Compilation, procedures, tools and ethics for open source research

This repository is dedicated to the responsible and ethical practice of Open-Source Intelligence (OSINT). All information, tools, and methodologies provided herein are intended solely for educational, research, and lawful investigative purposes. Users are strongly encouraged to adhere to ethical guidelines, respect privacy rights, comply with applicable laws and regulations, and obtain necessary permissions before conducting any investigations. Misuse of this information for illegal activities, harassment, or violation of privacy is strictly prohibited and may result in legal consequences. By accessing this repository, you agree to use the content responsibly and ethically.

1. Fundamentals | 2. 4-Step Methodology | 3. Tools Mind Map | 4. Internet Search | 5. Social Networks | 6. Geoint & Images | 7. Domain / IP / DNS | 8. Deep & Dark Web | 9. Automation (Python) | 10. Report Templates | 11. Legal Considerations | 12. Extra Resources | 13. AI Intelligence | 14. Facial Recognition | 15. Email/Phone Investigation | 16. Data Breaches | 17. Blockchain/Crypto | 18. Transport OSINT | 19. WiFi/Wardriving | 20. Content Verification | 21. Username Enumeration | 22. Web Scraping | 23. Metadata Extraction | 24. Network Scanning | 25. Dark Web | 26. All-in-One Frameworks | 27. Advanced Maltego | 28. Professional Methodologies | 29. Advanced Google Dorks | 30. Learning Resources | 31. People Investigations | 32. Company Research | 33. Threat Intelligence Feeds

1. Define question → What do I want to know?
2. Identify sources → Table below |
3. Collect → Manual + automations |
4. Validate and document → Screenshots, hash, date, URL, archive.org |

graph TD
    A[OSINT] --> B(Search)
    A --> C(Social Networks)
    A --> D(Geo)
    A --> E(Domain/IP)
    A --> F(DeepDark)
    A --> G(Automate)
    B --> B1(Google Dorks)
    B --> B2(Useful Dorks)
    C --> C1(Twint-fork)
    C --> C2(Maigret)
    C --> C3(Instaloader)
    D --> D1(Overpass-turbo)
    D --> D2(Satellites.pro)
    D --> D3(ExifTool)
    E --> E1(Amass)
    E --> E2(CRT.sh)
    E --> E3(DNSDumpster)
    F --> F1(Onionscan)
    F --> F2(Ahmia)
    G --> G1(Recon-ng)
    G --> G2(SpiderFoot)

