Tools, OSINT & Open Source

🔎 OSINT & Data Discovery Tools

These tools are useful for uncovering publicly accessible information, exposed data, malware indicators, code leaks, documents, and file indexing across the internet.

🔍 Privacy Search Engines

DuckDuckGo – Privacy-focused search engine that doesn’t track users.
Startpage – Google results with privacy protection and no tracking.

🗃️ Paste, Code, and Source Scanning

psbdmp – Largest archive of leaked {paste} dumps from pastebin-style sites.
Search-Pastebin – Google CSE-powered meta-search across 33 paste sites.
RedHuntlabs Online IDE Search – Search keywords across online IDEs, code sharing platforms, and pastebins.
NerdyData – Find websites using specific technologies or HTML/JavaScript code.
Publicwww – Source code search engine indexing 480+ million pages.
CybDetective Code Search – Custom search across 20+ code hosting platforms.
grep.app – Fast regex-capable search engine for 500k+ Git repos.
searchcode – Search 75 billion lines of code from 40 million public projects.

📁 File & Directory Indexing

Open Directory Search Tool – Search files in unprotected open directories.
Mamont FTP – Largest public FTP search engine.
NAPALM FTP Indexer – Index of over 894 million FTP files across thousands of servers.
DeDigger – Discover publicly shared files in Google Drive.
UVRX – Search files from older hosting sites (e.g., Mega, Mediafire, Zshare).

📚 Document & Content Discovery

PDF Drive – Download from a library of over 75 million free PDFs.
SlideShare – Explore millions of user-submitted presentations.
Scribd – Document repository with 195+ million user-uploaded files.

🧪 Threat Intelligence & IOC Lookup

VirusTotal – Multi-engine scanner and IOC search platform for files, hashes, domains, and URLs.
Hybrid Analysis – Free malware sandbox that performs hybrid static/dynamic analysis.
Sucuri SiteCheck – Website malware and security scanner.
URLhaus – Malicious URL tracker and database.
Feodo Tracker – Monitor and block IPs related to Feodo/Bugat/Dridex botnets.
SSL Blacklist – Collection of blacklisted SSL certificates and JA3 fingerprints.
MalwareBazaar – Repository for sharing malware samples.
Talos Reputation Center – IP, domain, and file reputation check.
PaloAlto URL Filtering – Link classification and reputation check.
OTX AlienVault – Threat sharing platform with global IOC and pulse feeds.
URLScan – Scan and analyze websites in a sandboxed environment.
McAfee Threat Center – Threat intelligence and malware information.
National Vulnerability Database (NVD) – US government vulnerability database with CVSS scores.
CVE Database – Public list of common vulnerabilities and exposures.
Website Reputation Checker (URLVoid) – Checks domain/IP reputation using multiple sources.
Google Safe Browsing Status – Checks if a site is flagged by Google Safe Browsing.
Looky Luu - Online Sandbox for Domain Checks

🌐 Network, Routing, and Metadata Tools

Nmap – Network scanner and host discovery tool.
Yersinia – Penetration testing tool for attacking network protocols.
Passive OS Fingerprinter (p0f) – Passive network OS fingerprinting tool.

🛡️ Offensive Security & Exploitation

Kali Linux – Penetration testing and security auditing Linux distribution.
Metasploit – Exploit development and penetration testing framework.
Aircrack-ng – Wireless network security auditing tool.
Powerfuzzer – Automated web application vulnerability scanner.
ShellNoob – Shellcode writing toolkit.
Backdoor Factory – Patch binaries with custom backdoors.
Capstone Engine – Multi-architecture disassembly framework.

🧰 Analysis & Development Utilities

CyberChef – Web-based data transformation and analysis toolkit.
CyberChef (Offline) – Local instance for offline data analysis and transformation.
JavaScript Beautifier – Formats and beautifies JavaScript code for readability.
UnPacker – JavaScript deobfuscation/unpacking tool.
Awesome Malware Analysis – Curated list of malware analysis tools and resources.

📰 News & Security Feeds

Inside-IT – Swiss IT and tech news.
Heise Security – 7-Tage-News – German IT security news overview (last 7 days).
CERT-EU News Monitor – EU cybersecurity news and advisories.

📬 Disposable Email Services

Trash-Mail – Temporary disposable email inbox.
Mailinator – Public temporary email service.

🖥️ Internal/Local Resources

Sandbox – Likely internal sandbox environment for testing malware or files.
DPI (NetWitness) – Network analysis and deep packet inspection tool (internal link).