🔍 AWESOME OSINT ARSENAL
The Ultimate Open-Source Intelligence + Security Toolkit

751+ tools · 50 categories · Multi-distro installers · Georgian OSINT · Termux support
The most comprehensive OSINT and security toolkit on the internet — every tool with installation instructions or a verified link.

⚡ Get everything in one command
git clone https://github.com/rawfilejson/awesome-osint-arsenal && cd awesome-osint-arsenal && sudo bash install.sh
🎯 Or pick just what you need
sudo bash osint.sh # 🔍 OSINT only (Sherlock, Maigret, Amass, …)
sudo bash redteam.sh # ⚔️ Red team (Sliver, BloodHound, Mimikatz, Nuclei, …)
sudo bash blueteam.sh # 🛡️ Blue team (Wazuh, Sigma, Suricata, Velociraptor, …)
sudo bash forensics.sh # 🔬 DFIR + RE (Volatility, Ghidra, radare2, …)
sudo bash hardware.sh # 🔌 Hardware + SDR (binwalk, hackrf, openocd, …)
sudo bash labs.sh # 🎓 Vulnerable apps for practice (DVWA, Juice Shop, …)
bash termux.sh # 📱 Android (Termux subset, no sudo needed)
Works on Kali, Debian, Ubuntu, Parrot, Mint, Pop!_OS (best — apt)
Partial on Arch / Manjaro / Fedora / RHEL (auto-detected, falls back to git/pip/go)
Termux subset on Android
[!IMPORTANT]
🙏 A note before you fork
This repo has 751 tools across 50 categories. Keeping that current — links, install commands, new tools every week — is a lot for one person.
If nobody helps, parts of this list will go stale. That's just real talk.
How you can help in 30 seconds:
- ⭐ Star the repo (more stars = more contributors find it)
- 🐛 Spotted a dead link? Open an issue, takes 1 minute
- ☕ Buy me a coffee so weekends keep going to this
- 📢 Share it — tweet, Discord, wherever the security crowd hangs out
If something's broken: don't just complain — open an issue or PR. That's how this stays useful.
[!WARNING]
DISCLAIMER: This repository is for educational and authorized security research only.
Always obtain written permission before testing systems you do not own.
The authors are not responsible for any misuse of the tools or techniques listed here.
See the full Legal Disclaimer at the bottom.
📋 Table of Contents
🔭 Reconnaissance & Discovery — click to expand
- Username & Social Media OSINT
- Email OSINT Tools
- Phone Number OSINT
- Domain & IP OSINT
- Geolocation & Maps OSINT
- Image & Video OSINT
- Facial Recognition & People Search
- Social Media Monitoring
💥 Data Breaches & Leaks — click to expand
- Data Breach & Leak Search Engines
- WikiLeaks, DDoSecrets & Whistleblower Platforms
- Password Cracking & Credential Tools
🕶️ Dark Web & Privacy — click to expand
- Dark Web Search Engines & Tools
- Anonymous & Privacy Tools
⚔️ Offensive Security (Authorized Testing Only) — click to expand
- Web Application OSINT & Scanning
- Social Engineering & Phishing
- Vulnerability Scanning & Exploitation
- Network & Wireless Tools
- Mobile Hacking & Phone Exploitation
🧠 Intelligence & Analysis — click to expand
- AI-Powered OSINT & Free AI Tools
- Financial & Corporate Intelligence
- Vehicle, Property & Public Records
- Metadata & Digital Forensics
👁️ Surveillance & Dorking — click to expand
- IP Camera & Webcam OSINT
- Google Dorking Bible
- Credential & Data Dorking
- IP Tracking & Geolocation Links
🌐 Community & Platforms — click to expand
- Telegram OSINT Bots & Channels
- Russian OSINT & Person Lookup Services
- Social Media Searcher Platforms
🧰 Toolkits & Frameworks — click to expand
- Termux Hacking Toolkit (Complete)
- Kali Linux OSINT Toolkit
- All-in-One Hacking Frameworks
- Wordlist Generation & Brute Force
🖥️ Hardware & Operating Systems — click to expand
- Hardware Hacking Tools
- OSINT Operating Systems
👨💻 Developer & Learning — click to expand
- OSINT APIs & Developer Tools
- Browser Extensions for OSINT
- OSINT Learning Resources
- Awesome OSINT GitHub Repos
⚡ Quick Reference — click to expand
- One-Click Install Scripts
- Top 50 Must-Have Tools
⚔️ Red Team & Blue Team — click to expand
- Red Team & Offensive Security
- Blue Team & Defensive Security
- Threat Intel Platforms
🔬 Forensics, Hardware & Training — click to expand
- Digital Forensics & Reverse Engineering
- Training, Labs & CTF
- Bug Bounty Platforms
📚 Knowledge & Curated Additions — click to expand
- Learning Resources
- Extra Tools (curated additions)
🇬🇪 Country-Specific OSINT — click to expand
- Georgian OSINT Arsenal
⚙️ Installation Guide
Quick install — Kali / Debian / Ubuntu / Parrot
git clone https://github.com/rawfilejson/awesome-osint-arsenal
cd awesome-osint-arsenal
sudo bash install.sh
Pick a single stack
| Script |
What it installs |
Use when |
osint.sh |
OSINT tools (Sherlock, Maigret, Amass, theHarvester, …) |
You only do recon / investigations |
redteam.sh |
Sliver, BloodHound, Impacket, NetExec, Mimikatz, Nuclei, … |
Authorized pentesting / red team |
blueteam.sh |
Wazuh, Sigma, Suricata, Velociraptor, Atomic Red Team, MITRE CALDERA |
SOC / detection engineering |
forensics.sh |
Volatility 3, Ghidra, radare2, Plaso, CyberChef, … |
DFIR / malware analysis |
hardware.sh |
binwalk, hackrf, openocd, GNU Radio, gqrx, … |
RF / IoT / firmware research |
labs.sh |
DVWA, Juice Shop, WebGoat (Docker) |
Local practice labs |
termux.sh |
Android-compatible subset |
Phone-based recon |
Other Linux distros
The installers auto-detect your package manager:
| Distro |
Manager |
Status |
| Kali / Debian / Ubuntu / Parrot / Mint / Pop!_OS |
apt |
✅ Best — primary target |
| Arch / Manjaro / EndeavourOS |
pacman |
🟡 Partial (apt-only tools skip cleanly) |
| Fedora / RHEL / Rocky / Alma |
dnf |
🟡 Partial (apt-only tools skip cleanly) |
| Termux (Android) |
pkg |
✅ Subset only — use bash termux.sh |
| macOS / Windows |
— |
❌ Use a Kali VM or WSL2 |
What every installer does
- Detects your distro and uses the right package manager
- Skips what's already installed (idempotent — safe to re-run)
- Color output: 🟢 installed · 🟡 skipped · 🔴 failed
- Logs failures to
~/osint-install-errors.log
- Prints a summary at the end
- Tools cloned via git go to
/opt/osint-arsenal/ (or $HOME/osint-arsenal/ on Termux)
After install — add tools to your PATH
echo 'export PATH="$PATH:/opt/osint-arsenal"' >> ~/.bashrc
source ~/.bashrc
Tools installed via apt/pip/go install are already on your $PATH.
📊 Stats at a Glance
| 🛠️ Total Tools |
💻 CLI Tools |
📁 GitHub Repos |
🌐 Online Platforms |
🤖 AI Tools |
| 751+ |
165+ |
117+ |
461+ |
25+ |
| 🕶️ Dark Web |
🇬🇪 Georgian OSINT |
💥 Breach Engines |
⚔️ Red Team |
🛡️ Blue Team |
| 15+ |
500+ |
39+ |
35+ |
24+ |
| 🔬 Forensics |
🔌 Hardware |
🎓 Training |
🎯 Bug Bounty |
📂 Total Categories |
| 16+ |
16+ |
21+ |
12+ |
50 |

1. Username & Social Media OSINT
🎯 Find accounts, profiles, and digital footprints across hundreds of platforms.
Pro tip: Start with Sherlock for a quick sweep, then use Maigret for depth — it covers 3000+ sites.
| Tool |
Description |
Install / Link |
| Sherlock |
Find usernames across 400+ social networks |
pip install sherlock-project |
| Maigret |
Advanced Sherlock fork — 3000+ sites |
pip install maigret |
| Namechk |
Username & domain availability checker |
namechk.com |
| WhatsMyName |
Web-based username enumeration |
whatsmyname.app |
| Snoop |
Username search (Russian-focused) |
pip install snoop |
| UserRecon |
Bash-based username finder |
git clone https://github.com/wishihab/userrecon.git |
| Blackbird |
Fast username search tool |
pip install blackbird-osint |
| Social Analyzer |
API-based social media profiler |
pip install social-analyzer |
| NExfil |
Find profiles by username |
pip install nexfil |
| Socid-extractor |
Extract info from web pages |
pip install socid-extractor |
| Gitrecon |
GitHub OSINT reconnaissance |
pip install gitrecon |
| OSRFramework |
Username research framework |
pip install osrframework |
| Holehe |
Check if email is registered on 120+ sites |
pip install holehe |
| socialscan |
Check email/username availability |
pip install socialscan |
| Investigo |
Username checker (Go-based) |
go install github.com/tdh8316/investigo@latest |
| OSINT Framework |
Visual map of all OSINT tools |
osintframework.com |
| CheckUserNames |
Check username across multiple platforms |
checkusernames.com |
| KnowEm |
Username search on 500+ sites |
knowem.com |
| Instant Username Search |
Real-time username checker |
instantusername.com |
| Usersearch.org |
Free social network search |
usersearch.org |
💻 Sherlock — Install & Usage
# Kali Linux / Ubuntu
pip install sherlock-project
sherlock "username"
# From GitHub source (always latest)
git clone https://github.com/sherlock-project/sherlock.git
cd sherlock
pip install -r requirements.txt
python3 sherlock "username"
# Search multiple usernames at once
sherlock user1 user2 user3
💻 Maigret — Install & Usage
pip install maigret
maigret "username"
# From source
git clone https://github.com/soxoj/maigret.git
cd maigret
pip install -r requirements.txt
python3 -m maigret "username"
# Generate HTML report
maigret "username" --html
2. Email OSINT Tools
📧 Verify emails, find linked accounts, check breach exposure, and analyze headers.
Pro tip: Holehe is free and fast. h8mail is best for breach correlation when API keys are configured.
| Tool |
Description |
Install / Link |
| h8mail |
Email OSINT & breach hunting |
pip install h8mail |
| Holehe |
Check email on 120+ sites |
pip install holehe |
| theHarvester |
Email & domain harvester |
pip install theHarvester |
| EmailAnalyzer |
Analyze suspicious .eml files |
git clone https://github.com/keraattin/EmailAnalyzer |
| Prowl |
Email & domain reconnaissance |
git clone https://github.com/nettitude/Prowl |
| EmailHeader-Analyzer |
CLI email header parser + OSINT |
git clone https://github.com/Giritharram/EmailHeader-Analyzer-CLI-Python |
| MailHeaderDetective |
Email header forensics |
git clone https://github.com/akajhon/MailHeaderDetective |
| WhatMail |
Email header analysis CLI |
git clone https://github.com/z0m31en7/WhatMail |
| mailto_analyzer |
Email exposure analysis |
pip install mailto-analyzer |
| Infoga |
Email OSINT gathering |
git clone https://github.com/m4ll0k/Infoga |
| Hunter.io |
Find professional emails |
hunter.io |
| Phonebook.cz |
Email, domain & URL search |
phonebook.cz |
| EmailRep |
Email reputation lookup |
emailrep.io |
| Epieos |
Get info linked to email |
epieos.com |
| GetNotify |
Email open tracking + geolocation |
getnotify.com |
| Snov.io |
Email finder & verifier |
snov.io |
| MXToolbox |
Email header analysis & DNS checks |
mxtoolbox.com |
| SimpleLogin |
Email alias service for OSINT |
simplelogin.io |
| Email-Checker |
Email validation tool |
email-checker.net |
| Voila Norbert |
Find anyone's email |
voilanorbert.com |
💻 h8mail — Install & Usage
pip install h8mail
# Basic scan
h8mail -t "target@email.com"
# With API keys (unlocks more breach sources)
# Create config.ini with your API keys from HIBP, BreachDirectory, etc.
h8mail -t "target@email.com" -k config.ini
# Scan a list of emails
h8mail -t emails.txt
3. Phone Number OSINT
📱 Identify carriers, locations, registrations, and linked accounts from phone numbers.
Pro tip: PhoneInfoga is the gold standard CLI tool. GetContact reveals how a number is saved by others.
| Tool |
Description |
Install / Link |
| PhoneInfoga |
Advanced phone number scanner |
pip install phoneinfoga |
| Ignorant |
Check phone registrations on sites |
pip install ignorant |
| GetContact |
See how number is saved by others |
getcontact.com |
| NumVerify |
Phone number validation API |
numverify.com |
| Truecaller |
Caller ID & spam lookup |
truecaller.com |
| Sync.me |
Phone number lookup |
sync.me |
| CallerIDTest |
Reverse phone lookup |
calleridtest.com |
| SpyDialer |
Free reverse phone lookup |
spydialer.com |
| National Cellular Directory |
Phone owner lookup |
nationalcellulardirectory.com |
| TelPoisk |
Russian phone directory |
telpoisk.com |
| NumLookup |
Free reverse phone lookup |
numlookup.com |
| Hlr-Lookups |
HLR phone number lookup |
hlr-lookups.com |
| PhoneSploit |
ADB-based phone exploitation |
git clone https://github.com/aerosol-can/PhoneSploit |
💻 PhoneInfoga — Install & Usage
# Binary install (Kali Linux)
curl -sSL https://raw.githubusercontent.com/sundowndev/phoneinfoga/master/support/scripts/install | bash
# Open web UI at localhost:8080
phoneinfoga serve -p 8080
# Scan from CLI
phoneinfoga scan -n "+1234567890"
# pip install (alternative)
pip install phoneinfoga
4. Domain & IP OSINT
🌐 Enumerate subdomains, query DNS records, discover IP ranges, and map attack surfaces.
Pro tip: Run amass + subfinder together for maximum subdomain coverage, then pipe into httpx to check which hosts are live.
| Tool |
Description |
Install / Link |
| Amass |
In-depth DNS enumeration |
go install github.com/owasp-amass/amass/v4/...@master |
| Subfinder |
Fast passive subdomain discovery |
go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest |
| dnsrecon |
DNS enumeration |
pip install dnsrecon |
| Sublist3r |
Subdomain enumeration |
pip install sublist3r |
| crt.sh |
Certificate transparency search |
crt.sh |
| Shodan |
Internet-connected device search |
shodan.io |
| Censys |
Internet-wide scan search |
censys.io |
| Criminal IP |
AI-powered cyber threat intelligence |
criminalip.io |
| VirusTotal |
Domain/IP/file analysis |
virustotal.com |
| SecurityTrails |
DNS & domain intelligence |
securitytrails.com |
| IPGeoLocation |
IP address geolocation |
git clone https://github.com/maldevel/IPGeoLocation |
| Nmap |
Network scanner & mapper |
apt install nmap |
| Masscan |
Fastest internet port scanner |
apt install masscan |
| WHOIS.com |
WHOIS domain lookup |
whois.com |
| ViewDNS |
Multiple DNS tools |
viewdns.info |
| DNSDumpster |
DNS reconnaissance & mapping |
dnsdumpster.com |
| Robtex |
DNS lookup visualization |
robtex.com |
| ARIN WHOIS |
IP registration database |
whois.arin.net |
| BGP Toolkit |
BGP/ASN/IP intelligence |
bgp.he.net |
| urlscan.io |
URL/domain analysis & screenshots |
urlscan.io |
| AbuseIPDB |
IP address reputation database |
abuseipdb.com |
| Web-Check |
All-in-one website analysis |
web-check.xyz |
| IPinfo |
IP address data & geolocation |
ipinfo.io |
| DB-IP |
IP geolocation database |
db-ip.com |
💻 Amass + Subfinder + HTTPx — Most effective recon combo
# Step 1: Enumerate subdomains passively (fast)
subfinder -d example.com -o subs.txt
# Step 2: Deep active enumeration (slower but more complete)
amass enum -d example.com -o amass_subs.txt
# Step 3: Combine and deduplicate
cat subs.txt amass_subs.txt | sort -u > all_subs.txt
# Step 4: Check which subdomains are live
cat all_subs.txt | httpx -status-code -title -o live_subs.txt
# Step 5: Screenshot all live hosts
cat live_subs.txt | eyewitness --web -d screenshots/
5. Geolocation & Maps OSINT
🗺️ Geolocate images, analyze satellite data, and verify photo locations.
