wddadk/Offensive-OSINT-Tools

# Offensive-OSINT-Tools 本仓库包含可在 Pentest 或 Red Team 期间用于 OSINT 的工具和链接。目前已有大量包含诸多工具的 awesome lists，但 Offensive Security 专家通常不需要如此广泛的选择。这促成了此列表的创建。这些工具几乎涵盖了 Offensive Security 专家的所有需求，将帮助您高效地完成工作。 如果工具执行多种功能，例如收集子域名**和** URL，它将被列在两处。 ## 📖 目录 - [搜索引擎](#-search-engines) - [电子邮件地址](#-email-addresses) - [源代码](#-source-code) - [子域名](#-subdomains) - [URL](#-urls) - [暗网](#-dark-web) - [情报](#-intelligence) - [网络信息](#-network-info) - [DNS 历史](#-dnshistory) - [证书](#-certifications) - [FTP 服务器](#-ftp-servers) - [被动基础设施扫描器](#-passive-infrastructure-scanner) - [Microsoft Exchange](#-microsoft-exchange) - [Telegram](#-telegram) - [Google Dorks](#-google-dorks) - [昵称搜索](#-nickname-search) - [电话号码](#-phone-number) - [Wifi](#-wifi) - [Cloud](#-cloud) - [信息收集工具](#-information-gathering-tools) - [有用链接](#-useful-links) ## [↑](#-table-of-contents) 贡献 **欢迎！** 如果您发现您最喜欢的攻击性工具不在列表中，您可以建议添加它。 ## [↑](#-table-of-contents) 搜索引擎 用于调查域名/IP 地址的搜索引擎。 * [Censys](https://censys.io/) * [Shodan](https://www.shodan.io/) * [Greynoise.io](https://viz.greynoise.io/) * [ZoomEye](https://www.zoomeye.org/) * [Onyphe](https://www.onyphe.io/) * [Fofa](https://fofa.info/) * [Binaryedge](https://app.binaryedge.io/) * [FullHunt](https://fullhunt.io/) * [Netlas](https://app.netlas.io/) * [Quake360](https://quake.360.net/quake/#/index) * [Criminalip](https://www.criminalip.io/) * [Synapsint](https://synapsint.com/) * [Natlas](https://natlas.io/) * [Leakix](https://leakix.net/) * [Dorki.io](https://dorki.io/) ## [↑](#-table-of-contents) 电子邮件地址 帮助您收集电子邮件地址的工具。通常搜索需要公司的域名。 * [Prospeo.io](https://app.prospeo.io/domain-search) * [Hunter.io](https://hunter.io/) * [Snov.io](https://snov.io/) * [Phonebook](https://phonebook.cz/) * [findemail.io](https://findemail.io/) * [Omail](https://omail.io/leads/download.html) * [Skymem](https://www.skymem.info/) * [Signalhire](https://www.signalhire.com/) * [Rocketreach](https://rocketreach.co/) * [Eyes](https://github.com/N0rz3/Eyes) - Email osint tool * [Infoga](https://github.com/m4ll0k/Infoga) * [Poastal](https://github.com/jakecreps/poastal) - Tool that provides valuable information on any email address * [Email-format](https://www.email-format.com/) - Analyses the company's mail format. * [h8mail](https://github.com/khast3x/h8mail) - Email OSINT & Password breach hunting tool * [EmailFinder](https://github.com/Josue87/EmailFinder) - Search emails from a domain through search engines * [theHarvester](https://github.com/laramies/theHarvester) * [Anymailfinder](https://anymailfinder.com/) - Find Verified Emails * [tomba.io](https://tomba.io/) - email finder * [contactout.com](https://contactout.com/) - person finder * [ronin-recon](https://github.com/ronin-rb/ronin-recon) - Recursive recon engine and framework that can enumerate subdomains, DNS records, port scan, grab TLS certs, spider websites, and collect email addresses. ## [↑](#-table-of-contents) 子域名 自动搜索子域名的工具。其中大多数需要 API 密钥才能正常工作。 ### 工具 * [Bbot](https://github.com/blacklanternsecurity/bbot) * [Subdominator](https://github.com/RevoltSecurities/Subdominator) * [sub.Monitor](https://github.com/e1abrador/sub.Monitor) - Passive subdomain continous monitoring tool * [Sudomy](https://github.com/screetsec/Sudomy) * [Amass](https://github.com/OWASP/Amass) * [theHarvester](https://github.com/laramies/theHarvester) * [Spiderfoot](https://github.com/smicallef/spiderfoot) * [subchase](https://github.com/tokiakasu/subchase) - Chase subdomains by parsing the results of Google and Yandex search results * [GooFuzz](https://github.com/m3n0sd0n4ld/GooFuzz) - Enumerate directories, files, subdomains or parameters without leaving evidence on the target's serve * [SubGPT](https://github.com/s0md3v/SubGPT) - SubGPT looks at subdomains you have already discovered for a domain and uses BingGPT to find more. * [alterx](https://github.com/projectdiscovery/alterx) - Fast and customizable subdomain wordlist generator using DSL. * [Photon](https://github.com/s0md3v/Photon) - Incredibly fast crawler designed for OSINT. * [ronin-recon](https://github.com/ronin-rb/ronin-recon#readme) - Recursive recon engine and framework that can enumerate subdomains, DNS records, port scan, grab TLS certs, spider websites, and collect email addresses. * [subdomain-enum](https://github.com/chaitanyakrishna/subdomain-enum) - securitytrails api *此处仅列出搜索未被上述工具自动化的站点/工具。