I endorse nothing you’ll do with these tools, use them at your own risks.

---

Combining multiple sources while investigating is highly recommended. Remember, these tools are only there to help your investigation, the conclusion is up to you. This list is updated often, check the date above for the latest update.

Domain and IP Threat Intel

Search by IP, domain, or network owner for real-time threat data

• https://talosintelligence.com/

Website reputation checker

• https://www.urlvoid.com/

Quick way to find an IP reputation from threat feeds

• https://www.ipvoid.com/ip-blacklist-check/

Search by Domain, IP, Email or Organization

• https://www.threatcrowd.org/

Shodan and others

Discover mutiple connected machines and interfaces

• https://www.shodan.io

Another one:

• https://www.censys.io

Also:

• https://en.fofa.info/

And… another one:

• https://securitytrails.com/

Commdand line tool using Shodan to display vulnerabilities of an IP

• https://gitlab.com/shodan-public/nrich

The Chinese shodan 🇨🇳

• https://zoomeye.org

IP cameras

Shodan, Zoomeye and others can discover IP cameras, but for a more in depth solution:

• https://github.com/Ullaakut/cameradar

Phishing specific

Gives an image of the site. Useful to investigate phishing without visiting, public and private scans options.

• https://urlscan.io/
• https://unshorten.me/

Email

• https://www.phishtool.com/

Squatting

• https://www.haveibeensquatted.com/

Files, hashes and URLs

On a side note for security researchers: Don’t upload your crafted payloads to see if they’re detected, rather use an up-to-date AV on a local machine. There’s less risk the signature will be shared among all AV vendors.

Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community (good for daily file/url analysis)

• https://www.virustotal.com/gui/

Joe Sandbox detects and analyzes potential malicious files.

• https://www.joesandbox.com/

Mobile threat intelligence platform (APK, hash…)

• https://beta.pithus.org

and

• https://sisik.eu/apk-tool

Mobile Verification Toolkit for forensics on a smartphone

• https://docs.mvt.re

Open potential malicious PDF and convert them back to safe documents

• https://dangerzone.rocks/

You received a link containing tracking elements ? Test where it redirects

• https://wheregoes.com or
• https://fredirect.vercel.app/

Browser emulation on an online VM

• https://www.browserling.com/

Browser emulation + fraud/spam analysis

• https://urlquery.net/

Threat Intel and trackers

Malware threat intelligence

• https://bazaar.abuse.ch/browse

Public trackers of phishing urls, malwares

• http://benkow.cc/

For lastest infos on compromised hosts or files

• https://pastebin.com/
• https://pastehub.net
• https://doxbin.com/

• Twitter, Reddit…

Find public documents:

• https://www.documentcloud.org/

Ransomware groups

Useful for active monitoring, updated continuously:

• https://ransomwatch.telemetry.ltd/

• https://www.ransomlook.io/

• https://www.ransomware.live/

Global CTI source

• https://github.com/fastfire/deepdarkCTI

Photo Forensic

Maybe the best online tool, useful for CTF and others

• https://29a.ch/photo-forensics/#forensic-magnifier

AI tool for upscaling low res images

• https://github.com/upscayl/upscayl

VIDEO FORENSIC

Translate any social media video post

• https://targum.video/

RANDOM

Face swapping tool

• https://huggingface.co/spaces/felixrosberg/face-swap

Barcodes generator

• https://barcode.tec-it.com/en