Pro tip: Combine SunCalc (shadow analysis) + ShadowMap + Mapillary for precision image geolocation.
6. Image & Video OSINT
🖼️ Extract metadata, reverse search images, verify authenticity, and detect AI-generated content.
Pro tip: Yandex reverse image search consistently outperforms Google for finding faces and locations.
💻 ExifTool — Install & Usage
# Install
apt-get install libimage-exiftool-perl
# Basic metadata read
exiftool image.jpg
# Extract GPS coordinates specifically
exiftool -GPSLatitude -GPSLongitude image.jpg
# Strip ALL metadata (for privacy)
exiftool -all= image.jpg
# Show all metadata groups
exiftool -a -u -g1 image.jpg
# Batch process a whole folder
exiftool /path/to/images/
7. Facial Recognition & People Search
👤 Find people across the web using photos, names, or usernames.
⚠️ Warning: Facial recognition has serious privacy and legal implications. Use only with explicit authorization.
| Tool |
Description |
Install / Link |
| FaceSeek |
AI-powered reverse face search |
faceseek.online |
| FaceCheck.ID |
Face recognition search engine |
facecheck.id |
| PimEyes |
Face search engine from photos |
pimeyes.com |
| Search4faces |
Face search in VK/OK social networks |
search4faces.com |
| face_recognition |
Python face recognition library |
pip install face_recognition |
| DeepFace |
AI face analysis (age, gender, emotion) |
pip install deepface |
| ThatsThem |
Free people search |
thatsthem.com |
| Pipl |
Deep people search engine |
pipl.com |
| BeenVerified |
People search & background check |
beenverified.com |
| Spokeo |
People search aggregator |
spokeo.com |
| FastPeopleSearch |
Free people finder |
fastpeoplesearch.com |
| WebMii |
People search engine |
webmii.com |
| OSINT Industries |
People search + social media lookup |
osint.industries |
| IDCrawl |
Free people search engine |
idcrawl.com |
8. Social Media Monitoring
📡 Monitor, scrape, and investigate social media accounts and communities.
Pro tip: Combine Osintgram (Instagram) + Telepathy (Telegram) + snscrape (Twitter/X) for full platform coverage.
| Tool |
Description |
Install / Link |
| Osintgram |
Instagram OSINT tool |
git clone https://github.com/Datalux/Osintgram |
| Instaloader |
Instagram data downloader |
pip install instaloader |
| Twint |
Twitter OSINT (no API needed) |
pip install twint |
| snscrape |
Social media scraper (Twitter, Reddit, etc.) |
pip install snscrape |
| Toutatis |
Instagram OSINT by phone/email |
pip install toutatis |
| TikTok Scraper |
TikTok data extraction |
npm install -g tiktok-scraper |
| Reddit Investigator |
Reddit user analysis |
reddit-user-analyser.netlify.app |
| socialscan |
Social media presence checker |
pip install socialscan |
| Telepathy |
Telegram OSINT analysis |
pip install telepathy |
| Twayback |
Find deleted tweets |
pip install twayback |
| Xquik |
X/Twitter data API & MCP skill |
github.com |
| SocialBlade |
Social media analytics |
socialblade.com |
| Social-Searcher |
Free social media search engine |
social-searcher.com |
| Mention |
Social media monitoring |
mention.com |
| BrandWatch |
Social listening platform |
brandwatch.com |
9. Data Breach & Leak Search Engines
💥 Check if credentials, emails, or phones have been exposed in data breaches.
Pro tip: HIBP is free and safe. DeHashed and LeakCheck offer the most data for paid tiers.
| Tool |
Description |
Type |
Link |
| Have I Been Pwned |
Check email/phone in breaches |
🟢 Free |
haveibeenpwned.com |
| DeHashed |
Breach search engine |
💰 Paid |
dehashed.com |
| LeakCheck |
Email/username/phone breach search |
🟡 Freemium |
leakcheck.net |
| Intelligence X |
Search breaches, darknet, leaks |
💰 Paid |
intelx.io |
| BreachDirectory |
Free breach search |
🟢 Free |
breachdirectory.org |
| LeakPeek |
Search leaked databases |
🟡 Freemium |
leakpeek.com |
| Snusbase |
Breach data search engine |
💰 Paid |
snusbase.com |
| CheckLeaked |
Leak search engine (15B+ accounts) |
🟡 Freemium |
checkleaked.cc |
| DataBreach.com |
Data breach lookup |
🟢 Free |
databreach.com |
| Hudson Rock Cavalier |
Infostealer intelligence & breach data |
🟡 Freemium |
hudsonrock.com |
| h8mail |
Automated breach hunting CLI |
🟢 Free |
pip install h8mail |
| XposedOrNot |
Breach exposure check |
🟢 Free |
xposedornot.com |
| ScatteredSecrets |
Breach notification service |
🟡 Freemium |
scatteredsecrets.com |
| The OSINT Rack |
Ransomware & data leak monitoring |
🟢 Free |
osintrack.com |
| Pwndb |
Dark web breach database (Tor) |
🟢 Free |
Requires Tor Browser |
| OsintCat |
Email, username & phone breach lookup — fast results with real data |
🟡 Freemium |
osintcat.net |
💻 Pwndb — Dark Web Breach Search (requires Tor)
# Start Tor service first
sudo systemctl start tor
# Clone pwndb
git clone https://github.com/coj337/pwndb.git
cd pwndb
# Install requirements
pip install -r requirements.txt
# Search by email
python3 pwndb.py --target email@example.com
# The .onion address (open in Tor Browser)
# pwndb2am33lno4bq.onion
10. WikiLeaks, DDoSecrets & Whistleblower Platforms
📁 Archives of leaked government, corporate, and classified documents.
11. Password Cracking & Credential Tools
🔑 Tools for authorized password auditing and credential recovery on systems you own.
| Tool |
Description |
Install / Link |
| Hashcat |
Advanced password recovery (GPU-accelerated) |
apt install hashcat |
| John the Ripper |
Classic password cracker |
apt install john |
| Hydra |
Network login brute-forcer |
apt install hydra |
| Medusa |
Parallel brute-force tool |
apt install medusa |
| CeWL |
Custom wordlist generator from website |
apt install cewl |
| Crunch |
Pattern-based wordlist generator |
apt install crunch |
| RainbowCrack |
Rainbow table cracker |
project-rainbowcrack.com |
| Ophcrack |
Windows password cracker (rainbow tables) |
ophcrack.sourceforge.io |
| LaZagne |
Credentials recovery tool (post-exploit) |
git clone https://github.com/AlessandroZ/LaZagne |
| Mimikatz |
Windows credential dumper |
git clone https://github.com/gentilkiwi/mimikatz |
| Responder |
LLMNR/NBT-NS/MDNS poisoner |
git clone https://github.com/lgandx/Responder |
💻 Hashcat — Quick Reference
# Install
apt install hashcat
# Crack MD5 hash with wordlist
hashcat -m 0 hash.txt /usr/share/wordlists/rockyou.txt
# Crack SHA-256 with rules
hashcat -m 1400 hash.txt wordlist.txt -r rules/best64.rule
# Common hash types:
# -m 0 = MD5
# -m 100 = SHA-1
# -m 1400 = SHA-256
# -m 1800 = SHA-512crypt (Linux)
# -m 1000 = NTLM (Windows)
# -m 2500 = WPA/WPA2 (Wi-Fi)
12. Dark Web Search Engines & Tools
🕶️ Search .onion sites, darknet markets, and hidden services.
Requires: Tor Browser or Tor service running on port 9050.
| Tool |
Description |
Link / Onion Address |
| Torch |
Oldest & largest dark web search engine |
xmh57jrknzkhv6y3ls3ubitzfqnkrwxhopf5aygthi7d6rplyvk3noyd.onion |
| Haystak |
Dark web search with filtering |
haystak5njsmn2hqkewecpaxetahtwhsbsa64jom2k22z5afxhnpxfid.onion |
| Ahmia |
Clearnet dark web search |
ahmia.fi |
| DuckDuckGo Onion |
Private search on Tor |
duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion |
| Phobos |
Dark web search engine |
phobosxilamwcg75xt22id7aywkzol6q6rfl2flipcqoc4e4ahima5id.onion |
| DarkSearch |
Dark web search API (clearnet) |
darksearch.io |
| OnionScan |
Scan & analyze .onion sites |
go install github.com/s-rah/onionscan@latest |
| Dark.fail |
Verified dark web links directory |
dark.fail |
| OSINT-SPY |
OSINT tool with Tor support |
git clone https://github.com/SharadKumar97/OSINT-SPY |
💻 Setting up Tor for dark web tools
# Install Tor
sudo apt install tor proxychains4
# Start Tor service
sudo systemctl start tor
sudo systemctl enable tor
# Test Tor is working
curl --socks5 127.0.0.1:9050 https://check.torproject.org/api/ip
# Use proxychains with any tool
proxychains4 nmap -sT target.onion
proxychains4 curl http://example.onion
# Edit /etc/proxychains4.conf if needed
# Make sure this line is present: socks5 127.0.0.1 9050
13. Anonymous & Privacy Tools
🔒 Maintain anonymity during OSINT investigations and protect your identity.
Pro tip: Use Tails OS for investigations requiring full anonymity — it leaves zero trace on disk.
| Tool |
Description |
Install / Link |
| Tor Browser |
Anonymous web browsing |
torproject.org |
| Tails OS |
Amnesic live OS (no trace) |
tails.boum.org |
| Whonix |
Anonymous OS via Tor (VM-based) |
whonix.org |
| ProtonVPN |
Free encrypted VPN |
protonvpn.com |
| ProtonMail |
Encrypted email |
proton.me |
| Signal |
Encrypted messaging |
signal.org |
| OnionShare |
Anonymous file sharing via Tor |
onionshare.org |
| Anonsurf |
Anonymize entire OS traffic |
git clone https://github.com/Und3rf10w/kali-anonsurf |
| MAC Changer |
Change/spoof MAC address |
apt install macchanger |
| BleachBit |
Digital footprint cleaner |
bleachbit.org |
| VeraCrypt |
Disk encryption |
veracrypt.fr |
| KeePassXC |
Offline password manager |
keepassxc.org |
| Mullvad VPN |
Privacy VPN (no email needed) |
mullvad.net |
| Anon-SMS |
Anonymous SMS sending |
git clone https://github.com/HACK3RY2J/Anon-SMS.git |
14. Web Application OSINT & Scanning
🕸️ Fingerprint web technologies, discover hidden directories, and crawl for endpoints.
Pro tip: Run Whatweb first to fingerprint, then Nikto for quick vulns, then Nuclei for deep scanning.
| Tool |
Description |
Install / Link |
| Nikto |
Web server vulnerability scanner |
apt install nikto |
| WPScan |
WordPress vulnerability scanner |
gem install wpscan |
| Wappalyzer |
Technology profiler (browser ext) |
Browser Extension |
| Whatweb |
Web technology identifier |
apt install whatweb |
| Dirb |
Web directory brute-forcer |
apt install dirb |
| Gobuster |
URI/DNS brute-forcer (Go) |
go install github.com/OJ/gobuster/v3@latest |
| Feroxbuster |
Fast recursive content discovery |
apt install feroxbuster |
| HTTPx |
Fast HTTP toolkit / probing |
go install github.com/projectdiscovery/httpx/cmd/httpx@latest |
| Katana |
Web crawler |
go install github.com/projectdiscovery/katana/cmd/katana@latest |
| LinkFinder |
Discover endpoints in JavaScript |
git clone https://github.com/GerbenJavado/LinkFinder |
| Photon |
Web crawler for OSINT data |
git clone https://github.com/s0md3v/Photon |
| Wfuzz |
Web fuzzer |
pip install wfuzz |
| ParamSpider |
Parameter discovery from web archives |
pip install paramspider |
| WebHack |
Web hacking toolkit |
git clone https://github.com/yan4ikyt/webhack |
15. Social Engineering & Phishing
🎭 Phishing simulation frameworks for authorized red team engagements.
⚠️ For authorized penetration testing and security awareness training ONLY.
| Tool |
Description |
Install / Link |
| SET (Social Engineering Toolkit) |
Complete SE framework |
apt install set |
| Gophish |
Enterprise phishing simulation platform |
getgophish.com |
| Zphisher |
30+ phishing templates |
git clone https://github.com/htr-tech/zphisher |
| NexPhisher |
Multi-platform phishing tool |
git clone https://github.com/htr-tech/nexphisher |
| Storm-Breaker |
Access webcam/mic/location (SE) |
git clone https://github.com/ultrasecurity/Storm-Breaker |
| Evilginx2 |
Man-in-the-middle reverse proxy |
go install github.com/kgretzky/evilginx2@latest |
| Modlishka |
Reverse proxy phishing framework |
go install github.com/drk1wi/Modlishka@latest |
| King Phisher |
Phishing campaign toolkit |
github.com/rsmusllp/king-phisher |
| SocialFish |
Social media phishing |
git clone https://github.com/UndeadSec/SocialFish |
| AdvPhishing |
Advanced phishing tool |
git clone https://github.com/Ignitetch/AdvPhishing |
| URLCADIZ |
URL masking tool |
git clone https://github.com/PerezMascato/URLCADIZ |
💻 Zphisher — Install & Usage
git clone https://github.com/htr-tech/zphisher.git
cd zphisher
chmod +x zphisher.sh
bash zphisher.sh
# Select template from menu (Facebook, Google, Instagram, etc.)
# Tool generates a phishing URL with Cloudflare/Serveo tunnel
# Captured credentials are saved locally
16. Vulnerability Scanning & Exploitation
💣 Frameworks for finding and verifying vulnerabilities on authorized targets.