* * [TI.defender.microsoft](https://ti.defender.microsoft.com/) * [dash.pugrecon.celes.in](https://dash.pugrecon.celes.in/) * [Securitytrails](https://securitytrails.com/) * [Shrewdeye](https://shrewdeye.app/) * [Phonebook](https://phonebook.cz/) * [Nmmapper](https://nmmapper.com/) * [subdomainfinder.c99.](https://subdomainfinder.c99.nl/) - A subdomain finder is a tool used to find the subdomains of a given domain. * [SubDomainRadar.io](https://subdomainradar.io) - Discover hidden subdomains with unparalleled accuracy and speed ## [↑](#-table-of-contents) URL 被动收集和分析 URL 的工具 * [Gau](https://github.com/lc/gau) * [Xurlfind3r](https://github.com/hueristiq/xurlfind3r) * [Unja](https://github.com/ninjhacks/unja) * [Urlfinder](https://github.com/projectdiscovery/urlfinder) * [urlhunter](https://github.com/utkusen/urlhunter) - a recon tool that allows searching on URLs that are exposed via shortener services * [Waymore](https://github.com/xnl-h4ck3r/waymore) * [Spiderfoot](https://github.com/smicallef/spiderfoot) * [theHarvester](https://github.com/laramies/theHarvester) * [GooFuzz](https://github.com/m3n0sd0n4ld/GooFuzz) - Enumerate directories, files, subdomains or parameters without leaving evidence on the target's serve * [Rextracter.streamlit](https://rextracter.streamlit.app/) - Gathers links and analyses content * [Uscrapper](https://github.com/z0m31en7/Uscrapper) - Tool that allows users to extract various personal information from a website. * [ronin-recon](https://github.com/ronin-rb/ronin-recon#readme) - Recursive recon engine and framework that can enumerate subdomains, DNS records, port scan, grab TLS certs, spider websites, and collect email addresses. * [Ominis-Osint](https://github.com/AnonCatalyst/Ominis-Osint) - The tool extracts relevant information such as titles, URLs, and potential mentions of the query in the results. ## [↑](#-table-of-contents) 源代码 用于在代码中查找提及的工具。可用于搜索公司/公司提及以查找密码/机密/机密信息。 * [Publicwww](https://publicwww.com/) * [Nerdydata](https://www.nerdydata.com/) * [Searchcode](https://searchcode.com/) * [Grep.app](https://grep.app/) ## [↑](#-table-of-contents) 暗网 一个未知的领域，作者对此太笨了。将逐步扩展。 * [Ahmia](https://ahmia.fi/) ## [↑](#-table-of-contents) 情报 Threat Intelligence 工具，包含广泛的公司信息、子域名、DNS 信息、URL 等等。 * [TI.defender.microsoft](https://ti.defender.microsoft.com/) * [Securitytrails](https://securitytrails.com/) * [Pulsedive](https://pulsedive.com/) * [ThreatBook](https://threatbook.io/) * [Alienvault](https://otx.alienvault.com/) * [Hudson Rock - Cybercrime Intelligence Tools](https://www.hudsonrock.com/threat-intelligence-cybercrime-tools) * [LeakRadar](https://leakradar.io) ## [↑](#-table-of-contents) 网络信息 IP/域名网络分析工具。 * [Bgp.he](https://bgp.he.net/) * [whoistory](http://whoistory.com/) * [Asnlookup](https://asnlookup.com/) * [centralops](http://centralops.net/) * [Bgp.tools](https://bgp.tools/) * [Myip](https://myip.ms/) * [IpInfo](https://ipinfo.io/) | [Cmd 版本](https://github.com/ipinfo/cli) * [Whoisxmlapi](https://main.whoisxmlapi.com/) ## [↑](#-table-of-contents) DNS 历史 查看域名 DNS 历史记录的工具。 * [Bigdomaindata](https://bigdomaindata.com) * [Dnshistory](https://dnshistory.org/) * [Viewdns](https://viewdns.info/) * [TI.defender.microsoft](https://ti.defender.microsoft.com/) * [Securitytrails](https://securitytrails.com/) ## [](#-table-of-contents) 证书 * [Crt.sh](https://crt.sh/) * [Web-check](https://github.com/Lissy93/web-check) + [Web 版本](https://web-check.as93.net/) ## [↑](#-table-of-contents) FTP 服务器 允许搜索和下载位于公共 FTP 服务器上的文件的工具。 * [Searchftps](https://www.searchftps.net/) ## [↑](#-table-of-contents) 被动基础设施扫描器 自动化被动 IP 地址/子网扫描的工具。 * [Smap](https://github.com/s0md3v/Smap) * [Nmap-censys](https://github.com/censys/nmap-censys) ## [↑](#-table-of-contents) Microsoft Exchange 帮助对 Microsoft Exchange 进行被动/半被动分析的工具。 * [ExchangeFinder](https://github.com/mhaskar/ExchangeFinder) | #SemiOSINT ## [↑](#-table-of-contents) Telegram 用于调查 Telegram 聊天的工具。 * [Telepathy](https://github.com/jordanwildon/Telepathy) ## [↑](#-table-of-contents) Google Dorks 用于 Google Dorks 的工具。 * [Pagodo](https://github.com/opsdisk/pagodo) * [Google hacking database](https://www.exploit-db.com/google-hacking-database) * [Recruitin](https://recruitin.net/) - Compiles Google dorks to search on LinkedIn, Dribbble, GitHub, Xing, StackOverflow, Twitter * [Search](https://github.com/pbkompasz/search) - Custom queries in Google ## [↑](#-table-of-contents) 昵称搜索 昵称搜索工具。 * [maigret](https://github.com/soxoj/maigret) * [Sherlock](https://github.com/sherlock-project/sherlock) * [Social analyzer](https://github.com/qeeqbox/social-analyzer) * [nexfil](https://github.com/thewhiteh4t/nexfil) * [whatsmyname](https://github.com/webbreacher/whatsmyname) * [snoop](https://github.com/snooppr/snoop) * [userrecon](https://github.com/wishihab/userrecon) * [NicknameFinder](https://github.com/restanse/NicknameFinder) * [gideon](https://github.com/YouVBeenHacked/gideon) * [Arina-OSINT](https://github.com/AlexC-ux/Arina-OSINT) * [netizenship](https://github.com/rahulrajpl/netizenship) * [Search4](https://github.com/0xknown/Search4) * [socialscan](https://github.com/iojw/socialscan) * [Sherlock](https://github.com/mesuutt/sherlock) * [recon-ng](https://github.com/lanmaster53/recon-ng/) * [SocialPath](https://github.com/woj-ciech/SocialPath) * [Castrick](https://castrickclues.com/) ## [↑](#-table-of-contents) 电话号码 有时会发生需要分析员工电话号码以获取更多信息的情况。 * [BuscaPaginasBlancas](https://github.com/GeiserX/BuscaPaginasBlancas) - Python tool for automated lookups on Spanish white pages (PaginasBlancas.es) to find phone numbers and addresses * [PhoneInfoga](https://github.com/sundowndev/PhoneInfoga) + [Web Demo](https://demo.phoneinfoga.crvx.fr/) * [GhostTrack](https://github.com/HunxByts/GhostTrack) * [Osint.industries](https://osint.industries/) * [Emobiletracker](https://www.emobiletracker.com/) * [Castrick](https://castrickclues.com/) * [Predicta Search](https://www.predictasearch.com/) ## [↑](#-table-of-contents) Wifi * [3Wifi](https://3wifi.stascorp.com/) - free base of access points ## [↑](#-table-of-contents) Cloud 用于从 cloud 搜索、收集信息的工具。 * [Cloud_sherlock](https://github.com/Group-IB/cloud_sherlock) ## [↑](#-table-of-contents) 信息收集工具 * [Gasmask](https://github.com/twelvesec/gasmask) * [Th3pector](https://github.com/Moham3dRiahi/Th3inspector) * [Cylect.io](https://cylect.io/) ## [↑](-table-of-contents) 有用链接 指南、方法论和任何有用信息的链接。 * [WhereToGo](https://github.com/valeriyshevchenko90/WhereToGo) - list of popular services that might be used in organizations. By having an account of the user - you can try to find entry points to the organization data. #semiosint * [Cloud OSINT](https://github.com/7WaySecurity/cloud_osint) - Repository with information related to Cloud Osint * [Information Disclosure Write-Ups And PoCs](https://github.com/soxoj/information-disclosure-writeups-and-pocs) ## 待办 * 添加手机号码分析工具（归为一类） * 制作思维导图 ## 警告 包含的某些站点可能需要注册或付费 ($$$) 才能提供更多数据，但您应该能够免费获得至少一部分可用信息。 *灵感来源于 https://github.com/jivoi/awesome-osint*

标签：Awesome List, ESC4, GitHub, Google Hacking, OSINT, 子域名挖掘, 实时处理, 密码管理, 应用安全, 情报分析, 日志审计, 暗网, 痕迹追踪, 社工库, 网络安全, 网络诊断, 逆向工具, 邮箱侦查, 隐私保护