🛠️ Expert Mode

Advanced passive OSINT tools for infrastructure analysis and secret discovery. These tools are typically run from the command line for deeper investigations.

🌐

Infrastructure & Assets

Subfinder

GitHub ↗

Fast passive subdomain enumeration tool that discovers valid subdomains for websites by using passive online sources.

Chaos

GitHub ↗

Publicly available data set of internet-wide assets collected by ProjectDiscovery.

Findomain

GitHub ↗

The fastest and cross-platform subdomain enumerator, do not waste your time.

Asnlookup

GitHub ↗

Tool to lookup ASN (Autonomous System Number) information and IP ranges associated with an organization.

🏛️

Web Archives & History

Waybackurls

GitHub ↗

Accept domains on stdin, fetch all the URLs that the Wayback Machine knows about for that domain, and print them on stdout.

Gau (Getallurls)

GitHub ↗

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

🔑

Secret & Leak Intel

TruffleHog

GitHub ↗

Find, sift through, and verify secrets across your entire software development lifecycle.

Shhgit

GitHub ↗

Find GitHub secrets in real-time across the entire GitHub platform.

Commit-stream

GitHub ↗

Extracts commit messages and author information from the Github event stream in real-time.