⚠️ Always have written permission before running any of these tools.
| Tool |
Description |
Install / Link |
| Metasploit |
Industry-standard pen testing framework |
apt install metasploit-framework |
| Nuclei |
Template-based fast vulnerability scanner |
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest |
| SQLMap |
Automated SQL injection tool |
apt install sqlmap |
| Burp Suite |
Web app security testing proxy |
portswigger.net/burp |
| OWASP ZAP |
Open-source web app scanner |
zaproxy.org |
| OpenVAS |
Open-source vulnerability scanner |
apt install openvas |
| Commix |
Command injection exploiter |
git clone https://github.com/commixproject/commix |
| GoldenEye |
HTTP DoS tool (authorized load testing) |
git clone https://github.com/jseidl/GoldenEye |
| ExploitDB |
Exploit database (searchsploit) |
exploit-db.com |
| Criminal IP |
Vulnerability & CVE search |
criminalip.io |
17. Network & Wireless Tools
📶 Analyze traffic, audit Wi-Fi networks, and perform MITM on authorized targets.
| Tool |
Description |
Install / Link |
| Wireshark |
Network protocol analyzer |
apt install wireshark |
| Aircrack-ng |
Wi-Fi security auditing suite |
apt install aircrack-ng |
| Kismet |
Wireless network detector & sniffer |
apt install kismet |
| Bettercap |
MITM framework (ARP, DNS, HTTP) |
apt install bettercap |
| Ettercap |
MITM attack suite |
apt install ettercap-common |
| Wifite |
Automated Wi-Fi auditing tool |
apt install wifite |
| Reaver |
WPS brute force tool |
apt install reaver |
| Fern Wifi Cracker |
GUI-based Wi-Fi audit tool |
apt install fern-wifi-cracker |
| Fluxion |
Wi-Fi social engineering (evil twin) |
git clone https://github.com/FluxionNetwork/fluxion |
| hcxtools |
Wi-Fi packet capture conversion |
apt install hcxtools |
| Netcat |
The TCP/IP swiss army knife |
apt install netcat-openbsd |
| tcpdump |
Command-line packet analyzer |
apt install tcpdump |
18. Mobile Hacking & Phone Exploitation
📲 Android/iOS security testing for authorized assessments.
| Tool |
Description |
Install / Link |
| PhoneSploit |
ADB-based phone exploitation |
git clone https://github.com/aerosol-can/PhoneSploit |
| AhMyth Android RAT |
Android remote access tool |
git clone https://github.com/AhMyth/AhMyth-Android-RAT |
| Apktool |
Android APK decompiler/rebuilder |
apt install apktool |
| jadx |
Android APK decompiler (GUI) |
apt install jadx |
| Frida |
Dynamic instrumentation toolkit |
pip install frida-tools |
| Objection |
Runtime mobile exploration |
pip install objection |
| MobSF |
Mobile Security Framework (static+dynamic) |
github.com/MobSF/Mobile-Security-Framework-MobSF |
| MSFPC |
MSF payload creator |
git clone https://github.com/g0tmi1k/msfpc |
19. AI-Powered OSINT & Free AI Tools
🤖 AI tools for automating research, analyzing images, and accelerating investigations.
Pro tip: Perplexity AI is excellent for OSINT research — it cites sources so you can verify everything.
AI-Powered OSINT Tools
| Tool |
Description |
Install / Link |
| GeoSpy |
AI geolocation from images |
geospy.ai |
| DeepFace |
Face analysis (age, gender, emotion) |
pip install deepface |
| face_recognition |
Python face recognition library |
pip install face_recognition |
| OpenCV |
Computer vision library |
pip install opencv-python |
| ReconAIzer |
AI-enhanced Burp Suite extension |
github.com/hisxo/ReconAIzer |
| AI or Not |
Detect AI-generated content |
aiornot.com |
| HARPA AI |
AI browser agent for OSINT |
harpa.ai |
Free AI Tools for OSINT Research
20. Financial & Corporate Intelligence
💰 Research companies, track crypto, and uncover financial relationships.
21. Vehicle, Property & Public Records
🚗 Access public records, vehicle history, property data, and court documents.
22. Metadata & Digital Forensics
🔬 Extract hidden data, recover deleted files, and analyze digital evidence.
Pro tip: CyberChef is a must-bookmark — it handles encoding, encryption, and data manipulation all in-browser.
| Tool |
Description |
Install / Link |
| Autopsy |
Full digital forensics platform |
autopsy.com |
| Volatility |
Memory forensics framework |
pip install volatility3 |
| Wireshark |
Network packet analysis |
apt install wireshark |
| Binwalk |
Firmware analysis & extraction |
apt install binwalk |
| Foremost |
File carving (recover deleted files) |
apt install foremost |
| Bulk Extractor |
Extract features from disk images |
apt install bulk-extractor |
| ExifTool |
Complete metadata extraction |
apt install libimage-exiftool-perl |
| Metagoofil |
Document metadata harvester |
pip install metagoofil |
| CyberChef |
Data analysis swiss army knife |
gchq.github.io/CyberChef |
| Scalpel |
File carving tool |
apt install scalpel |
23. IP Camera & Webcam OSINT
⚠️ WARNING: Accessing cameras without authorization is illegal everywhere. This section is for educational awareness only — to understand how exposed devices are found so you can protect them.
Shodan Searches for Exposed Cameras
| Search Query |
What It Finds |
screenshot.label:webcam |
Webcams indexed by Shodan |
port:554 has_screenshot:true |
RTSP cameras with screenshots |
Server: yawcam |
Yawcam webcams |
webcamXP |
WebcamXP servers |
port:8080 title:"Blue Iris" |
Blue Iris CCTV |
port:37777 "DVR" |
Dahua DVR systems |
port:80 title:"DVR" |
Web-accessible DVR |
Google Dorks for Camera Discovery
| Google Dork |
Target |
inurl:"viewerframe?mode=" |
Axis network cameras |
intitle:"webcamXP 5" |
WebcamXP 5 servers |
inurl:"videostream.cgi" |
CGI video streams |
intitle:"Live View / - AXIS" |
AXIS cameras |
inurl:/view/view.shtml |
Mobotix cameras |
24. Google Dorking Bible
🔍 Advanced search operators for finding information that isn't easily discoverable.
Pro tip: Combine multiple operators for maximum precision. Always test in a private/incognito window.
Core Operators
| Operator |
Description |
Example |
site: |
Search within a domain |
site:example.com admin |
inurl: |
Search in URL path |
inurl:admin login |
intitle: |
Search in page title |
intitle:"index of" passwords |
intext: |
Search in page body |
intext:"username" "password" |
filetype: |
Search by file type |
filetype:pdf "confidential" |
ext: |
Search by extension |
ext:sql "dump" |
cache: |
View Google's cached version |
cache:example.com |
allintext: |
All terms in page body |
allintext:username password email |
High-Value OSINT Dorks
| Purpose |
Google Dork |
| Exposed passwords |
intitle:"index of" "passwords.txt" |
| SQL database dumps |
filetype:sql "CREATE TABLE" "INSERT INTO" |
| Config files |
ext:conf OR ext:cnf "password" |
| Exposed .env files |
intitle:"index of" ".env" |
| Open FTP servers |
intitle:"index of" inurl:ftp |
| Exposed git repos |
intitle:"index of" ".git" |
| SSH private keys |
filetype:pem "PRIVATE KEY" |
| phpinfo pages |
ext:php intitle:phpinfo |
| Exposed log files |
filetype:log "password" OR "username" |
Dork Generator Tools
25. Credential & Data Dorking
🗄️ Advanced dorks for finding inadvertently exposed sensitive data on the web.
| Purpose |
Google Dork |
| Gmail in spreadsheets |
allintext:"@gmail.com" "password" filetype:xlsx |
| Exposed credentials in CSV |
filetype:csv "email" "password" |
| Pastebin credential dumps |
filetype:txt "username" "password" site:pastebin.com |
| Database dumps |
filetype:sql "INSERT INTO" "password" "email" |
| Config files with API keys |
filetype:env "DB_PASSWORD" OR "API_KEY" OR "SECRET" |
| Exposed .htpasswd |
filetype:htpasswd htpasswd |
| phpMyAdmin without auth |
inurl:phpmyadmin/index.php intitle:"phpMyAdmin" |
| Exposed Jenkins |
intitle:"Dashboard [Jenkins]" inurl:"/login" |
| AWS keys exposed |
filetype:pem "AKIA" OR "ASIA" |
| GitHub secrets |
site:github.com "API_KEY" OR "api_secret" filetype:env |
26. IP Tracking & Geolocation Links
📍 Tools for tracking IP addresses through crafted links.
⚠️ For authorized use only — e.g., tracking your own email campaigns or authorized phishing simulations.
💡 Trick: Mask a logger URL using the VK redirect:
https://vk.com/away.php?to=YOUR_LOGGER_URL
27. Telegram OSINT Bots & Channels
💬 Telegram-based OSINT tools, bots, and intelligence communities.
OSINT Bots
| Bot |
Description |
Handle |
| Eye of God (Glaz Boga) |
Person lookup by phone/email/photo/VK |
@glazzz_rus_bot |
| @No_BlackMail_bot |
Search email by phone number |
@No_BlackMail_bot |
| @OverSerchBot |
Multi-search OSINT bot |
@OverSerchBot |
| GetContact Bot |
Phone number caller ID |
@getcontact_real_bot |
| Quick OSINT |
Fast person lookup |
@Quick_OSINT_bot |
| @CreationDateBot |
Check Telegram account creation date |
@creationdatebot |
| @SangMataBot |
Check username history of TG accounts |
@SangMataInfo_bot |
OSINT Channels
Telegram Scraping Tools
| Tool |
Description |
Install |
| Telepathy |
Telegram OSINT analysis |
pip install telepathy |
| Telethon |
Python Telegram API library |
pip install telethon |
| TeleGram-OSINTer |
Telegram profile investigation |
git clone https://github.com/Alb-310/TeleGram-OSINTer |
28. Russian OSINT & Person Lookup Services
🇷🇺 Services widely used in Russian-speaking OSINT communities.
| # |
Service |
Description |
Link |
| 1 |
FNS (Tax Service) |
Get INN number, check tax debts |
service.nalog.ru |
| 2 |
TelPoisk |
Phone directory — address by name |
telpoisk.com |
| 3 |
GetContact |
See how number is saved by others |
getcontact.com |
| 4 |
Eye of God |
Person lookup by phone/email/photo |
@glazzz_rus_bot |
| 5 |
Search4faces |
Face search in VK & OK |
search4faces.com |
| 6 |
GetNotify |
Email tracking + geolocation |
getnotify.com |
| 7 |
BinCheck |
Card BIN lookup (bank, region) |
bincheck.io |
VK (VKontakte) OSINT
29. Social Media Searcher Platforms
30. Termux Hacking Toolkit (Complete)
📱 Full OSINT & security toolkit setup for Android via Termux.
Initial Setup
# First-time Termux setup
pkg update -y && pkg upgrade -y
pkg install python python2 git wget curl nmap
pip install requests colorama
termux-setup-storage
Tool List
| # |
Tool |
Purpose |
Install |
| 1 |
Sherlock |
Username OSINT |
pip install sherlock-project |
| 2 |
Maigret |
Username OSINT (3000+ sites) |
pip install maigret |
| 3 |
h8mail |
Email breach hunting |
pip install h8mail |
| 4 |
Zphisher |
Phishing (30+ templates) |
git clone https://github.com/htr-tech/zphisher |
| 5 |
NexPhisher |
Advanced phishing |
git clone https://github.com/htr-tech/nexphisher |
| 6 |
Storm-Breaker |
Camera/Mic/Location SE |
git clone https://github.com/ultrasecurity/Storm-Breaker |
| 7 |
UserRecon |
Username search |
git clone https://github.com/wishihab/userrecon |
| 8 |
IPGeoLocation |
IP geolocation |
git clone https://github.com/maldevel/IPGeoLocation |
| 9 |
Orbit |
Bitcoin address search |
git clone https://github.com/s0md3v/Orbit |
| 10 |
Nmap |
Network scanner |
pkg install nmap |
| 11 |
Hydra |
Login brute force |
pkg install hydra |
| 12 |
PhoneSploit |
Phone exploitation via ADB |
git clone https://github.com/aerosol-can/PhoneSploit |
| 13 |
fsociety |
All-in-one hacking pack |
git clone https://github.com/Manisso/fsociety |
💻 One-command Termux installer
pkg update -y && pkg upgrade -y && \
pkg install -y python git wget curl nmap hydra perl openssh php clang make openssl && \
pip install requests colorama sherlock-project maigret holehe h8mail && \
cd ~ && \
git clone https://github.com/htr-tech/zphisher && \
git clone https://github.com/Manisso/fsociety && \
git clone https://github.com/ultrasecurity/Storm-Breaker && \
git clone https://github.com/wishihab/userrecon && \
echo "Done! All tools installed."
31. Kali Linux OSINT Toolkit
🐉 Tools pre-installed on Kali, plus recommended additions.
Pre-installed on Kali
| Tool |
Category |
Command |
| Nmap |
Network scanning |
nmap |
| Wireshark |
Packet analysis |
wireshark |
| Metasploit |
Exploitation |
msfconsole |
| SQLMap |
SQL injection |
sqlmap |
| Hydra |
Brute force |
hydra |
| John the Ripper |
Password cracking |
john |
| Hashcat |
GPU password cracking |
hashcat |
| Aircrack-ng |
Wi-Fi cracking |
aircrack-ng |
| Nikto |
Web scanner |
nikto |
| Dirb |
Directory brute force |
dirb |
| WPScan |
WordPress scanner |
wpscan |
| theHarvester |
Email/subdomain OSINT |
theHarvester |
| Maltego |
Visual link analysis |
maltego |
| Recon-ng |
Web recon framework |
recon-ng |
| SET |
Social engineering toolkit |
setoolkit |
| Burp Suite |
Web proxy |
burpsuite |
Quick Kali Setup (additional tools)
# From this repo's installer (recommended — installs everything)
sudo bash install.sh
# Or add specific tools manually:
sudo apt update && sudo apt install -y \
amass subfinder httpx nuclei gobuster feroxbuster \
spiderfoot eyewitness phoneinfoga metagoofil
pip install maigret holehe h8mail socialscan social-analyzer \
deepface face_recognition volatility3 telepathy
32. All-in-One Hacking Frameworks
🧰 Comprehensive frameworks that bundle dozens of tools under one roof.
| Framework |
Description |
Install |
| fsociety |
Mr. Robot-inspired hacking pack |
git clone https://github.com/Manisso/fsociety |
| Hackingtool |
All-in-one tool (100+ categories) |
git clone https://github.com/Z4nzu/hackingtool |
| SpiderFoot |
OSINT automation platform |
pip install spiderfoot |
| Maltego |
Visual OSINT & link analysis |
Pre-installed in Kali |
| Recon-ng |
Module-based recon framework |
pip install recon-ng |
| Lazy Script |
Automated pentest helper |
git clone https://github.com/arismelachroinos/lscript |
| osmedeus |
Full automated recon workflow |
git clone https://github.com/j3ssie/osmedeus |
33. Wordlist Generation & Brute Force
📖 Build custom wordlists or use proven collections.
Pro tip: CeWL is great for targeted attacks — it generates wordlists from the target's own website.
| Tool |
Description |
Install |
| Crunch |
Pattern-based wordlist generator |
apt install crunch |
| CeWL |
Custom wordlist from any website |
apt install cewl |
| Cupp |
Profile-based wordlist generator |
git clone https://github.com/Mebus/cupp |
| SecLists |
The ultimate security wordlist collection |
git clone https://github.com/danielmiessler/SecLists |
| RockYou |
Classic leaked password list |
Pre-installed in Kali (/usr/share/wordlists/) |
| Weakpass |
Massive wordlist collection |
weakpass.com |
💻 Wordlist Quick Reference
# Use RockYou (already in Kali)
/usr/share/wordlists/rockyou.txt.gz
gunzip /usr/share/wordlists/rockyou.txt.gz
# Generate a pattern-based wordlist with Crunch
# Format: crunch <min> <max> <charset>
crunch 8 10 abcdefghijklmnopqrstuvwxyz0123456789 -o wordlist.txt
# Generate custom wordlist from a target website
cewl https://example.com -m 6 -w cewl_wordlist.txt
# Profile-based wordlist (interview the target)
python3 cupp.py -i
34. Hardware Hacking Tools
🔧 Physical devices for authorized penetration testing and hardware security research.
| Device |
Description |
Price |
| Flipper Zero |
Multi-tool: RFID, NFC, IR, Sub-GHz, BadUSB |
~$170 |
| HackRF One |
Software-defined radio (1MHz–6GHz) |
~$300 |
| Proxmark3 |
RFID/NFC research & cloning tool |
~$60–300 |
| WiFi Pineapple |
Wi-Fi auditing & rogue AP platform |
~$100–300 |
| USB Rubber Ducky |
USB keystroke injection device |
~$80 |
| Bash Bunny |
Multi-function USB attack platform |
~$120 |
| LAN Turtle |
Covert network access & MITM |
~$60 |
| RTL-SDR |
Budget software-defined radio dongle |
~$25 |
| Alfa AWUS036ACH |
Long-range dual-band Wi-Fi adapter |
~$50 |
| O.MG Cable |
USB cable with embedded implant |
~$120 |
35. OSINT Operating Systems
🖥️ Specialized operating systems built for security research, OSINT, and privacy.
