\u002Fnamechk.com\u002F) |\n| **WhatsMyName** | Web-based username enumeration | [whatsmyname.app](https:\u002F\u002Fwhatsmyname.app\u002F) |\n| **Snoop** | Username search (Russian-focused) | `pip install snoop` |\n| **UserRecon** | Bash-based username finder | `git clone https:\u002F\u002Fgithub.com\u002Fwishihab\u002Fuserrecon.git` |\n| **Blackbird** | Fast username search tool | `pip install blackbird-osint` |\n| **Social Analyzer** | API-based social media profiler | `pip install social-analyzer` |\n| **NExfil** | Find profiles by username | `pip install nexfil` |\n| **Socid-extractor** | Extract info from web pages | `pip install socid-extractor` |\n| **Gitrecon** | GitHub OSINT reconnaissance | `pip install gitrecon` |\n| **OSRFramework** | Username research framework | `pip install osrframework` |\n| **Holehe** | Check if email is registered on 120+ sites | `pip install holehe` |\n| **socialscan** | Check email\u002Fusername availability | `pip install socialscan` |\n| **Investigo** | Username checker (Go-based) | `go install github.com\u002Ftdh8316\u002Finvestigo@latest` |\n| **OSINT Framework** | Visual map of all OSINT tools | [osintframework.com](https:\u002F\u002Fosintframework.com\u002F) |\n| **CheckUserNames** | Check username across multiple platforms | [checkusernames.com](https:\u002F\u002Fcheckusernames.com\u002F) |\n| **KnowEm** | Username search on 500+ sites | [knowem.com](https:\u002F\u002Fknowem.com\u002F) |\n| **Instant Username Search** | Real-time username checker | [instantusername.com](https:\u002F\u002Finstantusername.com\u002F) |\n| **Usersearch.org** | Free social network search | [usersearch.org](https:\u002F\u002Fusersearch.org\u002F) |\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💻 Sherlock — Install & Usage\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\n# Kali Linux \u002F Ubuntu\npip install sherlock-project\nsherlock \"username\"\n\n# From GitHub source (always latest)\ngit clone https:\u002F\u002Fgithub.com\u002Fsherlock-project\u002Fsherlock.git\ncd sherlock\npip install -r requirements.txt\npython3 sherlock \"username\"\n\n# Search multiple usernames at once\nsherlock user1 user2 user3\n```\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💻 Maigret — Install & Usage\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\npip install maigret\nmaigret \"username\"\n\n# From source\ngit clone https:\u002F\u002Fgithub.com\u002Fsoxoj\u002Fmaigret.git\ncd maigret\npip install -r requirements.txt\npython3 -m maigret \"username\"\n\n# Generate HTML report\nmaigret \"username\" --html\n```\n\u003C\u002Fdetails>\n\n---\n\n## 2. Email OSINT Tools\n\n> 📧 Verify emails, find linked accounts, check breach exposure, and analyze headers.\n>\n> **Pro tip:** Holehe is free and fast. h8mail is best for breach correlation when API keys are configured.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **h8mail** | Email OSINT & breach hunting | `pip install h8mail` |\n| **Holehe** | Check email on 120+ sites | `pip install holehe` |\n| **theHarvester** | Email & domain harvester | `pip install theHarvester` |\n| **EmailAnalyzer** | Analyze suspicious .eml files | `git clone https:\u002F\u002Fgithub.com\u002Fkeraattin\u002FEmailAnalyzer` |\n| **Prowl** | Email & domain reconnaissance | `git clone https:\u002F\u002Fgithub.com\u002Fnettitude\u002FProwl` |\n| **EmailHeader-Analyzer** | CLI email header parser + OSINT | `git clone https:\u002F\u002Fgithub.com\u002FGiritharram\u002FEmailHeader-Analyzer-CLI-Python` |\n| **MailHeaderDetective** | Email header forensics | `git clone https:\u002F\u002Fgithub.com\u002Fakajhon\u002FMailHeaderDetective` |\n| **WhatMail** | Email header analysis CLI | `git clone https:\u002F\u002Fgithub.com\u002Fz0m31en7\u002FWhatMail` |\n| **mailto_analyzer** | Email exposure analysis | `pip install mailto-analyzer` |\n| **Infoga** | Email OSINT gathering | `git clone https:\u002F\u002Fgithub.com\u002Fm4ll0k\u002FInfoga` |\n| **Hunter.io** | Find professional emails | [hunter.io](https:\u002F\u002Fhunter.io\u002F) |\n| **Phonebook.cz** | Email, domain & URL search | [phonebook.cz](https:\u002F\u002Fphonebook.cz\u002F) |\n| **EmailRep** | Email reputation lookup | [emailrep.io](https:\u002F\u002Femailrep.io\u002F) |\n| **Epieos** | Get info linked to email | [epieos.com](https:\u002F\u002Fepieos.com\u002F) |\n| **GetNotify** | Email open tracking + geolocation | [getnotify.com](https:\u002F\u002Fgetnotify.com\u002F) |\n| **Snov.io** | Email finder & verifier | [snov.io](https:\u002F\u002Fsnov.io\u002F) |\n| **MXToolbox** | Email header analysis & DNS checks | [mxtoolbox.com](https:\u002F\u002Fmxtoolbox.com\u002F) |\n| **SimpleLogin** | Email alias service for OSINT | [simplelogin.io](https:\u002F\u002Fsimplelogin.io\u002F) |\n| **Email-Checker** | Email validation tool | [email-checker.net](https:\u002F\u002Femail-checker.net\u002F) |\n| **Voila Norbert** | Find anyone's email | [voilanorbert.com](https:\u002F\u002Fvoilanorbert.com\u002F) |\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💻 h8mail — Install & Usage\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\npip install h8mail\n\n# Basic scan\nh8mail -t \"target@email.com\"\n\n# With API keys (unlocks more breach sources)\n# Create config.ini with your API keys from HIBP, BreachDirectory, etc.\nh8mail -t \"target@email.com\" -k config.ini\n\n# Scan a list of emails\nh8mail -t emails.txt\n```\n\u003C\u002Fdetails>\n\n---\n\n## 3. Phone Number OSINT\n\n> 📱 Identify carriers, locations, registrations, and linked accounts from phone numbers.\n>\n> **Pro tip:** PhoneInfoga is the gold standard CLI tool. GetContact reveals how a number is saved by others.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **PhoneInfoga** | Advanced phone number scanner | `pip install phoneinfoga` |\n| **Ignorant** | Check phone registrations on sites | `pip install ignorant` |\n| **GetContact** | See how number is saved by others | [getcontact.com](https:\u002F\u002Fgetcontact.com\u002F) |\n| **NumVerify** | Phone number validation API | [numverify.com](https:\u002F\u002Fnumverify.com\u002F) |\n| **Truecaller** | Caller ID & spam lookup | [truecaller.com](https:\u002F\u002Ftruecaller.com\u002F) |\n| **Sync.me** | Phone number lookup | [sync.me](https:\u002F\u002Fsync.me\u002F) |\n| **CallerIDTest** | Reverse phone lookup | [calleridtest.com](https:\u002F\u002Fcalleridtest.com\u002F) |\n| **SpyDialer** | Free reverse phone lookup | [spydialer.com](https:\u002F\u002Fspydialer.com\u002F) |\n| **National Cellular Directory** | Phone owner lookup | [nationalcellulardirectory.com](https:\u002F\u002Fwww.nationalcellulardirectory.com\u002F) |\n| **TelPoisk** | Russian phone directory | [telpoisk.com](https:\u002F\u002Ftelpoisk.com\u002F) |\n| **NumLookup** | Free reverse phone lookup | [numlookup.com](https:\u002F\u002Fwww.numlookup.com\u002F) |\n| **Hlr-Lookups** | HLR phone number lookup | [hlr-lookups.com](https:\u002F\u002Fwww.hlr-lookups.com\u002F) |\n| **PhoneSploit** | ADB-based phone exploitation | `git clone https:\u002F\u002Fgithub.com\u002Faerosol-can\u002FPhoneSploit` |\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💻 PhoneInfoga — Install & Usage\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\n# Binary install (Kali Linux)\ncurl -sSL https:\u002F\u002Fraw.githubusercontent.com\u002Fsundowndev\u002Fphoneinfoga\u002Fmaster\u002Fsupport\u002Fscripts\u002Finstall | bash\n\n# Open web UI at localhost:8080\nphoneinfoga serve -p 8080\n\n# Scan from CLI\nphoneinfoga scan -n \"+1234567890\"\n\n# pip install (alternative)\npip install phoneinfoga\n```\n\u003C\u002Fdetails>\n\n---\n\n## 4. Domain & IP OSINT\n\n> 🌐 Enumerate subdomains, query DNS records, discover IP ranges, and map attack surfaces.\n>\n> **Pro tip:** Run amass + subfinder together for maximum subdomain coverage, then pipe into httpx to check which hosts are live.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **Amass** | In-depth DNS enumeration | `go install github.com\u002Fowasp-amass\u002Famass\u002Fv4\u002F...