• DuckDuckGo "bangs" → !archive
• Yandex → best results CIS
• Baidu → Asia
• Startpage → no logs
• Shodan → IoT, ICS, SCADA
• Censys → cert + banner
• FOFA → China, free API
• ZoomEye → similar to Shodan
• BinaryEdge → global scanning
• Hunter.io → corporate emails
• PublicWWW → search in source code
• SearchCode → search in 75B lines of code
• SimilarSites → similar sites
• Netlas → internet intelligence
• CriminalIP → search in connected internet
• NerdyData → website technologies
• GreyNoise → internet noise
• Intezer Analyze → malware analysis
• Kaspersky OpenTIP → threat scanning
• VirusTotal → file/URL analysis
• AlienVault OTX → threat exchange
• ExploitDB → exploit database
• MalwareBazaar → malware samples
• Malware Domain List → malicious domains
• PhishTank → phishing URLs
• URLhaus → malware URLs
• ThreatMiner → threat intelligence
• YARAify → YARA rules
• PulseDive → IOC search
• ThreatFox → malware IOCs
• Breach Directory → breach searches
• Have I Been Pwned → breach verification
• DNSViz → DNSSEC visualization
• DNS Twister → similar domains
• DNSdumpster → DNS enumeration
• SpyOnWeb → related sites
• Yark → archive YouTube
• CovertAction → investigative journalism
• Trellix Research → threat research
• CP Research → Checkpoint research
• Wikistrat → collaborative analysis
• PolySwarm → threat scanning
• HackerOne Hacktivity → public vulnerabilities
• WikiLeaks → leaked documents
• Talos Reports → vulnerability reports
• MalAPI → malware APIs
• UserSearch → user search
• SecureList → Kaspersky blog
• SPLC Hate Map → hate map
• ICSR → radicalization studies
• Militant Wire → militancy analysis
• START Publications → terrorism publications
• SPLC Resources → SPLC resources
• Tracking Terrorism → terrorism tracking
• Mapping Militants → mapping militants
• Naval Institute → naval news
• Institute of International Relations → international relations
• Janes → defense intelligence
• TASS News → Russian news
• Sputnik News → Sputnik news
• PIPS → Pakistan peace studies
• PICSS → Pakistan conflict studies
• Reuters → news agency
• RT → Russia Today
• InternetActivism → humanitarian tools
• IISS → international studies institute
• CFR → council on foreign relations
• SciHub → access to scientific papers
• ResearchHub → research discussion
• IDCrawl → people search
• Osint Industries → email/phone search
• ESPY → phone search
• SUNDERS → surveillance cameras
• Privacy Watch → OSINT tools
• Deepinfo → internet intelligence
• Session → private messaging
• Consortium News → independent journalism
• Tutanota → encrypted email
• Committee to Protect Journalists → journalist protection
• SecurityWeek → security news
• NCRI → network contagion research
• Geopolitical Economy Report → geopolitical reports
• The Grayzone → independent journalism
• The Moscow Times → Russian news
• FlightAware → flight tracking
• FlightRadar24 → flight radar
• MarineTraffic → maritime traffic
• VesselFinder → ship search
• NewspaperArchive → newspaper archives
• The Indian Express → Indian news
• Daily Excelsior → Jammu Kashmir news
• DNA India → Indian news
• Greater Kashmir → Kashmir news
• Nagaland Post → Nagaland news
• RFE/RL → Radio Free Europe
• Akto → API security
• Generated Photos → AI photos
• Factinsect → AI fact-checking
• HDRobots → AI tools directory
• Channel 4 News → British news
• ThreatMon Reports → threat reports
• 0t.rocks Search → people search
• Israel Datasets → Israeli datasets
• Simplex 3D → 3D maps Israel
• AI Dubbing → AI dubbing
• Budget Key → Israel budget
• Ship Spotting → ship photos
• Broadcastify → police audio
• OpenCelliD → cell tower database
• AviationStack → aviation API
• DigitalSide TI → threat intelligence
• DocumentCloud → document management
• IDRW → Indian defense
• XFE → X-Force exchange
• Scumware → malware research
• Ukraine Live Cams → Ukraine cameras
• TWN → webcam network
• Opentopia → public webcams
• Transparency → anti-corruption
• Maigret → user search
• OCCRP → organized crime
• Qdorks → dork generator
• Radio Garden → world radios
• LolArchiver OSINT → OSINT search
• BreachBase → breach base
• WorldCam → world webcams
• Webcam Galore → webcams
• WiFi Map → WiFi hotspots
• OpenTrafficCamMap → traffic cameras
• KrooozCams → cruise webcams
• Skyline Webcams → skyline webcams
• Pictimo → world webcams
• Instances.social → Mastodon recommender
• CamHacker → public webcams
• Labs TIB Geoestimation → geographic estimation
• Picarta → photo location prediction
• Tiny Scan → URL scanning
• ZeroDay → zero-day vulnerabilities
• Predicta Search → digital search
• Ventusky → weather maps
• OSV → open source vulnerabilities
• Certs → certificate information
• Coalition ESS → exploit scoring
• Validin → attack surface mapping
• CastrickClues → OSINT search
• CIRCL PDNS → passive DNS
• InTheWild → exploits in wild
• TheWebCo → people intelligence
• 360 Quake → cyberspace mapping
• Cloudflare Radar → internet trends
• Crisis24 → security risk management
• arXiv → scientific papers

• Wayback Machine
• CachedView (Google + Archive.is)
• URLScan → capture + DOM + requests
• Ubikron → AI-powered evidence collection & entity extraction
• Screenshot Guru → screen test
• Stored Website → cached pages
• ThreatMiner → IOC context
• YARAify → YARA rules
• PulseDive → IOC search
• ThreatFox → malware IOCs
• Breach Directory → breaches
• Have I Been Pwned → breach verification
• DNSViz → DNSSEC
• DNS Twister → similar domains
• DNSdumpster → DNS enumeration
• SpyOnWeb → related sites
• Yark → archive YouTube

1. Facebook Recover Lookup - Link: Facebook Recover Lookup - Description: Used to check if a given email or phone number is associated with any Facebook account or not.
2. CrowdTangle Link Checker - Link: CrowdTangle Link Checker - Description: Shows the specific Facebook posts, Instagram posts, tweets, and subreddits that mention this link.
3. Social Searcher - Link: Social Searcher - Description: Allows you to monitor all public social mentions in social networks and the web.
4. Lookup-id.com - Link: Lookup-id.com - Description: Helps you find the Facebook ID of anyone's profile or a Group.
5. Who posted this - Link: Who posted this - Description: Facebook keyword search for people who work in the public interest. It allows you to search keywords on specific dates.
6. Facebook Search - Link: Facebook Search - Description: Allows you to search on Facebook for posts, people, photos, etc., using some filters.
7. Facebook Graph Searcher - Link: Facebook Graph Searcher - Description: To search someone on Facebook.
8. Facebook People Search - Link: Facebook People Search - Description: Search on Facebook by victim's name.
9. DumpItBlue - Link: DumpItBlue+ - Description: helps to dump Facebook stuff for analysis or reporting purposes.
10. Export Comments - Link: Export Comments - Description: Easily exports all comments from your social media posts to Excel file.
11. Facebook Applications - Link: Facebook Applications - Description: A collection of online tools that automate and facilitate Facebook.
12. Social Analyzer - Link: SocialAnalyzer - Social Sentiment & Analysis - Description: a free tool of social media monitoring and analysis.
13. AnalyzeID - Link: AnalyzeID - Description: Just looking for sites that supposedly may have the same owner. Including a FaceBook App ID match.
14. SOWsearch - Link: sowsearch - Description: a simple interface to show how the current Facebook search function works.
15. Facebook Matrix - Link: FacebookMatrix - Description: Formulas for Searching Facebook.
16. Who posted what - Link: Who Posted What - Description: A non public Facebook keyword search for people who work in the public interest. It allows you to search keywords on specific dates.
17. StalkFace - Link: StalkFace - Description: Toolkit to stalk someone on Facebook.
18. Search is Back - Link: Search is Back - Description: ind people and events on Facebook Search by location, relationships, and more!.
19. FB-Search - Link: FB-Search - Description: busca por teléfono o correo.
20. FB-Posts-scraper - Link: FB-Posts-scraper - Description: (Python).
21. FB-Video-downloader - Link: FB-Video-downloader - Description: .