36. OSINT APIs & Developer Tools
🔌 Programmatic access to OSINT data sources for building your own tools.
37. Browser Extensions for OSINT
🧩 Must-have browser extensions for every OSINT investigator.
| Extension |
Description |
Browser |
| Search by Image |
Multi-engine reverse image search |
Chrome / Firefox |
| Wappalyzer |
Technology stack detector |
Chrome / Firefox |
| Shodan |
Server info on any website |
Chrome / Firefox |
| Wayback Machine |
View archived pages instantly |
Chrome / Firefox |
| EXIF Viewer |
View image metadata |
Chrome / Firefox |
| User-Agent Switcher |
Change browser identity |
Chrome / Firefox |
| FoxyProxy |
Proxy management |
Chrome / Firefox |
| Hunchly |
OSINT web capture & case manager |
Chrome |
| InVID/WeVerify |
Video/image verification |
Chrome / Firefox |
| SingleFile |
Save complete web pages |
Chrome / Firefox |
38. OSINT Learning Resources
📚 The best resources for learning OSINT — from beginner to professional.
📺 YouTube Channels
| Channel |
Focus |
| John Hammond |
Cybersecurity & CTFs |
| The Cyber Mentor |
Ethical hacking |
| David Bombal |
Networking & security |
| NetworkChuck |
Cybersecurity tutorials |
| HackerSploit |
Penetration testing |
| Null Byte |
Hacking tutorials |
| 13Cubed |
DFIR & forensics |
39. Awesome OSINT GitHub Repos
⭐ The best curated OSINT resource lists on GitHub.
40. One-Click Install Scripts
🐉 Kali Linux — Full Arsenal
# Option 1: Direct from this repo (one command)
curl -sL https://raw.githubusercontent.com/rawfilejson/awesome-osint-arsenal/main/install.sh | sudo bash
# Option 2: Clone first (recommended — inspect before running)
git clone https://github.com/rawfilejson/awesome-osint-arsenal.git
cd awesome-osint-arsenal
sudo bash install.sh
📱 Termux (Android)
pkg update -y && pkg upgrade -y
pkg install -y python git wget curl nmap hydra perl openssh php clang make openssl
pip install requests colorama sherlock-project maigret holehe h8mail
cd ~ && git clone https://github.com/htr-tech/zphisher && git clone https://github.com/Manisso/fsociety
🔧 Manual Kali Snippet
sudo apt update && sudo apt upgrade -y
sudo apt install -y git python3 python3-pip golang-go nmap wireshark \
sqlmap hydra john hashcat aircrack-ng nikto dirb wpscan \
theharvester maltego spiderfoot set exiftool masscan whatweb \
gobuster feroxbuster wfuzz libimage-exiftool-perl binwalk \
foremost bulk-extractor macchanger tor proxychains4
pip3 install sherlock-project maigret holehe h8mail socialscan \
social-analyzer phoneinfoga snscrape instaloader deepface \
face_recognition volatility3 blackbird-osint nexfil \
socid-extractor osrframework telepathy twayback toutatis \
dnstwist waybackpy trufflehog
cd /opt
sudo git clone https://github.com/Manisso/fsociety
sudo git clone https://github.com/Z4nzu/hackingtool
sudo git clone https://github.com/ultrasecurity/Storm-Breaker
sudo git clone https://github.com/htr-tech/zphisher
sudo git clone https://github.com/s0md3v/Orbit
sudo git clone https://github.com/s0md3v/Photon
sudo git clone https://github.com/danielmiessler/SecLists
sudo git clone https://github.com/lgandx/Responder
sudo git clone https://github.com/commixproject/commix
sudo git clone https://github.com/opsdisk/pagodo
sudo git clone https://github.com/RedSiege/EyeWitness
41. Top 50 Must-Have Tools (Quick Reference)
| # |
Tool |
Category |
Install |
| 1 |
Sherlock |
Username OSINT |
pip install sherlock-project |
| 2 |
Maigret |
Username OSINT (3000+ sites) |
pip install maigret |
| 3 |
h8mail |
Email breach hunting |
pip install h8mail |
| 4 |
Holehe |
Email registration check |
pip install holehe |
| 5 |
theHarvester |
Domain/email recon |
apt install theharvester |
| 6 |
PhoneInfoga |
Phone number OSINT |
See install guide |
| 7 |
Nmap |
Network scanning |
apt install nmap |
| 8 |
Amass |
DNS enumeration |
go install ...amass@master |
| 9 |
Subfinder |
Subdomain discovery |
go install ...subfinder@latest |
| 10 |
Nuclei |
Vulnerability scanning |
go install ...nuclei@latest |
| 11 |
SQLMap |
SQL injection |
apt install sqlmap |
| 12 |
Metasploit |
Exploitation framework |
apt install metasploit-framework |
| 13 |
Hashcat |
Password cracking (GPU) |
apt install hashcat |
| 14 |
Hydra |
Login brute force |
apt install hydra |
| 15 |
Wireshark |
Network analysis |
apt install wireshark |
| 16 |
Aircrack-ng |
Wi-Fi security |
apt install aircrack-ng |
| 17 |
Burp Suite |
Web proxy/testing |
portswigger.net |
| 18 |
SpiderFoot |
OSINT automation |
pip install spiderfoot |
| 19 |
Maltego |
Visual link analysis |
Pre-installed in Kali |
| 20 |
Recon-ng |
Recon framework |
pip install recon-ng |
| 21 |
PimEyes |
Face search engine |
pimeyes.com |
| 22 |
Shodan |
IoT device search |
shodan.io |
| 23 |
Censys |
Internet scanning |
censys.io |
| 24 |
Zphisher |
Phishing tool |
git clone .../zphisher |
| 25 |
Storm-Breaker |
Camera/mic SE tool |
git clone .../Storm-Breaker |
| 26 |
ExifTool |
Image metadata |
apt install libimage-exiftool-perl |
| 27 |
Autopsy |
Digital forensics |
autopsy.com |
| 28 |
Volatility |
Memory forensics |
pip install volatility3 |
| 29 |
Tor Browser |
Anonymous browsing |
torproject.org |
| 30 |
DeHashed |
Breach search engine |
dehashed.com |
| 31 |
Have I Been Pwned |
Breach checker |
haveibeenpwned.com |
| 32 |
fsociety |
All-in-one framework |
git clone .../fsociety |
| 33 |
Hackingtool |
100+ tools in one |
git clone .../hackingtool |
| 34 |
SecLists |
Security wordlists |
git clone .../SecLists |
| 35 |
Osintgram |
Instagram OSINT |
git clone .../Osintgram |
| 36 |
VirusTotal |
Malware/file analysis |
virustotal.com |
| 37 |
Canary Tokens |
IP tracking tokens |
canarytokens.org |
| 38 |
CyberChef |
Data analysis tool |
gchq.github.io/CyberChef |
| 39 |
DeepFace |
AI face analysis |
pip install deepface |
| 40 |
dnsrecon |
DNS enumeration |
pip install dnsrecon |
| 41 |
Gobuster |
Directory brute-force |
go install ...gobuster@latest |
| 42 |
HTTPx |
HTTP probing |
go install ...httpx@latest |
| 43 |
EyeWitness |
Web screenshots |
git clone .../EyeWitness |
| 44 |
Responder |
LLMNR/NBT-NS poisoner |
git clone .../Responder |
| 45 |
Bettercap |
MITM framework |
apt install bettercap |
| 46 |
Photon |
Web OSINT crawler |
git clone .../Photon |
| 47 |
Perplexity AI |
AI research assistant |
perplexity.ai |
| 48 |
GeoSpy |
AI image geolocation |
geospy.ai |
| 49 |
osmedeus |
Full recon workflow |
git clone .../osmedeus |
| 50 |
trufflehog |
Git secret scanner |
pip install trufflehog |
☕ Liked everything above? Section 42-50 just dropped — fuel the next batch:

42. ⚔️ Red Team & Offensive Security
C2 frameworks, AD attacks, exploitation kits, post-exploitation. Authorized testing only.
Pro tip: Sliver and Havoc are the modern open-source Cobalt Strike alternatives — start there before paying.
| Tool |
Description |
Install / Link |
| AD Attack & Defense |
Comprehensive Active Directory attack reference |
git clone https://github.com/infosecn1nja/AD-Attack-Defense.git |
| Arjun |
HTTP parameter discovery suite |
pip3 install arjun |
| BloodHound |
AD attack-path graph analysis |
git clone https://github.com/BloodHoundAD/BloodHound.git |
| BloodHound CE |
Community Edition of BloodHound — modernized stack |
docker pull specterops/bloodhound:latest |
| Brute Ratel C4 |
Premium C2 with strong AV/EDR evasion |
bruteratel.com |
| Certipy |
Active Directory Certificate Services enumeration and abuse |
pip3 install certipy-ad |
| Cobalt Strike |
Premium adversary simulation / red team framework |
cobaltstrike.com |
| CrackMapExec |
Post-exploitation tool for AD networks |
pip3 install crackmapexec |
| CRLFuzz |
Fast CRLF-injection scanner in Go |
go install github.com/dwisiswant0/crlfuzz/cmd/crlfuzz@latest |
| Dalfox |
Fast, intelligent XSS scanner |
go install github.com/hahwul/dalfox/v2@latest |
| Evil-WinRM |
Ultimate WinRM shell for hacking/pentesting |
apt install evil-winrm |
| Ghauri |
Advanced cross-platform tool to detect/exploit SQLi |
git clone https://github.com/r0oth3x49/ghauri.git |
| Gxss |
Test parameters for cross-site scripting reflection |
go install github.com/KathanP19/Gxss@latest |
| HackTricks |
Pentesting / hacking knowledge base by carlospolop |
book.hacktricks.xyz |
| Havoc |
Modern, malleable post-exploitation C2 framework |
git clone https://github.com/HavocFramework/Havoc.git |
| Impacket |
Python classes for working with network protocols (Windows attacks) |
pip3 install impacket |
| Kerbrute |
Tool for performing Kerberos pre-auth bruteforcing |
go install github.com/ropnop/kerbrute@latest |
| kiterunner |
Contextual content-discovery for modern API endpoints |
go install github.com/assetnote/kiterunner/cmd/kr@latest |
| Merlin |
Cross-platform HTTP/2 post-exploitation server and agent in Go |
go install github.com/Ne0nd0g/merlin@latest |
| Metasploit Framework |
Industry-standard exploitation framework with 2000+ modules |
apt install metasploit-framework |
| Mythic |
Cross-platform, post-exploit, multi-user red team framework |
git clone https://github.com/its-a-feature/Mythic.git |
| NetExec (nxc) |
CrackMapExec maintained successor — AD network exploitation |
pip3 install git+https://github.com/Pennyw0rth/NetExec |
| Nighthawk |
Premium evasive C2 by MDSec (Cobalt Strike alt) |
mdsec.co.uk |
| NoSQLMap |
Automated NoSQL database enumeration and exploitation |
git clone https://github.com/codingo/NoSQLMap.git |
| Nuclei Templates |
Community-curated templates for Nuclei |
git clone https://github.com/projectdiscovery/nuclei-templates.git |
| ParamMiner (Burp ext) |
Discover hidden, unlinked HTTP parameters in Burp |
git clone https://github.com/PortSwigger/param-miner.git |
| PayloadsAllTheThings |
Web app pentest payloads, bypasses, and methodology |
git clone https://github.com/swisskyrepo/PayloadsAllTheThings.git |
| PetitPotam |
PoC tool to coerce Windows hosts to authenticate to attacker |
git clone https://github.com/topotam/PetitPotam.git |
| PowerShell Empire |
Post-exploitation framework with PS-based agents |
git clone https://github.com/BC-SECURITY/Empire.git |
| Rubeus |
C# toolset for raw Kerberos interaction and abuse |
git clone https://github.com/GhostPack/Rubeus.git |
| SharpHound |
C# data collector for BloodHound |
git clone https://github.com/BloodHoundAD/SharpHound.git |
| Sliver |
Open-source adversary emulation/red-team framework (Cobalt Strike alt) |
go install github.com/bishopfox/sliver/server@latest |
| SSRFmap |
Automated SSRF detection and exploitation framework |
git clone https://github.com/swisskyrepo/SSRFmap.git |
| Villain |
High-level stage 0/1 C2 framework for handling sibling agents |
git clone https://github.com/t3l3machus/Villain.git |
| XSStrike |
Advanced XSS scanner with crawler and payload generator |
git clone https://github.com/s0md3v/XSStrike.git |
43. 🛡️ Blue Team & Defensive Security
SIEM, EDR, network monitoring, detection engineering, IR.
Pro tip: Wazuh is your free Splunk replacement. Pair it with Sigma rules + Suricata for a full SOC stack on commodity hardware.
| Tool |
Description |
Install / Link |
| Atomic Red Team |
Library of small detection-test scripts mapped to MITRE ATT&CK |
git clone https://github.com/redcanaryco/atomic-red-team.git |
| Chainsaw |
Hunt threats in Windows event logs — fast forensics |
git clone https://github.com/WithSecureLabs/chainsaw.git |
| Cortex (TheHive) |
Observable analysis and active response engine |
docker pull thehiveproject/cortex:latest |
| Elastic Stack (ELK) |
Elasticsearch + Logstash + Kibana — log analytics |
docker pull docker.elastic.co/elasticsearch/elasticsearch:latest |
| Falco |
Cloud-native runtime security |
git clone https://github.com/falcosecurity/falco.git |
| Graylog |
Open-source log management / SIEM |
docker pull graylog/graylog:latest |
| Hayabusa |
Windows event log fast forensics timeline generator |
git clone https://github.com/Yamato-Security/hayabusa.git |
| Loki |
Simple IOC and YARA scanner by Florian Roth |
git clone https://github.com/Neo23x0/Loki.git |
| MITRE ATT&CK |
Adversary tactics, techniques, and procedures knowledge base |
attack.mitre.org |
| MITRE CALDERA |
Cyber adversary emulation platform |
git clone https://github.com/mitre/caldera.git |
| MITRE D3FEND |
Defensive countermeasure knowledge graph |
d3fend.mitre.org |
| osquery |
SQL-powered OS instrumentation/monitoring/analytics |
apt install osquery |
| RITA |
Real Intelligence Threat Analytics — beaconing/long-conn detection |
git clone https://github.com/activecm/rita.git |
| Security Onion |
Linux distro for threat hunting, monitoring, and log management |
securityonionsolutions.com |
| Sigma |
Generic signature format for SIEM detections |
git clone https://github.com/SigmaHQ/sigma.git |
| sigma-cli |
Convert Sigma rules to native SIEM queries |
pip3 install sigma-cli |
| Snort |
Open-source intrusion-prevention/detection system |
apt install snort |
| Suricata |
High-perf network IDS / IPS / NSM |
apt install suricata |
| TheHive |
Scalable, free, open-source case management for SOCs |
docker pull strangebee/thehive:latest |
| Tracee |
Runtime security and forensics using eBPF (Aqua) |
git clone https://github.com/aquasecurity/tracee.git |
| Velociraptor |
Endpoint visibility and digital forensics — query-driven |
git clone https://github.com/Velocidex/velociraptor.git |
| Velociraptor Server |
Centralized server for Velociraptor agents |
docs.velociraptor.app |
| Wazuh |
Open-source XDR / SIEM platform |
git clone https://github.com/wazuh/wazuh.git |
| Zeek (Bro) |
Powerful network analysis framework for security monitoring |
apt install zeek |
44. 🛰️ Threat Intel Platforms
CTI platforms — open-source and enterprise.
Pro tip: MISP is free and powerful. OpenCTI gives you a STIX2-native graph DB. Both run as Docker stacks.
45. 🔬 Digital Forensics & Reverse Engineering
Disk/memory forensics, malware reverse engineering, timeline tools, binary analysis.
