![Mind Map: OSINT Framework | Reino Hacker](https://www.mindmeister.com/image/xlarge/2956674656/mind-map-osint-framework-reino-hacker.png)
1. Alvo
1.1. Pessoa Física
1.1.1. Informações
1.1.1.1. • Sobre
1.1.1.1.1. • NOME: • SEXO: • NASCIMENTO: • IDADE: • SIGNO: • NACIONALIDADE: • MUNICÍPIO DE NASCIMENTO: • ESCOLARIDADE: • ESTADO CIVIL: • SITUAÇÃO CADASTRAL: • ÓBITO:
1.1.1.2. • Telefones
1.1.1.3. • Documentos
1.1.1.3.1. • CPF: • PIS: • CNS: • SCORE:
1.1.1.4. • Endereços
1.1.1.5. • Familiares
1.1.1.5.1. https://www.familysearch.org/tree/overview
1.1.1.6. • Redes Sociais
1.1.1.7. • Fotos
1.1.1.8. • Veículo
1.2. Pessoa Jurífica
1.2.1. Informações
1.2.1.1. • Sócios
1.2.1.1.1. Informações
1.2.1.2. • Telefones
1.2.1.3. • Documentos
1.2.1.3.1. • CNPJ • Contrato Social • Inscrição Estadual • Inscrição Municipal • Nota Fiscal • Outros Documentos
1.2.1.4. • Endereços
1.2.1.5. • Sites/E-mails
1.2.1.6. • Redes Sociais
1.2.1.7. • Fotos
1.2.1.8. • Veículos
1.2.2. Conexões
1.2.2.1. • Funcionários
1.2.2.2. • Clientes
1.2.2.3. • Fornecedores
1.2.2.4. • Possíveis Laranjas
2. Username
2.1. https://github.com/GONZOsint/Namechk
2.2. https://github.com/WebBreacher/WhatsMyName
2.3. https://thatsthem.com/
2.4. https://namecheckup.com/
2.5. https://instantusername.com/
2.6. https://checkusernames.com
3. E-mails
3.1. Busca E-mails
3.1.1. https://hunter.io/
3.1.2. http://www.edge-security.com/theharvester.php
3.1.3. http://www.skymem.info/
3.2. Verificador de E-mail
3.2.1. https://www.mailboxvalidator.com/demo
3.3. Vazados
3.3.1. https://haveibeenpwned.com/
3.3.2. https://dehashed.com/
3.3.3. https://intelx.io/
4. Domínio
4.1. Análise Exploração Bruteforce Invasão
4.2. Ferramentas
4.2.1. Registro Whois
4.2.1.1. http://centralops.net/co/DomainDossier.aspx
4.2.1.2. https://whois.domaintools.com/
4.2.1.3. https://whoisology.com/#advanced
4.2.1.4. https://whois.arin.net/ui/advanced.jsp
4.2.1.5. https://www.robtex.com/
4.2.1.6. https://domaincrawler.com/
4.2.1.7. https://whois-webform.markmonitor.com/whois/
4.2.1.8. https://registro.br/tecnologia/ferramentas/whois/
4.2.1.9. https://domainhelp.com/
4.2.1.10. https://website.informer.com/
4.2.1.11. https://who.is/
4.2.1.12. https://viewdns.info/
4.2.2. Subdomínios
4.2.2.1. https://github.com/michenriksen/aquatone
4.2.2.2. https://github.com/lanmaster53/recon-ng
4.2.2.3. https://github.com/evilsocket/xray
4.2.2.4. https://github.com/darkoperator/dnsrecon
4.2.2.5. https://github.com/OJ/gobuster
4.2.2.6. https://github.com/davidpepper/fierce-domain-scanner
4.2.2.7. http://www.edge-security.com/theharvester.php
4.2.2.8. https://pentest-tools.com/information-gathering/find-subdomains-of-domain
4.2.2.9. https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS
4.2.2.10. https://github.com/infosec-au/altdns
4.2.3. Discovery
4.2.3.1. https://www.shodan.io/
4.2.3.2. https://github.com/Sw4mpf0x/Kraken
