Ctrlk

Website OSINT

All in one - Tool

Digital Certs

We can use these to reverse search a certificate to find related websites/ Subdomains

crt.sh | Certificate Searchcrt.sh

https://ui.ctsearch.entrust.com/ui/ctsearchuiui.ctsearch.entrust.com

SSL Server Test (Powered by Qualys SSL Labs)www.ssllabs.com

Local Certificates downloading and analysing tools

GitHub - g0ldencybersec/CloudReconGitHub

Internet Search Engines

Gives information about websites without scanning

Censys SearchCensys

https://www.shodan.io/www.shodan.io

Shodan Based Tools

Finding Web Technology

Find out what websites are built with - Wappalyzerwww.wappalyzer.com

BuiltWithBuiltWith

Technology Lookupsecgron

Detect which CMS a site is using - What CMS?whatcms.org

whatweb | Kali Linux ToolsKali Linux

Finding Load Balancer

lbd | Kali Linux ToolsKali Linux

WHOIS /ASN Information Checker

Whois Lookup, Domain Availability & IP Search - DomainToolswhois.domaintools.com

WHOIS Search, Domain Name, Website, and IP Tools - Who.iswho.is

Whois.com - Free Whois Lookupwww.whois.com

whois | Kali Linux ToolsKali Linux

Reverse Whois

https://viewdns.info/reversewhois/viewdns.info

https://whoisfreaks.com/tools/user/whois/reverse/searchwhoisfreaks.com

Reverse Whois Lookup - Domain search based on email or namewww.reversewhois.io

Reverse Whoissecgron

Historical Whois

https://whoisfreaks.com/tools/user/whois/history/lookupwhoisfreaks.com

WHOIS History API | Domain WHOIS History | Free WHOIS Historywww.whoxy.com

Whois History - Historical Whois Lookup - DomainToolsresearch.domaintools.com

WHOIS History | Check domain history ownership | WhoisXML APIWhoisXML API

Find Similar domain with keyword to check whois

Reverse Domainsecgron

Domain Name Search: Find Available Domains InstantlyInstant Domain Search

https://dnschecker.org/search-domain-name-checker.php?dnschecker.org

https://search.dnslytics.com/search.dnslytics.com

Security Headers

Analyse your HTTP response headerssecurityheaders

Curl

GRC | ID Serve - Internet Server Identification Utilitywww.grc.com

httprecon project - advanced http fingerprintingwww.computec.ch

Browser Developer Tools

You can check the Network tab to view the headers

Find ASN Numbers

Find IP ranges of ASN

GitHub - projectdiscovery/asnmap: Go CLI and Library for quickly mapping organization network ranges using ASN information.GitHub

https://whois.arin.net/ui/query.dowhois.arin.net

IP Addresses Information

AS18053 Special Communication Organization details - IPinfo.ioipinfo

GitHub - owasp-amass/amass: In-depth attack surface mapping and asset discoveryGitHub

Website Information Aggregators

All in one tools for Website OSINT

Web Check - X-Ray Vision for any WebsiteWeb Check

Domain Dossier - Investigate domains and IP addresses, get owner and registrar information, see whois and DNS recordscentralops.net

What's that site running?What's that site running? | Netcraft

https://viewdns.info/viewdns.info

Kali Tools

spiderfoot | Kali Linux ToolsKali Linux

PreviousGovernment Records NextWebsite Monitoring

Last updated 12 days ago