Pro tip: Volatility 3 + Plaso (log2timeline) + KAPE = the modern DFIR triage stack. Ghidra > IDA Free for static analysis.
| Tool |
Description |
Install / Link |
| Binary Ninja |
Modern reverse engineering platform with API |
binary.ninja |
| Cutter |
GUI for radare2/rizin reverse-engineering |
git clone https://github.com/rizinorg/cutter.git |
| Dissect |
Fox-IT framework for fast forensic image analysis |
pip3 install dissect |
| Eric Zimmerman's Tools |
Suite of free Windows DFIR utilities |
ericzimmerman.github.io |
| FTK Imager |
Forensic disk imaging tool by AccessData |
exterro.com |
| Ghidra |
NSA's open-source software reverse engineering suite |
git clone https://github.com/NationalSecurityAgency/ghidra.git |
| IDA Free |
Free version of IDA disassembler/decompiler |
hex-rays.com |
| KAPE |
Kroll Artifact Parser and Extractor — fast triage collection |
kroll.com |
| PhotoRec |
File data recovery — focuses on multimedia |
apt install testdisk |
| Plaso (log2timeline) |
Super-timeline creation from forensic artifacts |
pip3 install plaso |
| radare2 |
Reverse engineering framework |
apt install radare2 |
| RegRipper |
Open-source Windows registry parsing tool |
git clone https://github.com/keydet89/RegRipper3.0.git |
| Rekall |
Memory forensics tooling (legacy fork of Volatility) |
pip3 install rekall |
| rizin |
Modern fork of radare2 with cleaner API |
git clone https://github.com/rizinorg/rizin.git |
| The Sleuth Kit |
Library and CLI tools for forensic disk analysis |
apt install sleuthkit |
| Volatility 3 |
Memory forensics framework |
pip3 install volatility3 |
46. 🎓 Training, Labs & CTF
Hands-on practice — paid platforms and free local labs.
Pro tip: Free path: TryHackMe → PortSwigger Academy → HackTheBox retired boxes. Paid path: HTB Academy + OffSec PG.
47. 🎯 Bug Bounty Platforms
Where to actually earn money from your skills.
Pro tip: Start on Bugcrowd or YesWeHack public programs — easier triage and lower competition than HackerOne H1.
48. 📚 Learning Resources
Books, courses, blogs, YouTube channels, awesome lists.
Pro tip: IppSec.rocks indexes EVERY HackTheBox walkthrough — search any retired box and watch how a pro solves it.
Tools added in v2.x — modern recon, archive lookups, niche services, research-grade pivots.
Pro tip: This section gets refreshed every release — check before you reach for an older tool.
| Tool |
Description |
Install / Link |
| abuse.ch Hunting |
Hunt across all abuse.ch malware platforms with one query |
hunting.abuse.ch |
| Aleph Open Search |
Dark-web search engine by Aleph Networks |
open-search.aleph-networks.eu |
| Aletheia (image forensics) |
Detect manipulated/AI-generated images |
aletheia.ai |
| altdns |
Generates permutations, alterations and mutations of subdomains |
pip3 install py-altdns |
| anew |
Append lines from stdin to a file only if not already there |
go install github.com/tomnomnom/anew@latest |
| ANY.RUN |
Interactive online malware sandbox |
any.run |
| Apollo.io |
B2B phone/email finder — 1200 free credits/yr |
apollo.io |
| APT Groups and Operations |
Spreadsheet of threat actors, sponsoring countries, TTPs |
docs.google.com |
| Aquatone |
Visual inspection of websites across hosts (HTTP screenshots, attack-surface flyovers) |
go install github.com/michenriksen/aquatone@latest |
| Archive.today |
Web archive — saves snapshots even when robots.txt blocks Wayback |
archive.ph |
| Arctic Shift |
Tool for accessing large dumps of Reddit data via API/web |
git clone https://github.com/ArthurHeitmann/arctic_shift.git |
| Arkham Intelligence |
On-chain intel — labels, entities, historical flows |
arkhamintelligence.com |
| assetfinder |
Find domains and subdomains related to a given domain |
go install github.com/tomnomnom/assetfinder@latest |
| AutoRecon |
Multi-threaded network reconnaissance and enumeration framework |
pip3 install git+https://github.com/Tib3rius/AutoRecon.git |
| Axiom |
Dynamic infra framework for parallel cloud-based recon |
git clone https://github.com/pry0cc/axiom.git |
| BackgroundChecks.com |
Background check aggregator (BeenVerified family) |
backgroundchecks.com |
| Baidu |
Major Chinese search engine — essential for China-focused OSINT |
baidu.com |
| BeVigil |
Search subdomains, URLs, parameters from mobile applications |
bevigil.com |
| BGP.tools |
Modern BGP toolkit for network reconnaissance |
bgp.tools |
| BinaryEdge |
Cyber risk and attack-surface intelligence |
binaryedge.io |
| Bitquery |
Blockchain data APIs for on-chain investigation |
bitquery.io |
| Black Book Online |
Free nationwide directory of public-record lookups |
blackbookonline.info |
| BlackEye |
32+ phishing template builder for credential capture (lab-only) |
git clone https://github.com/An0nUD4Y/blackeye.git |
| Brave Browser |
Privacy-focused browser with built-in Tor/IPFS support |
brave.com |
| Brave Search |
Independent, transparent, ad-free search engine |
search.brave.com |
| BreachForums Status |
Status tracking for the rotating BreachForums mirrors |
breachforums.cx |
| Breadcrumbs |
Free crypto investigation platform — visualize transaction flows |
breadcrumbs.app |
| BrightCloud Threat Intelligence |
URL/IP/threat reputation database |
brightcloud.com |
| BrightCloud URL/IP Lookup |
Reputation, category, and threat checks for URLs/IPs |
brightcloud.com |
| BscScan |
Binance Smart Chain explorer — same UX as Etherscan |
bscscan.com |
| CachedView |
View Google/Bing/Yandex cached versions of any page |
cachedview.com |
| Castrick |
Find social media accounts via email, username, phone |
castrickclues.com |
| Censys CLI |
Official Python wrapper and CLI for Censys |
pip3 install censys |
| CertKit Certificate Search |
Fast search for public SSL/TLS certificate records |
certkit.io |
| Chainabuse |
Public crypto-scam reporting database |
chainabuse.com |
| Chainalysis Reactor |
Premium blockchain investigation platform |
chainalysis.com |
| CheckUser |
Search username across multiple social networks |
checkuser.vercel.app |
| CIRCL Hashlookup |
Free public hashlookup for known software files |
circl.lu |
| Cisco Talos Intelligence |
IP and Domain Reputation Center for real-time detection |
talosintelligence.com |
| Clearbit Connect |
Email finder browser extension with company data |
connect.clearbit.com |
| Cloudflare Radar |
Internet traffic patterns, attacks, technology trends |
radar.cloudflare.com |
| Clustrmaps |
Find people and address information |
clustrmaps.com |
| Commander Search |
Boolean search builder for OSINT investigators |
commandersearch.com |
| Constella Intelligence |
Identity threat intel from breaches and dark web |
constellaintelligence.com |
| ContactOut |
Find emails and phones for 300M+ professionals |
contactout.com |
| CredenShow |
Identify your compromised credentials before others do |
credenshow.com |
| CrossLinked |
LinkedIn enumeration — generate username lists from LinkedIn profiles |
pip3 install crosslinked |
| DBpedia |
Structured Wikipedia data — SPARQL endpoint |
dbpedia.org |
| Digital Footprint Check |
Free username check on hundreds of sites |
digitalfootprintcheck.com |
| dirsearch |
Web path scanner — advanced wordlist-based directory bruteforce |
pip3 install dirsearch |
| Discord Lookup |
Look up Discord user info via ID |
discordlookup.com |
| DiscordHistory |
Search public Discord servers and messages |
disboard.org |
| DNS History |
Historical DNS records lookup |
dnshistory.org |
| DocumentCloud |
Platform for analyzing, annotating, publishing documents |
documentcloud.org |
| DomainEye Reverse WHOIS |
Search domains by registrant data |
domaineye.com |
| dork-cli |
Run Google dorks from the command line |
git clone https://github.com/jgor/dork-cli.git |
| DorkGenius |
AI-powered search query generator for Google, Bing, DuckDuckGo |
dorkgenius.com |
| Dorky |
Online dork builder for Google/Bing/DuckDuckGo |
dorky.io |
| Dune Analytics |
SQL queries over indexed blockchain data |
dune.com |
| Elliptic |
Crypto financial-crime detection and investigation |
elliptic.co |
| EmailRep.io |
Free email reputation API by Sublime Security |
emailrep.io |
| Epieos Tools |
Reverse-lookup email/phone for Google profile data |
tools.epieos.com |
| Epstein Exposed |
Searchable database of 2M+ DOJ Epstein case docs and network graphs |
epsteinexposed.com |
| ETDA APT Groups |
Search threat-actor groups and their tools |
apt.etda.or.th |
| etherscan-py |
Python wrapper for Etherscan API |
pip3 install etherscan-python |
| ExportData |
Historical tweet, follower, and trend export tool |
exportdata.io |
| FamilyTreeNow |
Free genealogy search — addresses, phones, emails |
familytreenow.com |
| ffuf |
Fast Go-based web fuzzer — directory, parameter, vhost discovery |
go install github.com/ffuf/ffuf/v2@latest |
| Filesec.io |
Catalog of malicious file extensions, risks, OS-level mitigations |
filesec.io |
| Findomain |
Cross-platform subdomain enumerator with monitoring features |
git clone https://github.com/Findomain/Findomain.git |
| Flickr |
Photo-sharing — geosearch + license + camera EXIF intact |
flickr.com |
| Foller.me |
Twitter analytics — bio, languages, hashtags, mentions |
foller.me |
| Forensically Beta |
Online image forensics — clone detection, level sweep |
29a.ch |
| FullContact |
Identity-resolution API and person enrichment |
fullcontact.com |
| gau (getallurls) |
Fetch URLs from AlienVault OTX, Wayback, Common Crawl, URLScan |
go install github.com/lc/gau/v2/cmd/gau@latest |
| Geocreepy |
Geolocation aggregator — pulls geotagged posts across networks |
geocreepy.com |
| GeoHints |
Browser-based satellite/streetview geolocation training & investigation |
geohints.com |
| GeoSpy Pro |
Premium AI image geolocation by Graylark |
geospy.ai |
| Get-Metadata.com |
Online EXIF extractor — handles .DOCX/.PDF too |
get-metadata.com |
| gf |
Wrapper around grep with patterns for bug-bounty workflow |
go install github.com/tomnomnom/gf@latest |
| Ghiro |
Automated digital image forensics |
getghiro.org |
| git-hound |
Find sensitive data exposed via GitHub code search |
go install github.com/tillson/git-hound@latest |
| github_monitor |
Real-time tracking of GitHub user activity and repo changes |
git clone https://github.com/misiektoja/github_monitor.git |
| gitleaks |
Detect secrets, credentials, and API keys in git repos |
go install github.com/gitleaks/gitleaks/v8@latest |
| Google Guide Advanced Operators |
Reference for Google search operators |
googleguide.com |
| Google Hacking Database (GHDB) |
Index of dorks for finding publicly exposed info |
exploit-db.com |
| GoSpider |
Fast Go web spider for crawling/audit |
go install github.com/jaeles-project/gospider@latest |
| gowitness |
Modern Go-based web screenshot utility (Aquatone successor) |
go install github.com/sensepost/gowitness@latest |
| GrayhatWarfare |
Index of open Amazon S3 buckets — find exposed cloud data |
grayhatwarfare.com |
| GreyNoise CLI |
Command-line tool for GreyNoise mass-scanner intel |
pip3 install greynoise |
| GreyNoise Visualizer |
Tells you which IPs are noise vs targeted threats |
viz.greynoise.io |
| hakrawler |
Fast Go web crawler for endpoint and asset discovery |
go install github.com/hakluke/hakrawler@latest |
| Hatching Triage |
Modern malware sandbox with kernel-level monitoring |
tria.ge |
| haveibeenzuckered |
Check if a phone number is in the 533M Facebook breach |
haveibeenzuckered.com |
| HIB Ransomed |
Check if your data has been leaked by ransomware groups |
haveibeenransom.com |
| httprobe |
Take a list of domains and probe for working HTTP/HTTPS |
go install github.com/tomnomnom/httprobe@latest |
| Hudson Rock |
Free infostealer-compromise check tools (domain/email/IP) |
hudsonrock.com |
| Hybrid Analysis |
Free advanced malware analysis service by CrowdStrike |
hybrid-analysis.com |
| IKnowYour.Dad |
Data breach search engine |
iknowyour.dad |
| Imgur |
Image hosting — meme tracing and reverse search |
imgur.com |
| instagram_monitor |
Real-time tracking of Instagram users with email alerts and CSV logs |
git clone https://github.com/misiektoja/instagram_monitor.git |
| Intelligence X (intelx.io) |
Selective archive search — emails, leaks, paste sites, dark-web |
intelx.io |
| Interlace |
Easily turn single-threaded CLI apps into multi-threaded jobs |
git clone https://github.com/codingo/Interlace.git |
| Joe Sandbox |
Deep automated malware analysis (free tier) |
joesandbox.com |
| JSFinder |
Find JS files referenced from a URL — endpoints / API paths |
git clone https://github.com/Threezh1/JSFinder.git |
| Kagi Search |
Premium privacy-respecting search engine, no ads, no tracking |
kagi.com |
| knock |
Domain knock — security testing via DNS |
git clone https://github.com/guelfoweb/knock.git |
| Knockpy |
Subdomain enumeration scan with virtual host discovery |
pip3 install knock-subdomains |
| linkedin2username |
Generate usernames from a target's LinkedIn employees |
git clone https://github.com/initstring/linkedin2username.git |
| LinkedInDumper |
Dump/scrape company employees from LinkedIn API |
git clone https://github.com/l4rm4nd/LinkedInDumper.git |
| Malpedia |
Threat-actor groups, malware families, and analysis by Fraunhofer |
malpedia.caad.fkie.fraunhofer.de |
| MalShare |
Free malware sample repository for researchers |
malshare.com |
| massdns |
High-performance DNS stub resolver for bulk lookups |
git clone https://github.com/blechschmidt/massdns.git |
| meg |
Fetch many paths for many hosts without flooding |
go install github.com/tomnomnom/meg@latest |
| Memento Time Travel |
Federated search across multiple web archives |
timetravel.mementoweb.org |
| Metadata2Go |
Free online metadata extractor for any file |
metadata2go.com |
| MetaDefender Cloud |
Multi-engine file/URL/IP scanning by OPSWAT |
metadefender.com |
| MetaSleuth |
Free + paid crypto transaction tracing tool |
metasleuth.io |
| MISP Galaxy |
Adversary group identification used by SOCs/ISACs |
misp-galaxy.org |
| Mitaka |
Browser extension for OSINT — extract IoCs from highlighted text |
git clone https://github.com/ninoseki/mitaka.git |
| Mnemonic Passive DNS |
Free passive-DNS query tool |
passivedns.mnemonic.no |
| Mojeek |
Independent search engine that doesn't track users |
mojeek.com |
| Mylnikov Geolocation |
BSSID/Wi-Fi MAC to coordinates lookup |
mylnikov.org |
| Naabu |
Fast Go-based port scanner from ProjectDiscovery |
go install github.com/projectdiscovery/naabu/v2/cmd/naabu@latest |
| Name Checkr |
Check domain and username across many platforms |
namecheckr.com |
| Name Checkup |
Check username availability across social media |
namecheckup.com |
| NameKetchup |
Check domain + username on popular social media |
nameketchup.com |
| Naver |
South Korean search engine — local content not on Google |
naver.com |
| NerdyData |
Search engine for source code across the public web |
nerdydata.com |
| Netcraft Site Report |
Web technology, hosting history, takedown service |
sitereport.netcraft.com |
| Oblivion |
OSINT framework |
git clone https://github.com/loseys/Oblivion.git |
| ODIN |
Search hosts, CVEs, exposed buckets — 10 free searches/day |
search.odin.io |
| Offshore Leaks Database |
Panama/Pandora/Paradise Papers searchable database |
offshoreleaks.icij.org |
| OnionLand Search |
Search engine for dark-web content |
onionlandsearchengine.com |
| Open-Source Intelligence (Reverse Image) |
Yandex/Bing/TinEye combined reverse-image search |
oosint.com |
| OpenCellID |
Largest public database of cell-tower IDs |
opencellid.org |
| opencorporates-cli |
Command-line client for OpenCorporates API |
pip3 install opencorporates |
| OpenPhish |
Live phishing URL feed |
openphish.com |
| OpenRailwayMap |
Worldwide rail network map — rolling stock, infrastructure, signals |
openrailwaymap.org |
| OpenSanctions |
