PIL OSINT Sample Conent

OSINT Tools Cheat Sheet

Introduction

This cheat sheet provides a quick reference on how to install, test, and use various OSINT tools effectively. Use it to set up and practice with these tools on your Kali Linux OSINT environment.

Common Setup Commands

# Update the system
apt update && apt upgrade -y

# Install tools
apt install <tool_name>

# Start or attach to a Docker container
docker exec -it <container_id> /bin/bash

TheHarvester

A tool to gather email addresses, subdomains, and other information about a domain.

Installation

apt install theharvester

Usage

theharvester -d <domain> -b <source>

  • Replace <domain> with the target domain.

  • Replace <source> with the search engine (e.g., google, bing).

Example

theharvester -d example.com -b google

Shodan CLI

Search for internet-connected devices and vulnerabilities.

Installation

pipx install shodan

Authentication

shodan init <API_KEY>

Usage

shodan search <query>

Example

shodan search apache

SpiderFoot

A web-based tool for automated OSINT.

Installation

Included in Kali Linux by default or install manually:

apt install spiderfoot

Usage

Start the server:

spiderfoot -l 0.0.0.0:5001

Access the web interface at http://localhost:5001.

Example Scan

  1. Open the web interface.

  2. Set the target (e.g., example.com).

  3. Configure modules and run the scan.

Recon-ng

A powerful framework for OSINT.

Installation

apt install recon-ng

Usage

recon-ng

Example Commands

# Add a workspace
workspaces add test

# Add a domain
modules load recon/domains-hosts/bing_domain_web
options set SOURCE example.com
run

Amass

A tool for discovering subdomains and mapping attack surfaces.

Installation

apt install amass

Usage

amass enum -d <domain>

Example

amass enum -d example.com

Nmap

Network scanning and vulnerability detection.

Installation

apt install nmap

Usage

nmap <options> <target>

Example

# Quick scan
nmap -T4 -F example.com

# Vulnerability scan
nmap --script vuln example.com

Masscan

A fast port scanner.

Installation

apt install masscan

Usage

masscan <target> -p <port_range> --rate=<rate>

Example

masscan 192.168.1.0/24 -p80,443 --rate=1000

DNSRecon

A DNS enumeration tool.

Installation

apt install dnsrecon

Usage

dnsrecon -d <domain>

Example

dnsrecon -d example.com

Other Useful Tools

Nikto

Web server vulnerability scanner.

apt install nikto
nikto -h <target>

Sublist3r

Subdomain enumeration tool.

apt install sublist3r
sublist3r -d <domain>

WhatWeb

Website fingerprinting tool.

apt install whatweb
whatweb <target>

Practice Targets

Public Websites

  • example.com

  • testphp.vulnweb.com

  • scanme.nmap.org

Legal Considerations

Always ensure you have permission before scanning or testing a target. Unauthorized testing is illegal.

Conclusion

This cheat sheet serves as a starting point for exploring OSINT tools. Refer to official documentation for advanced usage.

Scroll to Top