This toolkit includes satellite and mapping services, tools for verifying photos and videos, websites to archive web pages, and much more. Follow Bellingcat's work via the website or through social media. We provide workshops to familiarize with these tools, and learn open source investigative methods.
![Bellingcat's Online Investigation Toolkit [bit.ly/bcattools]](https://cdn-ak-scissors.b.st-hatena.com/image/square/9d28042223e7bbd91c6552fbd20e23130791aa96/height=288;version=1;width=512/https%3A%2F%2Flh7-eu.googleusercontent.com%2Fdocs%2FAHkbwyKOX5kcZRQL6FE527JMgzrtxjaoogv-m9XPKvMHZZAlvR-ygWhw0zl-Z_nkWPVenERVsuvLphfKj-x6K7c60OIUoD9XDnPBF31RX7A03G1s2GST3Gxb%3Dw1200-h630-p)
GitHub - nitefood/asn: ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server
ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup tool / Web traceroute server. This script serves the purpose of having a quick OSINT command line tool at disposal when investigating network data, which can come in handy in incident response scenarios as well (with features such as bulk geolocati
PhishStats
PhishStats Fighting phishing and cybercrime since 2014 by gathering, enhancing and sharing phishing information with the infosec community. Proudly supported by Due to many requests, we are offering a download of the whole database for the price of USD 256.00. That's a 50% discount, the regular price will be USD 512.00. If you are a company training a machine learning algorithm or doing phishing r
For your company or subcontractors We scan the Internet (and the Dark Web) in a net-neutral manner. That means we scan every exposed assets and your View won't be limited to yours. We even scan the one you are not aware of... Domain name based approach We believe identifying assets based solely on IP addresses is an obsolete approach. We want every asset to be bound to a domain name. Better, it ca
マルウェア解析に必要な素養~解析者編~ ==== :::success 親ページ:[マルウェア解析に必要な素養](https://hackmd.io/s/S1kLEr5x#) ::: 本章では、解
GitHub - soxoj/maigret: 🕵️♂️ Collect a dossier on a person by username from thousands of sites
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
AbuseIPDBって何? これ https://www.abuseipdb.com/ 世界中のいろいろな人が悪いIPを晒上げるサイトで、怪しげなアクセスがあったときのIP調べるのに使ったする。 1個1個調べたり1個1個晒上げるならサイト上の検索やREPORTで十分だが、自動でブラックリストもらってきたり、まとめて晒上げたい場合WebAPIを使うことになる。 今回はこのサイトのWebAPIを使ってIPブラックリストとってきたり、悪いIPを晒上げてみるまでのことを書く。 WebAPI使うまでの準備 まずはアカウント作成 貧乏なのでFREEなアカウントを使う。 下記にアクセスして、INDVIDUALの下のSIGN UPを選択する。 https://www.abuseipdb.com/pricing 適当に入れるもん入れてアカウント作成すると、以下のような画面に遷移する。 しばらくすると登録した
GitHub - A-poc/RedTeam-Tools: Tools and Techniques for Red Team / Penetration Testing
RedTeam-Tools This github repository contains a collection of 125+ tools and resources that can be useful for red teaming activities. Some of the tools may be specifically designed for red teaming, while others are more general-purpose and can be adapted for use in a red teaming context. 🔗 If you are a Blue Teamer, check out BlueTeam-Tools Warning The materials in this repository are for informat
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
GitHub - jmortega/osint_tools_security_auditing: osint_tools_security_auditing
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Evolutionary Architecture - Discovering Boundaries @DevTalks 24
【独自】「SNS特定屋」に注意…“タピオカ”から個人情報追跡 “写真なし”でも入手【もっと知りたい!】(2022年8月4日) - YouTube
夏休みで出掛けることも多い、この季節。SNSへの投稿などを手掛かりに、名前や住所などの個人情報を突き止める「SNS特定屋」に注意が必要です。 ■知らない男性に“個人情報”が… 20代女性:「一緒にご飯食べに行った時の写真とか。ツイッターは、その日のうちに投稿します」 今や20代の利用率が、9割近くに達しているSNS。自分の趣味や身の回りで起きたことなどを自由に発信できる一方で、こんな被害もあります。 特定されたことがある女性(26):「職場から帰ってきた時に駅で、『俺さ、いつもツイッター見ててさ。職場どこだよね。住んでる駅も、特定できてさ』って感じ。駅出て、急に声掛けられてって感じでした」 3年前、仕事帰りの20代女性を最寄り駅で待っていたのは、見知らぬ中年男性。初対面にもかかわらず、名前や住んでいる場所まで言い当てられたといいます。 特定されたことがある女性:「『ず
Public pentest reports
Follow the links to see more details and a PDF for each one of the penetration test reports. astra - Astra-Security-Sample-VAPT-Report BishopFox - Beast - Hybrid Application Assessment 2017 - Assessment Report - 20171114 BishopFox - Bishop Fox Assessment Report - Winston Privacy BishopFox - Bishop-Fox-Research-Report-Efficacy-of-micro-segmentation-V01 BishopFox - C Plus Plus Alliance - Boost JSON