1. SnapInsta - Link: SnapInsta - Description: Download Photos, Videos, IGTV & more from a public Instagram account.
2. IFTTT Integrations - Link: IFTTT Instagram integrations - Description: Popular Instagram workflows & automations.
3. Pickuki - Link: Pickuki - Description: Browse publicly available Instagram content without logging in.
4. IMGinn.io - Link: IMGinn.io - Description: view and download all the content on the social network Instagram all at one place.
5. Instaloader - Link: Instaloader - Description: Download pictures (or videos) along with their captions and other metadata from Instagram.
6. SolG - Link: SolG - Description: The Instagram OSINT Tool gets a range of information from an Instagram account that you normally wouldn't be able to get from just looking at their profile.
7. Osintgram - Link: Osintgram - Description: Osintgram is an OSINT tool on Instagram to collect, analyze, and run reconnaissance.
8. Toutatis - Link: toutatis - Description: It is a tool written to retrieve private information such as Phone Number, Mail Address, ID on Instagram accounts via API.
9. instalooter - Link: instalooter - Description: InstaLooter is a program that can download any picture or video associated from an Instagram profile, without any API access.
10. Exportgram - Link: Exportgram - Description: A web application made for people who want to export instagram comments into excel, csv and json formats.
11. Profile Analyzer - Link: Profile Analyzer - Description: Analyze any public profile on Instagram – the tool is free, unlimited, and secure. Enter a username to take advantage of precise statistics.
12. Find Instagram User Id - Link: Find Instagram User Id - Description: This tool called "Find Instagram User ID" provides an easy way for developers and designers to get Instagram account numeric ID by username.
13. Instahunt - Link: Instahunt - Description: Easily find social media posts surrounding a location.
14. InstaFreeView - Link: InstaFreeView - Description: InstaFreeView Private Instagram Profile Viewer is a free app to view Instagram profile posts without login.
15. InstaNavigation - Link: instanavigation - Description: Anonymous story viewing on Instagram.
16. TikTok-scraper-dl - Link: TikTok-scraper-dl - Description: .
17. Musicaldown - Link: Musicaldown - Description: web.

1. RecruitEm - Link: RecruitEm - Description: Allows you to search social media profiles. It helps recruiters to create a Google boolean string that searches all public profiles.
2. RocketReach - Link: RocketReach - Description: Allows you to programmatically search and lookup contact info over 700 million professionals and 35 million companies.
3. Phantom Buster - Link: Phantom Buster - Description: Automation tool suite that includes data extraction capabilities.
4. linkedprospect - Link: LinkedIn Boolean Search - Description: Build a targeted list of LinkedIn people using boolean search.
5. ReverseContact - Link: Reverse Email Lookup - Description: Find Linked Profiles associated with any email.
6. LinkedIn Search Engine - Link: Programmable Search Engine - Description: Programmable Search Engine for LinkedIn profiles.
7. Free People Search Tool - Link: Free People Search Tool - Description: Find people easily online.
8. IntelligenceX Linkedin - Link: IntelligenceX Linkedin - Description: A webbased tool for searching someone on Linkedin.
9. Linkedin Search Tool - Link: Linkedin Search Tool - Description: Provides you a interface with various tools for Linkedin Osint.
10. LinkedInt - Link: LinkedInt - Description: Providing you with Linkedin Intelligence.
11. InSpy - Link: InSpy - Description: InSpy is a python based LinkedIn enumeration tool.
12. CrossLinked - Link: CrossLinked - Description: CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from an organization.