4.2.3.3. https://urlscan.io/search/
4.2.3.4. https://dailychanges.domaintools.com/
4.2.3.5. https://redirectdetective.com/
4.2.3.6. https://github.com/digininja/sitediff
4.2.3.7. https://analyzeid.com/
4.2.4. Proteção CloudFlare
4.2.4.1. https://github.com/m0rtem/CloudFail
4.2.5. Certificados
4.2.5.1. https://crt.sh
4.2.5.2. https://github.com/lanrat/certgraph
4.2.6. DNS Passive
4.2.6.1. https://securitytrails.com/
4.2.6.2. https://passivedns.mnemonic.no/
4.2.6.3. http://dnshistory.org/
4.2.6.4. https://dnsdumpster.com/
4.2.7. Sugestões domínios semelhantes
4.2.7.1. https://github.com/elceef/dnstwist
4.2.7.2. http://morningstarsecurity.com/research/urlcrazy
4.2.7.3. https://dnstwister.report/
4.2.8. Vulnerabilidades
4.2.8.1. Scan
4.2.8.1.1. https://github.com/1N3/Sn1per
4.2.8.2. https://github.com/danielmiessler/RobotsDisallowed
4.2.8.3. http://zone-h.org/archive?hz=1
4.2.9. Outras
4.2.9.1. https://portswigger.net/burp
4.2.9.2. https://github.com/RedSiege/EyeWitness
5. IP
5.1. Geolocation
5.1.1. https://github.com/ipverse/rir-ip
5.1.2. https://www.ip2location.com/demo/
5.1.3. https://www.ipfingerprints.com/
5.1.4. https://www.iplocation.net/
5.1.5. https://infosniper.net/
5.1.6. https://www.infobyip.com/
5.1.7. https://www.ipaddress.my/
5.1.8. https://www.liveipmap.com/
5.2. Host / Port Discovery
5.2.1. https://www.shodan.io/
5.2.2. https://www.zoomeye.org/
5.2.3. https://nmap.org/download.html
5.2.4. http://www.exfiltrated.com/querystart.php
5.2.5. https://urlscan.io/search/
5.2.6. https://github.com/vesche/scanless
5.2.7. https://github.com/robertdavidgraham/masscan
5.3. Proteção CloudFlare
5.3.1. https://github.com/m0rtem/CloudFail
5.4. Análise de Redes
5.4.1. https://www.wireshark.org/download.html
5.4.2. https://www.netresec.com/?page=Networkminer
5.4.3. https://lab.dynamite.ai/
5.5. Captura de IPs
5.5.1. https://iplogger.org/pt/
5.5.2. https://ki.tc/
5.5.3. https://grabify.link/
6. Images / Videos / Docs
6.1. Metadados
6.2. Analise
6.3. Localização
6.4. Código ZIP
6.5. CEP
6.6. Referencias
7. Redes Sociais
7.1. Socket puppet
7.1.1. Monitoramento
7.1.1.1. • Status • Publicações • Fotos • Curtidas • Seguidores • Seguindo • Biografia • Links
7.1.2. Interação
7.1.2.1. • Curtidas • Comentarios • Idéias
7.1.2.1.1. Ganho de confiança
7.2. Ferramentas
7.2.1. Facebook
7.2.1.1. https://lookup-id.com/
7.2.1.2. https://github.com/sqren/fb-sleep-stats
7.2.1.3. https://github.com/mrpnkt/ExtractFace
7.2.2. Twitter
7.2.2.1. https://github.com/paulgb/Treeverse
7.2.2.2. https://tinfoleak.com/
7.2.2.3. https://github.com/digitalmethodsinitiative/dmi-tcat
7.2.2.4. https://github.com/twintproject/twint
7.2.2.5. https://socialbearing.com/
7.2.2.6. http://geosocialfootprint.com/
7.2.3. LinkedIn
7.2.3.1. https://github.com/vysecurity/LinkedInt
7.2.3.2. https://github.com/dchrastil/ScrapedIn
