--
...and everything around leaves shadows.
Russian intelligence recruits foreign students and scientists through the National Research Institute for the Development of Communications (NIIRK), which is run by people from the secret services. In Europe and the near abroad, the institute holds numerous conferences and internships, where security officers and pro-Kremlin propagandists, while talking about good neighborliness, instill in listeners the idea that the West is the enemy, and the path to prosperity lies through friendship with Russia: https://theins.ru/obshestvo/271530
How open source journalism transformed investigations: https://www.youtube.com/watch?v=cxwgFFel_xw
hackyx - The Search Engine for Cybersecurity: https://hackyx.io/ (GitHub: https://github.com/aituglo/hackyx)
Browse Awesome Maps + Data, where vast amounts of information are beautifully mapped and visualized: https://github.com/thedoubler/awesome-maps-data
EMailHippo - mass email verification solution: https://www.emailhippo.com/ (try for free: https://tools.emailhippo.com/)
mails.so - Simple email validation for everyone: https://mails.so/
OSINT Tools, Services and Investigations:
ExifCleaner - a Cross-platform desktop GUI app to clean image metadata: https://github.com/szTheory/exifcleaner/
mksub - Generate tens of thousands of subdomain combinations in a matter of seconds: https://github.com/trickest/mksub
mkpath - Make URL path combinations using a wordlist: https://github.com/trickest/mkpath
xnldorker - Gather results of dorks across a number of search engines: https://github.com/xnl-h4ck3r/xnldorker
xnlLinkFinder - a python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target: https://github.com/xnl-h4ck3r/xnLinkFinder
LemmeKnow - a Tool for "identifying mysterious text or analyze hard-coded strings". Identifies API keys, cryptocurrency wallet numbers, encrypted strings, YouTube channel IDs, IPs, credit card numbers and much more: https://github.com/swanandx/lemmeknow
Monolith is a CLI tool for saving complete web pages as a single HTML file: https://github.com/Y2Z/monolith
Many headphones can send commands to its device, such as Airpods, with a single press to pause or resume, double press to play the next track, and triple press to play the previous track. Using this feature, we can use the headphones as a morse transmitter: https://github.com/EtherDream/headphone-morse-transmitter
Omnisci3nt equips users with a comprehensive toolkit for conducting web reconnaissance with precision and efficiency: https://github.com/spyboy-productions/omnisci3nt
Gram is Klarna's own threat model diagramming tool: https://github.com/klarna-incubator/gram
PhatCrack - Modern web-based distributed hashcracking solution, built on hashcat (https://github.com/hashcat/hashcat). Source: https://github.com/lachlan2k/phatcrack
BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research, penetration testing and bluetooth hacking. We also collected and classified Bluetooth vulnerabilities in an "Awesome Bluetooth Security" way: https://github.com/sgxgsx/BlueToolkit
Whatsapp Exploit to spoofing impersonate of reply message: https://github.com/lichti/whats-spoofing
AI:
pipecat - Open Source framework for voice and multimodal conversational AI: https://github.com/pipecat-ai/pipecat
Software Development:
httpbin - HTTP Request & Response Service, written in Python + Flask: https://github.com/postmanlabs/httpbin
Linux & DevOps:
pico - an open-source alternative to Ngrok, designed to serve production traffic and be simple to host (particularly on Kubernetes): https://github.com/andydunstall/piko
graftcp - a flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy: https://github.com/hmgle/graftcp
A 2FA CLI tool for generating 2FA codes using TOTP secrets, with an optional SECURE remote api, and an optional web ui enabling 2FA code generation from any device: https://github.com/cc-d/open2fa
New from CyberDetective:
OriON is a virtual machine in Spanish that incorporates several tools for Open Source Intelligence on people: https://github.com/Cl4r4-5/OriON
Website OSINT - You will find a wealth of resources to help with your Website investigations: https://github.com/cqcore/Website-OSINT
A curated list of awesome malware analysis tools and resources: https://github.com/rshipp/awesome-malware-analysis
hashtray is an OSINT tool designed to find a Gravatar account associated with an email address and to locate an email address using a Gravatar account username or hash: https://github.com/balestek/hashtray
New from GitHub Community:
Free Browser - a privacy oriented web browser with Greasemonkey style script support and Cookie Banner Blocker: https://github.com/woheller69/browser
GitHub: https://github.com/bormaxi8080/osint-timeline
LinkedIn: bormaxi8080 OSINT Featured Timeline
You can see Systematized list of my GitHub Starred OSINT Repositories
and contact me on Twitter: https://twitter.com/OSINTech_
If you like the projects that I do, I will be grateful for donations in private dialogue.
WARNING! All tools, programs and techniques published in this article and repository are used for informational, educational purposes or for information security purposes. The authors are not responsible for the activities that users of these tools and techniques may carry out, and urge them not to use them to carry out harmful or destructive activities directed against other users or groups on the Internet.