10 |
11 |
23 |
24 | Clearnet Search Engines
12 | 13 | * [Ahmia](https://ahmia.fi/) - Ahmia searches hidden services on the Tor network. To access these hidden services, you need the [Tor browser bundle](https://www.torproject.org/projects/torbrowser.html). 14 | * [Dark Search](https://darksearch.io/) - A clearnet search engine for searching the Dark Web 15 | * [https://onionlandsearchengine.com/](https://onionlandsearchengine.com/) - A search engine for the deep web. Official onion site can be found [here.](http://3bbad7fauom4d6sgppalyqddsqbf5u5p56b5k5uk2zxsy3d6ey2jobad.onion/) 16 | * [https://www.dargle.net/search](https://www.dargle.net/search) - A data aggregation platform for dark web domains. Using this directory, we can generate a portfolio of domains and their statuses, gain insight into the content and nature of these services, as well as the connections between them. 17 | * [https://torwhois.com](https://torwhois.com) - TorWhois Onion Search 18 | * [TheDevilsEye](https://github.com/rlyonheart/thedevilseye) — Search links in #darknet (.onion domain zone) from command line without using a Tor network. 19 | * [Onion Search Engine (+maps, mail and pastebin)](https://onionsearchengine.com/) 20 | * [KILOS Darknet Search Engine](http://dnmugu4755642434.onion.pet/captcha) 21 | 22 |
25 |
26 |
33 |
34 | Invisible Internet Project (I2P)
27 | 28 | * [https://i2psearch.com/](https://i2psearch.com/) - A I2P search engine. I2P gateway is used for the search results to access I2P hidden services, known as "eepsites". 29 | * [https://ahmia.fi/i2p/](https://ahmia.fi/i2p/) - Another great I2P search engine. 30 | * [http://nekhbet.com/i2p\_links.shtml](http://nekhbet.com/i2p\_links.shtml) - A neatly organized directory of eepsites. 31 | 32 |
35 |
36 |
45 |
46 | Deep/Darknet Search Utility
37 | 38 | * [Onion Link](http://onionlink.online) - Constantly curated list of popular Dark Web links. 39 | * [Tor2Web ](https://tor2web.org/)- Tor2web is a software project to allow [Tor hidden services](https://en.wikipedia.org/wiki/List\_of\_Tor\_hidden\_services) to be accessed from a standard [browser](https://en.wikipedia.org/wiki/Web\_browser) without being connected to the [Tor network](https://en.wikipedia.org/wiki/Tor\_\(anonymity\_network\)) 40 | * [Haystack](http://haystak5njsmn2hqkewecpaxetahtwhsbsa64jom2k22z5afxhnpxfid.onion/) - Search engine service to discover hidden services and gain access to onion sites or eepsites in the I2P network. 41 | * [https://www.darkowl.com/darknetdataproducts](https://www.darkowl.com/darknetdataproducts) - A great tool for searching through different darknets including TOR, I2P, ZeroNet and paste sites. Requires a paid subscription. 42 | * [https://iaca-darkweb-tools.com](https://iaca-darkweb-tools.com) - A collection of darkweb search tools. Allows you to query .onion search engines, marketplaces and social media sites. 43 | 44 |
47 |
48 |
57 |
58 | IPFS - Interplanetary File System
49 | 50 | A peer-to-peer hypermedia protocol designed to preserve and grow humanity's knowledge by making the web upgradeable, resilient, and more open. 51 | 52 | * [https://www.ipse.io/](https://www.ipse.io/) - An IPFS search engine. 53 | * [https://ipfs-search.com/#/search](https://ipfs-search.com/#/search) - Another search engine for IPFS. 54 | * [https://awesome.ipfs.io/datasets/](https://awesome.ipfs.io/datasets/) - A huge collection of all sorts of different data sets hosted via IPFS. 55 | 56 |
59 |
60 |
71 |
72 | Misc Sites and Tools