7.2.3.3. https://github.com/gojhonny/InSpy
8. Engenharia Social
8.1. • Phishing • Relacionamento (fingir ser outra pessoa, se passar por suporte) • Engenharia Social Reversa (fazer a pessoa entrar em contato)
9. Skype
9.1. http://www.skypeipresolver.net/index.php
9.2. https://mostwantedhf.info/index.php
10. Geolocalização / Maps
10.1. Ferramentas
10.1.1. http://suncalc.net/#/51.508,-0.125,2/2023.10.17/23:13
10.2. Coordenadas
10.2.1. https://dominoc925-pages.appspot.com/mapplets/cs_mgrs.html
10.3. https://www.google.com/maps/
10.4. https://www.bing.com/maps/
10.5. http://data.mashedworld.com/dualmaps/map.htm
11. Registros de Empresa
11.1. https://opencorporates.com/
12. Consulta Veícular
12.1. https://buscaplacas.com.br/
12.2. https://brabocar.com.br
12.3. https://www.olhonocarro.com.br
12.4. https://carpivara.com.br/
13. Arquivos | Históricos Cache | Exposed
13.1. Web
13.1.1. https://archive.org/web/
13.1.2. https://archive.is/
13.1.3. https://webcitation.org/query
13.1.4. http://cachedview.com/
13.1.5. http://www.cachedpages.com/
13.2. Vazamento de Dados
13.2.1. https://wikileaks.org/
13.2.2. https://cryptome.org/
13.2.3. https://haveibeenpwned.com/
14. Buscadores
14.1. Geral
14.1.1. https://www.google.com/
14.1.1.1. https://www.google.com/advanced_search
14.1.2. https://www.bing.com/
14.1.3. https://duckduckgo.com/
14.1.4. https://search.yahoo.com/web/advanced
14.1.5. https://www.startpage.com/
14.1.6. https://yandex.com/
14.1.7. http://www.baidu.com/
14.1.8. https://www.izito.com/
14.1.9. http://bvsg.org/
14.1.10. https://biznar.com/
14.2. Meta
14.2.1. https://biznar.com/biznar/desktop/en/search.html
14.2.2. https://www.etools.ch/
14.3. Códigos
14.3.1. https://about.gitlab.com/
14.3.2. https://github.com/
14.3.3. https://github.com/techgaun/github-dorks
14.3.4. https://github.com/michenriksen/gitrob
14.3.5. https://www.nerdydata.com/reports/new
14.3.6. https://searchcode.com/
14.3.7. https://publicwww.com/
14.4. FTP
14.4.1. https://www.searchftps.net/
14.4.2. https://www.google.com/search?q=inurl%3Aftp+-inurl%3Ahttp+-inurl%3Ahttps+ftpsearchterm
14.5. Monitor Web ou Pesquisas Programadas
14.5.1. https://www.google.com/alerts?hl=pt-BR&tab=33
14.5.2. https://programmablesearchengine.google.com/about/
14.5.3. https://github.com/opsdisk/pagodo
14.5.4. https://github.com/googleinurl/SCANNER-INURLBR
14.6. Guias de Buscadores
14.6.1. https://www.exploit-db.com/google-hacking-database
14.6.2. https://www.googleguide.com/advanced_operators_reference.html
14.6.3. https://www.googleguide.com/help/calculator.html
15. Metadata
15.1. https://exiftool.org/
15.2. http://www.edge-security.com/metagoofil.php
16. Virtualização
16.1. Emuladores Android
16.1.1. https://www.genymotion.com/
16.1.2. https://www.bluestacks.com/pt-br/index.html
16.1.3. https://www.andyroid.net/
16.1.4. https://www.bignox.com/
