Search Engines: Traditional search engines like Google, Bing, and Yahoo can be powerful tools for gathering information. Utilize advanced search operators to refine your searches.
Social Media Platforms: Use platforms like Twitter, Facebook, Instagram, and LinkedIn to gather information, but remember to respect privacy settings and terms of service.
Search Engine Operators: Google Dorks and other search engine operators help you conduct advanced and specific searches to find relevant data.
Maltego: This tool allows you to visualize and link information across various data sources, helping to create a graphical representation of relationships and connections.
TheHarvester: It’s a tool for gathering email addresses, subdomains, hosts, employee names, open ports, and banners from different public sources like search engines, PGP key servers, and more.
Shodan: A search engine for Internet-connected devices. It can be used to discover servers, routers, and other devices that are exposed to the internet.
Wayback Machine: The Internet Archive’s Wayback Machine allows you to view past versions of websites. This can be useful for tracking changes and historical data.
DNS Lookup Tools: Tools like DNSDumpster and DNSlytics can help you gather information about domains, IP addresses, and DNS records.
WHOIS Lookup: Tools like WHOIS and DomainTools allow you to find information about domain ownership and registration.
Email Verification Tools: Tools like Hunter and Verify-Email.org can help you verify email addresses.
Geospatial Tools: Services like Google Maps and Google Earth can provide geospatial information. GIS tools can also be helpful for mapping and geospatial analysis.
Data Mining Tools: Tools like Import.io and ParseHub can help scrape data from websites.
Digital Forensics Tools: Tools like Autopsy and Sleuth Kit are useful for analyzing digital artifacts and extracting information from devices.
Social Media Analysis Tools: Tools like Hootsuite, Brandwatch, and Social Mention can help you monitor and analyze social media content and trends.
Public Records Databases: Websites like PublicData.com and the National Archives can provide access to a wide range of public records.
Dark Web Tools: Tools like Tor and OnionScan can be used to access and monitor the dark web. However, be cautious when navigating the dark web due to its potentially illegal or harmful content.
Custom Scripts and Programming: Some investigators develop custom scripts or use programming languages like Python to automate data collection and analysis.
Cybersecurity Tools: Various cybersecurity tools, such as Nmap for network scanning or Wireshark for packet analysis, can be valuable for collecting technical data.

Several organizations offer free online tools for looking up a potentially malicious website. Some of these tools provide historical information; others examine the URL in real time to identify threats:

AbuseIPDB: Provides reputation data about the IP address or hostname
Auth0 Signals: Checks IP address reputation; supports API
BrightCloud URL/IP Lookup: Presents historical reputation data about the website
CheckPhish: Checks whether the URL is a fraudulent site
Cloudflare Radar: Provides many details about the system
CyberGordon: Look up the website (and other observables) across several services
Desenmascara.me: Flags websites suspected of selling counterfeit products
Email Blocklist Checker: Checks the domain name or IP address against email blocklists (email address required, opts into marketing).
FileScan.io: Examines the URL in real time
FortiGuard lookup: Displays the URL’s history and category
Google Safe Browsing: Look up the website’s current status
hashdd: Provides historical data about IPs, URLs, etc.
IBM X-Force Exchange: Provides historical data about IPs, URLs, etc.
IPQualityScore: Presents a risk ranking for the IP address
Joe Sandbox URL Analyzer: Examines the URL in real time
Ironscales Fake Login URL Scanner: Examines the URL for signs of phishing
Is It Hacked: Performs several checks in real time and consults some blacklists
IsItPhishing: Assesses the specified URL in real time
Kaspersky Threat Intel Portal: Looks up the IP, URL, or domain in a blacklist
Norton Safe Web: Presents historical reputation data about the website
Palo Alto Networks URL Filtering: Looks up the URL in a blacklist
PhishTank: Looks up the URL in its database of known phishing websites
PolySwarm: Uses several services to examine the website or look up the URL
Malware Domain List: Looks up recently-reported malicious websites
MalwareURL: Looks up the URL in its historical list of malicious websites
McAfee Site Lookup: Checks URL reputation in various McAfee lists
MxToolbox: Queries multiple reputational sources for information about the IP or domain
Open Threat Exchange: Presents diverse threat intelligence data from AlienVault
PassiveTotal: Presents passive DNS and other threat intelligence data
Pulsedive: Presents historical data and queries for additional information
Quttera ThreatSign: Scans the specified URL for the presence of malware
Scamadviser: Checks whether the website is likely a shopping scam
SecurityTrails: Provides current and historical domain or system data
Silent Push: Presents diverse threat intelligence data
Sucuri SiteCheck: Scans the URL for malware in real time and looks it up in several blacklists
Talos Reputation Lookup: Presents historical reputation data about the website
Trend Micro Site Safety Center: Presents historical reputation data about the website
ThreatSTOP Check IoC: Looks up the UP or domain in a blacklist (requires your email address)
urlscan.io: Examines the URL in real time and displays the requests it issues to render the page
URLVoid and IPVoid: Looks up the URL or IP across several services
VirusTotal: Looks up the URL in several databases of malicious sites
ThreatMiner: Presents diverse threat intelligence data
URLscore.ai: Examines the URL in real time
WebPulse Site Review: Looks up the website in BlueCoat’s database
Zscaler Zulu URL Risk Analyzer: Examines the URL using real-time and historical techniques
zveloLive: Looks up the website in its database of categories