1. TweetDeck - Link: TweetDeck - Description: Offers a more convenient Twitter experience by allowing you to view multiple timelines in one easy interface.
2. FollowerWonk - Link: FollowerWonk - Description: Helps you find Twitter accounts using bio and provides many other useful features.
3. Twitter Advanced Search - Link: Twitter Advanced Search - Description: Allows you to search on Twitter using filters for better search results.
4. Wayback Tweets - Link: Wayback Tweets - Description: Display multiple archived tweets on Wayback Machine and avoid opening each link manually.
5. memory.lol - Link: memory.lol - Description: a tiny web service that provides historical information about twitter users.
6. SocialData API - Link: SocialData API - Description: an unofficial Twitter API alternative that allows scraping historical tweets, user profiles, lists and Twitter spaces without using Twitter's API.
7. Social Bearing - Link: Social Bearing - Description: Insights & analytics for tweets & timelines.
8. Tinfoleak - Link: Tinfoleak - Description: Search for Twitter users leaks.
9. Network Tool - Link: Network Tool - Description: Explore how information spreads across Twitter with an interactive network using OSoMe data.
10. Foller - Link: Foller - Description: Looking for someone in the United States? Our free people search engine finds social media profiles, public records, and more!
11. SimpleScraper OSINT - Link: SimpleScraper OSINT - Description: This Airtable automatically scrapes OSINT-related twitter accounts ever 3 minutes and saves tweets that contain coordinates.
12. Deleted Tweet Finder - Link: Deleted Tweet Finder - Description: Search for deleted tweets across multiple archival services.
13. Twitter Search Tool - Link: Twitter search tool - Description: On this page you can create advanced search queries within Twitter.
14. Twitter Video Downloader - Link: Twitter Video Downloader - Description: Download Twitter videos & GIFs from tweets.
15. Download Twitter Data - Link: Download Twitter Data - Description: Download Twitter data in csv format by entering any Twitter handle, keyword, hashtag, List ID or Space ID.
16. Twitonomy - Link: Twitonomy - Description: Twitter #analytics and much more.
17. tweeterid - Link: tweeterid - Description: Type in any Twitter ID or @handle below, and it will be converted into the respective ID or username.
18. BirdHunt - Link: BirdHunt - Description: Easily find social media posts surrounding a location.

1. DownAlbum - Link: DownAlbum - Description: Google Chrome extension for downloading albums of photos from various websites, including Pinterest.
2. Experts PHP: Pinterest Photo Downloader - Link: Pinterest Photo Downloader - Description: Website providing a tool to download photos from Pinterest.
3. Pingroupie - Link: Pingroupie - Description: A Meta Search Engine for Pinterest that lets you discover Collaborative Boards, Influencers, Pins, and new Keywords.
4. Tailwind - Link: Tailwind - Description: Social media scheduling and management tool that supports Pinterest.
5. Pinterest Guest - Link: Pinterest Guest - Description: Mozilla Firefox add-on for browsing Pinterest without logging in or creating an account.
6. SourcingLab: Pinterest - Link: SourcingLab: Pinterest - Description: Pinterest search feature for finding pins, boards, and users.

1. F5BOT - Link: F5BOT - Description: Receive notifications for new Reddit posts matching specific keywords.
2. Karma Decay - Link: Karma Decay - Description: Reverse image search for finding similar or reposted images on Reddit.
3. Mostly Harmless - Link: Mostly Harmless - Description: A suite of tools for Reddit, including user analysis, subreddit comparison, and more.
4. OSINT Combine: Reddit Post Analyzer - Link: OSINT Combine: Reddit Post Analyzer - Description: Analyze and gather information from Reddit posts for OSINT purposes.
5. Phantom Buster - Link: Phantom Buster - Description: Automation tool suite that includes Reddit data extraction capabilities.
6. rdddeck - Link: rdddeck - Description: Real-time dashboard for monitoring multiple Reddit communities.
7. Readr for Reddit - Link: Readr for Reddit - Description: Google Chrome extension for an improved reading experience on Reddit.
8. Reddit Archive - Link: Reddit Archive - Description: Archive of Reddit posts and comments for historical reference.
9. Reddit Comment Search - Link: Reddit Comment Search - Description: Search for specific comments and conversations on Reddit.
10. Redditery - Link: Redditery - Description: Explore Reddit posts and comments based on various criteria.
11. Reddit Hacks - Link: Reddit Hacks - Description: Collection of Reddit hacks and tricks for advanced users.
12. Reddit List - Link: Reddit List - Description: Directory of popular subreddits organized by various categories.
13. reddtip - Link: reddtip - Description: Show appreciation to Reddit users by sending them tips in cryptocurrencies.
14. Reddit Search - Link: Reddit Search (realsrikar) - Description: Various tools and websites for searching and discovering content on Reddit.
15. Reddit Shell - Link: Reddit Shell - Description: Command-line interface for browsing and interacting with Reddit.
16. Reddit Stream - Link: Reddit Stream - Description: Live-streaming of Reddit comments for real-time discussions.
17. Reddit Suite - Link: Reddit Enhancement Suite (Chrome Extension) - Description: Browser extension that enhances the Reddit browsing experience with additional features.
18. Reddit User Analyser - Link: Reddit User Analyser - Description: Analyze and visualize the activity and behavior of Reddit users.
19. redditvids - Link: redditvids - Description: Watch Reddit videos and browse popular video subreddits.
20. Redective - Link: Redective - Description: Investigate and analyze Reddit users based on their post history.
21. Reditr - Link: Reditr - Description: Desktop Reddit client with a clean and intuitive interface.
22. Reeddit - Link: Reeddit - Description: Simplified and clean Reddit web interface for a distraction-free browsing experience.
23. ReSavr - Link: ReSavr - Description: Retrieve and save deleted Reddit comments for later viewing.
24. smat - Link: smat - Description: Social media analytics tool that includes Reddit for tracking trends and engagement.
25. socid_extractor - Link: socid_extractor - Description: Extract user information from Reddit and other social media platforms.
26. Suggest me a subreddit - Link: Suggest me a subreddit - Description: Get recommendations for new subreddits to explore based on your preferences.
27. Subreddits - Link: Subreddits - Description: Directory of active subreddits organized by various categories.
28. uforio - Link: uforio - Description: Generate word clouds from Reddit comment threads.
29. Universal Reddit Scraper (URS) - Link: Universal Reddit Scraper (URS) - Description: Python-based tool for scraping Reddit data for analysis.
30. Vizit - Link: Vizit - Description: Visualize and analyze relationships between Reddit users and subreddits.
31. Wisdom of Reddit - Link: Wisdom of Reddit - Description: Curated collection of insightful quotes and comments from Reddit.