Consolidated database of sanctioned entities across 200+ sources |
opensanctions.org |
| OXT (OpenXt) |
Bitcoin transaction graph explorer with clustering |
oxt.me |
| PassiveTotal (RiskIQ) |
Passive DNS, WHOIS, SSL cert pivots — now Microsoft Defender TI |
community.riskiq.com |
| Peekalink |
Preview any URL — title, description, screenshot via API |
peekalink.io |
| PhishStats |
Live phishing intelligence feed and search |
phishstats.info |
| PhishTank |
Anti-phishing community — verified phishing URLs |
phishtank.org |
| Picarta.ai |
AI-powered photo geolocation predictor |
picarta.ai |
| Pinterest |
Visual search engine — alternate reverse-image source |
pinterest.com |
| PolygonScan |
Polygon (Matic) blockchain explorer |
polygonscan.com |
| Predicta Search |
Search social accounts by email or phone |
predictasearch.com |
| Public Transport Maps |
20+ online public transport maps by country |
cipher387.github.io |
| PublicWWW |
Search the web's source code (HTML/JS/CSS) for snippets, trackers, scripts |
publicwww.com |
| PullPush |
Index/retrieval service for Reddit (incl. deleted content) |
pullpush.io |
| Pushshift API |
Historical Reddit data — posts, comments, metadata |
pushshift.io |
| Quake (360.cn) |
Chinese internet asset search engine |
quake.360.net |
| RECAP Archive |
Public archive of PACER court documents |
courtlistener.com |
| reconFTW |
Full-suite domain recon — subdomain enum, port scan, vuln scan in one pipeline |
git clone https://github.com/six2dez/reconftw.git |
| RedditMetis |
Reddit user analysis — summary, top posts, activity stats |
redditmetis.com |
| RedditSearch.io |
Search archived Reddit content via Pushshift mirror |
redditsearch.io |
| Revealer.cc |
Discord-based account-checker & breach lookup |
revealer.cc |
| RocketReach |
Find professional emails/phones for 700M+ profiles |
rocketreach.co |
| RustScan |
Modern port scanner — finds open ports, then pipes to Nmap |
git clone https://github.com/RustScan/RustScan.git |
| ScamAdviser |
Check website trustworthiness scores |
scamadviser.com |
| Scribd |
Search for documents, presentations, sheet music, ebooks |
scribd.com |
| searchcode |
Search 75+ billion lines of public source code across GitHub/GitLab/Bitbucket |
searchcode.com |
| Seeker |
Geolocation by phishing — collects precise GPS via WebRTC + browser geolocation |
git clone https://github.com/thewhiteh4t/seeker.git |
| Shadowserver Dashboard |
Global statistics on cyber threats by Shadowserver Foundation |
dashboard.shadowserver.org |
| Sherloq |
Open-source image forensics toolset |
git clone https://github.com/GuidoBartoli/sherloq.git |
| Shodan CLI |
Official Shodan command-line client |
pip3 install shodan |
| SlideShare |
Search public PowerPoint/PDF presentations |
slideshare.net |
| smap |
Drop-in replacement for nmap powered by shodan.io |
go install github.com/s0md3v/smap/cmd/smap@latest |
| Snusbase API |
API access to breach data (premium) |
snusbase.com |
| SourceGraph |
Search code from millions of open-source repos |
sourcegraph.com |
| SpyCloud |
Account-takeover prevention + identity exposure data |
spycloud.com |
| Startpage |
Privacy-focused search — Google results with no tracking |
startpage.com |
| StealSeek |
Search engine for finding and analyzing data breaches |
stealseek.io |
| SubredditStats |
Subreddit user-overlap, growth, top posts |
subredditstats.com |
| Telegago |
Google CSE for finding public/private Telegram channels |
cse.google.com |
| Telegram Nearby Map |
Find positions of nearby Telegram users via OSM |
git clone https://github.com/tejado/telegram-nearby-map.git |
| Telegram Search (lyzem.com) |
Search public Telegram messages and channels |
lyzem.com |
| Telemetr |
Telegram channel/group analytics |
telemetr.io |
| Telerecon |
Reconnaissance framework for investigating Telegram |
git clone https://github.com/sockysec/Telerecon.git |
| Teleteg |
Telegram search engine — 10 free results |
teleteg.com |
| TGStat |
Telegram channel analytics — post stats, audience overlap |
tgstat.com |
| The Hidden Wiki |
Curated directory of dark-web sites (mirror-dependent) |
thehiddenwiki.org |
| the-endorser |
Map LinkedIn endorsements/skills to draw out person relationships |
git clone https://github.com/eth0izzle/the-endorser.git |
| TikTok Finder Country |
Free OSINT lookup for TikTok account country/language |
tiktokfindercountry.xyz |
| TorghostNG |
Anonymize all OS traffic via Tor (Linux) |
git clone https://github.com/githacktools/TorghostNG.git |
| TOsint |
Extract info from Telegram bots and channels |
git clone https://github.com/drego85/tosint.git |
| Trace |
Search usernames, emails, phones across 600+ platforms with risk scoring |
trace.manus.space |
| Transit Visualisation Client |
Real-time public transport across 700+ cities |
tracker.geops.ch |
| Trends24 |
Twitter trends history per country |
trends24.in |
| TRM Labs |
Crypto compliance and investigation platform |
trmlabs.com |
| TweetBinder |
Twitter/X analytics dashboards |
tweetbinder.com |
| Twitch Search |
Search live streams by category, language, viewer count |
twitch.tv |
| Twiteur |
Twitter/X advanced search wrapper — geo, date, sentiment |
twiteur.com |
| U-Find |
Reddit user comment / submission scraper |
u-find.com |
| uncover |
ProjectDiscovery — quickly find exposed hosts via Shodan/Censys/Fofa |
go install github.com/projectdiscovery/uncover/cmd/uncover@latest |
| URLCrazy |
Generate domain typos and check availability/registration |
git clone https://github.com/urbanadventurer/urlcrazy.git |
| URLhaus (abuse.ch) |
Database of malicious URLs used for malware distribution |
urlhaus.abuse.ch |
| User-Searcher |
Search a username across 2000+ websites |
user-searcher.com |
| Vehicle Number Search Toolbox |
Search 14 country license plates from one page |
cipher387.github.io |
| Venacus |
Search for your data breaches and get notified when compromised |
venacus.com |
| Vigilante.pw |
Index of dumped databases (educational) |
vigilante.pw |
| VMRay Analyzer |
Malware sandbox analysis platform |
vmray.com |
| WalletExplorer |
Smart bitcoin block explorer — clusters addresses by entity |
walletexplorer.com |
| waybackurls |
Fetch all URLs the Wayback Machine knows about a domain |
go install github.com/tomnomnom/waybackurls@latest |
| Whoisology |
Reverse WHOIS — find domains by registrant |
whoisology.com |
| Whoxy |
WHOIS lookup with reverse-WHOIS, history, and bulk API |
whoxy.com |
| Wikidata |
Wikipedia's structured-data backbone — query via SPARQL |
wikidata.org |
| Wikipedia |
Free encyclopedia — start of every people/place investigation |
en.wikipedia.org |
| WorldLicensePlates |
Graphic index of license plates by country |
worldlicenseplates.com |
| XeuleDoc |
Fetch info on Google Docs/Sheets/Slides/Drawings without auth |
pip3 install xeuledoc |
| Yandex |
Russian search engine — strong reverse-image and Cyrillic support |
yandex.com |
| YARAify |
Collaborative YARA engine for open threat intel via file pattern matching |
yaraify.abuse.ch |
| Yumpu |
Document publishing — sometimes leaks via search |
yumpu.com |
| ZeroBounce |
Email validation and deliverability service |
zerobounce.net |
| ZoomEye CLI |
Command-line interface for ZoomEye internet asset search |
pip3 install zoomeye |
50. 🇬🇪 Georgian OSINT Arsenal (500+ resources)
🇬🇪 The most comprehensive OSINT resource collection for the country of Georgia (Sakartvelo).
28 sub-sections · 500+ verified resources — government databases, public registries, investigative tools, open-data portals, Telegram bots & more.
Pro tip: Pair this with my Georgian-Wordlist (760K Georgian words for security research) and Wordlist-Generator.
[!WARNING]
Educational and lawful investigative use only. Respect Georgia's Law on Personal Data Protection and the GDPR. Authors are not responsible for any misuse.
📋 Click to expand the full Georgian OSINT Arsenal (28 sub-sections)
50.1 Government Registries & E-Government Portals
The Georgian government has one of the most digitized public service systems in the post-Soviet space. Most services are accessible through centralized portals.
Core Government Portals
| Resource |
URL |
Description |
| my.gov.ge |
https://my.gov.ge |
Unified e-government portal -- birth/death certificates, property search, business registry, correspondence with agencies |
| Government of Georgia |
https://gov.ge |
Official government website with news, ministries, and policy documents |
| Parliament of Georgia |
https://parliament.ge |
Parliamentary records, laws, MP profiles, committee meetings, voting records |
| President of Georgia |
https://president.gov.ge |
Presidential decrees, pardons, appointments, official statements |
| Ministry of Justice |
https://justice.gov.ge |
Justice system information, legal aid, notary services |
| Ministry of Internal Affairs (MIA) |
https://police.ge |
Police reports, wanted persons, crime statistics, press releases |
| Ministry of Finance |
https://mof.gov.ge |
State budget, fiscal data, financial reports |
| Ministry of Foreign Affairs |
https://mfa.gov.ge |
Diplomatic information, consular services, international agreements |
| Ministry of Economy |
https://economy.ge |
Economic policy, trade data, investment climate |
| Ministry of Regional Development |
https://mrdi.gov.ge |
Infrastructure projects, regional development data |
Public Registries & Databases
| Resource |
URL |
Description |
| National Agency of Public Registry (NAPR) |
https://napr.gov.ge |
Central hub for property, business, and civil registry -- 331 services |
| Entrepreneur Registry |
https://enreg.reestri.gov.ge |
Search any business entity -- name, ID, registration date, founders, directors |
| Property Registry |
https://napr.gov.ge/en/service/registers |
Search immovable property records by cadastral code or owner |
| Civil Registry |
https://napr.gov.ge |
Birth, marriage, death, divorce records (restricted access) |
| Revenue Service (RS) |
https://rs.ge |
Tax identification lookup, customs data, VAT portal, business tax status |
| RS Taxpayer Search |
https://rs.ge/TaxPayer-en |
Search taxpayers by name or identification number |
| RS E-Services |
https://rs.ge/Eservices-en |
Auto/Moto levy calculator, customs duties calculator, property tax calculator |
| Legislative Herald (Matsne) |
https://matsne.gov.ge |
All Georgian legislation -- laws, decrees, regulations, international treaties (full text) |
| National Archives |
https://archive.gov.ge |
Historical documents, electronic catalogues, digitized archives |
| Service Development Agency (SDA) |
https://sda.gov.ge |
ID cards, passports, residence permits, citizenship, personal data services |
| Civil Service Bureau |
https://csb.gov.ge |
Public servant registry, HR policy, ethics, training programs |
| State Inspector |
https://dis.gov.ge |
Personal data protection authority, surveillance oversight |
| NSDI Geoportal |
https://nsdi.gov.ge |
National Spatial Data Infrastructure -- land parcels, addresses, cadastral maps |
| Data Exchange Agency (DEA) |
https://dea.gov.ge |
Government interoperability platform, electronic document exchange |
| National Food Agency |
https://nfa.gov.ge |
Food safety registry, licensed food businesses, inspection results |
| National Environmental Agency |
https://nea.gov.ge |
Environmental monitoring data, weather, seismic data |
| Competition Agency |
https://competition.ge |
Market concentration, merger decisions, anti-trust investigations |
| Insurance State Supervision |
https://insurance.gov.ge |
Licensed insurance companies, regulatory data |
| National Wine Agency |
https://wine.gov.ge |
Georgian wine registry, appellation data, export statistics |
Key my.gov.ge Services for OSINT
| Service |
What You Can Find |
| Property Registry Search |
Real estate ownership by cadastral code |
| Entrepreneur/Legal Entity Search |
Business registration status, founders, directors |
| Birth/Death Certificates |
(Restricted) Vital records verification |
| Correspondence with Agencies |
Submit information requests to any government body |
| Tax Debt Information |
Check individual tax debts (limited) |
| Enforcement Cases |
Check for enforcement proceedings against individuals |
| Notary Registry |
Registered notaries and their activities |
50.2 Person Search & Identity OSINT
Phone Number & Identity Lookup
| Resource |
URL |
Description |
Free/Paid |
| GetContact |
https://getcontact.com |
Crowd-sourced caller ID -- see how a number is saved in others' phones |
Freemium |
| TrueCaller |
https://truecaller.com |
Caller ID and spam detection -- Georgian numbers work well |
Freemium |
| Sync.me |
https://sync.me |
Reverse phone lookup with social profile matching |
Free |
| NumBuster |
https://numbuster.com |
Phone number lookup popular in CIS countries |
Free |
| Pipl |
https://pipl.com |
Deep people search engine, works with Georgian data |
Paid |
| Nomrebi (Phone Book) |
https://phonebookoftheworld.com/tbilisi/ |
Tbilisi White Pages / Yellow Pages |
Free |
| 114 Directory |
Dial 114 from Georgian number |
Georgian telephone directory assistance |
Free |
| Eye of God (Глаз Бога) |
Telegram: @EyeOfGodBot |
CIS-focused person search by phone, name, car plate |
Paid |
| Quick OSINT |
Telegram: @QuickOSINT_bot |
Person search across CIS databases |
Paid |
| USSearcher |
Telegram: @USSearcher_bot |
Multi-database person lookup |
Paid |
Email & Username OSINT
Georgian-Specific Person Search
| Method |
Details |
| Facebook (Georgian users) |
~2.5M Georgian users. Search by name in Georgian script. Many profiles have phone numbers visible |
| VK.com |
Popular among Russian-speaking Georgians and occupied territories |
| OK.ru (Odnoklassniki) |
Popular among older Georgian demographic |
| Instagram |
Very popular in Georgia, especially ages 18-35 |
| LinkedIn |
Professional profiles, especially for business investigations |
| Google Search |
"name surname" site:facebook.com/ or "name" "+995" |
50.3 Company & Business Intelligence
Primary Business Registries
Financial & Investment Data
| Resource |
URL |
Description |
| National Bank of Georgia (NBG) |
https://nbg.gov.ge |
Banking supervision, exchange rates, financial statistics, AML sanctions |
| NBG AML/CFT Sanctions |
https://nbg.gov.ge/en/supervision/aml-cft |
Fines and sanctions on financial institutions for AML failures |
| Financial Monitoring Service (FMS) |
https://fms.gov.ge |
Georgia's financial intelligence unit -- suspicious transaction reports |
| Georgian Stock Exchange |
https://gse.ge |
Listed companies, stock data, financial disclosures |
| GITA (Innovation & Tech Agency) |
https://gita.gov.ge |
Tech company grants, startup ecosystem data |
Company Due Diligence
| Data Point |
How to Find |
| Company Name & ID |
enreg.reestri.gov.ge -- search by name or 9/11-digit ID |
| Directors & Founders |
NAPR extract -- shows current and historical directors |
| Tax Status |
rs.ge -- check if company is active taxpayer |
| Property Owned |
NAPR property registry -- search by company name |
| Procurement Contracts |
tenders.procurement.gov.ge -- search by supplier name |
| Court Cases |
ecd.court.ge -- search by company name or ID |
| Sanctions |
opensanctions.org -- cross-reference with international sanctions |
| International Connections |
OpenCorporates -- linked entities across jurisdictions |
50.4 Legal & Court Records
Court Databases
Key Legal Resources
Searching Court Records -- Tips
1. Go to ecd.court.ge/Decision
2. Select court instance (First Instance / Appeals / Cassation)
3. Select court name (e.g., Tbilisi City Court)
4. Select case category (Civil / Criminal / Administrative)
### 50.5 Enter case number or date range
### 50.6 Note: Personal data is anonymized in published decisions
### 50.7 For cases after April 2020 -- many are NOT published online
- Real Estate & Property OSINT
Property Registries