@master` |\n| **Subfinder** | Fast passive subdomain discovery | `go install github.com\u002Fprojectdiscovery\u002Fsubfinder\u002Fv2\u002Fcmd\u002Fsubfinder@latest` |\n| **dnsrecon** | DNS enumeration | `pip install dnsrecon` |\n| **Sublist3r** | Subdomain enumeration | `pip install sublist3r` |\n| **crt.sh** | Certificate transparency search | [crt.sh](https:\u002F\u002Fcrt.sh\u002F) |\n| **Shodan** | Internet-connected device search | [shodan.io](https:\u002F\u002Fshodan.io\u002F) |\n| **Censys** | Internet-wide scan search | [censys.io](https:\u002F\u002Fcensys.io\u002F) |\n| **Criminal IP** | AI-powered cyber threat intelligence | [criminalip.io](https:\u002F\u002Fwww.criminalip.io\u002F) |\n| **VirusTotal** | Domain\u002FIP\u002Ffile analysis | [virustotal.com](https:\u002F\u002Fvirustotal.com\u002F) |\n| **SecurityTrails** | DNS & domain intelligence | [securitytrails.com](https:\u002F\u002Fsecuritytrails.com\u002F) |\n| **IPGeoLocation** | IP address geolocation | `git clone https:\u002F\u002Fgithub.com\u002Fmaldevel\u002FIPGeoLocation` |\n| **Nmap** | Network scanner & mapper | `apt install nmap` |\n| **Masscan** | Fastest internet port scanner | `apt install masscan` |\n| **WHOIS.com** | WHOIS domain lookup | [whois.com](https:\u002F\u002Fwww.whois.com\u002F) |\n| **ViewDNS** | Multiple DNS tools | [viewdns.info](https:\u002F\u002Fviewdns.info\u002F) |\n| **DNSDumpster** | DNS reconnaissance & mapping | [dnsdumpster.com](https:\u002F\u002Fdnsdumpster.com\u002F) |\n| **Robtex** | DNS lookup visualization | [robtex.com](https:\u002F\u002Frobtex.com\u002F) |\n| **ARIN WHOIS** | IP registration database | [whois.arin.net](https:\u002F\u002Fwhois.arin.net\u002F) |\n| **BGP Toolkit** | BGP\u002FASN\u002FIP intelligence | [bgp.he.net](https:\u002F\u002Fbgp.he.net\u002F) |\n| **urlscan.io** | URL\u002Fdomain analysis & screenshots | [urlscan.io](https:\u002F\u002Furlscan.io\u002F) |\n| **AbuseIPDB** | IP address reputation database | [abuseipdb.com](https:\u002F\u002Fwww.abuseipdb.com\u002F) |\n| **Web-Check** | All-in-one website analysis | [web-check.xyz](https:\u002F\u002Fweb-check.xyz\u002F) |\n| **IPinfo** | IP address data & geolocation | [ipinfo.io](https:\u002F\u002Fipinfo.io\u002F) |\n| **DB-IP** | IP geolocation database | [db-ip.com](https:\u002F\u002Fdb-ip.com\u002F) |\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💻 Amass + Subfinder + HTTPx — Most effective recon combo\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\n# Step 1: Enumerate subdomains passively (fast)\nsubfinder -d example.com -o subs.txt\n\n# Step 2: Deep active enumeration (slower but more complete)\namass enum -d example.com -o amass_subs.txt\n\n# Step 3: Combine and deduplicate\ncat subs.txt amass_subs.txt | sort -u > all_subs.txt\n\n# Step 4: Check which subdomains are live\ncat all_subs.txt | httpx -status-code -title -o live_subs.txt\n\n# Step 5: Screenshot all live hosts\ncat live_subs.txt | eyewitness --web -d screenshots\u002F\n```\n\u003C\u002Fdetails>\n\n---\n\n## 5. Geolocation & Maps OSINT\n\n> 🗺️ Geolocate images, analyze satellite data, and verify photo locations.\n>\n> **Pro tip:** Combine SunCalc (shadow analysis) + ShadowMap + Mapillary for precision image geolocation.\n\n| Tool | Description | Link |\n|------|-------------|------|\n| **Google Earth Pro** | Advanced satellite imagery | [earth.google.com](https:\u002F\u002Fearth.google.com\u002F) |\n| **Overpass Turbo** | OpenStreetMap data query | [overpass-turbo.eu](https:\u002F\u002Foverpass-turbo.eu\u002F) |\n| **SunCalc** | Sun position\u002Ftime calculator from photos | [suncalc.org](https:\u002F\u002Fsuncalc.org\u002F) |\n| **GeoGuessr** | Geolocation training game | [geoguessr.com](https:\u002F\u002Fgeoguessr.com\u002F) |\n| **Sentinel Hub** | Satellite imagery access | [sentinel-hub.com](https:\u002F\u002Fsentinel-hub.com\u002F) |\n| **FIRMS** | NASA fire\u002Fthermal hotspots | [firms.modaps.eosdis.nasa.gov](https:\u002F\u002Ffirms.modaps.eosdis.nasa.gov\u002F) |\n| **Wikimapia** | Collaborative world map | [wikimapia.org](https:\u002F\u002Fwikimapia.org\u002F) |\n| **OpenStreetMap** | Free world map | [openstreetmap.org](https:\u002F\u002Fopenstreetmap.org\u002F) |\n| **GeoSpy** | AI-powered image geolocation | [geospy.ai](https:\u002F\u002Fgeospy.ai\u002F) |\n| **Mapillary** | Street-level imagery | [mapillary.com](https:\u002F\u002Fmapillary.com\u002F) |\n| **Maxar** | Commercial satellite imagery | [maxar.com](https:\u002F\u002Fmaxar.com\u002F) |\n| **F4map** | 3D interactive world map | [demo.f4map.com](https:\u002F\u002Fdemo.f4map.com\u002F) |\n| **Zoom Earth** | Real-time satellite & weather | [zoom.earth](https:\u002F\u002Fzoom.earth\u002F) |\n| **KartaView** | Street-level imagery (OpenStreetCam) | [kartaview.org](https:\u002F\u002Fkartaview.org\u002F) |\n| **ShadowMap** | Shadow analysis for time estimation | [shadowmap.org](https:\u002F\u002Fshadowmap.org\u002F) |\n\n---\n\n## 6. Image & Video OSINT\n\n> 🖼️ Extract metadata, reverse search images, verify authenticity, and detect AI-generated content.\n>\n> **Pro tip:** Yandex reverse image search consistently outperforms Google for finding faces and locations.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **TinEye** | Reverse image search | [tineye.com](https:\u002F\u002Ftineye.com\u002F) |\n| **Google Reverse Image** | Google image search | [images.google.com](https:\u002F\u002Fimages.google.com\u002F) |\n| **Yandex Images** | Best reverse image search for faces\u002Fplaces | [yandex.com\u002Fimages](https:\u002F\u002Fyandex.com\u002Fimages) |\n| **ExifTool** | Image\u002Fdocument metadata extraction | `apt install libimage-exiftool-perl` |\n| **FOCA** | Metadata extraction from documents | [github.com\u002FElevenPaths\u002FFOCA](https:\u002F\u002Fgithub.com\u002FElevenPaths\u002FFOCA) |\n| **InVID** | Video verification toolkit | [invid-project.eu](https:\u002F\u002Fwww.invid-project.eu\u002F) |\n| **FotoForensics** | Image forensic analysis (ELA) | [fotoforensics.com](https:\u002F\u002Ffotoforensics.com\u002F) |\n| **Fake Image Detector** | AI-based fake image detection | [fakeimagedetector.com](https:\u002F\u002Fwww.fakeimagedetector.com\u002F) |\n| **Search by Image** | Multi-engine reverse image (browser ext) | Chrome \u002F Firefox extension |\n| **Depix** | Recover pixelated text from screenshots | `git clone https:\u002F\u002Fgithub.com\u002Fbeurtschipper\u002FDepix` |\n| **Forensically** | Online image forensics suite | [29a.ch\u002Fphoto-forensics](https:\u002F\u002F29a.ch\u002Fphoto-forensics) |\n| **AI or Not** | Detect AI-generated images | [aiornot.com](https:\u002F\u002Faiornot.com\u002F) |\n| **Hive Moderation** | AI content detection | [hivemoderation.com](https:\u002F\u002Fhivemoderation.com\u002F) |\n| **Illuminarty** | AI image detection | [illuminarty.ai](https:\u002F\u002Filluminarty.ai\u002F) |\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💻 ExifTool — Install & Usage\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\n# Install\napt-get install libimage-exiftool-perl\n\n# Basic metadata read\nexiftool image.jpg\n\n# Extract GPS coordinates specifically\nexiftool -GPSLatitude -GPSLongitude image.jpg\n\n# Strip ALL metadata (for privacy)\nexiftool -all= image.jpg\n\n# Show all metadata groups\nexiftool -a -u -g1 image.jpg\n\n# Batch process a whole folder\nexiftool \u002Fpath\u002Fto\u002Fimages\u002F\n```\n\u003C\u002Fdetails>\n\n---\n\n## 7. Facial Recognition & People Search\n\n> 👤 Find people across the web using photos, names, or usernames.\n>\n> ⚠️ **Warning:** Facial recognition has serious privacy and legal implications. Use only with explicit authorization.