Open Source Intelligence (OSINT) Resources for Reconnaissance
A curated list of OSINT resources for reconnaissance in the cyberspace.
This post is divided in the following sections:
ASN
- apps.db.ripe.net
Domains
- bgp.he.net
- lookup.icann.org
- community.riskiq.com
- viewdns.info
- virustotal.com
- www.whois.com
- crt.sh
Screenshots
- urlscan.io
Secrets
Search functionality of popular platforms can be leveraged to identify useful information such as secret keys left in source code, API documentation and structure as well as internal hostnames.
- searchcode.com
- postman.com
- github.com
- virustotal.com
Github dorks
Github allows searches using regular expressions. This is extremely helpful as it allows anyone apply surgical strings to look for secrets exposed in public projects. The following list includes potentially interesting search strings:
/<property\sname=\"password\"\svalue=\"[^$"#.].*/