GitHub - Datalux/Osintgram: Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
はじめに こんにちは。事業推進部で教育研修を担当する成田です。この記事は NFLabs. アドベントカレンダー8日目です。 セキュリティ研修でOSINT(Open Source Intelligence : 公開されている情報ソースから入手可能なデータを収集・分析する技術)を教えることが多いのですが、今日はOSINTのテクニックの一つであるメタデータの収集について書いていきたいと思います。このメタデータには様々な情報が含まれており、例えば会社の公式サイトに掲載しているファイルにも、メタデータがそのまま残っている場合が結構あります。中には会社の機密情報が残っていたりも・・・。 今回は自分の会社からそういった情報が漏れていないかを確認する方法や、それを防止する方法について紹介します。 メタデータとは メタデータとは、そのデータに関する属性や関連する情報のことを指し、データの管理や検索など様々な
GitHub - SpiderLabs/HostHunter: HostHunter a recon tool for discovering hostnames using OSINT techniques.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
GitHub - projectdiscovery/interactsh: An OOB interaction gathering server and client library
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Free course demos allow you to see course content, watch world-class instructors in action, and evaluate course difficulty.
We may earn a commission from partner links, which help us to research and write, this never affects our product reviews and recommendations. How to find Subdomains of a Domain in Minutes?
OSINT4ALL aims to provide practical & easy OSINT toolkit for researchers of all level to use.
How do I use that tool?Insert a valid domain name, without http:// or https://, without www: yourdomain.com If you check a domain name, non-www and www (if defined), http and https is checked. Add a port or / and a file and path: yourdomain.com:5001yourdomain.com/subfolder-of-your-domainyourdomain.com/subfolder/file-to-check.htmlyourdomain.com:5001/subfolder/file-to-check.htmlInsert a valid / publ
GitHub - EdOverflow/can-i-take-over-xyz: "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
The authors of this document take no responsibility for correctness. This project is merely here to help guide security researchers towards determining whether something is vulnerable or not, but does not guarantee accuracy. This project heavily relies on contributions from the public; therefore, proving that something is vulnerable is the security researcher and bug bounty program's sole discreti
Google is aware of sites hosted on another’s subdomain
Google is aware of sites hosted on another’s subdomain It’s improving its systems to recognize such content and treat it accordingly. Google has stated that hosting content in a subdomain or subfolder of another entity’s site is not against its guidelines, but that it is improving its systems to recognize that content and treat it accordingly. The statement was delivered via the Google Webmasters
CyStack | Security Research
Why CyStackProductsWhiteHub - Security PlatformLocker - Password ManagerSafeChain - Blockchain Security PlatformCyStack - Vulnerability ScannerServices Security AssessmentPenetration TestingVulnerability AssessmentPerformance TestingInfrastructure Security AuditBlockchain Protocol AuditSmart Contract Audit Managed Security ServicesVulnerability ManagementSecurity MonitoringDevSecOpsManaged Bug Bou
Bellingcat’s Online Investigation Toolkit THE BELLINGCAT TOOLKIT HAS MOVED TO bit.ly/bcattools Welcome to Bellingcat’s freely available online open source investigation toolkit. You can follow our work on via our website, Twitter and Facebook. (We also provide three to five day open source i...
GitHub - Lissy93/web-check: 🕵️♂️ All-in-one OSINT tool for analysing any website
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Bellingcat's Online Investigation Toolkit [bit.ly/bcattools]
Cyber Defense Search Engine | ONYPHE
マルウェア解析に必要な素養~解析者編~ - HackMD
AbuseIPDBのAPIを使ってみた - Qiita
GitHub - guelfoweb/knock: Knock Subdomain Scan
OSINT_tools-20190628.pdf
あなたの会社は大丈夫? ~メタデータの落とし穴~ - NFLabs. エンジニアブログ
"Must Have" Free OSINT Resources | SANS
How to find Subdomains of a Domain in Minutes?
OSINT4ALL - start.me
Make your website better
INACTIVE. NEW LINK: bit.ly/bcattools