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **FaceSeek** | AI-powered reverse face search | [faceseek.online](https:\u002F\u002Ffaceseek.online\u002F) |\n| **FaceCheck.ID** | Face recognition search engine | [facecheck.id](https:\u002F\u002Ffacecheck.id\u002F) |\n| **PimEyes** | Face search engine from photos | [pimeyes.com](https:\u002F\u002Fpimeyes.com\u002F) |\n| **Search4faces** | Face search in VK\u002FOK social networks | [search4faces.com](https:\u002F\u002Fsearch4faces.com\u002F) |\n| **face_recognition** | Python face recognition library | `pip install face_recognition` |\n| **DeepFace** | AI face analysis (age, gender, emotion) | `pip install deepface` |\n| **ThatsThem** | Free people search | [thatsthem.com](https:\u002F\u002Fthatsthem.com\u002F) |\n| **Pipl** | Deep people search engine | [pipl.com](https:\u002F\u002Fpipl.com\u002F) |\n| **BeenVerified** | People search & background check | [beenverified.com](https:\u002F\u002Fbeenverified.com\u002F) |\n| **Spokeo** | People search aggregator | [spokeo.com](https:\u002F\u002Fspokeo.com\u002F) |\n| **FastPeopleSearch** | Free people finder | [fastpeoplesearch.com](https:\u002F\u002Ffastpeoplesearch.com\u002F) |\n| **WebMii** | People search engine | [webmii.com](https:\u002F\u002Fwebmii.com\u002F) |\n| **OSINT Industries** | People search + social media lookup | [osint.industries](https:\u002F\u002Fwww.osint.industries\u002F) |\n| **IDCrawl** | Free people search engine | [idcrawl.com](https:\u002F\u002Fwww.idcrawl.com\u002F) |\n\n---\n\n## 8. Social Media Monitoring\n\n> 📡 Monitor, scrape, and investigate social media accounts and communities.\n>\n> **Pro tip:** Combine Osintgram (Instagram) + Telepathy (Telegram) + snscrape (Twitter\u002FX) for full platform coverage.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **Osintgram** | Instagram OSINT tool | `git clone https:\u002F\u002Fgithub.com\u002FDatalux\u002FOsintgram` |\n| **Instaloader** | Instagram data downloader | `pip install instaloader` |\n| **Twint** | Twitter OSINT (no API needed) | `pip install twint` |\n| **snscrape** | Social media scraper (Twitter, Reddit, etc.) | `pip install snscrape` |\n| **Toutatis** | Instagram OSINT by phone\u002Femail | `pip install toutatis` |\n| **TikTok Scraper** | TikTok data extraction | `npm install -g tiktok-scraper` |\n| **Reddit Investigator** | Reddit user analysis | [reddit-user-analyser.netlify.app](https:\u002F\u002Freddit-user-analyser.netlify.app\u002F) |\n| **socialscan** | Social media presence checker | `pip install socialscan` |\n| **Telepathy** | Telegram OSINT analysis | `pip install telepathy` |\n| **Twayback** | Find deleted tweets | `pip install twayback` |\n| **SocialBlade** | Social media analytics | [socialblade.com](https:\u002F\u002Fsocialblade.com\u002F) |\n| **Social-Searcher** | Free social media search engine | [social-searcher.com](https:\u002F\u002Fwww.social-searcher.com\u002F) |\n| **Mention** | Social media monitoring | [mention.com](https:\u002F\u002Fmention.com\u002F) |\n| **BrandWatch** | Social listening platform | [brandwatch.com](https:\u002F\u002Fwww.brandwatch.com\u002F) |\n\n---\n\n## 9. Data Breach & Leak Search Engines\n\n> 💥 Check if credentials, emails, or phones have been exposed in data breaches.\n>\n> **Pro tip:** HIBP is free and safe. DeHashed and LeakCheck offer the most data for paid tiers.\n\n| Tool | Description | Type | Link |\n|------|-------------|:----:|------|\n| **Have I Been Pwned** | Check email\u002Fphone in breaches | 🟢 Free | [haveibeenpwned.com](https:\u002F\u002Fhaveibeenpwned.com\u002F) |\n| **DeHashed** | Breach search engine | 💰 Paid | [dehashed.com](https:\u002F\u002Fdehashed.com\u002F) |\n| **LeakCheck** | Email\u002Fusername\u002Fphone breach search | 🟡 Freemium | [leakcheck.net](https:\u002F\u002Fleakcheck.net\u002F) |\n| **Intelligence X** | Search breaches, darknet, leaks | 💰 Paid | [intelx.io](https:\u002F\u002Fintelx.io\u002F) |\n| **BreachDirectory** | Free breach search | 🟢 Free | [breachdirectory.org](https:\u002F\u002Fbreachdirectory.org\u002F) |\n| **LeakPeek** | Search leaked databases | 🟡 Freemium | [leakpeek.com](https:\u002F\u002Fleakpeek.com\u002F) |\n| **Snusbase** | Breach data search engine | 💰 Paid | [snusbase.com](https:\u002F\u002Fsnusbase.com\u002F) |\n| **CheckLeaked** | Leak search engine (15B+ accounts) | 🟡 Freemium | [checkleaked.cc](https:\u002F\u002Fcheckleaked.cc\u002F) |\n| **DataBreach.com** | Data breach lookup | 🟢 Free | [databreach.com](https:\u002F\u002Fdatabreach.com\u002F) |\n| **Hudson Rock Cavalier** | Infostealer intelligence & breach data | 🟡 Freemium | [hudsonrock.com](https:\u002F\u002Fwww.hudsonrock.com\u002Ffree-report) |\n| **h8mail** | Automated breach hunting CLI | 🟢 Free | `pip install h8mail` |\n| **XposedOrNot** | Breach exposure check | 🟢 Free | [xposedornot.com](https:\u002F\u002Fxposedornot.com\u002F) |\n| **ScatteredSecrets** | Breach notification service | 🟡 Freemium | [scatteredsecrets.com](https:\u002F\u002Fscatteredsecrets.com\u002F) |\n| **The OSINT Rack** | Ransomware & data leak monitoring | 🟢 Free | [osintrack.com](https:\u002F\u002Fosintrack.com\u002F) |\n| **Pwndb** | Dark web breach database (Tor) | 🟢 Free | Requires Tor Browser |\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💻 Pwndb — Dark Web Breach Search (requires Tor)\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\n# Start Tor service first\nsudo systemctl start tor\n\n# Clone pwndb\ngit clone https:\u002F\u002Fgithub.com\u002Fcoj337\u002Fpwndb.git\ncd pwndb\n\n# Install requirements\npip install -r requirements.txt\n\n# Search by email\npython3 pwndb.py --target email@example.com\n\n# The .onion address (open in Tor Browser)\n# pwndb2am33lno4bq.onion\n```\n\u003C\u002Fdetails>\n\n---\n\n## 10. WikiLeaks, DDoSecrets & Whistleblower Platforms\n\n> 📁 Archives of leaked government, corporate, and classified documents.\n\n| Platform | Description | Link |\n|----------|-------------|------|\n| **WikiLeaks** | Leaked government & corporate documents | [wikileaks.org](https:\u002F\u002Fwikileaks.org\u002F) |\n| **DDoSecrets** | Distributed Denial of Secrets | [ddosecrets.com](https:\u002F\u002Fddosecrets.com\u002F) |\n| **Cryptome** | Documents archive since 1996 | [cryptome.org](https:\u002F\u002Fcryptome.org\u002F) |\n| **The Intercept** | Investigative journalism | [theintercept.com](https:\u002F\u002Ftheintercept.com\u002F) |\n| **SecureDrop** | Whistleblower submission system | [securedrop.org](https:\u002F\u002Fsecuredrop.org\u002F) |\n| **ICIJ Offshore Leaks** | Panama Papers, Pandora Papers | [offshoreleaks.icij.org](https:\u002F\u002Foffshoreleaks.icij.org\u002F) |\n| **DocumentCloud** | Public document research | [documentcloud.org](https:\u002F\u002Fdocumentcloud.org\u002F) |\n| **Wayback Machine** | Web archive | [web.archive.org](https:\u002F\u002Fweb.archive.org\u002F) |\n| **FBI Vault** | FBI electronic reading room | [vault.fbi.gov](https:\u002F\u002Fvault.fbi.gov\u002F) |\n| **CIA Reading Room** | Declassified CIA documents | [cia.gov\u002Freadingroom](https:\u002F\u002Fwww.cia.gov\u002Freadingroom) |\n| **NSA Declassified** | NSA declassified records | [nsa.gov](https:\u002F\u002Fnsa.gov\u002F) |\n| **PACER** | US federal court records | [pacer.uscourts.gov](https:\u002F\u002Fpacer.uscourts.gov\u002F) |\n\n---\n\n## 11. Password Cracking & Credential Tools\n\n> 🔑 Tools for authorized password auditing and credential recovery on systems you own.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **Hashcat** | Advanced password recovery (GPU-accelerated) | `apt install hashcat` |\n| **John the Ripper** | Classic password cracker | `apt install john` |\n| **Hydra** | Network login brute-forcer | `apt install hydra` |\n| **Medusa** | Parallel brute-force tool | `apt install medusa` |\n| **CeWL** | Custom wordlist generator from website | `apt install cewl` |\n| **Crunch** | Pattern-based wordlist generator | `apt install crunch` |\n| **RainbowCrack** | Rainbow table cracker | [project-rainbowcrack.com](https:\u002F\u002Fproject-rainbowcrack.com\u002F) |\n| **Ophcrack** | Windows password cracker (rainbow tables) | [ophcrack.sourceforge.io](https:\u002F\u002Fophcrack.sourceforge.io\u002F) |\n| **LaZagne** | Credentials recovery tool (post-exploit) | `git clone https:\u002F\u002Fgithub.com\u002FAlessandroZ\u002FLaZagne` |\n| **Mimikatz** | Windows credential dumper | `git clone https:\u002F\u002Fgithub.com\u002Fgentilkiwi\u002Fmimikatz` |\n| **Responder** | LLMNR\u002FNBT-NS\u002FMDNS poisoner | `git clone https:\u002F\u002Fgithub.com\u002Flgandx\u002FResponder` |\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💻 Hashcat — Quick Reference\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\n# Install\napt install hashcat\n\n# Crack MD5 hash with wordlist\nhashcat -m 0 hash.txt \u002Fusr\u002Fshare\u002Fwordlists\u002Frockyou.txt\n\n# Crack SHA-256 with rules\nhashcat -m 1400 hash.txt wordlist.txt -r rules\u002Fbest64.rule\n\n# Common hash types:\n# -m 0    = MD5\n# -m 100  = SHA-1\n# -m 1400 = SHA-256\n# -m 1800 = SHA-512crypt (Linux)\n# -m 1000 = NTLM (Windows)\n# -m 2500 = WPA\u002FWPA2 (Wi-Fi)\n```\n\u003C\u002Fdetails>\n\n---\n\n## 12. Dark Web Search Engines & Tools\n\n> 🕶️ Search .onion sites, darknet markets, and hidden services.