secint
Passive hostname, domain and IP lookup tool for non-robots.
wtfis is a commandline tool that gathers information about a domain, FQDN or IP address using various OSINT services. Unlike other tools of its kind, it's built specifically for human consumption, providing results that are pretty (YMMV) and easy to read and understand.
Global Threat Intercept — Real-Time Geospatial Intelligence Platform.
Open-source intelligence for the global theater. Track everything from the corporate/private jets of the wealthy, and spy satellites, to seismic events in one unified interface. Hook an AI agent up to have it parse through data and find previously unseen correlations. The knowledge is available to all but rarely aggregated in the open, until now.
Related contents:
Find & Fix Open Source vulnerabilities. Get real-time security alerts and compliance issues on your open source dependencies within Azure DevOps or GitHub.
Kingfisher is a blazingly fast secret‑scanning and validation tool built in Rust. It combines Intel’s hardware‑accelerated Hyperscan regex engine with language‑aware parsing via Tree‑Sitter, and ships with hundreds of built‑in rules to detect, validate, and triage secrets before they ever reach production.
Related contents:
Timely. Accurate. Relevant Phishing Intelligence.
Related contents:
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
Cyberbro is an open-source threat intelligence and indicator analysis platform. Whether you're a new user or a seasoned developer, this documentation will help you get started, configure, and make the most of Cyberbro's features.
Related contents:
Quickly discover exposed hosts on the internet using multiple search engines.
uncover is a go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools.
Slack enumeration and exposed secrets detection tool. Monitoring and enumerating Slack for exposed secrets
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.
SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It's written in Python 3 and MIT-licensed.
The World’s First Truly Open Threat Intelligence Community
Cybersecurity Search Engine.
Criminal IP is an OSINT search engine specialized in attack surface assessment and threat hunting.
It offers extensive cyber threat intelligence, including device reputation, geolocation, IP reputation for C2 or scanners, domain safety, malicious link detection, and APT attack vectors via search and API.
Domain Public Data Collection Service.
DPULSE is a software solution for conducting OSINT research in relation to a certain domain.
A tool to identify and investigate inauthentic GitHub user accounts and repositories.
ghbuster is a tool to detect suspicious GitHub repositories and users using heuristics. It is designed to help identify potentially malicious or inauthentic accounts and repositories on GitHub.
Related contents:
Weaponizing Wayback for Recon, BugBounties, OSINT & More!
Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not
You’ve heard of time travel in movies and comics, right? Well, this isn’t fiction anymore 😎. TheTimeMachine lets you dig through the past of any web app by scraping archived URLs from the Wayback Machine — and helps you find sensitive, forgotten, or deprecated endpoints for further exploitation.
Whether you’re into bug bounty, red teaming, or just love good ol’ recon, this tool was built to make my recon workflow faster, cleaner, and more effective. No more juggling multiple scripts — TheTimeMachine does it all in one shot.
Related contents:
Tool to guess CPE name based on common software name.
CPE Guesser is a command-line tool or web service designed to guess the CPE name based on one or more keywords. The resulting CPE can then be used with tools like cve-search or vulnerability-lookup to perform actual searches using CPE names.
Related contents:
Repository of Yara rules dedicated to Phishing Kits Zip files.
This repository, dedicated to Phishing Kits zip files YARA rules, is based on zip raw format analysis to find directories and files names, you don't need yara-extend there.
Related contents:
ipdex is a simple CLI tool to gather insight about a list of IPs or an IP using the CrowdSec CTI (Cyber Threat Intelligence) API.
Related contents:
OSINT automation for hackers. A recursive internet scanner for hackers.
BEE·bot is a multipurpose scanner inspired by Spiderfoot, built to automate your Recon, Bug Bounties, and ASM!
Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks.
🔍 OSINT tool for searching people's digital footprint and leaked passwords across various social networks, written in Go.
Related contents:
phishing, scam and brand impersonation detection – StalkPhish – We provide B2B tools, data and knowledge for a better phishing and brand impersonation detection.
StalkPhish-OSS is a tool created for searching into free OSINT databases for specific phishing kits URL. StalkPhish-OSS was made for phishing pages detection. More, StalkPhish-OSS is designed to try finding phishing kits sources.