61 | 62 | * [Dark Web Exposure and Phishing Detection Test](https://www.immuniweb.com/darkweb/) 63 | * [Onion Search ](https://github.com/megadose/OnionSearch)- OnionSearch is a Python3 script that scrapes urls on different ".onion" search engines. 64 | * [TorBot](https://github.com/DedSecInside/TorBot) - Open source Intel tool for searching and crawling the Dark Web. 65 | * [https://torwhois.com](https://torwhois.com) - Look up an .onion address and see basic information such as date last seen, open ports, running software and banners. You can also query specific onions from the command line: `whois -h torwhois.com facebookcorewwwi.onion` 66 | * [https://osint.party/api/rss/fresh](https://osint.party/api/rss/fresh) - An amazing RSS feed of fresh and newly discovered .onion sites. Be careful, this feed remains uncensored, so you may encounter illegal content. 67 | * [https://darktracer.com/](https://darktracer.com/) - Darkweb intelligence too. Has a free version for a limited number of queries. 68 | * [https://socradar.io/labs/darkmirror/](https://socradar.io/labs/darkmirror/) - Darkweb forum monitoring service 69 | 70 |
73 |
74 |
82 |
--------------------------------------------------------------------------------
/cyber-intelligence/osint/ip-address.md:
--------------------------------------------------------------------------------
1 | # IP Address
2 |
3 | ## **IP Address**
4 |
5 | When researching IP addresses, it is important to know the context of the search you are performing. There are a multitude of sources to research IP addresses and they can vary depending on what information you want to learn about them. For offensive security, threat hunting, and attack surface mapping, we want current registration data, and any associated data points that our searches may return. These can include hosted domains, ASN, associated network artifacts, etc.
6 |
7 | For defensive operations, such as those of the security blue team, you would be looking for historical data and activity data of the IP address. These tools will be detailed in another section about threat research. The below links and tools are specifically for offensive intelligence gathering and reconnaissance.
8 |
9 | **IP.html**
10 |
11 | IP.html is another handy little tool created by Michael Bazzel that makes initial research of an IP address quite easy. This tool will populate multiple searches automatically for you to see what information you can gather about your target.
12 |
13 | Sites Include: Bing, Reverse IP, Locate IP, Port Scan, IP Whois, TraceRoute, Who.IS IP, Cynsys, ThreatCrowd, Shodan, ZoomEye, Torrents, "That's Them", WeLeakInfo, Dehashed, and UltraTools IP.
14 |
15 | {% file src="../../.gitbook/assets/IP (1).html" %}
16 |
17 |
18 |
19 | ### **Whois Vs. RDAP**
20 |
21 | Whois is a great tool for gathering registration data for IP addresses and domains. The only problem with it is that there is not a clearly defined structure to organize registration data points and keep them maintained. Enter RDAP. A new Standard as of 2019, RDAP lookups will quickly replace WHOIS lookups.
22 |
23 | * RDAP lookup tool - [https://client.rdap.org](https://client.rdap.org)
24 | * General information on RDAP - [https://www.icann.org/rdap](https://www.icann.org/rdap)
25 |
26 | ### **Is this a Tor Node?**
27 |
28 | Maybe? Check it with this! [https://metrics.torproject.org/exonerator.html](https://metrics.torproject.org/exonerator.html)
29 |
30 | Torrent IP addresses **-** [https://iknowwhatyoudownload.com](https://iknowwhatyoudownload.com)
31 |
32 | [https://seon.io/intelligence-tool/#ip-analysis-module](https://seon.io/intelligence-tool/#ip-analysis-module) - Check if an IP is a tor node, VPN, proxy and even run a blacklist check.
33 |
34 | ### Is this a VPN Exit Node?
35 |
36 | * [https://www.ipqualityscore.com/vpn-ip-address-check](https://www.ipqualityscore.com/vpn-ip-address-check)
37 |
38 | ### **IP Location Info**
39 |
40 | There are a several ways to find [geolocation](https://www.iplocation.net/geolocation) of a user: HTML5 API, Cell Signal and IP Address to name a few. If you have an IP Address and want to find the geolocation data for the target, the below sites use various methods to determine that data.
41 |
42 | \*Note: It is recommended that you use as many tools as possible for a consensus determination on the location. Some times results will show the location of the registrant, but not the location of the IP in use.