\n>\n> **Requires:** Tor Browser or Tor service running on port 9050.\n\n| Tool | Description | Link \u002F Onion Address |\n|------|-------------|----------------------|\n| **Torch** | Oldest & largest dark web search engine | `xmh57jrknzkhv6y3ls3ubitzfqnkrwxhopf5aygthi7d6rplyvk3noyd.onion` |\n| **Haystak** | Dark web search with filtering | `haystak5njsmn2hqkewecpaxetahtwhsbsa64jom2k22z5afxhnpxfid.onion` |\n| **Ahmia** | Clearnet dark web search | [ahmia.fi](https:\u002F\u002Fahmia.fi\u002F) |\n| **DuckDuckGo Onion** | Private search on Tor | `duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion` |\n| **Phobos** | Dark web search engine | `phobosxilamwcg75xt22id7aywkzol6q6rfl2flipcqoc4e4ahima5id.onion` |\n| **DarkSearch** | Dark web search API (clearnet) | [darksearch.io](https:\u002F\u002Fdarksearch.io\u002F) |\n| **OnionScan** | Scan & analyze .onion sites | `go install github.com\u002Fs-rah\u002Fonionscan@latest` |\n| **Dark.fail** | Verified dark web links directory | [dark.fail](https:\u002F\u002Fdark.fail\u002F) |\n| **OSINT-SPY** | OSINT tool with Tor support | `git clone https:\u002F\u002Fgithub.com\u002FSharadKumar97\u002FOSINT-SPY` |\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💻 Setting up Tor for dark web tools\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\n# Install Tor\nsudo apt install tor proxychains4\n\n# Start Tor service\nsudo systemctl start tor\nsudo systemctl enable tor\n\n# Test Tor is working\ncurl --socks5 127.0.0.1:9050 https:\u002F\u002Fcheck.torproject.org\u002Fapi\u002Fip\n\n# Use proxychains with any tool\nproxychains4 nmap -sT target.onion\nproxychains4 curl http:\u002F\u002Fexample.onion\n\n# Edit \u002Fetc\u002Fproxychains4.conf if needed\n# Make sure this line is present: socks5 127.0.0.1 9050\n```\n\u003C\u002Fdetails>\n\n---\n\n## 13. Anonymous & Privacy Tools\n\n> 🔒 Maintain anonymity during OSINT investigations and protect your identity.\n>\n> **Pro tip:** Use Tails OS for investigations requiring full anonymity — it leaves zero trace on disk.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **Tor Browser** | Anonymous web browsing | [torproject.org](https:\u002F\u002Ftorproject.org\u002F) |\n| **Tails OS** | Amnesic live OS (no trace) | [tails.boum.org](https:\u002F\u002Ftails.boum.org\u002F) |\n| **Whonix** | Anonymous OS via Tor (VM-based) | [whonix.org](https:\u002F\u002Fwhonix.org\u002F) |\n| **ProtonVPN** | Free encrypted VPN | [protonvpn.com](https:\u002F\u002Fprotonvpn.com\u002F) |\n| **ProtonMail** | Encrypted email | [proton.me](https:\u002F\u002Fproton.me\u002F) |\n| **Signal** | Encrypted messaging | [signal.org](https:\u002F\u002Fsignal.org\u002F) |\n| **OnionShare** | Anonymous file sharing via Tor | [onionshare.org](https:\u002F\u002Fonionshare.org\u002F) |\n| **Anonsurf** | Anonymize entire OS traffic | `git clone https:\u002F\u002Fgithub.com\u002FUnd3rf10w\u002Fkali-anonsurf` |\n| **MAC Changer** | Change\u002Fspoof MAC address | `apt install macchanger` |\n| **BleachBit** | Digital footprint cleaner | [bleachbit.org](https:\u002F\u002Fbleachbit.org\u002F) |\n| **VeraCrypt** | Disk encryption | [veracrypt.fr](https:\u002F\u002Fveracrypt.fr\u002F) |\n| **KeePassXC** | Offline password manager | [keepassxc.org](https:\u002F\u002Fkeepassxc.org\u002F) |\n| **Mullvad VPN** | Privacy VPN (no email needed) | [mullvad.net](https:\u002F\u002Fmullvad.net\u002F) |\n| **Anon-SMS** | Anonymous SMS sending | `git clone https:\u002F\u002Fgithub.com\u002FHACK3RY2J\u002FAnon-SMS.git` |\n\n---\n\n## 14. Web Application OSINT & Scanning\n\n> 🕸️ Fingerprint web technologies, discover hidden directories, and crawl for endpoints.\n>\n> **Pro tip:** Run Whatweb first to fingerprint, then Nikto for quick vulns, then Nuclei for deep scanning.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **Nikto** | Web server vulnerability scanner | `apt install nikto` |\n| **WPScan** | WordPress vulnerability scanner | `gem install wpscan` |\n| **Wappalyzer** | Technology profiler (browser ext) | Browser Extension |\n| **Whatweb** | Web technology identifier | `apt install whatweb` |\n| **Dirb** | Web directory brute-forcer | `apt install dirb` |\n| **Gobuster** | URI\u002FDNS brute-forcer (Go) | `go install github.com\u002FOJ\u002Fgobuster\u002Fv3@latest` |\n| **Feroxbuster** | Fast recursive content discovery | `apt install feroxbuster` |\n| **HTTPx** | Fast HTTP toolkit \u002F probing | `go install github.com\u002Fprojectdiscovery\u002Fhttpx\u002Fcmd\u002Fhttpx@latest` |\n| **Katana** | Web crawler | `go install github.com\u002Fprojectdiscovery\u002Fkatana\u002Fcmd\u002Fkatana@latest` |\n| **LinkFinder** | Discover endpoints in JavaScript | `git clone https:\u002F\u002Fgithub.com\u002FGerbenJavado\u002FLinkFinder` |\n| **Photon** | Web crawler for OSINT data | `git clone https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FPhoton` |\n| **Wfuzz** | Web fuzzer | `pip install wfuzz` |\n| **ParamSpider** | Parameter discovery from web archives | `pip install paramspider` |\n| **WebHack** | Web hacking toolkit | `git clone https:\u002F\u002Fgithub.com\u002Fyan4ikyt\u002Fwebhack` |\n\n---\n\n## 15. Social Engineering & Phishing\n\n> 🎭 Phishing simulation frameworks for authorized red team engagements.\n>\n> ⚠️ **For authorized penetration testing and security awareness training ONLY.**\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **SET (Social Engineering Toolkit)** | Complete SE framework | `apt install set` |\n| **Gophish** | Enterprise phishing simulation platform | [getgophish.com](https:\u002F\u002Fgetgophish.com\u002F) |\n| **Zphisher** | 30+ phishing templates | `git clone https:\u002F\u002Fgithub.com\u002Fhtr-tech\u002Fzphisher` |\n| **NexPhisher** | Multi-platform phishing tool | `git clone https:\u002F\u002Fgithub.com\u002Fhtr-tech\u002Fnexphisher` |\n| **Storm-Breaker** | Access webcam\u002Fmic\u002Flocation (SE) | `git clone https:\u002F\u002Fgithub.com\u002Fultrasecurity\u002FStorm-Breaker` |\n| **Evilginx2** | Man-in-the-middle reverse proxy | `go install github.com\u002Fkgretzky\u002Fevilginx2@latest` |\n| **Modlishka** | Reverse proxy phishing framework | `go install github.com\u002Fdrk1wi\u002FModlishka@latest` |\n| **King Phisher** | Phishing campaign toolkit | [github.com\u002Frsmusllp\u002Fking-phisher](https:\u002F\u002Fgithub.com\u002Frsmusllp\u002Fking-phisher) |\n| **SocialFish** | Social media phishing | `git clone https:\u002F\u002Fgithub.com\u002FUndeadSec\u002FSocialFish` |\n| **AdvPhishing** | Advanced phishing tool | `git clone https:\u002F\u002Fgithub.com\u002FIgnitetch\u002FAdvPhishing` |\n| **URLCADIZ** | URL masking tool | `git clone https:\u002F\u002Fgithub.com\u002FPerezMascato\u002FURLCADIZ` |\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💻 Zphisher — Install & Usage\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fhtr-tech\u002Fzphisher.git\ncd zphisher\nchmod +x zphisher.sh\nbash zphisher.sh\n\n# Select template from menu (Facebook, Google, Instagram, etc.)\n# Tool generates a phishing URL with Cloudflare\u002FServeo tunnel\n# Captured credentials are saved locally\n```\n\u003C\u002Fdetails>\n\n---\n\n## 16. Vulnerability Scanning & Exploitation\n\n> 💣 Frameworks for finding and verifying vulnerabilities on authorized targets.\n>\n> ⚠️ **Always have written permission before running any of these tools.