Real Estate Portals (OSINT Gold Mines)
| Portal |
URL |
Description |
| SS.GE (Home) |
https://home.ss.ge |
Georgia's largest classifieds -- apartments, houses, commercial (with photos, prices, owner contacts) |
| MyHome.ge |
https://myhome.ge |
Major real estate portal with detailed listings and agent contacts |
| Livo.ge |
https://livo.ge |
Real estate with 3D tours, auctions, property evaluation tools |
| Home.ge |
https://home.ge |
Real estate portal with buying/selling/renting listings |
| Korter.ge |
https://korter.ge |
New construction and apartment search platform |
| TbilisiHome.ge |
https://tbilisihome.ge |
Tbilisi-focused real estate listings |
| HomeSearch.ge |
https://homesearch.ge |
Multi-language property search platform |
| Gavel.ge |
https://gavel.ge |
Aggregates real estate auctions from Livo, eAuction.ge, Tbilisi Municipality |
Property OSINT Workflow
1. Get person's name or company ID
2. Search NAPR (napr.gov.ge) for registered properties
3. Cross-reference with ss.ge/myhome.ge for listings (may show photos, addresses)
4. Check nsdi.gov.ge for cadastral boundaries and neighbors
5. Search eauction.ge for any auctioned/seized properties
6. Check ecd.court.ge for property-related litigation
- Vehicle & Transport OSINT
Vehicle Databases
Transport Authority Data
| Resource |
URL |
Description |
| Service Development Agency (SDA) |
https://sda.gov.ge |
Vehicle registration, driving licenses, technical inspection data |
| Tbilisi City Hall Transport |
https://tbilisi.gov.ge |
City transport data, parking, traffic |
| Georgian Railway |
https://railway.ge |
Rail transport data, schedules |
Georgian License Plate Format
### Georgian plates follow these formats:
- Standard: AA-123-AA (two letters, three numbers, two letters)
- Government: GOV followed by numbers
- Diplomatic: D followed by numbers
- Military: GEO followed by numbers
- Regional codes vary by area
### Note: Georgian plates use Latin letters
- Financial Intelligence & Banking
National Bank & Financial Regulators
Banks & Financial Institutions
Financial OSINT Searches
| Query |
What You Find |
| Company name + rs.ge |
Tax status, registration, debts |
| Person name + nbg.gov.ge |
If they appear in AML sanctions |
| Company + opensanctions.org |
International sanctions cross-reference |
| Company + offshore leaks |
ICIJ Offshore Leaks Database -- Georgian entities |
| Company + tenders.procurement.gov.ge |
Government contracts won |
50.8 Election & Political Data
Central Election Commission (CEC)
| Resource |
URL |
Description |
| CEC of Georgia (CESKO) |
https://cesko.ge |
Official election authority -- voter data, results, regulations |
| CEC Election Results |
https://cesko.ge (results section) |
Detailed results by precinct, district, party -- all elections since 2008 |
| CEC Voter Information |
https://cesko.ge/en/amomrchevlebi |
Voter registration verification portal |
| CEC Annual Reports |
https://cesko.ge (publications) |
Annual reports with detailed election statistics |
Political Data Sources
| Resource |
URL |
Description |
| Parliament of Georgia |
https://parliament.ge |
MP profiles, voting records, committee membership, bill tracking |
| Political Party Registry |
https://cesko.ge (parties section) |
Registered political parties, financial disclosures, leadership |
| ISFED (Election Monitoring) |
https://isfed.ge |
Independent election observation reports, violations database |
| Transparency International Georgia |
https://transparency.ge |
Political finance monitoring, corruption investigations |
| Civil Georgia |
https://civil.ge |
Independent news with detailed political analysis |
| CRRC Georgia |
https://crrc.ge |
Caucasus Research Resource Center -- public opinion surveys, political polling |
| IPU Georgia |
https://data.ipu.org/parliament/GE |
Inter-Parliamentary Union -- Georgian parliament data |
| NDI Georgia |
https://ndi.org/georgia |
National Democratic Institute -- political program data |
2024 Georgian Parliamentary Election Data
| Data Point |
Source |
| Official Results |
cesko.ge -- full precinct-level data |
| Analysis & Claims |
civil.ge/archives/631386 |
| ISFED Reports |
isfed.ge -- real-time parallel vote tabulation |
| International Observers |
OSCE/ODIHR reports |
| Wikipedia Overview |
en.wikipedia.org/wiki/2024_Georgian_parliamentary_election |
50.9 Maps & Geospatial Intelligence
Georgian Mapping Services
GIS Data Sources
| Resource |
URL |
Description |
| NAPR GIS |
https://nsdi.gov.ge |
Cadastral data, administrative boundaries, address registry |
| NEA (Environmental Agency) |
https://nea.gov.ge |
Environmental monitoring stations, seismic data, weather stations |
| Geostat GIS Data |
https://geostat.ge |
Census maps, demographic distribution by region |
| Tbilisi Municipality GIS |
https://tbilisi.gov.ge |
City planning, zoning, infrastructure maps |
Geolocation Tips for Georgia
### Key visual identifiers for geolocating imagery in Georgia:
- Georgian script (mkhedruli) on signs -- unique alphabet
- Mountain terrain (Caucasus) with distinctive tower-houses in Svaneti/Tusheti
- Soviet-era apartment blocks (khrushchyovka) in cities
- Distinctive church architecture (Georgian Orthodox cross-dome style)
- License plates: AA-123-AA format
- Phone prefix: +995
- Currency: GEL (Georgian Lari) -- prices on signs
- Bilingual signs (Georgian + English) in Tbilisi
- Unique tower-houses in mountainous regions (Svaneti, Tusheti, Khevsureti)
50.10 Media Landscape & News OSINT
Major Georgian News Sources
Television & Radio
Investigative Journalism
50.11 Data Leaks & Breaches
Major Georgian Data Breaches
| Incident |
Year |
Records |
Details |
Sources |
| 4.9 Million Citizens Leak |
2020 |
4,934,863 |
Full names, DOB, gender, ID numbers, phone numbers -- posted on a hacking forum in a 1.04GB Microsoft Access file |
ZDNet |
| Ghost Database (Cybernews) |
2025 |
~7 million |
Personal records appeared on German cloud provider -- unsecured, then vanished. Full names, DOB, gender, ID numbers, phone numbers |
Cybernews |
| CEC Voter Database |
2020 |
~3.5 million |
Voter registration data linked to the 2020 leak |
OC Media |
Breach Search Tools (Check Georgian Data)
Important Context
The 2020 Georgian data leak is one of the largest per-capita data breaches ever:
- 4.9 million records from a country of ~3.7 million living citizens
- Includes deceased citizens' records
- Originally suspected to be a CEC voter database leak
- Data was published on a hacking forum over a weekend
- Georgian authorities investigated but never publicly identified the source
- The 2025 "ghost database" on a German cloud provider may be related
### Impact: Georgian personal data (name, DOB, ID number, phone)
circulates on multiple forums and breach databases.
50.12 Phone & Telecom OSINT
Georgian Mobile Operators
Georgian Phone Number Format
### Country code: +995
### Format: +995 XXX XXX XXX (9 digits after country code)
### Mobile prefixes:
- 5XX: Mobile numbers (all operators)
- 555, 557, 558: MagtiCom
- 551, 571, 574, 577, 578: Silknet
- 568, 591, 592, 593, 595, 596, 597, 598, 599: Various
### Landline prefixes:
- 32: Tbilisi
- 422: Batumi (Ajara)
- 431: Kutaisi (Imereti)
- 352: Rustavi
- 370: Gori
- 495: Zugdidi (Samegrelo)
### Emergency: 112 (universal)
### Directory: 114
Phone OSINT Techniques for Georgian Numbers
| Technique |
Tool/Method |
Description |
| Caller ID Lookup |
GetContact / TrueCaller |
See how the number is saved in other people's phones |
| WhatsApp Check |
WhatsApp app |
Check if number has WhatsApp -- profile photo, status, last seen |
| Telegram Check |
Telegram app |
Search by phone number -- username, profile photo, bio |
| Viber Check |
Viber app |
Very popular in Georgia -- check profile info |
| Google Search |
"+995XXXXXXXXX" |
Find where the number appears online (ads, forums, social media) |
| Facebook Reverse |
FB search by phone |
Find Facebook account linked to phone number |
| HIBP / LeakCheck |
haveibeenpwned.com / leakcheck.io |
Check if phone number appears in breach databases |
50.13 Social Media & Platform OSINT
Georgian Social Media Landscape
| Platform |
Georgian Users (est.) |
OSINT Value |
Notes |
| Facebook |
~2.5 million |
Very High |
THE dominant social platform in Georgia. Many profiles are public with phone numbers visible |
| Instagram |
~1.5 million |
High |
Popular for ages 18-35, especially in Tbilisi |
| TikTok |
~1 million |
Medium |
Growing rapidly, especially youth |
| YouTube |
~2 million |
High |
Georgian content creators, news channels, investigations |
| Telegram |
~1.5 million |
Very High |
News channels, political groups, leak channels, bots |
| Twitter/X |
~200K |
Medium |
Used by journalists, politicians, NGOs |
| LinkedIn |
~300K |
Medium |
Professional profiles, business intelligence |
| VK.com |
~150K |
Medium |
Russian-speaking Georgians, Abkhazia/South Ossetia |
| OK.ru |
~100K |
Low |
Older demographic |
| Reddit r/Sakartvelo |
~100K |
Low |
English-speaking Georgian community |
Georgian Facebook OSINT
Facebook is the #1 OSINT source for Georgian individuals:
### Search techniques:
1. Search by name in Georgian script: "გიორგი" "ბერიძე"
2. Search by phone: Enter +995XXXXXXXXX in Facebook search
3. Search by workplace: "Bank of Georgia" employees
4. Search by school: "Tbilisi State University" graduates
5. Search by location: People in "Tbilisi"
6. Use Facebook Graph Search remnants via Google:
site:facebook.com "name" "lives in Tbilisi"
7. Check "People You May Know" from a Georgian account
8. Many Georgian users have public profiles with:
- Phone numbers in About section
- Workplace history
- Education history
- Family relationships
- Check-in locations
Platform-Specific Tools
50.14 Open Data & Statistics Portals
National Statistics
Open Data Portals
Key Statistical Datasets
| Dataset |
URL/Source |
Contents |
| Population by Region |
geostat.ge |
Population counts by municipality, age, gender |
| Crime Statistics |
geostat.ge |
Crimes by type, region, year |
| Economic Data |
geostat.ge |
GDP, inflation, trade, employment |
| Education Statistics |
geostat.ge |
Schools, students, universities by region |
| Health Statistics |
geostat.ge + ncdc.ge |
Disease incidence, mortality, healthcare facilities |
| Tourism Statistics |
gnta.ge |
Visitor counts by country, spending data |
50.15 Procurement & Government Spending
Procurement Platforms
What You Can Find
Georgia's procurement system is considered one of the most transparent in Europe/Central Asia:
### Searchable by:
- Contracting organization name
- Supplier/vendor name
- Tender number
- Contract value range
- Procurement type (electronic tender, simplified, consolidated)
- Date range
- CPV code (product/service category)
### Available data:
- Full tender documents
- Bid submissions and bidder names
- Contract awards with prices
- Subcontractor information
- Procurement plans
- Complaint/dispute records
Budget Transparency
50.16 Domain & IP & Network Intelligence
.GE Domain Intelligence
Georgian ASN & Network Data
Major Georgian ISP ASNs
| ISP |
ASN |
Description |
| MagtiCom |
AS16010, AS28751 |
Largest mobile/ISP |
| Silknet |
AS35805 |
Second largest, DSL/fiber/mobile |
| Caucasus Online |
AS20771 |
Major fiber backbone |
| GRENA |
AS20545 |
Georgian Research and Education Network |
| SIACOM |
AS198150 |
Business ISP |
| Delta Net |
AS56844 |
Regional ISP |
| Akhali Kselebi |
AS44569 |
Regional ISP |
| Caucasus Digital Network |
AS57516 |
CDN/hosting provider |
Useful Shodan/Censys Queries for Georgia
### Shodan:
- country:GE (all devices in Georgia)
- country:GE port:80 (web servers)
- country:GE port:22 (SSH servers)
- country:GE port:3389 (RDP servers)
- country:GE port:21 (FTP servers)
- country:GE screenshot.label:webcam (webcams)
- country:GE org:"Magticom" (MagtiCom devices)
- country:GE org:"Silknet" (Silknet devices)
- country:GE has_screenshot:true (devices with screenshots)
### Censys:
- location.country_code:GE
- location.city:Tbilisi
50.17 Education & Academic Databases
Education Portals
| Resource |
URL |
Description |
| Ministry of Education |
https://mes.gov.ge |
Education policy, school data, exam information |
| EMIS (Education Management) |
https://emis.ge |
Education Management Information System -- school data, teacher registry |
| Schools Portal |
https://skolebi.emis.ge |
Search Georgian schools by name, region, type -- interactive map |
| Student Portal |
https://students.emis.ge |
University student registration portal |
| E-Library (MES) |
https://elibrary.emis.ge |
Textbooks and educational materials |
| EQE (Quality Enhancement) |
https://eqe.ge |
Accredited programs, institutional evaluations, quality standards |
| National Exam Center |
https://naec.ge |
Unified National Exams data, university admission statistics |
Universities (Major)
Academic Search
50.18 Health & Medical Databases
Health Authorities
| Resource |
URL |
Description |
| NCDC (Disease Control) |
https://ncdc.ge |
National Center for Disease Control -- epidemiological data, disease surveillance, statistics |
| Ministry of Health |
https://moh.gov.ge |
Health policy, hospital data, healthcare workforce |
| Health Regulation Agency |
https://hra.gov.ge |
Licensed medical facilities, pharmaceutical registry |
| Social Service Agency |
https://ssa.gov.ge |
Social assistance data, disability statistics, healthcare coverage |
Medical OSINT
| Resource |
What You Can Find |
| ncdc.ge/statistics |
Disease incidence by region, mortality data, vaccination rates |
| Hospital Registry |
Licensed hospitals and clinics with addresses and specializations |
| Pharmacy Registry |
Licensed pharmacies across Georgia |
| Doctor Licensing |
Medical professional licensing (through Ministry of Health) |
| GeoStat Health Data |
https://geostat.ge -- health statistics section |
50.19 NGO & Civil Society & Watchdogs
Key Georgian NGOs (OSINT Resources)
| Organization |
URL |
Focus Area |
OSINT Value |
| Transparency International Georgia |
https://transparency.ge |
Anti-corruption, asset monitoring |
Asset declarations, political finance, ownership investigations |
| IDFI |
https://idfi.ge |
Information freedom, open data |
Public information requests, government transparency monitoring |
| GYLA |
https://gyla.ge |
Legal reform, human rights |
Court monitoring, legal analysis, election observation |
| ISFED |
https://isfed.ge |
Election monitoring |
Real-time election monitoring, violations database |
| TI Georgia - Who Owns Georgia |
https://transparency.ge |
Media ownership |
Detailed investigations into who controls Georgian media |
| Social Justice Center |
https://socialjustice.org.ge |
Social rights, economic justice |
Labor, housing, economic data |
| Media Development Foundation |
https://mdfgeorgia.ge |
Media freedom |
Media monitoring, financial transparency of media |
| CRRC Georgia |
https://crrc.ge |
Research, polling |
Public opinion surveys, research datasets |
| Partnership for Human Rights |
https://phr.ge |
Human rights monitoring |
Human rights reports |
| Democracy Research Institute |
https://democracyresearch.ge |
Democracy monitoring |
Democratic indicators, political analysis |
| CATAGI |
https://catagi.ge |
Power structure analysis |
Investigations into informal power networks |
50.20 Fact-Checking & Disinformation Tracking
Fact-Checking Organizations
Disinformation Monitoring
50.21 Archives & Historical Databases
National Archives & Libraries
Historical & Cultural Databases
Archival OSINT Tips
### Wayback Machine queries for Georgian sites:
- https://web.archive.org/web/*/napr.gov.ge (old property data)
- https://web.archive.org/web/*/rs.ge (old tax data)
- https://web.archive.org/web/*/cesko.ge (old election data)
- https://web.archive.org/web/*/parliament.ge (old MP profiles)
Use these to find information that may have been removed from current sites.
