# OSINT

## Useful Websites

* The holy bible <https://osintframework.com/>
* Wifi Connections: <https://wigle.net/>
* Pull LetsEncrypt Certs: <https://crt.sh>
* Default passwords: <https://default-password.info/>
* DNS Info: <https://dnsdumpster.com/>
* More DNS stuff: <https://intodns.com/>
* DNS Whois: <https://who.is/>
* Photo Forensics: <https://29a.ch/photo-forensics/#noise-analysis>
* Google dork cheatsheet: [sundowndev](https://gist.github.com/sundowndev/283efaddbcf896ab405488330d1bbc06)
* Google Earth: [https://earth.google.com/](https://www.google.com/maps/d/u/0/?hl=en)
* Custom Google Maps: <https://www.google.com/maps/d/u/0/?hl=en>

## Scripts / tools

* Phone number info: PhoneInfoga.py <https://github.com/sundowndev/PhoneInfoga>
* Profile Name Checker: Sherlock.py <https://github.com/sherlock-project/sherlock>
* metadata viewer: <https://exiftool.org/>
* Keeping Track of everything: <https://www.maltego.com/>
* Crawler: <https://github.com/s0md3v/Photon>
* DNS info: `whois <domain name or ip>`
* [theHarvester](https://github.com/laramies/theHarvester)
* <https://hunter.io/>

## Phishing

You can hide the origin of a URL by first lengthening the URL then shortening it. Adds a layer of obscurity and hides origin from discord embeds.

* URL Lengthener <https://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com/>
* IP Grabber <https://grabify.link/>

## Social Engineering

* You can validate a lot of information by making a phone ring.
* Provide incorrect information, and people will correct you