# Website OSINT ### All in one - Tool {% embed url="" %} down {% endembed %} ### Digital Certs We can use these to reverse search a certificate to find related websites/ Subdomains {% embed url="" %} {% embed url="" %} {% embed url="" %} #### Local Certificates downloading and analysing tools {% embed url="" %} {% embed url="" %} Certs at cloud IPs downloaded weekly {% endembed %} ### Internet Search Engines Gives information about websites without scanning {% embed url="" %} {% embed url="" %} #### Shodan Based Tools {% embed url="" %}

passive Nmap like scanner built with shodan.io

{% endembed %} {% embed url="" %} Uses Inbuilt Shodan querries to find information about a domain {% endembed %} ### Finding Web Technology {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} ### Finding Load Balancer {% embed url="" %} ### WHOIS /ASN Information Checker {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} #### Reverse Whois {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} #### Historical Whois {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} #### Find Similar domain with keyword to check whois {% embed url="" %} {% embed url="" %} {% embed url="?" %} {% embed url="" %} ### Security Headers {% embed url="" %} #### Curl ``` curl -I https://certifiedhacker.com/ ```

{% embed url="" %} {% embed url="" %} #### **Browser Developer Tools** You can check the Network tab to view the headers ### Find ASN Numbers {% embed url="" %} Can be helpful to locate more Websites {% endembed %} #### Find IP ranges of ASN {% embed url="" %} {% embed url="" %} #### IP Addresses Information {% embed url="" %} {% embed url="" %} ### Website Information Aggregators All in one tools for Website OSINT {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} #### Kali Tools {% embed url="" %}