1. Awesome Lists - Link: Awesome Lists - Description: A curated list of awesome lists for various programming languages, frameworks, and tools.
2. CoderStats - Link: CoderStats - Description: A platform for developers to track and showcase their coding activity and statistics from GitHub.
3. Commit-stream - Link: Commit-stream - Description: A tool for monitoring and collecting GitHub commits in real-time.
4. Digital Privacy - Link: Digital Privacy - Description: A collection of resources and tools for enhancing digital privacy and security.
5. Find Github User ID - Link: Find Github User ID - Description: A web tool for finding the unique identifier (ID) of a GitHub user.
6. GH Archive - Link: GH Archive - Description: A project that provides a public dataset of GitHub activity, including events and metadata.
7. Git-Awards - Link: Git-Awards - Description: A website that ranks GitHub users and repositories based on their contributions and popularity.
8. GitGot - Link: GitGot - Description: A semi-automated, feedback-driven tool for auditing Git repositories.
9. gitGraber - Link: gitGraber - Description: A tool for searching and cloning sensitive information in GitHub repositories.
10. git-hound - Link: git-hound - Description: A tool for finding sensitive information exposed in GitHub repositories.
11. Github Dorks - Link: Github Dorks - Description: A collection of GitHub dorks, which are search queries to find sensitive information in repositories.
12. Github Stars - Link: Github Stars - Description: A website that showcases GitHub repositories with the most stars and popularity.
13. Github Trending RSS - Link: Github Trending RSS - Description: An RSS feed generator for trending repositories on GitHub.
14. Github Username Search Engine - Link: Github Username Search Engine - Description: A search engine to find GitHub usernames based on various filters and criteria.
15. Github Username Search Engine - Link: Github Username Search Engine - Description: Another search engine to find GitHub usernames with advanced filtering options.
16. GitHut - Link: GitHut - Description: A website that provides statistics and visualizations of programming languages on GitHub.

1. addmeContacts - Link: addmeContacts - Description: A platform to find and connect with new contacts on various social media platforms.
2. AddMeSnaps - Link: AddMeSnaps - Description: A website for discovering and adding new Snapchat friends.
3. ChatToday - Link: ChatToday - Description: An online chat platform for connecting and chatting with people from around the world.
4. Gebruikersnamen: Snapchat - Link: Gebruikersnamen: Snapchat - Description: A website for finding Snapchat usernames.
5. GhostCodes - Link: GhostCodes - Description: An app for discovering new Snapchat users and their stories.
6. OSINT Combine: Snapchat MultiViewer - Link: OSINT Combine: Snapchat MultiViewer - Description: A tool for viewing multiple Snapchat accounts simultaneously.
7. Snap Map - Link: Snap Map - Description: Snapchat's feature that allows users to share their location and view Snaps from around the world.
8. Snapchat-mapscraper - Link: Snapchat-mapscraper - Description: A tool for scraping public Snapchat Stories from the Snap Map.
9. Snap Political Ads Library - Link: Snap Political Ads Library - Description: Snapchat's library of political ads displayed on the platform.
10. Social Finder - Link: Social Finder - Description: A platform to search and discover social media profiles on various platforms.
11. SnapIntel - Link: SnapIntel - Description: a python tool providing you information about Snapchat users.
12. AddMeS - Link: AddMeS - Description: The 'Add Me' directory of Snapchat users on web.

1. checkwa - Link: checkwa - Description: An online tool to check the status and availability of WhatsApp numbers.
2. WhatsApp Fake Chat - Link: WhatsApp Fake Chat - Description: An online tool to generate fake WhatsApp conversations for fun or pranks.
3. Whatsapp Monitor - Link: Whatsapp Monitor - Description: A tool for monitoring and analyzing WhatsApp messages and activities.
4. whatsfoto - Link: whatsfoto - Description: A Python script to download profile pictures from WhatsApp contacts.

1. addmeContacts - Link: addmeContacts - Description: A platform to find and connect with new contacts on various social media platforms.
2. ChatToday - Link: ChatToday - Description: An online chat platform for connecting and chatting with people from around the world.
3. Skypli - Link: Skypli - Description: A website for discovering and connecting with new Skype contacts.

