http://securityreliks.securegossip.com/2012/10/th3-j35t3rs-foxone-analysis-and-installation-on-

backtrack-5/

With the New Year fast approaching I thought now would be a great time to post the first draft of some

recommended Open Source Intelligence (OSINT) gathering tools and resources. I will look to maintain

this list overtime and have it grow, so if you come across something you think should be on the list,

drop me an email or leave a comment for consideration.

The reconnaissance phase of any engagement is very important and can often save you alot of time

and of course money. If you are really lucky you may even find the information you are looking for

freely available posted online. Either way the information you find will only be as good as the tools you

use, so with this in mind here is the list based on tools I have come across over the years or have

been recommended by other InfoSec peeps.

* Please note even though the aim is to provide information for free OSINT Tools, some may require a subscription or commercial fee.

Spokeo  - People search engine and free white pages finds phone, address, email, and photos.

Find people by name, email, address, and phone for free.

theHarvester  - This tool is intended to help Penetration testers in the early stages of the

penetration test in order to understand the customer footprint on the Internet. It is also useful for

anyone that wants to know what an attacker can see about their organization.

Foca  - FOCA 3.2 Free is a fingerprinrint and information gathering tool for pentesters. It searchs

for servers, domains, URLS and public documents and print out discoverd information in a

network tree. It also searches for data leaks such as metadata, directory listing, unsecure HTTP

methods, .listing or .DS_Store files, actived cache in DNS Serves, etc…

Shodan  - Search for computers based on software, geography, operating system, IP address

and more

Maltego  - Maltego is a unique platform developed to deliver a clear threat picture to the

environment that an organization owns and operates. Maltego’s unique advantage is to

demonstrate the complexity and severity of single points of failure as well as trust relationships

that exist currently within the scope of your infrastructure.

Deep Magic  - Search for DNS records and other fun stuff

Jigsaw  - Jigsaw is a prospecting tool used by sales professionals, marketers and recruiters to

get fresh and accurate sales leads and business contact information.

Hoovers  - Search over 85 million companies within 900 industry segments; Hoover’s Reports

Easy-to-read reports on key competitors, financials, and executives

Market Visual  - Search Professionals by Name, Company or Title

FoxOne Scanner  - Non- Invasive and Non-Detectable WebServer Reconnaissance Scanner

Creepy  - creepy is an application that allows you to gather geolocation related information about

users from social networking platforms and image hosting services.

Recorded Future  - Recorded Future intelligence analysis tools help analysts understand trends

in big data, and foresee what may happen in the future. Groundbreaking algorithms extract

temporal and predictive signals from unstructured text. Recorded Future organizes this

information, delineates results over interactive timelines, visualizes past trends, and maps future

events– all while providing traceability back to sources. From OSINT to classified data,

Recorded Future offers innovative, massively scalable solutions.

MobiStealth  - Mobistealth Cell Phone Spy Software empowers you to get the answers you truly

want and deserve. Including a host of advanced surveillance features, our Cell Phone Spy

Software secretly monitors all cell phone activities and sends the information back to your

Mobistealth user account.

Snoopy  - Snoopy is a distributed tracking and profiling framework

Stalker  - STALKER is a tool to reconstruct all captured traffic (wired or wireless alike) and parse

out all of the “interesting” information disclosures.  It goes beyond just grabbing passwords and

emails out of the air as it attempts to build a complete profile of your target(s).  You would be

amazed at how much data you can collect in 15 minutes.

LinkedIn Maps  - Your professional world. Visualized. Map your professional network to

understand the relationships between you and your connections

LittleSis  - LittleSis is a free database of who-knows-who at the heights of business and

government.

Entity Cube  - EntityCube is a research prototype for exploring object-level search technologies,

which automatically summarizes the Web for entities (such as people, locations and

organizations) with a modest web presence.

TinEye  - TinEye is a reverse image search engine built by Idée currently in beta. Give it an

image and it will tell you where the image appears on the web.

Google Hacking DB  - Google Search Query Fu to find the secret sauce

ServerSniff  - ServerSniff.net – Your free “Swiss Army Knife” for networking, serverchecks and

routing with many many little toys and tools for administrators, webmasters, developers,

powerusers und security-aware users.

MyIPNeighbours  - My IP Neighbors lets you find out if any other web sites (“virtual hosts”) are

hosted on a given web server.

Social Mention  - Social Mention is a social media search engine that searches user-generated

content such as blogs, comments, bookmarks, events, news, videos, and more

Glass Door  - Search jobs then look inside. Company salaries, reviews, interview questions, and

more – all posted anonymously by employees and job seekers.

NameCHK  - Check to see if your desired username or vanity url is still available at dozens of

popular Social Networking and Social Bookmarking websites.

Scythe  - The ability to test a range of email addresses (or account names) across a range of

websites (e.g. social media, blogging platforms, etc…) to find where those “targets” have active

accounts.

Recon-NG  – A nice Python Script that automates recon on LinkedIn, Jigsaw, Shodan and some

search engine fu.

Pushpin  – Awesome little Python script that will identify every tweet, flicker pic and Youtube

video within an area of a specific Geo address.

Silobreaker  – Enterprise Semantic Search Engine, allows virtualisation of data, analytics and

exploration of key data.

Google Trends  – See what are the popular related topics people are searching for. This will help

widen your search scope.

Google Alerts  - Google Alerts are email updates of the latest relevant Google results (web,

news, etc.) based on your queries.

Addict-o-matic  – Nice little search aggregator. Allows you to enter a search term and build a

page from search and social networking sites.

