{% embed url="https://osintframework.com/" %}
{% embed url="https://i-intelligence.eu/uploads/public-documents/OSINT\_Handbook\_2020.pdf" %}
{% embed url="https://rapiddns.io" %}
{% embed url="https://dnsdumpster.com" %}
{% embed url="https://hunter.io" %}
{% embed url="https://pentest-tools.com" %}
{% embed url="https://viewdns.info" %}
{% embed url="https://immuniweb.com/radar/" %}
{% embed url="https://crunchbase.com" %}
{% embed url="https://shodan.io" %}
{% embed url="https://shhgit.darkport.co.uk/" %}
{% embed url="http://multirbl.valli.org/" %}
{% embed url="https://tinfoleak.com/" %}
{% embed url="https://dorks.faisalahmed.me/" %}
{% embed url="https://leakix.net/" %}
{% embed url="http://xjypo5vzgmo7jca6b322dnqbsdnp3amd24ybx26x5nxbusccjkm4pwid.onion" %}
"example.com" pass=
"example.com" password=
"example.com" pwd=
"index of /private" -site:net -site:com -site:org
"microsoft internet information services" ext:log
"phpMyAdmin MySQL-Dump" "INSERT INTO" -"the"
filetype:"bak"
filetype:"inc"
filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
intext:"index of" "var/log/"
intext:”enable secret 5 $”
intitle:"Dashboard [Jenkins]"
intitle:"index of" "shell.php"
intitle:"Index of" intext:"sql"
intitle:Index.of etc shadow
intitle:”index of” mysql.conf OR mysql_config
inurl:admin intitle:index of ext:sql | xls | xml | json | csv
site: http://target.com ext:action | ext:struts | ext:do
site:example.com "Directory listing for" bak
site:example.com "Index of" bak
site:subdomain.target.com
site:target.com -www
site:target.com ext:php | ext:html
site:target.com intitle:"test" -support
site:target.com inurl:auth
site:target.com inurl:dev
#Open Redirect
inurl:url=https
inurl:url=http
inurl:u=https
inurl:u=http
inurl:redirect?https
inurl:redirect?http
inurl:redirect=https
inurl:redirect=http
inurl:link=http
inurl:link=https
inurl:redirectUrl=http site:paypal.com
#Gitlab - Source Code
inurl:gitlab "Tesla"
#Find S3 Buckets
site:.s3.amazonaws.com "Tesla"
site:http://storage.googleapis.com "target"
site:http://amazonaws.com "target"
intitle:traefik inurl:8080/dashboard
"TARGET.okta" password
"TARGET.onelogin" password
"corp.TARGET" password
"jira.TARGET" password
org:TARGET "*.TARGET.TLD" password
org:TARGET"*.github.com" password".mlab.com password"
"access_key"
"access_token"
"amazonaws"
"api.googlemaps AIza"
"api_key"
"api_secret"
"apidocs"
"apikey"
"apiSecret"
"app_key"
"app_secret"
"appkey"
"appkeysecret"
"application_key"
"appsecret"
"appspot"
"auth"
"auth_token"
"authorizationToken"
"aws_access"
"aws_access_key_id"
"aws_key"
"aws_secret"
"aws_token"
"AWSSecretKey"
"bashrc password"
"bucket_password"
"client_secret"
"cloudfront"
"codecov_token"
"config"
"conn.login"
"connectionstring"
"consumer_key"
"credentials"
"database_password"
"db_password"
"db_username"
"dbpasswd"
"dbpassword"
"dbuser"
"dot-files"
"dotfiles"
"encryption_key"
"fabricApiSecret"
"fb_secret"
"firebase"
"ftp"
"gh_token"
"github_key"
"github_token"
"gitlab"
"gmail_password"
"gmail_username"
"herokuapp"
"internal"
"irc_pass"
"JEKYLL_GITHUB_TOKEN"
"key"
"keyPassword"
"ldap_password"
"ldap_username"
"login"
"mailchimp"
"mailgun"
"master_key"
"mydotfiles"
"mysql"
"node_env"
"npmrc _auth"
"oauth_token"
