Tools, OSINT & Open Source

🔎 OSINT & Data Discovery Tools

These tools are useful for uncovering publicly accessible information, exposed data, malware indicators, code leaks, documents, and file indexing across the internet.

🔍 Privacy Search Engines

DuckDuckGo – Privacy-focused search engine that doesn’t track users.

Startpage – Google results with privacy protection and no tracking.

🗃️ Paste, Code, and Source Scanning

psbdmp – Largest archive of leaked {paste} dumps from pastebin-style sites.
Search-Pastebin – Google CSE-powered meta-search across 33 paste sites.
RedHuntlabs Online IDE Search – Search keywords across online IDEs, code sharing platforms, and pastebins.
NerdyData – Find websites using specific technologies or HTML/JavaScript code.
Publicwww – Source code search engine indexing 480+ million pages.
CybDetective Code Search – Custom search across 20+ code hosting platforms.
grep.app – Fast regex-capable search engine for 500k+ Git repos.
searchcode – Search 75 billion lines of code from 40 million public projects.

📁 File & Directory Indexing

Open Directory Search Tool – Search files in unprotected open directories.
Mamont FTP – Largest public FTP search engine.
NAPALM FTP Indexer – Index of over 894 million FTP files across thousands of servers.
DeDigger – Discover publicly shared files in Google Drive.
UVRX – Search files from older hosting sites (e.g., Mega, Mediafire, Zshare).

📚 Document & Content Discovery

PDF Drive – Download from a library of over 75 million free PDFs.
SlideShare – Explore millions of user-submitted presentations.
Scribd – Document repository with 195+ million user-uploaded files.

🧪 Threat Intelligence & IOC Lookup

VirusTotal – Multi-engine scanner and IOC search platform for files, hashes, domains, and URLs.
~~Shodan~~Hybrid Analysis – ~~Search~~Free ~~engine~~malware ~~for~~sandbox ~~internet-connected~~that ~~devices~~performs ~~and~~hybrid ~~exposed~~static/dynamic ~~systems.~~analysis.
~~YARAify~~Sucuri SiteCheck – ~~Run YARA rules across a large~~Website malware ~~sample~~and ~~dataset.~~

security

~~ThreatFox~~ ~~– Community-driven IOC feed focused on current threats.~~scanner.
URLhaus – Malicious URL tracker and database.
Feodo Tracker – Monitor and block IPs related to Feodo/Bugat/Dridex botnets.
SSL Blacklist – Collection of blacklisted SSL certificates and JA3 fingerprints.
MalwareBazaar – Repository for sharing malware samples.
~~MalwareBazaar UA Verifier~~ ~~– Identify malicious User-Agent strings linked to malware.~~

~~AbuseIPDB~~ ~~– Check and report malicious or abusive IP addresses.~~

Talos Reputation Center – IP, domain, and file reputation check.
PaloAlto URL Filtering – Link classification and reputation check.
OTX AlienVault – Threat sharing platform with global IOC and pulse feeds.
~~Hybrid Analysis~~ ~~– Free malware sandbox that performs hybrid static/dynamic analysis.~~

URLScan – Scan and analyze websites in a sandboxed environment.
~~Browserling~~McAfee Threat Center – ~~Online~~Threat ~~browser~~intelligence ~~sandbox~~and ~~for~~malware ~~testing~~information.

~~malicious~~

orNational ~~suspicious~~Vulnerability ~~URLs.~~Database (NVD) – US government vulnerability database with CVSS scores.

CVE Database – Public list of common vulnerabilities and exposures.

Website Reputation Checker (URLVoid) – Checks domain/IP reputation using multiple sources.

Google Safe Browsing Status – Checks if a site is flagged by Google Safe Browsing.

🌐 Network, Routing, and Metadata Tools

~~InfoByIP Bulk IP Lookup~~Nmap – ~~Check~~Network ~~metadata~~scanner and ~~geolocation~~host ofdiscovery ~~multiple IPs at once.~~tool.
~~DomainTools WHOIS~~Yersinia – ~~Domain~~Penetration ~~WHOIS~~testing ~~lookup~~tool ~~with~~for ~~historical~~attacking ~~and~~network ~~technical metadata.~~protocols.
~~BGP~~Passive ~~Toolkit~~OS Fingerprinter (~~Hurricane Electric)~~p0f) – ~~Inspect~~Passive ~~BGP~~network ~~routes,~~OS ~~ASNs,~~fingerprinting tool.

🛡️ Offensive Security & Exploitation

Kali Linux – Penetration testing and ~~peerings.~~security auditing Linux distribution.
~~NTT Looking Glass~~Metasploit – ~~Verify~~Exploit ~~global routing~~development and ~~network~~penetration ~~path~~testing ~~info.~~framework.
~~Redirect Detective~~Aircrack-ng – ~~Follow~~Wireless ~~and~~network ~~analyze~~security ~~HTTP~~auditing ~~redirects~~tool.

~~from~~

aPowerfuzzer ~~URL.~~– Automated web application vulnerability scanner.

ShellNoob – Shellcode writing toolkit.

Backdoor Factory – Patch binaries with custom backdoors.

Capstone Engine – Multi-architecture disassembly framework.

🧰 Analysis & Development Utilities

CyberChef – Web-based data transformation and analysis toolkit.
~~Regex101~~CyberChef (Offline) – ~~Online~~Local ~~regex~~instance ~~tester,~~for ~~debugger,~~offline data analysis and ~~explanation~~transformation.

JavaScript Beautifier – Formats and beautifies JavaScript code for readability.

UnPacker – JavaScript deobfuscation/unpacking tool.
~~API~~Awesome ~~Tester~~Malware Analysis – ~~Build~~Curated list of malware analysis tools and ~~run~~resources.

~~complex~~

~~API~~

~~request~~

📰 workflowsNews with& JavaScriptSecurity logic.Feeds

Inside-IT – Swiss IT and tech news.
~~KeyCDN~~Heise ~~Tools~~Security – 7-Tage-News – German IT security news overview (last 7 days).

CERT-EU News Monitor – EU cybersecurity news and advisories.

📬 Disposable Email Services

Trash-Mail – Temporary disposable email inbox.

Mailinator – Public temporary email service.

🖥️ Internal/Local Resources

Sandbox – Likely internal sandbox environment for testing malware or files.

DPI (NetWitness) – Network ~~diagnostics including HTTP headers, ping, traceroute,~~analysis and ~~more.~~

deep

packet ~~PunyCoder~~inspection –tool ~~Convert~~(internal ~~between Punycode and Unicode.~~

~~Snorpy~~ ~~– Visual SNORT rule builder and analyzer.~~

~~Deobfuscate.io~~ ~~– Web-based JavaScript deobfuscation tool.~~link).