**\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **Metasploit** | Industry-standard pen testing framework | `apt install metasploit-framework` |\n| **Nuclei** | Template-based fast vulnerability scanner | `go install github.com\u002Fprojectdiscovery\u002Fnuclei\u002Fv3\u002Fcmd\u002Fnuclei@latest` |\n| **SQLMap** | Automated SQL injection tool | `apt install sqlmap` |\n| **Burp Suite** | Web app security testing proxy | [portswigger.net\u002Fburp](https:\u002F\u002Fportswigger.net\u002Fburp) |\n| **OWASP ZAP** | Open-source web app scanner | [zaproxy.org](https:\u002F\u002Fzaproxy.org\u002F) |\n| **OpenVAS** | Open-source vulnerability scanner | `apt install openvas` |\n| **Commix** | Command injection exploiter | `git clone https:\u002F\u002Fgithub.com\u002Fcommixproject\u002Fcommix` |\n| **GoldenEye** | HTTP DoS tool (authorized load testing) | `git clone https:\u002F\u002Fgithub.com\u002Fjseidl\u002FGoldenEye` |\n| **ExploitDB** | Exploit database (searchsploit) | [exploit-db.com](https:\u002F\u002Fwww.exploit-db.com\u002F) |\n| **Criminal IP** | Vulnerability & CVE search | [criminalip.io](https:\u002F\u002Fwww.criminalip.io\u002F) |\n\n---\n\n## 17. Network & Wireless Tools\n\n> 📶 Analyze traffic, audit Wi-Fi networks, and perform MITM on authorized targets.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **Wireshark** | Network protocol analyzer | `apt install wireshark` |\n| **Aircrack-ng** | Wi-Fi security auditing suite | `apt install aircrack-ng` |\n| **Kismet** | Wireless network detector & sniffer | `apt install kismet` |\n| **Bettercap** | MITM framework (ARP, DNS, HTTP) | `apt install bettercap` |\n| **Ettercap** | MITM attack suite | `apt install ettercap-common` |\n| **Wifite** | Automated Wi-Fi auditing tool | `apt install wifite` |\n| **Reaver** | WPS brute force tool | `apt install reaver` |\n| **Fern Wifi Cracker** | GUI-based Wi-Fi audit tool | `apt install fern-wifi-cracker` |\n| **Fluxion** | Wi-Fi social engineering (evil twin) | `git clone https:\u002F\u002Fgithub.com\u002FFluxionNetwork\u002Ffluxion` |\n| **hcxtools** | Wi-Fi packet capture conversion | `apt install hcxtools` |\n| **Netcat** | The TCP\u002FIP swiss army knife | `apt install netcat-openbsd` |\n| **tcpdump** | Command-line packet analyzer | `apt install tcpdump` |\n\n---\n\n## 18. Mobile Hacking & Phone Exploitation\n\n> 📲 Android\u002FiOS security testing for authorized assessments.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **PhoneSploit** | ADB-based phone exploitation | `git clone https:\u002F\u002Fgithub.com\u002Faerosol-can\u002FPhoneSploit` |\n| **AhMyth Android RAT** | Android remote access tool | `git clone https:\u002F\u002Fgithub.com\u002FAhMyth\u002FAhMyth-Android-RAT` |\n| **Apktool** | Android APK decompiler\u002Frebuilder | `apt install apktool` |\n| **jadx** | Android APK decompiler (GUI) | `apt install jadx` |\n| **Frida** | Dynamic instrumentation toolkit | `pip install frida-tools` |\n| **Objection** | Runtime mobile exploration | `pip install objection` |\n| **MobSF** | Mobile Security Framework (static+dynamic) | [github.com\u002FMobSF\u002FMobile-Security-Framework-MobSF](https:\u002F\u002Fgithub.com\u002FMobSF\u002FMobile-Security-Framework-MobSF) |\n| **MSFPC** | MSF payload creator | `git clone https:\u002F\u002Fgithub.com\u002Fg0tmi1k\u002Fmsfpc` |\n\n---\n\n## 19. AI-Powered OSINT & Free AI Tools\n\n> 🤖 AI tools for automating research, analyzing images, and accelerating investigations.\n>\n> **Pro tip:** Perplexity AI is excellent for OSINT research — it cites sources so you can verify everything.\n\n### AI-Powered OSINT Tools\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **GeoSpy** | AI geolocation from images | [geospy.ai](https:\u002F\u002Fgeospy.ai\u002F) |\n| **DeepFace** | Face analysis (age, gender, emotion) | `pip install deepface` |\n| **face_recognition** | Python face recognition library | `pip install face_recognition` |\n| **OpenCV** | Computer vision library | `pip install opencv-python` |\n| **ReconAIzer** | AI-enhanced Burp Suite extension | [github.com\u002Fhisxo\u002FReconAIzer](https:\u002F\u002Fgithub.com\u002Fhisxo\u002FReconAIzer) |\n| **AI or Not** | Detect AI-generated content | [aiornot.com](https:\u002F\u002Faiornot.com\u002F) |\n| **HARPA AI** | AI browser agent for OSINT | [harpa.ai](https:\u002F\u002Fharpa.ai\u002F) |\n\n### Free AI Tools for OSINT Research\n\n| Tool | Description | Free Tier | Link |\n|------|-------------|:---------:|------|\n| **Claude** | Best for reasoning & analysis | ✅ Free tier | [claude.ai](https:\u002F\u002Fclaude.ai\u002F) |\n| **ChatGPT** | OpenAI's AI assistant | ✅ GPT-4o mini | [chat.openai.com](https:\u002F\u002Fchat.openai.com\u002F) |\n| **Perplexity AI** | AI search with cited sources | ✅ 5 Pro\u002Fday | [perplexity.ai](https:\u002F\u002Fperplexity.ai\u002F) |\n| **Google Gemini** | Google AI with web search | ✅ Free | [gemini.google.com](https:\u002F\u002Fgemini.google.com\u002F) |\n| **DeepSeek** | Open-source, strong reasoning | ✅ Free | [chat.deepseek.com](https:\u002F\u002Fchat.deepseek.com\u002F) |\n| **Grok** | Real-time X\u002FTwitter data | ✅ Free on X | [x.com\u002Fgrok](https:\u002F\u002Fx.com\u002Fgrok) |\n| **Microsoft Copilot** | AI with Bing search integration | ✅ Free | [copilot.microsoft.com](https:\u002F\u002Fcopilot.microsoft.com\u002F) |\n| **NotebookLM** | Google's document analysis AI | ✅ Free | [notebooklm.google.com](https:\u002F\u002Fnotebooklm.google.com\u002F) |\n| **Phind** | AI search for developers | ✅ Free | [phind.com](https:\u002F\u002Fwww.phind.com\u002F) |\n| **HuggingChat** | Open-source AI chat | ✅ Free | [huggingface.co\u002Fchat](https:\u002F\u002Fhuggingface.co\u002Fchat\u002F) |\n\n---\n\n## 20. Financial & Corporate Intelligence\n\n> 💰 Research companies, track crypto, and uncover financial relationships.\n\n| Tool | Description | Link |\n|------|-------------|------|\n| **OpenCorporates** | Global corporate database | [opencorporates.com](https:\u002F\u002Fopencorporates.com\u002F) |\n| **ICIJ Offshore Leaks** | Panama\u002FPandora\u002FParadise Papers | [offshoreleaks.icij.org](https:\u002F\u002Foffshoreleaks.icij.org\u002F) |\n| **SEC EDGAR** | US company filings | [sec.gov\u002Fedgar](https:\u002F\u002Fsec.gov\u002Fedgar) |\n| **Companies House (UK)** | UK company register | [beta.companieshouse.gov.uk](https:\u002F\u002Fbeta.companieshouse.gov.uk\u002F) |\n| **Aleph (OCCRP)** | Global corporate & public records | [aleph.occrp.org](https:\u002F\u002Faleph.occrp.org\u002F) |\n| **Orbit** | Bitcoin address investigator | `git clone https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FOrbit` |\n| **Blockchain.com** | Bitcoin explorer | [blockchain.com\u002Fexplorer](https:\u002F\u002Fblockchain.com\u002Fexplorer) |\n| **Etherscan** | Ethereum blockchain explorer | [etherscan.io](https:\u002F\u002Fetherscan.io\u002F) |\n| **BinCheck** | Bank card BIN lookup | [bincheck.io](https:\u002F\u002Fbincheck.io\u002F) |\n| **Crunchbase** | Company\u002Fstartup database | [crunchbase.com](https:\u002F\u002Fcrunchbase.com\u002F) |\n| **LEI Search** | Legal Entity Identifier lookup | [search.gleif.org](https:\u002F\u002Fsearch.gleif.org\u002F) |\n\n---\n\n## 21. Vehicle, Property & Public Records\n\n> 🚗 Access public records, vehicle history, property data, and court documents.\n\n| Tool\u002FService | Description | Link |\n|-------------|-------------|------|\n| **FAXVIN** | Free VIN decoder | [faxvin.com](https:\u002F\u002Ffaxvin.com\u002F) |\n| **AutoCheck** | Vehicle history reports | [autocheck.com](https:\u002F\u002Fautocheck.com\u002F) |\n| **NICB VINCheck** | Stolen vehicle check | [nicb.org\u002Fvincheck](https:\u002F\u002Fwww.nicb.org\u002Fvincheck) |\n| **PACER** | US federal court records | [pacer.uscourts.gov](https:\u002F\u002Fpacer.uscourts.gov\u002F) |\n| **Zillow** | Property records & estimates | [zillow.com](https:\u002F\u002Fzillow.com\u002F) |\n| **Who Owns What** | NYC landlord portfolio lookup | [whoownswhat.justfix.org](https:\u002F\u002Fwhoownswhat.justfix.org\u002Fen\u002F) |\n| **FOIA.gov** | Freedom of Information Act portal | [foia.gov](https:\u002F\u002Ffoia.gov\u002F) |\n| **Court Listener** | Free US court opinion search | [courtlistener.com](https:\u002F\u002Fcourtlistener.com\u002F) |\n\n---\n\n## 22. Metadata & Digital Forensics\n\n> 🔬 Extract hidden data, recover deleted files, and analyze digital evidence.