🕵️ Recon toolbox
I endorse nothing you’ll do with these tools, use them at your own risks.
Combining multiple sources while investigating is highly recommended. Remember, these tools are only there to help your investigation, the conclusion is up to you.
Using web tools can be beneficial when it comes to investigations, as you don’t directly interact with the target.
Recon (online) toolbox
MAGIC TOOLBOX
Bunch of tools:
Complet toolbox, all free, you can nmap and even find public buckets:
Search the web for files:
FINGERPRINTING
A somehow “whatweb”, but online:
Focused on headers security:
Certificate search (and passive subdomain enumeration):
Domain history checker
Domains, links, backlinks…
DNS + SUBDOMAINS
Fast and accurate DNS explorer:
DOMAINS (+ EMAILS)
Made by intelx.io, awesome tool that can find subdomains and existing emails:
- https://phonebook.cz/ Another one:
- https://webscout.io
Findings emails from a Linkedin company page:
From a specific domain, helps to retrieve existing users:
EMAIL RECON
Web version of https://github.com/megadose/holehe, but in web (works well with gmail):
From Megadose and his team, a nice UI and great results:
GMAIL SPECIFIC
Instead of Epieos (not free for all results), use Ghunt :
Web version:
EMAIL REPUTATION
Gives a nice detailed JSON result:
GET EMAIL FROM GITHUB PROFILE
A sometimes quick and easy method:
GET EMAIL FROM GOOGLE DOC
Find the owner’s email from a public google doc (very effective)
USERNAME
Fast username checker, wide range of supported services, but some are false positives:
CLI tool, effective:
SEARCH ENGINES LIST
PHONE
Fast and accurate phone number lookup: Check my post
Check if phone number is used on certain social medias:
CELL TOWER MAPPING
WIFI MAPPING
Heavy on browser CPU, but lots of strategical info:
DARKNET SEARCH
Clearnet version to search into the Tor network:
Whois… for onions:
WHOS POSTED IT ?
TORRENT (+ IP)
Simply why you should use a VPN while torrenting:
Email, IP, username… from breaches:
Disclaimer: The following links are well known sources where threat actors (and legitimate users) obtain leaked data. I do not endorse or support any offensive, illegal, or harmful activities related to data breaches, as their legal state depends on your location. It is important to remember to always respect privacy, adhere to legal and ethical guidelines.
On TOR
- DeepSearch (FREE)
- Facebook leaks (2019) (FREE)
- Various data leaks using torrent (FREE)
On Clear
- https://ddosecrets.com/ (major breaches from corporations)
- https://haveibeenpwned.com (basic search about an email/phone)
- https://dehashed.com (paid)
- https://snubase.com (paid)
- https://leakpeek.com (paid)
- https://leakcheck.io/ (paid but affordable)
- https://weleakinfo.to (probably down too)
- https://leaks.sh ( 🔴 down)
- https://breachdirectory.org (FREE)
- https://search.illicit.services/ ( 🔴 down)
- https://breach.vip/ (FREE)
Ashley Madison breach checker
Email to Skype account:
A random guy sharing a lot of stuff
Face-Search
Identify any model of car
Location finder per picture
Planes
- https://www.flightera.net: Find flights per dates, reg numbers and many more.
- https://www.regosearch.com: Plane registration search.
Live flights
Planes seats config
OSINT
- Aggregator of tools: https://smart.myosint.training/