16.2. Máquinas Virtuais
16.2.1. https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html
16.2.2. https://www.vmware.com/br/products/esxi-and-esx.html
16.2.3. https://www.virtualbox.org/
16.2.4. https://www.proxmox.com/
16.2.5. https://learn.microsoft.com/pt-br/virtualization/hyper-v-on-windows/about/
17. Deep / Dark Web
17.1. Informações Gerais
17.1.1. https://www.reddit.com/r/deepweb/
17.1.2. https://www.reddit.com/r/onions/
17.1.3. https://www.reddit.com/r/darknet/
17.2. Discovery
17.2.1. https://github.com/s-rah/onionscan
17.2.2. https://github.com/DedSecInside/TorBot
17.2.3. https://github.com/k4m4/onioff
17.2.4. https://www.hunch.ly/darkweb-osint/
17.2.5. https://github.com/milesrichardson/docker-onion-nmap
17.3. Buscadores
17.3.1. https://ahmia.fi/
17.3.2. http://darkfailllnkf4vf.onion/
17.3.3. http://tor66sezptuu2nta.onion/
17.3.4. http://hss3uro2hsxfogfq.onion/
17.3.5. http://gjobqjj7wyczbqie.onion/
17.4. Diretórios / Wikis
17.4.1. http://eqt5g4fuenphqinx.onion/
17.4.2. http://thehiddenwiki.org/
18. Ferramentas OSINT
18.1. https://github.com/blindfuzzy/LHF
18.2. https://www.maltego.com/
18.3. https://github.com/overview/overview-local
18.4. https://github.com/datasploit/datasploit/
18.5. https://intel471.com/solutions/attack-surface-protection
18.6. https://www.threatpipes.com/
18.7. https://github.com/InQuest/omnibus
18.8. https://github.com/s0md3v/Photon
18.9. https://github.com/s0md3v/ReconDog
18.10. https://ifttt.com/
18.11. https://www.mandiant.com/
18.12. https://github.com/i3visio/osrframework
18.13. https://github.com/penafieljlm/inquisitor
18.14. https://github.com/bharshbarger/AutOSINT
18.15. https://github.com/NullArray/IntRec-Pack
18.16. https://github.com/SharadKumar97/OSINT-SPY
18.17. https://github.com/sundowndev/PhoneInfoga
19. Análise de Arquivos Maliciosos
19.1. Buscadores
19.1.1. http://decalage.info/en/mwsearch#gsc.tab=0
19.1.2. https://virusshare.com/
19.1.3. https://hash.cymru.com/
19.1.4. http://vxvault.net/ViriList.php
19.1.5. https://id-ransomware.malwarehunterteam.com/
19.1.6. https://www.hashsets.com/
19.2. Análise Automática Online
19.2.1. Arquivos Office
19.2.1.1. https://www.joesandbox.com/#windows
19.2.2. https://www.virustotal.com/gui/home/upload
19.2.3. https://www.hybrid-analysis.com/
19.2.4. https://app.any.run/
19.2.5. https://koodous.com/
19.2.6. https://www.joesandbox.com/#windows
19.2.7. https://sandbox.pikker.ee/
19.2.8. https://www.malware-traffic-analysis.net/index.html
19.3. Ferramentas
19.3.1. Encoder / Decoder
19.3.1.1. Código de Barras | QR Code
19.3.1.1.1. https://online-barcode-reader.inliteresearch.com/
19.3.1.2. JavaScript
19.3.1.2.1. https://beautifier.io/
19.3.1.2.2. http://jsnice.org/
19.3.1.2.3. https://getfirebug.com/index.html
19.3.1.3. PHP
19.3.1.3.1. http://ddecode.com/phpdecoder/
19.3.1.4. XOR
19.3.1.4.1. UNIX
19.3.1.4.2. Windows