PasteLert  - PasteLert is a simple system to search pastebin.com and set up alerts (like google

alerts) for pastebin.com entries. This means you will automatically recieve email whenever your

term(s) is/are found in new pastebin entries!

Kurrently  – Real Time Search Engine for Social Media.

CheckUsernames  - Check for usernames across 160 Social Networking Sites.

Whos Talkin  - social media search tool that allows users to search for conversations surrounding

the topics that they care about most.

192  - Search for People, Businesses and Places in the UK.

Esearchy  - Esearchy is a small library capable of searching the internet for email addresses. It

can also search for emails within supported documents.

TouchGraph SEO  – Java based tool for importing and visualising various data types.

TalkBack  - Talkback is a web-based system to view trending vulnerability and security research

data mined from social-media.

Tweet Archivist  - Tweets are ephemeral. Tweets disappear. Why? That’s the way Twitter is

designed. Tweet Archivist can save those tweets before they’re gone. Now, to be clear, Tweet

Archivist is not an archive of every tweet ever tweeted. It doesn’t have a database of all tweets.

Its not listed above, but of course popular Social Networks such as Facebook, Twitter, LinkedIn and

alike have a wealth of information. Of course also consider older sources that are now less popular, its

amazing what people leave behind on stuff like MySpace. Also remember that search engines show

you stuff thats popular, not perhaps the obscure stuff you are searching for, so get creative with your

search queries and use the various tools at your disposal.

Lastly I will add alot of Social Engineers dont have alot of global exposure, so do your homework of

where you are targeting. If you are targeting Japan for example their number 1 Social Network is not

Facebook, so you need to do recon in the right places, and put in the extra legwork to gain the

relevant access.

http://www.subliminalhacking.net/category/categories/tools/page/3/#feed

Wireless recon and exploitation may not be one of the techniques that first jumps to mind when you

think of Social Engineering, but its a valid attack vector for both the on premises recon and attacks

(direct to the wireless infrastructure) but also clientside (attacking the host on premise and in the

airport lounge).

With this in mind and the ever increasing usage of wireless technologies and a couple of requests

from people I thought it would be a great idea to put together another recommendations list of tools,

hardware and resources for anyone looking to get into wireless auditing or adding wireless attack

vectors to their current attack methodology (similar to my OSINT   Tools Recommendations List ).

This page will be maintained and grown over time, if you know of a good tool, decent hardware or

resource please get it touch for consideration on adding it to this list.

Aircrack-NG  - Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can

recover keys once enough data packets have been captured.

Kismet   - Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection

system.

inSSIDer  - inSSIDer displays all the Wi-Fi networks around you – including security information,

the strength of the network, and broadcasting channel.

Airpwn  - Airpwn listens to incoming wireless packets, and if the data matches a pattern specified

in the config files, custom content is injected “spoofed”.

CoWPAtty  – WPA Dictionary Attacking Tool.

Ettercap  – Not wireless specific but a handy tool for Man In The Middle Attacking.

ASLeap  – Tool for exploiting Cisco LEAP authentication.

FreeRadius  - A patch for the popular open-source FreeRADIUS implementation to demonstrate

RADIUS impersonation vulnerabilities

Karmetasploit  - Karmetasploit is a great function within Metasploit, allowing you to fake access

points, capture passwords, harvest data, and conduct browser attacks against clients.

EWSA  – Elcomsoft Wireless Security Auditor allows GPU power to crack WPA.WPA2 password

enabled networks.

Alfa AWUS036H  - 1000mW 1W 802.11b/g High Gain USB Wireless Long-Rang WiFi network

Adapter with 5dBi Antenna.

GlobalStat BU353 GPS  – USB GPS Dongle compatible with Kismet. Ideal war mapping out

wireless coverage.

WiFi Pineapple  - Awesome one box wonder of WiFi hacking goodness.

Immunity Silica  - Automated wireless auditing tool.

AirPCAP  - Wireless Packet Capture Solution.

Edimax EW-7811Un  – Nano USB Wifi Adapter that supports inject.

BackTrack 5 Wireless Penetration Testing Beginner’s Guide  - Great book on Wireless

Pentesting with BackTrack by Vivek Ramachandran.

Hacking Exposed Wireless, Second Edition  – The Hacking Exposed books are well known, and

this one features the sushi king Josh Wright.

Wardriving with Kismet  – Old blog post I did on WarDriving with Kismet, still a handy reference.

Church of Wifi   - WPA PSK Rainbow Tables

BlueSnarfer  –  Provides the ability to send and receive AT Commands from GSM extensions.

BlueBugger   - Bluetooth tool to access phonebook, messages and other AT commands from

supported GSM devices.

CarWhisperer  – Provides the ability to connect to BlueTooth devices with a class of handsfree

and uses default passkeys to connect.

Linksys   Usbbt100  – Great moddable  BlueTooth dongle for hacking, not so easy to get hold of.

MSI MS-6967 – Another BlueTooth dongle that supports modding for external antenna.

Conceptronic CBT200U2 - Another BlueTooth dongle that supports modding for external

antenna.

Ubertooth One  – The goto hardware for Bluetooth hacking and experimentation.

KillerBee  –  KillerBee is a Python based framework and tool set for exploring and exploiting the

security of ZigBee and IEEE 802.15.4 networks.

KisBee   - Kisbee is a project to create a small, battery powered, open source hardware device for

capturing 802.15.4 (aka Zigbee).

AVR RZ Raven – Zigbee USB Wireless that works with the KillerBee Framework.

Proxmark3  - The Proxmark III is the most powerful and versatile open source device currently

available for performing RFID research.