appsec.fyi

A somewhat curated list of links to various topics in application security.

Open-Source Intelligence (OSINT)

LinkExcerpt
Open Source Intelligence Gathering: Techniques, Automation, and VisualizationOne constant throughout my career has been my fascination with what can be learned about an organization from basic public records. The aggregation of a multitude of small pieces of information can paint a picture that is sometimes startling in its completeness.
OSINT: How to find information on anyoneOpen Source Intelligence (OSINT) — is information gathering from publicly available sources and its analysis to produce an actionable intelligence. The scope of OSINT is not limited to cybersecurity only but corporate, business and military intelligence or other fields where information matters.
DataSploit/datasploitOverview of the tool: Performs OSINT on a domain / email / username / phone and find out information from different sources. Correlate and collaborate the results, show them in a consolidated manner. Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc.
Matchlight by Terbium LabsData breaches happen every day. The average breach takes over 200 days to discover, and 85% of breaches are detected by third parties. Matchlight’s private and automatic data intelligence system shortens detection times to minutes and brings breach detection into your organization.
A Search Engine for the Internet of ThingsThingful is built for real-world problems that exist today. Legacy systems need to interoperate with modern deployments but connected objects like smart meters, cars, mobile phones, weather stations, smart homes & building management systems are spread across thousands of different networks
IVMachiavelli/OSINT_Team_LinksFor the Hackers, Journalists, Private Investigators, Sleuths, Sherlocks, and everyone in between. Bookmarks for the Open OSINT Slack Team for OSINT collaberation. This is already in .html format and ready to be imported into your browser as bookmarks under the folder name OSINT.
Hunchly is Perfect forHunchly automatically collects, documents, and annotates every web page you visit. Online research usually starts with the "search engine shotgun approach" — and before you know it, you've got dozens of tabs open and no idea how you got from A to Z.
Automating OSINT BlogMore and more investigations are being conducted on Tor and many of them can also include investigating Bitcoin transactions.
OSINT FrameworkOSINT Framework (T) - Indicates a link to a tool that must be installed and run locally (D) - Google Dork, for more information: Google Hacking (R) - Requires registration (M) - Indicates a URL that contains the search term and the URL itself must be edited manually Notes OSINT framework focused on