It’s important to note that while many OSINT tools are freely available, ethical and legal considerations should always be at the forefront of any investigation. Respect privacy, copyright, and terms of service when using these tools, and be aware of the laws and regulations governing OSINT activities in your jurisdiction. Always ensure that your investigations are conducted within legal and ethical boundaries.

https://start.me/p/m6Kj56/osint

https://searx.space/#

https://start.me/p/rx6Qj8/nixintel-s-osint-resource-list (Social Media and Overall)

https://start.me/p/kx5qL5/osint-darkweb-russia (Dark Web)

https://pentest-tools.com

Phone Number Investigation

Facebook: https://ru-ru.facebook.com/login/identify/
Twitter: https://twitter.com/account/begin_password_reset
Instagram: https://www.instagram.com/accounts/password/reset/
LinkedIn: https://www.linkedin.com/uas/request-password-reset
Google: https://accounts.google.com/signin/v2/identifier
MicroSoft: https://login.live.com/login.srf

https://sync.me/

USA number check

All in one search useful EPID

300+ tools V good OSINT

…
Several popular Telegram bots designed to check phone numbers against various leaks: https://avclick.me/v/AVinfoBot, https://gb.sbs/, https://t.me/QuickOSINT_Robot, https:// t.me/UniversalSearchBot.

Software for such geology is publicly available:
Trape: https://github.com/boxug/trape.git
TrackUrl: https://github.com/Mauladen/TrackUrl
Seeker: https://github.com/thewhiteh4t/seeker.git
IPlogger: https://iplogger.ru/location-tracker/

Search for business entities on the map by phone number can be done through the service https://yandex.ru/maps/. Find registered Russian companies by phone number — follow the link https://e-ecolog.ru/phone/+123456789.

Using Google Dorks to Verify a Phone Number. One of the easiest ways to check is to use the Google phonebook located at the link: “https://www.google.com/search?hl=en&pb=r&btnG=Search+PhoneBook&q=+123456789“. Other search options can be external services: https://demo.phoneinfoga.crvx.fr/#/ and https://intelx.io/tools?tab=telephone.

You can do this on the sites:
https://audience.yandex.ru/
https://ads.google.com/
https://target.my.com/

These include such Western services as: Infotracer: https://infotracer.com/; Pipl: https://pipl.com/. Or Russian developments, for example, TelPoisk: https://интернет-розыск.рф/telpoisk

https://irbis.espysys.com/

Username Investigation

https://blackbird-osint.herokuapp.com/

https://whatsmyname.app/

https://www.social-searcher.com/

https://github.com/webbreacher/whatsmyname

https://t.me/osint_maigret_bot

https://github.com/soxoj/maigret

https://t.me/mailcat_s_bot

https://docs.google.com/spreadsheets/d/17f_O3qnKBDRJkIlpR2FEy4IugCpQS0m2tOMY0HK_qDc/edit?usp=sharing

http://www.likasoft.com/ru/document-search/

Email Investigation

https://epieos.com/

https://seon.io/

https://intelx.io/

https://haveibeenpwned.com/

Telegram channel Leak data email,number and ip

https://leakcheck.io/

https://spycloud.com/check-your-exposure/

https://scatteredsecrets.com/

https://leakix.net/graph

https://leaked.domains/Info/

Link: https://start.me/p/b5gEPe/email-osint

Dark Web Start.me page

Telegram Investigation

Google Search

Use a command site:t.me “search term” or site:telegram.me “search term” in the Google search bar. It brings results with the keyword in posts, hashtags, or links. Investigators can use all types of information as search terms, including names, emails, phones, social links, etc.
Use a command “t.me/joinchat” “search term”. It helps to find links to Telegram chats on other websites and social media with a keyword related to a specific topic.