"pass"
"passwd"
"password"
"passwords"
"pem private"
"preprod"
"private_key"
"prod"
"pwd"
"pwds"
"rds.amazonaws.com password"
"redis_password"
"root_password"
"secret"
"secret.password"
"secret_access_key"
"secret_key"
"secret_token"
"secrets"
"secure"
"security_credentials"
"send.keys"
"send_keys"
"sendkeys"
"SF_USERNAME salesforce"
"sf_username"
"site.com" FIREBASE_API_JSON=
"site.com" vim_settings.xml
"slack_api"
"slack_token"
"sql_password"
"ssh"
"ssh2_auth_password"
"sshpass"
"staging"
"stg"
"storePassword"
"stripe"
"swagger"
"testuser"
"token"
"x-api-key"
"xoxb "
"xoxp"
[WFClient] Password= extension:ica
access_key
bucket_password
dbpassword
dbuser
extension:avastlic "support.avast.com"
extension:bat
extension:cfg
extension:env
extension:exs
extension:ini
extension:json api.forecast.io
extension:json googleusercontent client_secret
extension:json mongolab.com
extension:pem
extension:pem private
extension:ppk
extension:ppk private
extension:properties
extension:sh
extension:sls
extension:sql
extension:sql mysql dump
extension:sql mysql dump password
extension:yaml mongolab.com
extension:zsh
filename:.bash_history
filename:.bash_history DOMAIN-NAME
filename:.bash_profile aws
filename:.bashrc mailchimp
filename:.bashrc password
filename:.cshrc
filename:.dockercfg auth
filename:.env DB_USERNAME NOT homestead
filename:.env MAIL_HOST=smtp.gmail.com
filename:.esmtprc password
filename:.ftpconfig
filename:.git-credentials
filename:.history
filename:.htpasswd
filename:.netrc password
filename:.npmrc _auth
filename:.pgpass
filename:.remote-sync.json
filename:.s3cfg
filename:.sh_history
filename:.tugboat NOT _tugboat
filename:_netrc password
filename:apikey
filename:bash
filename:bash_history
filename:bash_profile
filename:bashrc
filename:beanstalkd.yml
filename:CCCam.cfg
filename:composer.json
filename:config
filename:config irc_pass
filename:config.json auths
filename:config.php dbpasswd
filename:configuration.php JConfig password
filename:connections
filename:connections.xml
filename:constants
filename:credentials
filename:credentials aws_access_key_id
filename:cshrc
filename:database
filename:dbeaver-data-sources.xml
filename:deploy.rake
filename:deployment-config.json
filename:dhcpd.conf
filename:dockercfg
filename:environment
filename:express.conf
filename:express.conf path:.openshift
filename:filezilla.xml
filename:filezilla.xml Pass
filename:git-credentials
filename:gitconfig
filename:global
filename:history
filename:htpasswd
filename:hub oauth_token
filename:id_dsa
filename:id_rsa
filename:id_rsa or filename:id_dsa
filename:idea14.key
filename:known_hosts
filename:logins.json
filename:makefile
filename:master.key path:config
filename:netrc
filename:npmrc
filename:pass
filename:passwd path:etc
filename:pgpass
filename:prod.exs
filename:prod.exs NOT prod.secret.exs
filename:prod.secret.exs
filename:proftpdpasswd
filename:recentservers.xml
filename:recentservers.xml Pass
filename:robomongo.json
filename:s3cfg
filename:secrets.yml password
filename:server.cfg
filename:server.cfg rcon password
filename:settings
filename:settings.py SECRET_KEY
filename:sftp-config.json
filename:sftp-config.json password
filename:sftp.json path:.vscode
filename:shadow