1. ChatBottle: Telegram - Link: ChatBottle: Telegram - Description: A directory of Telegram bots for various purposes.
2. ChatToday - Link: ChatToday - Description: An online chat platform for connecting and chatting with people from around the world.
3. informer - Link: informer - Description: A Python library for retrieving information about Telegram channels, groups, and users.
4. _IntelligenceX: Telegram - Link: _IntelligenceX: Telegram - Description: IntelligenceX's Telegram tool for searching and analyzing Telegram data.
5. Lyzem.com - Link: Lyzem.com - Description: A website to search and find Telegram groups and channels.
6. Telegram Channels - Link: Telegram Channels - Description: A directory of Telegram channels covering various topics.
7. Telegram Channels - Link: Telegram Channels - Description: A platform to discover and browse Telegram channels.
8. Telegram Channels Search - Link: Telegram Channels Search - Description: A search engine to find Telegram channels by keywords.
9. Telegram Directory - Link: Telegram Directory - Description: A comprehensive directory of Telegram channels, groups, and bots.
10. Telegram Group - Link: Telegram Group - Description: A website to search and join Telegram groups.
11. telegram-history-dump - Link: telegram-history-dump - Description: A Python script to dump the history of a Telegram chat into a SQLite database.
12. Telegram-osint-lib - Link: Telegram-osint-lib - Description: A Python library for performing open-source intelligence (OSINT) on Telegram.
13. Telegram Scraper - Link: Telegram Scraper - Description: A powerful Telegram scraping tool for extracting user information and media.
14. Tgram.io - Link: Tgram.io - Description: A platform to explore and search for Telegram channels, groups, and bots.
15. Tgstat.com - Link: Tgstat.com - Description: A comprehensive platform for analyzing and tracking Telegram channels and groups.
16. Tgstat RU - Link: Tgstat RU - Description: A Russian platform for analyzing and monitoring Telegram channels and groups.

1. DiscordOSINT - Link: DiscordOSINT - Description: This Repository Will contain useful resources to conduct research on Discord.
2. Discord.name - Link: Discord.name - Description: Discord profile lookup using user ID.
3. Lookupguru - Link: Lookupguru - Description: Discord profile lookup using user ID.
4. Discord History Tracker - Link: Discord History Tracker - Description: Discord History Tracker lets you save chat history in your servers, groups, and private conversations, and view it offline.
5. Top.gg - Link: Top.gg - Description: Explore millions of Discord Bots.
6. Unofficial Discord Lookup - Link: Unofficial Discord Lookup - Description: Search for discord profile using id.
7. Disboard - Link: Disboard - Description: DISBOARD is the place where you can list/find Discord servers.

1. OnlyFans Finder - Link: The Favourite OnlyFans search - Description: The tools allow easy searching via advanced filtering capabilities and sorting functionality, making it easy to access desired material.
2. OnlyFam - Link: OnlyFam - Description: OnlyFans Search & Model Finder - Find Creators in the World's Largest OnlyFans Database
3. OnlyFinder - Link: OnlyFinder - Description: OnlyFans Search Engine - OnlyFans Account Finder.
4. OnlySearch - Link: OnlySearch - Description: Find OnlyFans profiles by searching for key words.
5. Sotugas - Link: SóTugas - Description: Encontra Contas do OnlyFans Portugal 🇵🇹.
6. Fansmetrics - Link: Fansmetrics - Description: Use this OnlyFans Finder to search in 3,000,000 OnlyFans Accounts.
7. Findr.fans - Link: Findr.fans - Description: Only Fans Search Tool.
8. Hubite - Link: Hubite - Description: Advanced OnlyFans Search Engine.
9. Similarfans - Link: Similarfans - Description: Blog for OnlyFans content creators.
10. Fansearch - Link: Fansearch - Description: Fansearch is the best OnlyFans Finder to search in 3,000,000 OnlyFans Accounts.
11. Fulldp - Link: Fulldp - Description: Download Onlyfans Full-Size Profile Pictures.

1. Mavekite - Link: Mavekite - Description: Search the profile using username.
2. TikTok hashtag analysis toolset - Link: TikTok hashtag analysis toolset - Description: The tool helps to download posts and videos from TikTok for a given set of hashtags over a period of time.
3. TikTok Video Downloader - Link: TikTok Video Downloader - Description: ssstiktok is a free TikTok video downloader without watermark tool that helps you download TikTok videos without watermark (Musically) online.
4. Exolyt - Link: exolyt - Description: The best tool for TikTok analytics & insights.

exiftool -a -u foto.jpg | grep -i "gps\|date\|camera"
# strip before publishing
exiftool -all= foto_sanitizada.jpg