43 |
44 | * [https://www.iplocation.net/](https://www.iplocation.net/)
45 | * [https://www.ip2location.com/](https://www.ip2location.com/)
46 | * [https://www.ipfingerprints.com/](https://www.ipfingerprints.com/)
47 | * [https://ipstack.com/](https://ipstack.com/)
48 |
49 | ### Misc Tools
50 |
51 | * [https://focsec.com/](https://focsec.com/) - Determine if a user’s IP address is associated with a VPN, Proxy, TOR or malicious bots
52 |
--------------------------------------------------------------------------------
/cyber-intelligence/osint/search-engines/google-dorking-cheatsheet.md:
--------------------------------------------------------------------------------
1 | # Google Dorking
2 |
3 | ### Google Dork Collections
4 |
5 | * [https://github.com/BullsEye0/google\_dork\_list](https://github.com/BullsEye0/google\_dork\_list)
6 | * [https://github.com/rootac355/SQL-injection-dorks-list](https://github.com/rootac355/SQL-injection-dorks-list)
7 | * [https://github.com/unexpectedBy/SQLi-Dork-Repository](https://github.com/unexpectedBy/SQLi-Dork-Repository)
8 | * [https://github.com/thomasdesr/Google-dorks](https://github.com/thomasdesr/Google-dorks)
9 | * [https://github.com/arimogi/Google-Dorks](https://github.com/arimogi/Google-Dorks)
10 | * [https://github.com/aleedhillon/7000-Google-Dork-List](https://github.com/aleedhillon/7000-Google-Dork-List)
11 | * Bug Bounty Dorks
12 | * [https://github.com/sushiwushi/bug-bounty-dorks](https://github.com/sushiwushi/bug-bounty-dorks)
13 | * [https://github.com/hackingbharat/bug-bounty-dorks-archive/blob/main/bbdorks](https://github.com/hackingbharat/bug-bounty-dorks-archive/blob/main/bbdorks)
14 | * [https://github.com/Vinod-1122/bug-bounty-dorks/blob/main/Dorks.txt](https://github.com/Vinod-1122/bug-bounty-dorks/blob/main/Dorks.txt)
15 | * Backlinks
16 | * [https://github.com/alfazzafashion/Backlink-dorks](https://github.com/alfazzafashion/Backlink-dorks)
17 | * [https://www.techywebtech.com/2021/08/backlink-dorks.html](https://www.techywebtech.com/2021/08/backlink-dorks.html)
18 | * [https://www.blackhatworld.com/seo/get-backlinks-yourself-1150-dorks-for-forum-hunting.380843/](https://www.blackhatworld.com/seo/get-backlinks-yourself-1150-dorks-for-forum-hunting.380843/)
19 | * CMS Dorks
20 | * Wordpress [https://pastebin.com/A9dsmgHQ](https://pastebin.com/A9dsmgHQ)
21 | * Magento [https://pastebin.com/k75Y2QhF](https://pastebin.com/k75Y2QhF)
22 | * Joomla [https://pastebin.com/vVQFTzVC](https://pastebin.com/vVQFTzVC)
23 |
24 | ### Google Dorking Cheatsheet
25 |
26 | * @\[Search term] Searches a keyword on social media
27 | * “Search term” Searches an exact match
28 | * “Search \* term” Searches the \* for any wildcard
29 | * (+) (-) (“) (.) (\*) (|) (“String” | String) Force inclusion of something common Exclude a search term Use quotes around a search phrase A single-character wildcard Any word boolean ‘OR‘ Parenthesis group queries 06 cache:\[url] Searches for cached versions of a site or page
30 | * numrange\[#]..\[#]
31 | * daterange:startdate-enddate Must be expressed in \*Julian time (and only in integers)
32 | * The number of days that have passed since January 1, 4713 B.C. unlike Gregorian days (those on the calendar)
33 | * link: \[url] Shows links to the URL and helps determine site relation- ships and more importantly trust relationships; this gets treated like normal search text (not a modifier) when com- bined with other search terms though.
