Today, I’m going to share a few “Information Gathering” resources I use as my daily driver to obtain specific data on various subjects. This could include domain information, pDNS, whois, category of services, owner, etc. As always this isn’t a conclusive list and may others exists in this space. All of these tools run natively on OSX with Homebrew and the necessary dependencies.
|machinae||Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data including IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints|
|aws-bucket-dump||AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot|
|domain_analyzer||Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way|
|lans||Automatically find the most active WLAN users then spy on one of them|
|just-metadata||Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset.|
|shodan-cli||Command Line Shodan client|
|theHarvester||The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public source|
|ReconNG||Recon-ng is a full-featured Web Reconnaissance framework written in Python|
In addition to above, if your looking for a webUI or graphical interface, these portals below are a close representation of results.
If none of these sites or tools work for what your trying to accomplish, you can always visit Awesome Threat Intelligence, CyberWareZone - Tool List, or HolisticInfoSec for a pretty exhaustive list of resources.