\n>\n> **Pro tip:** CyberChef is a must-bookmark — it handles encoding, encryption, and data manipulation all in-browser.\n\n| Tool | Description | Install \u002F Link |\n|------|-------------|----------------|\n| **Autopsy** | Full digital forensics platform | [autopsy.com](https:\u002F\u002Fautopsy.com\u002F) |\n| **Volatility** | Memory forensics framework | `pip install volatility3` |\n| **Wireshark** | Network packet analysis | `apt install wireshark` |\n| **Binwalk** | Firmware analysis & extraction | `apt install binwalk` |\n| **Foremost** | File carving (recover deleted files) | `apt install foremost` |\n| **Bulk Extractor** | Extract features from disk images | `apt install bulk-extractor` |\n| **ExifTool** | Complete metadata extraction | `apt install libimage-exiftool-perl` |\n| **Metagoofil** | Document metadata harvester | `pip install metagoofil` |\n| **CyberChef** | Data analysis swiss army knife | [gchq.github.io\u002FCyberChef](https:\u002F\u002Fgchq.github.io\u002FCyberChef) |\n| **Scalpel** | File carving tool | `apt install scalpel` |\n\n---\n\n## 23. IP Camera & Webcam OSINT\n\n> ⚠️ **WARNING:** Accessing cameras without authorization is **illegal everywhere**. This section is for educational awareness only — to understand how exposed devices are found so you can **protect them**.\n\n### Shodan Searches for Exposed Cameras\n\n| Search Query | What It Finds |\n|-------------|---------------|\n| `screenshot.label:webcam` | Webcams indexed by Shodan |\n| `port:554 has_screenshot:true` | RTSP cameras with screenshots |\n| `Server: yawcam` | Yawcam webcams |\n| `webcamXP` | WebcamXP servers |\n| `port:8080 title:\"Blue Iris\"` | Blue Iris CCTV |\n| `port:37777 \"DVR\"` | Dahua DVR systems |\n| `port:80 title:\"DVR\"` | Web-accessible DVR |\n\n### Google Dorks for Camera Discovery\n\n| Google Dork | Target |\n|------------|--------|\n| `inurl:\"viewerframe?mode=\"` | Axis network cameras |\n| `intitle:\"webcamXP 5\"` | WebcamXP 5 servers |\n| `inurl:\"videostream.cgi\"` | CGI video streams |\n| `intitle:\"Live View \u002F - AXIS\"` | AXIS cameras |\n| `inurl:\u002Fview\u002Fview.shtml` | Mobotix cameras |\n\n---\n\n## 24. Google Dorking Bible\n\n> 🔍 Advanced search operators for finding information that isn't easily discoverable.\n>\n> **Pro tip:** Combine multiple operators for maximum precision. Always test in a private\u002Fincognito window.\n\n### Core Operators\n\n| Operator | Description | Example |\n|----------|-------------|---------|\n| `site:` | Search within a domain | `site:example.com admin` |\n| `inurl:` | Search in URL path | `inurl:admin login` |\n| `intitle:` | Search in page title | `intitle:\"index of\" passwords` |\n| `intext:` | Search in page body | `intext:\"username\" \"password\"` |\n| `filetype:` | Search by file type | `filetype:pdf \"confidential\"` |\n| `ext:` | Search by extension | `ext:sql \"dump\"` |\n| `cache:` | View Google's cached version | `cache:example.com` |\n| `allintext:` | All terms in page body | `allintext:username password email` |\n\n### High-Value OSINT Dorks\n\n| Purpose | Google Dork |\n|---------|-------------|\n| **Exposed passwords** | `intitle:\"index of\" \"passwords.txt\"` |\n| **SQL database dumps** | `filetype:sql \"CREATE TABLE\" \"INSERT INTO\"` |\n| **Config files** | `ext:conf OR ext:cnf \"password\"` |\n| **Exposed .env files** | `intitle:\"index of\" \".env\"` |\n| **Open FTP servers** | `intitle:\"index of\" inurl:ftp` |\n| **Exposed git repos** | `intitle:\"index of\" \".git\"` |\n| **SSH private keys** | `filetype:pem \"PRIVATE KEY\"` |\n| **phpinfo pages** | `ext:php intitle:phpinfo` |\n| **Exposed log files** | `filetype:log \"password\" OR \"username\"` |\n\n### Dork Generator Tools\n\n| Tool | Link |\n|------|------|\n| **DorkSearch** | [dorksearch.com](https:\u002F\u002Fdorksearch.com\u002F) |\n| **Google Hacking DB (GHDB)** | [exploit-db.com\u002Fgoogle-hacking-database](https:\u002F\u002Fexploit-db.com\u002Fgoogle-hacking-database) |\n| **Pagodo** | `git clone https:\u002F\u002Fgithub.com\u002Fopsdisk\u002Fpagodo` |\n| **GooFuzz** | `git clone https:\u002F\u002Fgithub.com\u002Fm3n0sd0n4ld\u002FGooFuzz` |\n\n---\n\n## 25. Credential & Data Dorking\n\n> 🗄️ Advanced dorks for finding inadvertently exposed sensitive data on the web.\n\n| Purpose | Google Dork |\n|---------|-------------|\n| **Gmail in spreadsheets** | `allintext:\"@gmail.com\" \"password\" filetype:xlsx` |\n| **Exposed credentials in CSV** | `filetype:csv \"email\" \"password\"` |\n| **Pastebin credential dumps** | `filetype:txt \"username\" \"password\" site:pastebin.com` |\n| **Database dumps** | `filetype:sql \"INSERT INTO\" \"password\" \"email\"` |\n| **Config files with API keys** | `filetype:env \"DB_PASSWORD\" OR \"API_KEY\" OR \"SECRET\"` |\n| **Exposed .htpasswd** | `filetype:htpasswd htpasswd` |\n| **phpMyAdmin without auth** | `inurl:phpmyadmin\u002Findex.php intitle:\"phpMyAdmin\"` |\n| **Exposed Jenkins** | `intitle:\"Dashboard [Jenkins]\" inurl:\"\u002Flogin\"` |\n| **AWS keys exposed** | `filetype:pem \"AKIA\" OR \"ASIA\"` |\n| **GitHub secrets** | `site:github.com \"API_KEY\" OR \"api_secret\" filetype:env` |\n\n---\n\n## 26. IP Tracking & Geolocation Links\n\n> 📍 Tools for tracking IP addresses through crafted links.\n>\n> ⚠️ **For authorized use only** — e.g., tracking your own email campaigns or authorized phishing simulations.\n\n| Tool | Description | Link |\n|------|-------------|------|\n| **Grabify** | IP grabber & URL shortener | [grabify.link](https:\u002F\u002Fgrabify.link\u002F) |\n| **IPLogger** | IP logging URL shortener | [iplogger.org](https:\u002F\u002Fiplogger.org\u002F) |\n| **Canary Tokens** | Tracking tokens (URL, email, DNS, files) | [canarytokens.org](https:\u002F\u002Fcanarytokens.org\u002F) |\n| **GetNotify** | Email open tracking + geolocation | [getnotify.com](https:\u002F\u002Fgetnotify.com\u002F) |\n| **IPinfo** | IP address data API | [ipinfo.io](https:\u002F\u002Fipinfo.io\u002F) |\n| **IP-API** | IP geolocation API | [ip-api.com](http:\u002F\u002Fip-api.com\u002F) |\n| **MaxMind GeoIP** | IP geolocation database | [maxmind.com](https:\u002F\u002Fmaxmind.com\u002F) |\n\n> 💡 **Trick:** Mask a logger URL using the VK redirect:\n> `https:\u002F\u002Fvk.com\u002Faway.php?to=YOUR_LOGGER_URL`\n\n---\n\n## 27. Telegram OSINT Bots & Channels\n\n> 💬 Telegram-based OSINT tools, bots, and intelligence communities.\n\n### OSINT Bots\n\n| Bot | Description | Handle |\n|-----|-------------|--------|\n| **Eye of God (Glaz Boga)** | Person lookup by phone\u002Femail\u002Fphoto\u002FVK | @glazzz_rus_bot |\n| **@No_BlackMail_bot** | Search email by phone number | @No_BlackMail_bot |\n| **@OverSerchBot** | Multi-search OSINT bot | @OverSerchBot |\n| **GetContact Bot** | Phone number caller ID | @getcontact_real_bot |\n| **Quick OSINT** | Fast person lookup | @Quick_OSINT_bot |\n| **@CreationDateBot** | Check Telegram account creation date | @creationdatebot |\n| **@SangMataBot** | Check username history of TG accounts | @SangMataInfo_bot |\n\n### OSINT Channels\n\n| Channel | Content | Link |\n|---------|---------|------|\n| **@overbafer1** | Hacking & cybersecurity | [t.me\u002Foverbafer1](https:\u002F\u002Ft.me\u002Foverbafer1) |\n| **@Social_engineering** | Social engineering techniques | [t.me\u002FSocial_engineering](https:\u002F\u002Ft.me\u002FSocial_engineering) |\n| **@cyberbezopasno** | Cybersecurity news & tools | [t.me\u002Fcyberbezopasno](https:\u002F\u002Ft.me\u002Fcyberbezopasno) |\n| **@OSINT_group** | OSINT community | [t.me\u002FOSINT_group](https:\u002F\u002Ft.me\u002FOSINT_group) |\n\n### Telegram Scraping Tools\n\n| Tool | Description | Install |\n|------|-------------|---------|\n| **Telepathy** | Telegram OSINT analysis | `pip install telepathy` |\n| **Telethon** | Python Telegram API library | `pip install telethon` |\n| **TeleGram-OSINTer** | Telegram profile investigation | `git clone https:\u002F\u002Fgithub.com\u002FAlb-310\u002FTeleGram-OSINTer` |\n\n---\n\n## 28. Russian OSINT & Person Lookup Services\n\n> 🇷🇺 Services widely used in Russian-speaking OSINT communities.