Children's dream is sparrow happiness.
The Kremlin chain of bots ten times increased the coverage of users of social networks. Now this messages see more than 1.6 million users per day: https://theins.ru/news/272248
Warofwords website is available for key TV channels, RUTUBE, YouTube channels, telegram channels. Video poses - with a complete decoding, which can greatly facilitate, in particular, the work of facts. Search for keywords, speakers, sources, resource types, specific programs is available: https://warofwords.info/
Shadow Finder from Bellingcat. Find possible locations of shadows around the world: https://github.com/bellingcat/ShadowFinder
FRAVIA. The Art of Searching from Soxoj: https://soxoj.substack.com/p/book-fravia-the-art-of-searching
OSINT Tools, Services and Investigations:
Badsecrets. A library for detecting known secrets across many web frameworks: https://github.com/cosad3s/badsecrets
PostLeaks. Search for sensitive data in Postman public library: https://github.com/cosad3s/postleaks
Prying Deep. An OSINT tool to collect intelligence on the dark web: https://github.com/iudicium/pryingdeep
PackageSpy is a versatile command-line tool designed to simplify the process of searching for packages on two popular package managers: https://github.com/aydinnyunus/PackageSpy
Apache Tomcat Scanner. A python script to scan for Apache Tomcat server vulnerabilities: https://github.com/cosad3s/ApacheTomcatScanner
Reflector. Burp plugin able to find reflected XSS on page in real-time while browsing on site: https://github.com/elkokc/reflector
njsdump. Dump paths & pages from Next.js Manifest: https://github.com/cosad3s/njsdump
Subscout. All-in-one subdomains scout tool Docker image: https://github.com/cosad3s/subscout
ACHE is a web crawler for domain-specific search: https://github.com/ViDA-NYU/ache
WebCollector is an open source web crawler framework based on Java.It provides some simple interfaces for crawling the Web,you can setup a multi-threaded web crawler in less than 5 minutes: https://github.com/CrawlScript/WebCollector
Basic website cloner written in Python: https://github.com/ZKAW/website-cloner
Python SSH Cracker: https://github.com/networkdavit/Python-SSH-Cracker
hfinder - Help recon of hostnames from specific ASN or CIDR, thanks to Robtex and BGP.HE: https://github.com/cosad3s/hfinder
Freeway - WiFi Penetration Testing & Auditing Tool: https://github.com/FLOCK4H/Freeway
Conpass will get all domain users and try a list of password provided in a password file. When a user can be locked out, the tool will wait for the lockout reset period before trying another password: https://github.com/login-securite/conpass
Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company: https://github.com/maliceio/malice
Phantom. A multi-platform HTTP(S) Reverse Shell Server and Client in Python 3: https://github.com/EONRaider/BCA-Phantom
PingRAT. PingRAT secretly passes C2 traffic through firewalls using ICMP payloads: https://github.com/umutcamliyurt/PingRAT
AI:
ChatGPT for OSINT Analysts. Your AI-Powered Assistant for Organizing Collected Intelligence: https://publication.osintambition.org/chatgpt-for-osint-analysts-your-ai-powered-assistant-for-organizing-collected-intelligence-33bbe4b1fac5
bin2ml. A command line tool for extracting machine learning ready data from software binaries powered by Radare2: https://github.com/br0kej/bin2ml
Software Development:
Offensive GoLang. A collection of offensive Go packages inspired by different Go repositories: https://github.com/MrTuxx/OffensiveGolang
Linux & DevOps:
Dufs. A file server that supports static serving, uploading, searching, accessing control, webdav: https://github.com/sigoden/dufs
HexVPN is a Python script that sets up a VPN connection using Riseup's VPN service. It fetches the necessary client certificates and VPN gateway configurations, measures latency to select the fastest gateway, and updates the configuration file accordingly: https://github.com/HexBuddy/HexVPN
Flipper Zero:
Flipper Zero Pentestor's opinion after two years of "field" operation: https://habr.com/ru/companies/bastion/articles/820279/
New from CyberDetective:
A Collection of Awesome Google Dorks: https://github.com/Tobee1406/Awesome-Google-Dorks
One Million Dorks. A repository with text files containing a million dorks for finding potentially vulnerable web pages and sensitive data (in Google and other search engines). Can be used with various automation tools: https://github.com/HackShiv/OneDorkForAll
VATINT (Vehicle and Transportation Intelligence) Tools. Online services for search by VIN or License Plates numbers in different countries, Stolen car database (Europe), Container and ships tracking, Flights, trains, drones tracking: https://github.com/CScorza/Tool-VATINT
New from GitHub Community:
GramAddict. Completely free and open-source human-like Instagram bot. Powered by UIAutomator2 and compatible with basically any Android device 5.0+ that can run Instagram - real or emulated: https://github.com/GramAddict/bot
LinkedIn: OSINTech's Featured Timeline
SubStack: OSINTech's Substack
WARNING! All tools, programs and techniques published in this article and repository are used for informational, educational purposes or for information security purposes. The authors are not responsible for the activities that users of these tools and techniques may carry out, and urge them not to use them to carry out harmful or destructive activities directed against other users or groups on the Internet.