50.22 Auctions & Seized Property
Government Auction Platforms
| Resource |
URL |
Description |
| eAuction.ge |
https://eauction.ge |
Official state property auction platform -- seized assets, government surplus, real estate, vehicles |
| Gavel.ge |
https://gavel.ge |
Aggregates auctions from Livo, eAuction.ge, and Tbilisi Municipality (11,000+ lots) |
| Livo Auctions |
https://livo.ge (auction section) |
Real estate auctions with 3D tours |
| Tbilisi Municipality Auctions |
https://tbilisi.gov.ge |
Municipal property sales |
| LEPL National Bureau of Enforcement |
https://nbe.gov.ge |
Enforcement/seized property auctions |
What You Can Find in Auction Data
eAuction.ge reveals:
- Seized properties of individuals/companies (with owner names)
- Government surplus equipment
- Bank foreclosure properties
- Court-ordered asset sales
- Detailed property descriptions with photos
- Starting prices and bid history
- Buyer information (in completed auctions)
### OSINT value: Shows who lost property and why (debt, crime, tax evasion)
50.23 Job Markets & Classifieds
Job Portals
Classifieds (Multi-Category)
OSINT Value of Classifieds
### Georgian classifieds often reveal:
- Real phone numbers of sellers
- Physical addresses
- Photos of properties/vehicles (with metadata)
- Business names and registration details
- Price history (for repeated listings)
- Location data from listings
SS.GE in particular is a treasure trove:
- Most Georgians have used SS.GE at some point
- Old listings are often still accessible
- Google cache: site:ss.ge "phone number" "name"
50.24 Asset Declarations & Anti-Corruption
Public Official Asset Declarations
What's in Asset Declarations
### Georgian public officials must declare annually:
- Real estate (addresses, values)
- Vehicles (make, model, year)
- Securities (company shares, stock holdings)
- Bank deposits and cash
- Income sources (salary, business income, gifts)
- Debts and liabilities
- Family members' assets
- Gifts over 1,000 GEL
### Available for: MPs, ministers, judges, prosecutors, mayors, high-ranking
civil servants, and their family members.
OpenSanctions.org provides this data in machine-readable format.
50.25 Georgian Wordlists & Password Tools
Georgian Language Wordlists
| Resource |
Description |
Use Case |
| Georgian Wordlist (geowordlist.txt) |
11.9 MB dictionary of Georgian words and common passwords |
Password cracking, security auditing |
| make_wordlist.py |
Python script for generating custom Georgian wordlists from rules |
Custom wordlist generation for Georgian targets |
| Georgian Keyboard Layout Patterns |
Common keyboard patterns in Georgian layout |
Password generation |
| Georgian Name Combinations |
First name + last name + year patterns common in Georgia |
Targeted password lists |
Common Georgian Password Patterns
### Most common Georgian password structures:
- Name + birth year: giorgi1990, nino1985
- Georgian words in Latin: tbilisi, sakartvelo, gamarjoba
- Phone number as password: 555123456, 577987654
- ID number as password: 01001012345
- Georgian words in Georgian script: პაროლი, თბილისი
- Common substitutions: @ for a, 3 for e, 0 for o
- Name + 123: giorgi123, nino123
- Football teams: dinamo, torpedo
- Georgian places: batumi, kutaisi, borjomi
### Password cracking tools:
- Hashcat: hashcat -m 0 hash.txt geowordlist.txt
- John the Ripper: john --wordlist=geowordlist.txt hash.txt
Generating Georgian Wordlists
# Using make_wordlist.py (from uploaded tools)
python3 make_wordlist.py --language georgian --output geo_custom.txt
# Using crunch for Georgian patterns
crunch 8 12 abcdefghijklmnopqrstuvwxyz0123456789 -t @@@@%%%% -o patterns.txt
# Combining Georgian names with years
for name in giorgi nino dato mari luka ana; do
for year in $(seq 1980 2005); do
echo "${name}${year}"
done
done > georgian_names_years.txt
50.26 Telegram OSINT for Georgia
Georgian News & Political Channels
| Channel |
Handle |
Description |
| Formula News |
@formulanewstv |
Independent TV news channel |
| Mtavari Arkhi |
@mtavariarkhi |
Opposition-leaning TV channel |
| Netgazeti |
@netgazeti |
Independent online news |
| Tabula |
@tabormagazine |
Liberal news/analysis |
| Civil Georgia |
@CivilGe |
Independent English-language news |
| Radio Tavisupleba |
@radiotavisupleba |
RFE/RL Georgian service |
| Various Political Groups |
Search "Georgia politics" |
Political discussion groups |
OSINT Telegram Bots (Work with Georgian Data)
| Bot |
Handle |
Description |
Free/Paid |
| Eye of God |
@EyeOfGodBot |
Person search by phone, name, car -- CIS + Georgia data |
Paid |
| Quick OSINT |
@QuickOSINT_bot |
Multi-database person lookup |
Paid |
| GetContact Bot |
@getcontact_bot |
Caller ID lookup |
Freemium |
| Phone Number Search |
@PhoneNumber_SearchBot |
Phone number OSINT |
Freemium |
| Email Search |
@mailsearchbot |
Email breach lookup |
Freemium |
| Leak OSINT |
@leak_osint_bot |
Breach data search |
Paid |
| Search4Faces |
@search4aboringface_bot |
Facial recognition search |
Freemium |
Russian-Language OSINT Channels (Relevant to Georgia)
| Channel |
Handle |
Description |
| overbafer1 |
@overbafer1 |
OSINT tools and techniques |
| overlamer1 |
@overlamer1 |
Hacking and security |
| Social Engineering |
@Social_engineering |
Social engineering techniques |
| Cyberbezopasno |
@cyberbezopasno |
Cybersecurity news |
Telegram OSINT Techniques for Georgia
1. Search by phone number: Enter +995XXXXXXXXX in Telegram search
- Find if the person has Telegram
- See their username, profile photo, bio
2. Search Georgian groups/channels:
- Use tgstat.com to search for Georgian channels
- Search for Georgian keywords in channel search
3. Forward message analysis:
- Check "forwarded from" headers to trace information flow
4. Telegram Scraping Tools:
- telegram-scraper (GitHub)
- Telethon (Python library)
- tg-archive for archiving channels
50.27 Investigation Frameworks & Communities
OSINT Frameworks with Georgian Coverage
Investigative Communities
| Community |
Platform |
Description |
| Bellingcat |
https://bellingcat.com |
Open source investigations -- has covered Georgia-related stories |
| OCCRP |
https://occrp.org |
Organized Crime and Corruption Reporting Project -- Georgia investigations |
| ICIJ |
https://icij.org |
International investigative journalism -- Pandora Papers, Panama Papers (Georgian entries) |
| GIJN |
https://gijn.org |
Global Investigative Journalism Network |
ICIJ Databases (Georgian Entries)
50.28 Google Dorking for Georgia
Government & Official Sites
site:gov.ge filetype:pdf
site:gov.ge filetype:xlsx
site:gov.ge filetype:docx
site:gov.ge filetype:csv
site:napr.gov.ge
site:rs.ge
site:parliament.ge
site:cesko.ge
site:geostat.ge filetype:xlsx
site:matsne.gov.ge
Personal Information Discovery
"+995" site:facebook.com
"+995" site:linkedin.com
"@gmail.com" site:gov.ge
"@yahoo.com" site:.ge
intext:"+995" filetype:xlsx
intext:"+995" filetype:csv
allintext:"tbilisi" "phone" "email" filetype:xlsx
"პირადი ნომერი" filetype:pdf site:gov.ge
"საიდენტიფიკაციო" filetype:xlsx
Business & Corporate Intelligence
site:enreg.reestri.gov.ge
site:rs.ge "taxpayer"
"შპს" filetype:pdf site:gov.ge
"სს" OR "შპს" "+995" filetype:xlsx
site:tenders.procurement.gov.ge
"ხელშეკრულება" filetype:pdf site:gov.ge
Credential & Sensitive Data Discovery
allintext:"@gmail.com" "password" filetype:xlsx site:.ge
allintext:"username" "password" filetype:csv site:.ge
inurl:admin site:.ge
inurl:login site:.ge
inurl:wp-admin site:.ge
inurl:cpanel site:.ge
intitle:"index of" site:.ge
intitle:"index of" "parent directory" site:.ge
inurl:".env" site:.ge
inurl:"wp-config.php" site:.ge
site:.ge filetype:sql
site:.ge filetype:log
site:.ge filetype:bak
Educational & Academic
site:tsu.ge filetype:pdf
site:gtu.ge filetype:pdf
site:iliauni.edu.ge filetype:pdf
site:emis.ge
"student" OR "სტუდენტი" filetype:xlsx site:.ge
"dissertation" OR "სადისერტაციო" site:.ge filetype:pdf
Media & Social
site:civil.ge "investigation"
site:transparency.ge "report"
site:idfi.ge "public information"
site:interpressnews.ge
"tbilisi" OR "თბილისი" site:instagram.com
"sakartvelo" site:youtube.com
Camera & IoT Discovery
inurl:/view/index.shtml site:.ge
inurl:/live/cam.html site:.ge
intitle:"webcam" site:.ge
inurl:"view/viewer_index.shtml" country:ge
inurl:/mjpg/video.mjpg site:.ge
"Server: yawcam" site:.ge
Infrastructure & Network
site:.ge inurl:phpMyAdmin
site:.ge intitle:"Apache2 Ubuntu Default Page"
site:.ge intitle:"Welcome to nginx"
site:.ge "powered by WordPress"
site:.ge "Joomla"
"*.ge" site:crt.sh
"*.gov.ge" site:shodan.io
Advanced Combinations
# Find exposed databases
site:.ge filetype:sql "INSERT INTO" "VALUES"
# Find configuration files
site:.ge filetype:xml "password"
site:.ge filetype:ini "password"
site:.ge filetype:conf "server"
# Find exposed directories
intitle:"index of" "parent directory" site:.ge filetype:pdf
# Find email lists
"@" filetype:csv site:.ge
"email" "phone" filetype:xlsx site:.ge
# Find Georgian government reports with data
site:gov.ge "report" "2024" filetype:pdf
site:gov.ge "statistics" filetype:xlsx
Appendix A: Georgian Alphabet Quick Reference
### Georgian script (Mkhedruli) -- 33 letters:
ა ბ გ დ ე ვ ზ თ ი კ ლ მ ნ ო პ ჟ რ ს ტ უ ფ ქ ღ ყ შ ჩ ც ძ წ ჭ ხ ჯ ჰ
### Transliteration:
a b g d e v z t' i k l m n o p zh r s t u p' k' gh q' sh ch ts dz ts' ch' kh j h
### Useful for searching Georgian names in Latin script when researching
Georgian individuals in international databases.
Appendix B: OSINT Investigation Workflow for Georgia
STEP 1: IDENTIFY THE TARGET
- Name (Georgian + Latin spelling)
- Personal ID number (11 digits)
- Phone number (+995 XXX XXX XXX)
- Email address
- Date of birth
- Company name/ID
### STEP 2: GOVERNMENT DATABASES
[ ] NAPR (napr.gov.ge) -- property, business, civil registry
[ ] RS (rs.ge) -- tax status, business activity
[ ] Entrepreneur Registry -- company details, directors
[ ] ecd.court.ge -- court cases
[ ] cesko.ge -- voter registration
[ ] csb.gov.ge -- if public official, check asset declarations
### STEP 3: SOCIAL MEDIA & ONLINE PRESENCE
[ ] Facebook (Georgian name + Latin name)
[ ] Instagram
[ ] LinkedIn
[ ] Telegram (search by phone number)
[ ] Google search: "name" "+995" / "name" "tbilisi"
[ ] SS.GE (classifieds -- may have phone number, property listings)
### STEP 4: FINANCIAL & BUSINESS
[ ] enreg.reestri.gov.ge -- company ownership/directorship
[ ] tenders.procurement.gov.ge -- government contracts
[ ] nbg.gov.ge -- banking/AML sanctions
[ ] offshoreleaks.icij.org -- offshore connections
[ ] opensanctions.org -- sanctions cross-reference
### STEP 5: BREACH & LEAK DATA
[ ] haveibeenpwned.com -- email breaches
[ ] leakcheck.io -- email/phone breach search
[ ] dehashed.com -- comprehensive breach search
[ ] Known Georgian data leaks (4.9M citizen leak)
### STEP 6: PHONE OSINT
[ ] GetContact -- caller ID lookup
[ ] TrueCaller -- caller ID
[ ] WhatsApp profile check
[ ] Viber profile check
[ ] Telegram profile check
[ ] Google: "+995XXXXXXXXX"
### STEP 7: PROPERTY & VEHICLES
[ ] NAPR property registry
[ ] nsdi.gov.ge -- cadastral map lookup
[ ] SS.GE / MyHome.ge -- property listings
[ ] MyAuto.ge -- vehicle listings
[ ] eauction.ge -- seized property
### STEP 8: ADVANCED
[ ] Google dorking: site:.ge "target name"
[ ] Wayback Machine: web.archive.org/web/*/.ge
[ ] Shodan: country:GE
[ ] Certificate Transparency: crt.sh
[ ] OSINT Telegram bots (Eye of God, Quick OSINT)
Appendix C: Key URLs Quick Reference
🔍 AWESOME OSINT ARSENAL
The Ultimate Open-Source Intelligence Toolkit
🤝 Contributing & Issues
Found a dead link? Tool that should be here? Just open an issue or PR.
- Found something broken → open an issue
- Want to add a tool → fork, add it to the right section in alphabetical order, PR
- No time to PR? → leave the tool name + URL in an issue, I'll add it
Verify install commands on a fresh Kali VM before submitting.
⚖️ Legal Disclaimer
This repository is provided for educational and authorized security research purposes only.
✅ Legal uses:
- Security research on systems you own
- Penetration testing with written authorization
- OSINT for journalism or missing persons investigations
- Bug bounty programs with defined scope
- Security awareness training
❌ Illegal uses (never do these):
- Unauthorized access to systems or accounts
- Stalking or harassment
- Credential theft
- DDoS or attacks on systems you don't own
- Privacy violations
Laws that apply: GDPR (EU), CCPA (California), CFAA (US), Computer Misuse Act (UK), and your local equivalents. Know your laws before you act.
The maintainers of this repository are not responsible for any misuse of information or tools listed here.
Built for the OSINT and security research community.
Knowledge is power — use it responsibly.

⭐ Star this repo if you found it useful!