34 | * related: \[url] Searches related to your search term
35 | * intitle: string to search Show only those pages that have the term in their html title
36 | * allintitle:\[string] Similar to intitle, but looks for all the specified terms in the title
37 | * inurl: \[string] Searches for the specified term in the url; for example inurl:”login.php”. (Can also do :port)
38 | * allinurl:\[url] Same as inurl, but searches for all terms in the url
39 | * intext:“String to search” Searches the content of the page and similar to a plain Google search; for example intext:”index of /”.
40 | * allintext: “String to search” Similar to intext, but searches for all terms to be present in the text 07 filetype: \[xls] Searches for specific file types; filetype:pdf will looks for pdf files in websites.
41 | * phonebook:\[name]
42 | * \[URL]\&strip=1 Added to the end of a cached URL only shows Google’s text, not the target’s; perform a Google search, right-click copy/ paste the link and then paste the URL adding \&strip=1
43 | * site.com/search?q=inurl:admin.PhP\&start=10 Changing your query to vary the extension case and modifying the query can help defeat some of Google’s blockers which work to defeat your search query
44 | * site.com/search?q=@email.com Searching for email addresses
45 | * site:site.com -site:obivousresult.com Eliminates obvious results, reducing most public, top ‘ranked’ unwanted results and bringing more useful results to the top of the search; you are looking for the relation- ship of links in both inbound and outbound directions
46 | * inurl: Port scanning, can be combined with the site operator
47 | * inurl:8080 -intext:8080 Servers listening on port 8080 removing results with 8080 in the page
48 | * filetype:inc intext:mysql\_connect filetype:sql + “IDENTIFIED BY” -cvs Search combinations that goes after files with cleartext SQL passwords and credentials
49 | * intitle:”VNC viewer” Example of a search for sites that launch a VNC client
50 |
51 | **Source:** [**https://know.bishopfox.com/hubfs/mkt-coll/Bishop-Fox-Breaking-and-Entering-Pocket-Guide.pdf**](https://know.bishopfox.com/hubfs/mkt-coll/Bishop-Fox-Breaking-and-Entering-Pocket-Guide.pdf)****
52 |
--------------------------------------------------------------------------------
/cyber-intelligence/osint/search-engines/goohak.sh-code.md:
--------------------------------------------------------------------------------
1 | ---
2 | description: https://github.com/1N3/Goohak/blob/master/goohak
3 | ---
4 |
5 | # Goohak.sh Code
6 |
7 | ```
8 | #!/bin/bash
9 | # + -- --=[GooHak by @xer0dayz
10 | # + -- --=[http://sn1persecurity.com
11 | #
12 | # ABOUT:
13 | # GooHak is a shell script to automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.
14 | #
15 | # DEPENDENCIES:
16 | # iceweasel or xdg-utils (apt-get install xdg-utils)
17 | # Linux
18 |
19 | TARGET="$1"
20 | BROWSER="firefox" # CHANGE TO DEFAULT BROWSER - FOR OSX, USE "open".
21 | VER="1.9"
22 | OKBLUE='\033[94m'
23 | OKRED='\033[91m'
24 | OKGREEN='\033[92m'
25 | OKORANGE='\033[93m'
26 | DELAY=5
27 | RESET='\e[0m'
28 |
29 | if [ -z $TARGET ]; then
30 | echo -e "$OKORANGE + -- --=[https://sn1persecurity.com$RESET"
31 | echo -e "$OKORANGE + -- --=[GooHak v$VER by @xer0dayz$RESET"
32 | echo -e "$OKORANGE + -- --=[Usage: goohak Reference
75 | 76 | * [https://www.osintcombine.com/post/dark-web-searching](https://www.osintcombine.com/post/dark-web-searching) 77 | * [https://www.osintme.com/index.php/2019/11/24/darknet-diving-conducting-osint-on-onion-sites/](https://www.osintme.com/index.php/2019/11/24/darknet-diving-conducting-osint-on-onion-sites/) 78 | * [https://www.osintme.com/index.php/2020/11/21/list-of-darknet-markets-for-investigators/](https://www.osintme.com/index.php/2020/11/21/list-of-darknet-markets-for-investigators/) 79 | * [https://webhose.io/blog/dark-web/the-top-5-dark-web-search-engines/](https://webhose.io/blog/dark-web/the-top-5-dark-web-search-engines/) 80 | 81 |.png)
.png)