Related contents:
PhishTool automatically retrieves all of the relevant metadata from a phishing email, providing you with the most comprehensive technical view of a phishing email possible. This combined with our OSINT and heuristic detection, makes PhishTool one seriously powerful tool.
Fast Enumeration Tool using Shodan.
This is a Python script developed to assist in the reconnaissance process during penetration testing.
Related contents:
Certificate Search Enter an Identity (Domain Name, Organization Name, etc), a Certificate Fingerprint (SHA-1 or SHA-256) or a crt.sh ID.
Top 10 Trending CVEs, Latest Insights & Analysis.
cvemon is a free vulnerability intelligence platform developed by Intruder to help businesses stay ahead of the latest threats.
By aggregating data from trusted sources, it provides the latest intelligence on CVEs and tracks what’s trending over the last 24 hours, complete with a hype score to contextualize the buzz.
Information Gatherer & Webapps Exploiter. a Python-based tool to streamline and centralize some pentesting tasks.
Lucille is a comprehensive web application security testing tool designed for cybersecurity professionals. built with Python, Lucille offers a suite of user-friendly tools, it aims to provide an efficient and practical tools streamlining pentesting tasks and centralizing various audit and exploitation techniques.
Know Your User™
Open source user analytics for sovereign cybersecurity.
Tirreno is open-source user analytics software.
Tirreno is a universal analytic tool for monitoring online platforms, web applications, SaaS, communities, IoT, mobile applications, intranets, and e-commerce websites. It is effective against external threats associated with partners or customers, as well as internal risks posed by employees or suppliers.
Tracking ransomware's victims since April 2022
A ransomware is a type of malware used by cybercriminals to encrypt the victim's files and make them inaccessible unless they pay the ransom. Today cybercriminals are more sophisticated, and they not only encrypt the victim's files also they leaking their data to the Darknet unless they will pay the ransom.
Ransomware.live is originally a fork of ransomwatch and inspired by ransomlook. Ransomware.live is a ransomware leak site monitoring tool. It will scrape all of the entries on various ransomware leak sites and published them.
PhishTool gives human analysts the power to reverse engineer phishing emails, to better defend against them. PhishTool is to phishing emails as a disassembler is to malware or a forensic toolkit is to file systems.
Related contents:
Open Cyber Threat Intelligence Platform.
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.
Related contents:
AI-powered subdomain enumeration tool with local LLM analysis via Ollama - 100% private, zero API costs.
God's Eye is a powerful, ultra-fast subdomain enumeration and reconnaissance tool written in Go. It combines multiple passive sources with active DNS brute-forcing and comprehensive security checks to provide a complete picture of a target's attack surface.
Related contents:
Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints. It was inspired by Automater, another excellent tool for collecting information. The Machinae project was born from wishing to improve Automater in 4 areas:
A distributed vulnerability database for Open Source. An open, precise, and distributed approach to producing and consuming vulnerability information for open source.
Related contents:
Collection of Cyber Threat Intelligence sources from the Deep and Dark Web
The aim of this project is to collect the sources, present in the Deep and Dark web, which can be useful in Cyber Threat Intelligence contexts.
Weekly Security Vulnerability Emails. Follow Security Vulnerabilities in your software stack. Every month about 2,000 vulnerabilities are published, but how many of those are important to you? Use StackWatch to create a software stack (a list of software you use), then get a weekly email with security vulnerabilities that have been published for software within your stack.
GreyNoise watches the internet's background radiation—the constant storm of scanners, bots, and probes hitting every IP address on Earth. We've cataloged billions of these interactions to answer one critical question: is this IP a real threat, or just internet noise? Security teams trust our data to cut through the chaos and focus on what actually matters.
Related contents:
Your Complete Security Operations Platform
Open-source SIEM, CSPM, WAF, and threat intelligence. From git clone to running security scans in just 5 minutes. No vendor lock-in. No complex setup.
Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing.
The MISP threat sharing platform is a free and open source software helping information sharing of threat and cybersecurity indicators.
Go CLI and Library for quickly mapping organization network ranges using ASN information.
Domain Name Threat Intelligence.
The openSquat is a tool for identifying domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.
Attack Surface Discovery & OSINT Reconnaissance Tool.
