---
## 4. Sources & Tools Inventory | Category | Tool / Platform | URL / Command | Notes | |----------|----------------|----------------|-------| | Domain WHOIS | `whois` (CLI) | `whois example.com` | Check registration dates, registrar, admin contacts. | | DNS | `dig`, `dnsenum` | `dig ANY example.com` | Identify subdomains, MX, TXT records. | | SSL | SSL Labs, `testssl.sh` | `https://www.ssllabs.com/` | TLS version support, certificate chain. | | Passive DNS | PassiveTotal, `dnsdb` | `https://www.passivetotal.org/` | Historical DNS mappings. | | Search Engines | Google Dorks, Bing | `site:example.com filetype:pdf` | Targeted file discovery. | | Social Media | Twint, Netlytic | `twint -u @handle` | Collect tweets without API limits. | | Code Repositories | GitHub Search | `https://github.com/search?q=example.com` | Look for exposed credentials, config files. | | Image/Video | ExifTool, TinEye | `exiftool image.jpg` | Metadata & reverse‑image lookup. | | Geolocation | Google Earth, OpenStreetMap | N/A | Validate physical locations from posts. | | Dark Web | Ahmia, TorLinks | `http://msydqstlz2kzerdg.onion` | Search for leaked data (legal review required). | OSINT Report.zip
You now have a fully‑structured OSINT report that can be saved as a document and compressed into `OSINT Report.zip` for distribution. Happy hunting—and remember to stay within the bounds of the law and respect privacy! --- ## 4