appsec.fyi

A somewhat curated list of links to various topics in application security.

Open-Source Intelligence (OSINT)

LinkExcerpt
Gathering Open Source IntelligenceOne constant throughout my career has been my fascination with what can be learned about an organization from basic public records. The aggregation of a multitude of small pieces of information can paint a picture that is sometimes startling in its completeness.
OSINT: How to find information on anyoneOpen Source Intelligence (OSINT) — is information gathering from publicly available sources and its analysis to produce an actionable intelligence. The scope of OSINT is not limited to cybersecurity only but corporate, business and military intelligence or other fields where information matters.
Overview of the tool:Overview of the tool: Performs OSINT on a domain / email / username / phone and find out information from different sources. Correlate and collaborate the results, show them in a consolidated manner. Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc.
Matchlight by Terbium LabsData breaches happen every day. The average breach takes over 200 days to discover, and 85% of breaches are detected by third parties. Matchlight’s private and automatic data intelligence system shortens detection times to minutes and brings breach detection into your organization.
A Search Engine for the Internet of ThingsImprove your business insights by enhancing operational data with nearby real-time IoT data across dozens of verticals, including weather, environment, smart city, energy and transport. Millions of connected objects & sensors across the planet generate real-time open data.
IVMachiavelli/OSINT_Team_LinksFor the Hackers, Journalists, Private Investigators, Sleuths, Sherlocks, and everyone in between. Bookmarks for the Open OSINT Slack Team for OSINT collaberation. This is already in .html format and ready to be imported into your browser as bookmarks under the folder name OSINT.
Hunchly is Perfect forHunchly automatically collects, documents, and annotates every web page you visit. Online research usually starts with the "search engine shotgun approach" — and before you know it, you've got dozens of tabs open and no idea how you got from A to Z.
Automating OSINT BlogMore and more investigations are being conducted on Tor and many of them can also include investigating Bitcoin transactions.
OSINT FrameworkOSINT Framework (T) - Indicates a link to a tool that must be installed and run locally (D) - Google Dork, for more information: Google Hacking (R) - Requires registration (M) - Indicates a URL that contains the search term and the URL itself must be edited manually Notes OSINT framework focused on