Website OSINT

All in one - Tool

LogoOSINT.SHsecgron
down

Digital Certs

We can use these to reverse search a certificate to find related websites/ Subdomains

Logocrt.sh | Certificate Search
Entrust Certificate Search - Entrust, Inc.
LogoSSL Server Test (Powered by Qualys SSL Labs)

Local Certificates downloading and analysing tools

LogoGitHub - g0ldencybersec/CloudReconGitHub
Logosni-ip-ranges • Directory Listerkaeferjaeger.gay
Certs at cloud IPs downloaded weekly

Internet Search Engines

Gives information about websites without scanning

LogoCensys SearchCensys
LogoShodanShodan

Shodan Based Tools

LogoGitHub - s0md3v/Smap: a drop-in replacement for Nmap powered by shodan.ioGitHub
passive Nmap like scanner built with shodan.io
LogoGitHub - Dheerajmadhukar/karma_v2: ⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)GitHub
Uses Inbuilt Shodan querries to find information about a domain

Finding Web Technology

LogoFind out what websites are built with - Wappalyzer
https://builtwith.com/builtwith.com
https://osint.sh/stack/osint.sh
LogoDetect which CMS a site is using - What CMS?
Logowhatweb | Kali Linux ToolsKali Linux

Finding Load Balancer

Logolbd | Kali Linux ToolsKali Linux

WHOIS /ASN Information Checker

LogoWhois Lookup, Domain Availability & IP Search - DomainTools
LogoWHOIS Search, Domain Name, Website, and IP Tools - Who.is
LogoWhois.com - Free Whois Lookup

Logowhois | Kali Linux ToolsKali Linux

Reverse Whois

https://viewdns.info/reversewhois/viewdns.info
https://whoisfreaks.com/tools/user/whois/reverse/searchwhoisfreaks.com
LogoReverse Whois Lookup - Domain search based on email or name
LogoReverse Whoissecgron

Historical Whois

https://whoisfreaks.com/tools/user/whois/history/lookupwhoisfreaks.com
LogoWHOIS History API | Domain WHOIS History | Free WHOIS Historywww.whoxy.com
https://research.domaintools.com/research/whois-history/research.domaintools.com
LogoWHOIS History | Check domain history ownership | WhoisXML API

Find Similar domain with keyword to check whois

https://osint.sh/domain/osint.sh
LogoDomain Name Search - Find Available Domains InstantlyInstant Domain Search
LogoDomain Name Search | Check Domain Availability OnlineDNS Checker
https://search.dnslytics.com/search.dnslytics.com

Security Headers

LogoAnalyse your HTTP response headerssecurityheaders

Curl

curl -I https://certifiedhacker.com/
LogoGRC | ID Serve - Internet Server Identification Utility
Logohttprecon project - advanced http fingerprinting

Browser Developer Tools

You can check the Network tab to view the headers

Find ASN Numbers

https://bgp.he.net/bgp.he.net
Can be helpful to locate more Websites

Find IP ranges of ASN

LogoGitHub - projectdiscovery/asnmap: Go CLI and Library for quickly mapping organization network ranges using ASN information.GitHub
https://whois.arin.net/ui/query.dowhois.arin.net

IP Addresses Information

LogoAS18053 Special Communication Organization details - IPinfo.ioipinfo
LogoGitHub - owasp-amass/amass: In-depth Attack Surface Mapping and Asset DiscoveryGitHub

Website Information Aggregators

All in one tools for Website OSINT

LogoWeb Check
LogoDomain Dossier - Investigate domains and IP addresses, get owner and registrar information, see whois and DNS recordscentralops.net
LogoWhat's that site running?What's that site running? | Netcraft
https://viewdns.info/viewdns.info

Kali Tools

Logospiderfoot | Kali Linux ToolsKali Linux
PreviousGovernment RecordsNextWebsite Monitoring

Last updated

Was this helpful?