19.3.1.4.3. Python
19.3.2. Debuggers/Decompilers
19.3.2.1. https://angr.io/
19.3.2.2. http://www.backerstreet.com/rec/rec.htm
19.3.2.3. https://github.com/gdabah/distorm
19.3.2.4. https://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/Decompiler.shtml
19.3.2.5. http://www.capstone-engine.org/
19.3.2.6. https://github.com/NationalSecurityAgency/ghidra
19.3.2.7. https://www.hopperapp.com/
19.3.2.8. https://x64dbg.com/
19.3.2.9. http://www.immunityinc.com/products/debugger/
19.3.2.10. http://www.heaventools.com/PE_Explorer_disassembler.htm
19.3.2.11. https://www.radare.org/r/
19.3.3. Android
19.3.3.1. Análise Dinâmica
19.3.3.1.1. https://github.com/MobSF/Mobile-Security-Framework-MobSF
19.3.3.1.2. https://github.com/sh4hin/Androl4b
19.3.3.1.3. https://github.com/pjlantz/droidbox
19.3.3.1.4. https://github.com/maldroid/maldrolyzer
19.3.3.2. Análise Estática
19.3.3.2.1. https://www.pnfsoftware.com/
19.3.3.2.2. https://github.com/maaaaz/androwarn/
19.3.3.2.3. https://github.com/sonyxperiadev/ApkAnalyser
19.3.3.2.4. https://github.com/honeynet/apkinspector/
19.3.3.3. Outras
19.3.3.3.1. https://www.android-x86.org/
19.3.3.3.2. https://apktool.org/
19.3.3.3.3. https://github.com/androguard/androguard
19.3.4. Extratores/Recuperadores de Dados
19.3.4.1. https://github.com/sleuthkit/scalpel
19.3.4.2. https://foremost.sourceforge.net/
19.3.4.3. https://github.com/simsong/bulk_extractor
19.3.4.4. https://github.com/williballenthin/EVTXtract
19.3.5. Análise de Memória
19.3.5.1. https://github.com/kevthehermit/VolUtility
19.3.5.2. https://github.com/volatilityfoundation/volatility
19.3.5.3. https://github.com/JamesHabben/evolve
19.3.5.4. https://github.com/504ensicsLabs/DAMM
19.3.6. Ferramentas Essenciais Análise de Malware
19.3.6.1. https://x64dbg.com/#start
19.3.6.2. https://www.winitor.com/
19.3.6.3. https://hexinator.com/
19.3.6.4. https://processhacker.sourceforge.io/
19.3.6.5. https://learn.microsoft.com/pt-br/sysinternals/downloads/sysinternals-suite
19.3.7. Amostras de Malwares
19.3.7.1. http://dasmalwerk.eu/
19.3.7.2. https://contagiodump.blogspot.com/
19.3.7.3. http://www.tekdefense.com/downloads/malware-samples/
19.3.7.4. https://thezoo.morirt.com/
19.3.7.5. Android
19.3.7.5.1. https://github.com/ashishb/android-malware
20. Senhas Padrão de Dispositivos
20.1. https://cirt.net/passwords
20.2. https://default-password.info/
20.3. http://www.fortypoundhead.com/tools_dpw.asp
20.4. https://www.routerpasswords.com/
20.5. https://open-sez.me/
21. Registro de Explorações/Vulnerabilidades
21.1. https://attack.mitre.org/
21.2. https://cve.mitre.org/
21.3. https://www.exploit-db.com/
21.4. https://packetstormsecurity.com/
21.5. https://nvd.nist.gov/
21.6. https://www.cvedetails.com/
21.7. https://owasp.org/
21.8. https://0day.today/
21.9. https://community.flexera.com/t5/Secunia-Advisories/ct-p/advisories?referrer=secunia