\n\n| # | Service | Description | Link |\n|:-:|---------|-------------|------|\n| 1 | **FNS (Tax Service)** | Get INN number, check tax debts | [service.nalog.ru](https:\u002F\u002Fservice.nalog.ru\u002F) |\n| 2 | **TelPoisk** | Phone directory — address by name | [telpoisk.com](https:\u002F\u002Ftelpoisk.com\u002F) |\n| 3 | **GetContact** | See how number is saved by others | [getcontact.com](https:\u002F\u002Fgetcontact.com\u002F) |\n| 4 | **Eye of God** | Person lookup by phone\u002Femail\u002Fphoto | @glazzz_rus_bot |\n| 5 | **Search4faces** | Face search in VK & OK | [search4faces.com](https:\u002F\u002Fsearch4faces.com\u002F) |\n| 6 | **GetNotify** | Email tracking + geolocation | [getnotify.com](https:\u002F\u002Fgetnotify.com\u002F) |\n| 7 | **BinCheck** | Card BIN lookup (bank, region) | [bincheck.io](https:\u002F\u002Fbincheck.io\u002F) |\n\n### VK (VKontakte) OSINT\n\n| Purpose | Tool\u002FURL |\n|---------|----------|\n| **Registration data** | [regvk.com](https:\u002F\u002Fregvk.com\u002F) |\n| **FOAF data** | `https:\u002F\u002Fvk.com\u002Ffoaf.php?id=USER_ID` |\n| **VK page archive** | [vk.watch\u002FID\u002Fprofile](https:\u002F\u002Fvk.watch\u002FID\u002Fprofile) |\n| **Activity tracking** | [nebaz.ru](https:\u002F\u002Fnebaz.ru\u002F) |\n| **VK tools** | [220vk.com](https:\u002F\u002F220vk.com\u002F) |\n\n---\n\n## 29. Social Media Searcher Platforms\n\n| Tool | Description | Free? | Link |\n|------|-------------|:-----:|------|\n| **Social Searcher** | Real-time social media search | ✅ Yes | [social-searcher.com](https:\u002F\u002Fwww.social-searcher.com\u002F) |\n| **Social Mention** | Social media aggregator | ✅ Yes | [socialmention.com](http:\u002F\u002Fsocialmention.com\u002F) |\n| **Google Alerts** | Free web monitoring | ✅ Free | [google.com\u002Falerts](https:\u002F\u002Fwww.google.com\u002Falerts) |\n| **Who Posted What** | Facebook keyword search | ✅ Free | [whopostedwhat.com](https:\u002F\u002Fwhopostedwhat.com\u002F) |\n| **Mention** | Social media & web monitoring | 🟡 Freemium | [mention.com](https:\u002F\u002Fmention.com\u002F) |\n| **Talkwalker** | Social listening & analytics | 💰 Paid | [talkwalker.com](https:\u002F\u002Fwww.talkwalker.com\u002F) |\n| **BrandWatch** | Social intelligence platform | 💰 Paid | [brandwatch.com](https:\u002F\u002Fwww.brandwatch.com\u002F) |\n| **Hootsuite** | Social media management | 🟡 Freemium | [hootsuite.com](https:\u002F\u002Fwww.hootsuite.com\u002F) |\n\n---\n\n## 30. Termux Hacking Toolkit (Complete)\n\n> 📱 Full OSINT & security toolkit setup for Android via Termux.\n\n### Initial Setup\n\n```bash\n# First-time Termux setup\npkg update -y && pkg upgrade -y\npkg install python python2 git wget curl nmap\npip install requests colorama\ntermux-setup-storage\n```\n\n### Tool List\n\n| # | Tool | Purpose | Install |\n|:-:|------|---------|---------| \n| 1 | **Sherlock** | Username OSINT | `pip install sherlock-project` |\n| 2 | **Maigret** | Username OSINT (3000+ sites) | `pip install maigret` |\n| 3 | **h8mail** | Email breach hunting | `pip install h8mail` |\n| 4 | **Zphisher** | Phishing (30+ templates) | `git clone https:\u002F\u002Fgithub.com\u002Fhtr-tech\u002Fzphisher` |\n| 5 | **NexPhisher** | Advanced phishing | `git clone https:\u002F\u002Fgithub.com\u002Fhtr-tech\u002Fnexphisher` |\n| 6 | **Storm-Breaker** | Camera\u002FMic\u002FLocation SE | `git clone https:\u002F\u002Fgithub.com\u002Fultrasecurity\u002FStorm-Breaker` |\n| 7 | **UserRecon** | Username search | `git clone https:\u002F\u002Fgithub.com\u002Fwishihab\u002Fuserrecon` |\n| 8 | **IPGeoLocation** | IP geolocation | `git clone https:\u002F\u002Fgithub.com\u002Fmaldevel\u002FIPGeoLocation` |\n| 9 | **Orbit** | Bitcoin address search | `git clone https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FOrbit` |\n| 10 | **Nmap** | Network scanner | `pkg install nmap` |\n| 11 | **Hydra** | Login brute force | `pkg install hydra` |\n| 12 | **PhoneSploit** | Phone exploitation via ADB | `git clone https:\u002F\u002Fgithub.com\u002Faerosol-can\u002FPhoneSploit` |\n| 13 | **fsociety** | All-in-one hacking pack | `git clone https:\u002F\u002Fgithub.com\u002FManisso\u002Ffsociety` |\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💻 One-command Termux installer\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\npkg update -y && pkg upgrade -y && \\\npkg install -y python git wget curl nmap hydra perl openssh php clang make openssl && \\\npip install requests colorama sherlock-project maigret holehe h8mail && \\\ncd ~ && \\\ngit clone https:\u002F\u002Fgithub.com\u002Fhtr-tech\u002Fzphisher && \\\ngit clone https:\u002F\u002Fgithub.com\u002FManisso\u002Ffsociety && \\\ngit clone https:\u002F\u002Fgithub.com\u002Fultrasecurity\u002FStorm-Breaker && \\\ngit clone https:\u002F\u002Fgithub.com\u002Fwishihab\u002Fuserrecon && \\\necho \"Done! All tools installed.\"\n```\n\u003C\u002Fdetails>\n\n---\n\n## 31. Kali Linux OSINT Toolkit\n\n> 🐉 Tools pre-installed on Kali, plus recommended additions.\n\n### Pre-installed on Kali\n\n| Tool | Category | Command |\n|------|----------|---------|\n| **Nmap** | Network scanning | `nmap` |\n| **Wireshark** | Packet analysis | `wireshark` |\n| **Metasploit** | Exploitation | `msfconsole` |\n| **SQLMap** | SQL injection | `sqlmap` |\n| **Hydra** | Brute force | `hydra` |\n| **John the Ripper** | Password cracking | `john` |\n| **Hashcat** | GPU password cracking | `hashcat` |\n| **Aircrack-ng** | Wi-Fi cracking | `aircrack-ng` |\n| **Nikto** | Web scanner | `nikto` |\n| **Dirb** | Directory brute force | `dirb` |\n| **WPScan** | WordPress scanner | `wpscan` |\n| **theHarvester** | Email\u002Fsubdomain OSINT | `theHarvester` |\n| **Maltego** | Visual link analysis | `maltego` |\n| **Recon-ng** | Web recon framework | `recon-ng` |\n| **SET** | Social engineering toolkit | `setoolkit` |\n| **Burp Suite** | Web proxy | `burpsuite` |\n\n### Quick Kali Setup (additional tools)\n\n```bash\n# From this repo's installer (recommended — installs everything)\nsudo bash install_osint_arsenal.sh\n\n# Or add specific tools manually:\nsudo apt update && sudo apt install -y \\\n  amass subfinder httpx nuclei gobuster feroxbuster \\\n  spiderfoot eyewitness phoneinfoga metagoofil\n\npip install maigret holehe h8mail socialscan social-analyzer \\\n  deepface face_recognition volatility3 telepathy\n```\n\n---\n\n## 32. All-in-One Hacking Frameworks\n\n> 🧰 Comprehensive frameworks that bundle dozens of tools under one roof.\n\n| Framework | Description | Install |\n|-----------|-------------|---------|\n| **fsociety** | Mr. Robot-inspired hacking pack | `git clone https:\u002F\u002Fgithub.com\u002FManisso\u002Ffsociety` |\n| **Hackingtool** | All-in-one tool (100+ categories) | `git clone https:\u002F\u002Fgithub.com\u002FZ4nzu\u002Fhackingtool` |\n| **SpiderFoot** | OSINT automation platform | `pip install spiderfoot` |\n| **Maltego** | Visual OSINT & link analysis | Pre-installed in Kali |\n| **Recon-ng** | Module-based recon framework | `pip install recon-ng` |\n| **Lazy Script** | Automated pentest helper | `git clone https:\u002F\u002Fgithub.com\u002Farismelachroinos\u002Flscript` |\n| **osmedeus** | Full automated recon workflow | `git clone https:\u002F\u002Fgithub.com\u002Fj3ssie\u002Fosmedeus` |\n\n---\n\n## 33. Wordlist Generation & Brute Force\n\n> 📖 Build custom wordlists or use proven collections.\n>\n> **Pro tip:** CeWL is great for targeted attacks — it generates wordlists from the target's own website.