Organizational asset discovery tool with 20+ plugins covering certificate transparency, passive DNS, and all 5 Regional Internet Registries.
Pius is an open-source attack surface discovery tool written in Go. Given a company name, it maps the complete external attack surface: domains, subdomains, and IP ranges (CIDRs). Pius queries certificate transparency logs, all five regional Internet registries (ARIN, RIPE, APNIC, AFRINIC, LACNIC), passive DNS databases, WHOIS/RDAP, BGP tables, and more through 24 discovery plugins.
SSL/TLS Security Tools. Free tools for SSL/TLS transparency, configuration analysis, and security monitoring.
Related contents:
A free, community-sourced, machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within other tools.
If you'd like to use the artifacts in your own tools, all you need to be able to do is read YAML. That is it, no other dependencies. The Python code in this project is just used to validate all the artifacts to make sure they follow the specification.
Cyber Theat live dashboard
Extract and aggregate threat intelligence. An extendable tool to extract and aggregate IOCs from threat feeds.
ThreatIngestor can be configured to watch Twitter, RSS feeds, or other sources, extract meaningful information such as malicious IPs/domains and YARA signatures, and send that information to another system for analysis.
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Related contents:
Exploration into public Certificate Transparency Logs.
Real-time Certificate Transparency log explorer. Watch newly issued TLS certificates appear as they're published to public CT logs. CertTrack monitors Certificate Transparency logs in real-time, showing you newly issued TLS certificates as they appear. You can watch the stream of certificates, filter by domain, and explore the details of each certificate.
Related contents:
ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
Find and verify secrets. Find leaked credentials.
TruffleHog is the most powerful secrets Discovery, Classification, Validation, and Analysis tool. In this context secret refers to a credential a machine uses to authenticate itself to another machine. This includes API keys, database passwords, private encryption keys, and more...
Related contents:
LOLESXi features a comprehensive list of binaries/scripts natively available in VMware ESXi that adversaries have utilised in their operations. The information on this site is compiled from open-source threat research.
A collection & lists of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, OGUser, XSS, Dread, & more.
Related contents:
The Ultimate Information Gathering Toolkit. A Python-based toolkit for Information Gathering and Reconnaissance.
Argus is an all-in-one, Python-powered toolkit designed to streamline the process of information gathering and reconnaissance. With a user-friendly interface and a suite of powerful modules, Argus empowers you to explore networks, web applications, and security configurations efficiently and effectively.
Monitor your local neighbourhood's bluetooth activity.
Bluetooth Neighborhood - Track BLE devices in your area and analyze traffic patterns.
Related contents:
Scan websites for exposed Supabase JWTs, enumerate accessible tables, and detect sensitive data exposure automatically.
A Python script that scans websites for exposed Supabase JWT tokens, enumerates accessible database tables, and analyzes them for sensitive data exposure. The script automatically detects sensitive information (emails, passwords, API keys, PII, financial data, etc.) and classifies vulnerability levels to identify which tables pose security risks.
The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
The OWASP Amass Project has developed a framework to help information security professionals perform network mapping of attack surfaces and external asset discovery using open source intelligence gathering and reconnaissance techniques.
Automated Google Dorking Tool. Generates and runs advanced search queries for exposed files. It also test Vulns, Analyzes and extracts metadata.
A fast WordPress plugin enumeration tool.
WPProbe is a fast and efficient WordPress plugin scanner that leverages REST API enumeration (?rest_route) to detect installed plugins without brute-force.
Unlike traditional scanners that hammer websites with requests, WPProbe takes a smarter approach by querying the exposed REST API. This technique allows us to identify plugins stealthily, reducing detection risks and speeding up the scan process.
Gitxray (short for Git X-Ray) is a multifaceted security tool designed for use on GitHub repositories. It can serve many purposes, including OSINT and Forensics. gitxray leverages public GitHub REST APIs to gather information that would otherwise be very time-consuming to obtain manually. Additionally, it seeks out information in unconventional places.
The CVE Foundation has been formally established to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a critical pillar of the global cybersecurity infrastructure for 25 years.
Related contents:
Vulnerability Intelligence Platform. Track and Monitor CVEs in Real-Time
Stay ahead of security threats with our comprehensive vulnerability intelligence platform. Monitor, analyze, and respond to CVEs affecting your infrastructure.