21.10. https://www.cyber.gc.ca/en
21.11. https://www.cisa.gov/known-exploited-vulnerabilities-catalog
22. Detecção de Ameaças
22.1. Phishing
22.1.1. https://www.phishtank.com/
22.2. Ferramentas IOC
22.2.1. https://github.com/sroberts/jager
22.2.2. https://github.com/armbues/ioc_parser
22.2.3. https://github.com/sroberts/cacador
22.2.4. https://github.com/NullArray/Mimir
22.2.5. https://github.com/InQuest/iocextract
22.2.6. https://github.com/InQuest/ThreatIngestor
22.3. Táticas, Técnicas e Procedimentos (TTPs)
22.3.1. https://attack.mitre.org/
22.3.2. https://book.hacktricks.xyz/welcome/readme
23. OpSec
23.1. Criação Persona
23.1.1. Gerador de Identidade
23.1.1.1. Gera Identidade
23.1.1.1.1. https://www.fakenamegenerator.com/
23.1.1.2. Várias Ferramentas
23.1.1.2.1. https://www.4devs.com.br/
23.1.2. Fotos
23.1.2.1. Gerador de Fotos por IA
23.1.2.1.1. https://this-person-does-not-exist.com/
23.1.2.1.2. https://generated.photos/face-generator
23.1.2.1.3. https://generated.photos/faces
23.1.2.1.4. https://generated.photos/anonymizer
23.1.2.1.5. https://openai.com/dall-e-2
23.1.2.2. Fotos Diversas
23.1.2.2.1. https://www.pexels.com/pt-br/
23.2. Anonimato
23.2.1. Tor
23.2.1.1. https://www.torproject.org/download/
23.2.1.2. https://geti2p.net/en/
23.2.1.3. https://tails.net/
23.2.2. VPNs
23.2.2.1. https://protonvpn.com
23.2.2.2. https://www.expressvpn.com
23.2.2.3. https://safe.cyberghostvpn.com
23.2.2.4. https://nordvpn.com
23.2.2.5. https://torguard.net/
23.2.3. Spoof User-Agent
23.2.3.1. https://www.useragentstring.com/pages/useragentstring.php
23.2.3.2. https://www.whatismybrowser.com
23.2.4. Testes de VPN
23.2.4.1. https://ipleak.net/
23.2.4.2. https://www.dnsleaktest.com/
23.2.4.3. https://dnsleak.com/
23.2.4.4. https://emailipleak.com/
23.2.4.5. https://www.perfect-privacy.com/en/tests/check-ip
23.2.4.6. https://www.perfect-privacy.com/en/tests/webrtc-leaktest
23.2.4.7. https://www.tracemyip.org/
23.2.5. Testes de Browser
23.2.5.1. https://www.w3schools.com/browsers/default.asp
23.2.5.2. https://www.whatsmybrowser.org/
23.2.5.3. http://www.whatbrowseramiusing.co/
23.2.5.4. https://browserspy.dk/
23.2.5.5. https://coveryourtracks.eff.org/
23.2.6. Testes de Proxy
23.2.6.1. https://proxycheck.haschek.at/
23.2.6.2. https://www.ip2proxy.com/
23.2.6.3. https://hidemy.io/en/proxy-checker/
23.2.7. Outras Ferramentas
23.2.7.1. https://github.com/amq/firefox-debloat
23.2.7.2. https://noscript.net/
23.2.7.3. https://browserleaks.com/
23.2.7.4. https://browserspy.dk/
23.2.7.5. https://www.locabrowser.com/
23.3. Privacidade | Limpeza
23.3.1. https://www.privacytools.io/
23.4. Camufladores de Link
23.4.1. https://www.urlshort.dev/
23.4.2. https://rebrandly.com/
23.4.3. https://project-seo.net/ru/shortlinks/
23.4.4. https://clck.ru/
23.4.5. https://goo.su/
23.4.6. https://u.to/