\n\n| Tool | Description | Install |\n|------|-------------|---------|\n| **Crunch** | Pattern-based wordlist generator | `apt install crunch` |\n| **CeWL** | Custom wordlist from any website | `apt install cewl` |\n| **Cupp** | Profile-based wordlist generator | `git clone https:\u002F\u002Fgithub.com\u002FMebus\u002Fcupp` |\n| **SecLists** | The ultimate security wordlist collection | `git clone https:\u002F\u002Fgithub.com\u002Fdanielmiessler\u002FSecLists` |\n| **RockYou** | Classic leaked password list | Pre-installed in Kali (`\u002Fusr\u002Fshare\u002Fwordlists\u002F`) |\n| **Weakpass** | Massive wordlist collection | [weakpass.com](https:\u002F\u002Fweakpass.com\u002F) |\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>💻 Wordlist Quick Reference\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\n# Use RockYou (already in Kali)\n\u002Fusr\u002Fshare\u002Fwordlists\u002Frockyou.txt.gz\ngunzip \u002Fusr\u002Fshare\u002Fwordlists\u002Frockyou.txt.gz\n\n# Generate a pattern-based wordlist with Crunch\n# Format: crunch \u003Cmin> \u003Cmax> \u003Ccharset>\ncrunch 8 10 abcdefghijklmnopqrstuvwxyz0123456789 -o wordlist.txt\n\n# Generate custom wordlist from a target website\ncewl https:\u002F\u002Fexample.com -m 6 -w cewl_wordlist.txt\n\n# Profile-based wordlist (interview the target)\npython3 cupp.py -i\n```\n\u003C\u002Fdetails>\n\n---\n\n## 34. Hardware Hacking Tools\n\n> 🔧 Physical devices for authorized penetration testing and hardware security research.\n\n| Device | Description | Price |\n|--------|-------------|:-----:|\n| **Flipper Zero** | Multi-tool: RFID, NFC, IR, Sub-GHz, BadUSB | ~$170 |\n| **HackRF One** | Software-defined radio (1MHz–6GHz) | ~$300 |\n| **Proxmark3** | RFID\u002FNFC research & cloning tool | ~$60–300 |\n| **WiFi Pineapple** | Wi-Fi auditing & rogue AP platform | ~$100–300 |\n| **USB Rubber Ducky** | USB keystroke injection device | ~$80 |\n| **Bash Bunny** | Multi-function USB attack platform | ~$120 |\n| **LAN Turtle** | Covert network access & MITM | ~$60 |\n| **RTL-SDR** | Budget software-defined radio dongle | ~$25 |\n| **Alfa AWUS036ACH** | Long-range dual-band Wi-Fi adapter | ~$50 |\n| **O.MG Cable** | USB cable with embedded implant | ~$120 |\n\n---\n\n## 35. OSINT Operating Systems\n\n> 🖥️ Specialized operating systems built for security research, OSINT, and privacy.\n\n| OS | Focus | Link |\n|----|-------|------|\n| **Kali Linux** | Penetration testing (600+ tools) | [kali.org](https:\u002F\u002Fkali.org\u002F) |\n| **Parrot OS** | Security & privacy | [parrotsec.org](https:\u002F\u002Fparrotsec.org\u002F) |\n| **Tails** | Privacy & anonymity (amnesic) | [tails.boum.org](https:\u002F\u002Ftails.boum.org\u002F) |\n| **Whonix** | Anonymous OS via Tor | [whonix.org](https:\u002F\u002Fwhonix.org\u002F) |\n| **CSI Linux** | OSINT & forensics focused | [csilinux.com](https:\u002F\u002Fcsilinux.com\u002F) |\n| **Trace Labs OSINT VM** | OSINT-specific VM | [tracelabs.org](https:\u002F\u002Ftracelabs.org\u002F) |\n| **BlackArch** | 2800+ security tools | [blackarch.org](https:\u002F\u002Fblackarch.org\u002F) |\n| **SIFT Workstation** | SANS digital forensics | [digital-forensics.sans.org](https:\u002F\u002Fdigital-forensics.sans.org\u002F) |\n| **REMnux** | Malware analysis | [remnux.org](https:\u002F\u002Fremnux.org\u002F) |\n| **Qubes OS** | Security via compartmentalization | [qubes-os.org](https:\u002F\u002Fqubes-os.org\u002F) |\n| **CommandoVM** | Windows pentest VM | [github.com\u002Fmandiant\u002Fcommando-vm](https:\u002F\u002Fgithub.com\u002Fmandiant\u002Fcommando-vm) |\n\n---\n\n## 36. OSINT APIs & Developer Tools\n\n> 🔌 Programmatic access to OSINT data sources for building your own tools.\n\n| API | Description | Link |\n|-----|-------------|------|\n| **Shodan API** | IoT\u002Fdevice search | [developer.shodan.io](https:\u002F\u002Fdeveloper.shodan.io\u002F) |\n| **VirusTotal API** | File\u002FURL analysis | [developers.virustotal.com](https:\u002F\u002Fdevelopers.virustotal.com\u002F) |\n| **Hunter.io API** | Email discovery | [hunter.io\u002Fapi](https:\u002F\u002Fhunter.io\u002Fapi) |\n| **Have I Been Pwned API** | Breach check | [haveibeenpwned.com\u002FAPI](https:\u002F\u002Fhaveibeenpwned.com\u002FAPI) |\n| **IPinfo API** | IP geolocation | [ipinfo.io\u002Fdevelopers](https:\u002F\u002Fipinfo.io\u002Fdevelopers) |\n| **Censys API** | Internet scanning | [search.censys.io\u002Fapi](https:\u002F\u002Fsearch.censys.io\u002Fapi) |\n| **GitHub API** | Repository\u002Fuser data | [api.github.com](https:\u002F\u002Fapi.github.com\u002F) |\n| **Dehashed API** | Breach data search | [dehashed.com\u002Fdocs](https:\u002F\u002Fdehashed.com\u002Fdocs) |\n| **urlscan.io API** | URL analysis | [urlscan.io\u002Fdocs\u002Fapi](https:\u002F\u002Furlscan.io\u002Fdocs\u002Fapi\u002F) |\n| **AbuseIPDB API** | IP reputation | [abuseipdb.com\u002Fapi](https:\u002F\u002Fwww.abuseipdb.com\u002Fapi) |\n| **Google Custom Search API** | Programmable search | [developers.google.com\u002Fcustom-search](https:\u002F\u002Fdevelopers.google.com\u002Fcustom-search) |\n| **WhoisXML API** | Domain intelligence | [whoisxmlapi.com](https:\u002F\u002Fwhoisxmlapi.com\u002F) |\n| **Criminal IP API** | Threat intelligence | [criminalip.io\u002Fdeveloper](https:\u002F\u002Fwww.criminalip.io\u002Fdeveloper) |\n\n---\n\n## 37. Browser Extensions for OSINT\n\n> 🧩 Must-have browser extensions for every OSINT investigator.\n\n| Extension | Description | Browser |\n|-----------|-------------|:-------:|\n| **Search by Image** | Multi-engine reverse image search | Chrome \u002F Firefox |\n| **Wappalyzer** | Technology stack detector | Chrome \u002F Firefox |\n| **Shodan** | Server info on any website | Chrome \u002F Firefox |\n| **Wayback Machine** | View archived pages instantly | Chrome \u002F Firefox |\n| **EXIF Viewer** | View image metadata | Chrome \u002F Firefox |\n| **User-Agent Switcher** | Change browser identity | Chrome \u002F Firefox |\n| **FoxyProxy** | Proxy management | Chrome \u002F Firefox |\n| **Hunchly** | OSINT web capture & case manager | Chrome |\n| **InVID\u002FWeVerify** | Video\u002Fimage verification | Chrome \u002F Firefox |\n| **SingleFile** | Save complete web pages | Chrome \u002F Firefox |\n\n---\n\n## 38. OSINT Learning Resources\n\n> 📚 The best resources for learning OSINT — from beginner to professional.\n\n| Resource | Type | Link |\n|----------|------|------|\n| **OSINT Framework** | Interactive tool directory | [osintframework.com](https:\u002F\u002Fosintframework.com\u002F) |\n| **IntelTechniques** | Michael Bazzell's resources & podcast | [inteltechniques.com](https:\u002F\u002Finteltechniques.com\u002F) |\n| **Bellingcat** | OSINT investigative journalism | [bellingcat.com](https:\u002F\u002Fbellingcat.com\u002F) |\n| **Trace Labs** | OSINT for missing persons CTFs | [tracelabs.org](https:\u002F\u002Ftracelabs.org\u002F) |\n| **OSINT Curious Project** | Community & training | [osintcurio.us](https:\u002F\u002Fosintcurio.us\u002F) |\n| **Sector035 Week in OSINT** | Weekly OSINT newsletter | [sector035.nl](https:\u002F\u002Fsector035.nl\u002F) |\n| **OSINT Dojo** | Training platform & challenges | [osintdojo.com](https:\u002F\u002Fosintdojo.com\u002F) |\n| **CTF Time** | Hands-on CTF competitions | [ctftime.org](https:\u002F\u002Fctftime.org\u002F) |\n| **GIJN** | Global Investigative Journalism Network | [gijn.org](https:\u002F\u002Fgijn.org\u002F) |\n| **SANS OSINT** | Professional cyber training | [sans.org](https:\u002F\u002Fsans.org\u002F) |\n\n### 📺 YouTube Channels\n\n| Channel | Focus |\n|---------|-------|\n| **John Hammond** | Cybersecurity & CTFs |\n| **The Cyber Mentor** | Ethical hacking |\n| **David Bombal** | Networking & security |\n| **NetworkChuck** | Cybersecurity tutorials |\n| **HackerSploit** | Penetration testing |\n| **Null Byte** | Hacking tutorials |\n| **13Cubed** | DFIR & forensics |\n\n---\n\n## 39. Awesome OSINT GitHub Repos\n\n> ⭐ The best curated OSINT resource lis","awesome-osint-arsenal 是一个为 Kali Linux 设计的开源情报（OSINT）和侦察工具包，包含超过 100 种工具，支持一键安装。该项目涵盖了社交媒体情报（SOCMINT）、地理空间情报（GEOINT）、网络侦察、暗网分析、取证等多个领域。其核心功能包括一键安装脚本以及详细的工具分类和使用说明，极大地方便了安全研究人员和渗透测试人员的工作。适用于需要进行网络安全评估、信息收集、威胁情报分析等场景的专业人士使用。",2,"2026-06-11 02:44:09","CREATED_QUERY"]