Website OSINT

BuiltWith - https://builtwith.com/

Domain Dossier - https://centralops.net/co/

DNSlytics - https://dnslytics.com/reverse-ip

SpyOnWeb - https://spyonweb.com/

Virus Total - https://www.virustotal.com/

Visual Ping - https://visualping.io/

Back Link Watch - http://backlinkwatch.com/index.php

View DNS - https://viewdns.info/

crt.sh - https://crt.sh/

Pentest-Tools Subdomain Finder - https://pentest-tools.com/information-gathering/find-subdomains-of-domain#

Spyse - https://spyse.com/

Shodan - https://shodan.io

Wayback Machine - https://web.archive.org/

Open Corporates - https://opencorporates.com/

AI HIT - https://www.aihitdata.com/

whois tcm-sec.com

nano ~/.bashrc

export GOPATH=$HOME/go

export GOROOT=/usr/lib/go

export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

source ~/.bashrc

go install github.com/tomnomnom/httprobe@latest

go install github.com/tomnomnom/assetfinder@latest

GO111MODULE=on

go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest

go install github.com/sensepost/gowitness@latest

export GO111MODULE=on

go install -v github.com/OWASP/Amass/v3/...@master

subfinder -d tcm-sec.com

assetfinder tcm-sec.com

amass enum -d tcm-sec.com

cat tesla.txt | sort -u | httprobe -s -p https:443

gowitness file -f ./alive.txt -P ./pics --no-http

Subfinder - https://github.com/projectdiscovery/subfinder

Assetfinder - https://github.com/tomnomnom/assetfinder

httprobe - https://github.com/tomnomnom/httprobe

Amass - https://github.com/OWASP/Amass

GoWitness - https://github.com/sensepost/gowitness/wiki/Installation

Automatic Website OSINT

#!/bin/bash

domain=$1

RED="\033[1;31m"

RESET="\033[0m"

info_path=$domain/info

subdomain_path=$domain/subdomains

screenshot_path=$domain/screenshots

if [ ! -d "$domain" ];then

mkdir $domain

fi

if [ ! -d "$info_path" ];then

mkdir $info_path

fi

if [ ! -d "$subdomain_path" ];then

mkdir $subdomain_path

fi

if [ ! -d "$screenshot_path" ];then

mkdir $screenshot_path

fi

echo -e "${RED} [+] Checkin' who it is...${RESET}"

whois $1 > $info_path/whois.txt

echo -e "${RED} [+] Launching subfinder...${RESET}"

subfinder -d $domain > $subdomain_path/found.txt

echo -e "${RED} [+] Running assetfinder...${RESET}"

assetfinder $domain | grep $domain >> $subdomain_path/found.txt

#echo -e "${RED} [+] Running Amass. This could take a while...${RESET}"

#amass enum -d $domain >> $subdomain_path/found.txt

echo -e "${RED} [+] Checking what's alive...${RESET}"

cat $subdomain_path/found.txt | grep $domain | sort -u | httprobe -prefer-https | grep https | sed 's/https\?:\/\///' | tee -a $subdomain_path/alive.txt

echo -e "${RED} [+] Taking dem screenshotz...${RESET}"

gowitness file -f $subdomain_path/alive.txt -P $screenshot_path/ --no-http

PreviousSnapChat OSINTNextWireless OSINT

Last updated