filename:shadow path:etc
filename:spec
filename:sshd_config
filename:token
filename:tugboat
filename:ventrilo_srv.ini
filename:WebServers.xml
filename:wp-config
filename:wp-config.php
filename:zhrc
HEROKU_API_KEY language:json
HEROKU_API_KEY language:shell
HOMEBREW_GITHUB_API_TOKEN language:shell
jsforce extension:js conn.login
language:yaml -filename:travis
msg nickserv identify filename:config
org:Target "AWS_ACCESS_KEY_ID"
org:Target "list_aws_accounts"
org:Target "aws_access_key"
org:Target "aws_secret_key"
org:Target "bucket_name"
org:Target "S3_ACCESS_KEY_ID"
org:Target "S3_BUCKET"
org:Target "S3_ENDPOINT"
org:Target "S3_SECRET_ACCESS_KEY"
password
path:sites databases password
private -language:java
PT_TOKEN language:bash
redis_password
root_password
secret_access_key
SECRET_KEY_BASE=
shodan_api_key language:python
WORDPRESS_DB_PASSWORD=port:"9200" elastic
product:"docker"
product:"kubernetes"
# Spring boot servers, look for /env or /heapdump
org:YOUR_TAGET http.favicon.hash:116323821 # Get ASN and do amass intel
# Get ASN
amass intel -org "whatever"
# Reverse whois
amass intel -active -asn NUMBER -whois -d domain.com
# SSL Cert Grabbing
amass enum -active -d example.com -cidr IF.YOU.GOT.THIS/24 -asn NUMBERspiderfoot -s domain.com# theHarvester
theHarvester -d domain.com -b allrecon-ng# Check Wayback machine
# https://github.com/tomnomnom/waybackurls
go get github.com/tomnomnom/waybackurls
# Wayback machine dorks
https://web.archive.org/web/*/website.com/*
# https://github.com/lc/gau
gau example.com
https://gist.githubusercontent.com/mhmdiaa/adf6bff70142e5091792841d4b372050/raw/56366e6f58f98a1788dfec31c68f77b04513519d/waybackurls.py
https://gist.githubusercontent.com/mhmdiaa/2742c5e147d49a804b408bfed3d32d07/raw/5dd007667a5b5400521761df931098220c387551/waybackrobots.py# https://github.com/devanshbatham/FavFreak
cat urls.txt | python3 favfreak.py
# https://github.com/pielco11/fav-up
favUp.py -k SHODANKEY -w website.com# https://opendata.rapid7.com/sonar.fdns_v2/
# https://github.com/cgboal/sonarsearch
go get -u github.com/cgboal/sonarsearch/crobat
crobat -s site.com# https://github.com/m8r0wn/pymeta
pymeta -d example.com# https://github.com/davidtavarez/pwndb
python3 pwndb.py --target [email protected]# https://github.com/notdodo/pastego
pastego -s "word"# https://github.com/SimplySecurity/SimplyEmail
./SimplyEmail.py
#DMARC email spoofing
# https://github.com/BishopFox/spoofcheck
python2 spoofcheck.py domain.com
pip3 install mailspoof
sudo mailspoof -d domain.com
# Test email spoof
https://emkei.cz/
# https://github.com/sham00n/buster
buster -e [email protected]# https://github.com/obheda12/GitDorker
python3 GitDorker.py -tf TOKENSFILE -q tesla.com -d dorks/DORKFILE -o target
# https://github.com/dxa4481/truffleHog
trufflehog https://github.com/Plazmaz/leaky-repo
trufflehog --regex --entropy=False https://github.com/Plazmaz/leaky-repo
# https://github.com/eth0izzle/shhgit
shhgit --search-query AWS_ACCESS_KEY_ID=AKIA
# https://github.com/d1vious/git-wild-hunt
python git-wild-hunt.py -s "extension:json filename:creds language:JSON"# https://github.com/twintproject/twint
twint -u username
# https://github.com/mxrch/ghunt
python hunt.py [email protected]