• Google Earth Pro → temporal displacement
• Suncalc → shadow = time
• Geolocation-verification
• Overpass-turbo → POI within radius
• FlightAware → flight tracking
• FlightRadar24 → flight radar
• MarineTraffic → maritime traffic
• VesselFinder → ships
• WiGLE → geolocated WiFi database
• OpenCelliD → cell towers
• Broadcastify → police audio
• AviationStack → aviation API
• Labs TIB Geoestimation → geographic estimation
• Picarta → photo location prediction
• Ventusky → weather maps
• Simplex 3D → 3D maps Israel
• Ukraine Live Cams → Ukraine cameras
• TWN → webcam network
• Opentopia → public webcams
• WorldCam → world webcams
• Webcam Galore → webcams
• OpenTrafficCamMap → traffic cameras
• KrooozCams → cruise webcams
• Skyline Webcams → skyline webcams
• Pictimo → world webcams
• CamHacker → public webcams

• Sentinel-Hub → 10m resolution, free
• NASA-FIRMS → real-time fires
• Zoom Earth → METAR overlay
• FlightRadar24 → flight radar
• ADS-B Exchange → no military filters
• FlightAware → flight history
• PiAware (Raspberry Pi) → own ADS-B receiver
• MarineTraffic → global AIS tracking
• VesselFinder → free alternative
• FleetMon → fleet monitoring
• ShipSpotting → ship photo database

site:*.target.com filetype:pdf
site:*.target.com intitle:"dashboard"
site:*.target.com intext:"confidential"

OPSEC for .onion

• TailsOS → USB → bridge-Tor → NO extra proxies
• Disable scripts Noscript → max
• Never maximize window (fingerprint)
• Never use VPN + Tor (traffic correlation)
• Use bridges if Tor is blocked
• NoScript to max
• No window resizing
• No downloading to persistent disk

python -m venv osint-env
source osint-env/bin/activate
pip install twint-fork recon-ng selenium requests beautifulsoup4 shodan

#!/usr/bin/env python3
# mini_osint.py
import shodan, requests, json, sys
from bs4 import BeautifulSoup

API_KEY = 'YOUR_SHODAN_API'
s = shodan.Shodan(API_KEY)
domain = sys.argv[1]

# 1. Subdomains via CRT.sh
crt = requests.get(f'https://crt.sh/?q=%25.{domain}&output=json').json()
subs = sorted(set([r['name_value'] for r in crt]))
print('[+] Found subdomains:', len(subs))

# 2. IPs from resolution
ips = set()
for sub in subs[:20]:  # demo limit
    try:
        ips.add(socket.gethostbyname(sub))
    except:
        pass

# 3. Shodan quick look
for ip in ips:
    try:
        info = s.host(ip)
        print(ip, info['org'], info.get('vulns', 'N/A'))
    except:
        pass

recon-ng
> marketplace install all
> workspaces add target
> use domains-domains/brute_force
> set SOURCE target.com
> run
> use hosts-hosts/resolve
> run
> use reporting/csv
> run

Folder /templates/ in your repo. Mandatory YAML front-matter:

---
investigator: your-alias
date: 2025-12-16
objective: "Target Name"
scope: domain + RRSS
status: draft # draft | reviewed | delivered
---

# Executive Summary
(5 lines)

# Primary Sources
- URL | date | capture hash

# Chronology
- 2024-10-01: Domain registration
- 2025-01-15: First leak

# Annexes
- Screenshots folder `/annexes/`
- CSV extracts

Ethical checklist ☐ Is the source 100% public? ☐ Is the data sensitive PII? → minimize ☐ Is there verifiable public interest? ☐ Can it be de-identified?

• Open Source Intelligence – CNI Spain (PDF)
• OSINT-Field-Manual – US Army

• SEINT (SANS 487)
• OSINT-Do-jo – daily challenges
• Michel Bacchus – YouTube OSINT in Spanish

• Telegram: OSINT Latam
• Discord: OSINT Español
• Reddit: r/OSINT

AI-powered tools for OSINT 2025:

Beyond basic searches:

Usage methodology:

1. Capture high-quality image
2. Use FaceCheck.ID for social networks
3. PimEyes for broad web search
4. Validate results by crossing platforms

Automation script (Python):

# email_osint_checker.py
import holehe
import requests

def check_email_accounts(email):
    """Checks in 120+ platforms"""
    modules = holehe.import_submodules('holehe.modules')
    for module in modules:
        # Execute verification
        pass

Alternatives and complements to HIBP:

Quick command:

# h8mail - mass search
h8mail -t targets.txt -bc local_breach_folder/ --power-all

Specialized tools:

Investigation methodology:

1. Identify wallet address
2. Search in Arkham Intelligence (known labels)
3. Analyze transactions in Etherscan/Blockchain.info
4. Trace fund flow with BlockCypher
5. Check in Chainalysis if available

Setup of homemade ADS-B receiver:

# Configure PiAware on Raspberry Pi
sudo apt-get install piaware
sudo piaware-config <options>
sudo systemctl restart piaware

OSINT use case:

1. Search unique SSID in WiGLE
2. Find approximate router location
3. Correlate with other geolocation data
4. Identify movements/locations of target

Fact-checking tools:

Verification process:

1. Extract metadata with ExifTool
2. Analyze with FotoForensics (ELA)
3. Check consistencies with Forensically
4. For video: use InVID for keyframes
5. Reverse image search in TinEye/Google

Beyond Maigret and Sherlock:

Speed comparison:

# Benchmark (10 usernames)
sherlock: ~45 seconds
maigret: ~90 seconds (more precise)
blackbird: ~60 seconds (with report)

Basic Photon script:

python photon.py -u https://target.com \
  --export=json \
  --dns \
  --keys \
  --threads 10

Complete suite:

Metadata workflow:

# 1. Extract metadata
exiftool -a -u -g1 document.pdf > metadata.txt

# 2. Search sensitive info
grep -i "author\|creator\|email\|gps" metadata.txt

# 3. Clean before publishing
mat2 --inplace clean_document.pdf

Advanced tools:

Speed comparison:

# Scan 65k ports on 1 IP
nmap: ~5 minutes
rustscan: ~10 seconds → then nmap
masscan: ~5 seconds (less detail)

Specialized tools:

Dark Web OPSEC:

1. Operating system: Tails OS (amnesic)
2. Never use VPN + Tor (traffic correlation)
3. Use bridges if Tor is blocked
4. NoScript to max
5. No window resizing
6. No downloading to persistent disk

All-in-one platforms:

SpiderFoot setup:

git clone https://github.com/smicallef/spiderfoot.git
cd spiderfoot
pip3 install -r requirements.txt
python3 sf.py -l 127.0.0.1:5001
# Open http://localhost:5001

Essential plugins:

Create custom transform:

# my_transform.py
from maltego_trx.entities import Person, EmailAddress
from maltego_trx.transform import DiscoverableTransform

class PersonToEmail(DiscoverableTransform):
    @classmethod
    def create_entities(cls, request, response):
        person_name = request.Value
        # Your logic here
        response.addEntity(EmailAddress, f"{person_name}@example.com")
        return response

1. Identification: What are we investigating?
2. Preservation: Archive EVERYTHING (archive.is, wayback)
3. Verification: Triangulate with 3+ sources
4. Contextualization: Complete chronology
5. Documentation: Screenshots + hash + timestamp
6. Validation: Peer review before publishing

PHASE 1: DIRECTION
├── Define questions (RFI)
├── Establish legal limits
└── Approve scope

PHASE 2: COLLECTION
├── Passive sources
├── Semi-passive sources
└── Save evidence

PHASE 3: PROCESSING
├── Normalize data
├── Translate languages
└── Structure information

PHASE 4: ANALYSIS
├── Link analysis (Maltego)
├── Timeline creation
├── Pattern recognition
└── Cross validation

PHASE 5: DISSEMINATION
├── Executive report
├── Technical report
├── Visual presentation
└── Evidence archive

2025 Dorks (specific):

# Sensitive information leaks
site:pastebin.com "password" "@company.com"
site:github.com "api_key" OR "api_secret" "company"
site:trello.com intext:"password" OR intext:"passwd"

# Exposed corporate documents
site:*.s3.amazonaws.com ext:xls | ext:xlsx "confidential"
filetype:pdf intext:"internal use only" site:gov

# IP cameras and IoT devices
inurl:/view/view.shtml
intitle:"webcamXP 5"

# Exposed admin panels
intitle:"index of" "admin"
intitle:"Dashboard" inurl:login
inurl:wp-admin intitle:"Dashboard"

# Exposed databases
intitle:"phpMyAdmin" "Welcome to phpMyAdmin"
inurl:"/phpmyadmin/index.php"
"#mysql dump" filetype:sql

# Employee information
site:linkedin.com "company name" "CEO" | "CTO" | "CISO"
site:*.linkedin.com "@companymail.com"

# Subdomains (combine with crt.sh)
site:*.target.com -www
site:*.*.target.com

📺 YouTube Channels (Spanish):

• Ethical Hacking - Pablo González
• CyberSecurityJobs
• DragonJAR
• José Luis García
• Security Hacklabs

📚 Recommended Books:

1. "Open Source Intelligence Techniques" - Michael Bazzell (8th ed., 2024)
2. "OSINT for Threat Intelligence" - Scott J Roberts
3. "The OSINT Handbook" - i-intelligence

🎓 Certifications:

• GOSI (GIAC Open Source Intelligence) - SANS
• CSCTP (Certified Social Media Intelligence Expert) - McAfee Institute
• OSINT Professional Certification - OSINT Combine

🔗 Communities:

• Reddit: r/OSINT, r/OpenSourceIntelligence
• Discord: IntelTechniques Server, OSINT-FR
• Telegram: OSINT Latam, OSINT Dojo
• Twitter/X: #OSINT, #OSINTfor Good

Tools for investigating individuals:

Tools for investigating companies:

1. Fork ➜ 2. Branch new-tool ➜ 3. PR with tested URL (screenshot mandatory)
   Read CONTRIBUIR.md before.

GPL-3 – Educational and research use. Don't be naughty.

«Information wants to be free, but privacy wants to be respected.»
— unknown