Online Tools, General Search

Lyzem Search: the service finds information in channels, groups, bots, messages, and on Telegram’s blogging platform Telegraph
Custom Google Search Tools (Telegago, Commentgram, Osint Me, here, here): the engines look for the keywords in contacts, public and private channels and groups, Telegraph, messages, and bots.

Channels and Groups Search

Channels:

Groups:

Both Sources:

Bots for Investigations:

@BotoDetective: the bot allows to search for users using a phone number, name, social networks, email, password, or a photo
@TgScanRobot:the bot shows basic profile details and groups that a user is a member of
@username_to_id_bot: the bot helps to find IDs of users, groups, or channels
@userinfobot: this bot shows basic user’s info
@creationdatebot: this one shows a creation date of any account in Telegram

Investigators need to create an account to view non-public channels and groups. It’s recommended to use new SIM cards, VPNs, and if possible, new phones with no contacts on them. Telegram has many privacy settings that are needed to be enabled for any research.

Company Investigation

https://techjournalism.medium.com/osint-checklist-for-company-investigations-86c3752c095d

Military Intelligence Blog by Igor

https://medium.com/@ibederov_en/military-intelligence-using-osint-methods-4aae1df2d812

Google Dorks

Name: “<XXX XXX>” (☎ OR ☏ OR ✆ OR 📱)

"username*com"

Number:

https://www.google.com/search?hl=en&pb=r&btnG=Search+PhoneBook&q=+91XXXXXX

To find people within GitHub code:

site:http://github.com/orgs/*/people

online resumes of a person:

inurl:resume “john smith”
intext:resume “john smith”


people with a specific job title and location:
site:http://linkedin.com/in "<job title>" (☎ OR ☏ OR ✆ OR 📱) +"<location>"

Trello
site:http://trello.com password + admin OR username 


specific documents within a website or domain namesite:
<domain> filetype:PDF
Instead of ‘filetype:’ you can also use the abbreviation for extention, which is: ‘ext:’

XLS files within government websites:

filetype:xls site:.gov

filetype:"xls | xlsx | doc | docx | txt | pdf" site:.gov

filetype:"doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml"

Indexed documents that contain the phrase ‘confidential’ or ‘top secret’ within open Amazon S3 buckets:

site:http://s3.amazonaws.com confidential OR "top secret"

confidential login information within XLS files:

s3 site:http://amazonaws.com filetype:xls password

copies of databases via Google

ext:sql intext:”– phpMyAdmin SQL Dump”

Social Media

Tweet was shared on other media

"text of a tweet" -site:https://twitter.com

search messages and/or links for a specific username

@dutch_osintguy -site:twitter.com/dutch_osintguy


Important Operators
cache:<keyword> 
inurl:<keyword>
allinurl:<keyword>
site:<keyword>
intitle:<keyword>
allintitle :<keyword>
intext:<keyword>
allintext:<keyword>
filetype: <keyword>

Find files under a domain name:

<keyword> site:<website.com> filetype: pdf,xlsx,docx

Find all indexed pages for a specific domain:

site:<website.com>

Find subdomains for a specific domain:

site:<*.website.com> -www

Finding non HTTPS web pages:

site:<website.com> -inurl:https

Social Media

Find social profiles or searching for a keyword from multiple websites at once:

<keyword> (site:facebook.com | site:twitter.com | site:linkedin.com)

Find open webcams

intitle:"webcamXP" inurl:8080

Find plain text passwords on Pastebin:

site:pastebin.com "@gmail.com password"

To find admin passwords:

site:pastebin.com "admin password"

Find vulnerability reports from multiple tools:

intitle:"report" ("qualys" | "acunetix" | "nessus" | "netsparker" | "nmap") filetype:html

Some other google dorks that you can use to find information about yourself or your website are:

<your_name> filetype:pdf
<your_name> intext:<phone_number> |<email> |<address>
site:<your_website> filetype:”doc | xls | txt | pdf”
ip:<your_servers_IP> filetype:”doc | xls | txt | pdf”


https://www.darkowl.com/

Law Enforcement Tools

Open Source Intelligence