Experience the ultimate flexibility with the Isolation API, allowing you to securely Quisque pellentesque id ultrices lacus ornare elit vitae ullamcorper. Learn More

1. Find free OSINT resources with OSINT Framework


What it is
OSINT Framework indexes a multitude of connections to different URLs, recommending where to look next when conducting an investigation. It also provides suggestions on what services can help analysts find specific data that might aid in their research.

Use case
When you plug a piece of data (such as an email address, phone number, name, etc.) into the framework, it returns all known online sources that contain information relevant to that data. The OSINT Framework also offers a list of potential resources where more information related to that particular source can be found.

OSINT Framework OSINT Framework

2. Perform state-of-the-art binary code analysis with IDA Pro


What it is
The source code of the software isn’t always available. A disassembler like IDA Pro translates machine-executable code into readable assembly language source code, enabling research specialists to analyze programs that are suspected to be contain malware or spyware.

Use case
An incident response team loads a malicious artifact found on a breached server into IDA Pro to further analyze and understand its behavior, potential damage, and method of traversal. IDA Pro can also be used as a debugger to aid analysts in reading and examining the hostile code.

IDA Pro IDA Pro

3. Gather geolocation information with Cree.py


What it is
Cree.py is a geospatial visualization tool that centralizes and visualizes geolocated information pulled across multiple online sources.

Use case
Once the plugin is configured, a user can feed the tool a social media artifact. Creepy draws all available locations on the map, allowing the user to see where the devices were located when the information was posted.

Cree.py Cree.py

4. Mine, merge, and map information with Maltego


What it is
Integrate data from public sources, commercial vendors, and internal sources via the Maltego Transform Hub. All data comes pre-packaged as Transforms, ready to be used in investigations. Maltego takes one artifact and finds more.

Use case
A user feeds Maltego domain names, IP addresses, domain records, URLs, or emails. The service finds connections and relationships within the data and allows users to create graphs in an intuitive point-and-click logic. ctions as link analysis, bar graphs, timelines, et al.

Maltego Maltego

5. Find and lookup DNS records with DNSdumpster


What it is
DNSdumpster is a free domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers’ perspective is an important part of the security assessment process.

Use case
After a user enters a domain name, DNSdumpster identifies and displays all associated subdomains, helping map an organization’s entire attack surface based on DNS records.

dnsdumpster dnsdumpster

6. TinEye for reverse image search


What it is
TinEye is an image-focused web crawling database that allows users to search by image and find where that image appears online.

Use case
An investigator uploads an image to TinEye or searches by URL. TinEye constantly crawls the web and adds images to its extensive index (as of April 2020, over 39.7 billion images).

TinEye TinEye

7. Shodan: The search engine for the IoT


What it is
Websites are just one part of the internet. Shodan allows analysts to discover which of their devices are connected to the internet, where they are located, and who is using them.

Use case
Shodan helps researchers monitor all devices within their network that are directly accessible from the Internet, and therefore vulnerable to attacks.

Shodan Shodan

8. Explore billions of web pages with Wayback Machine


What it is
Wayback Machine analyzes websites published across time, allowing researchers to review how the web page looked when it was originally launched or updated, revealing data that may no longer be visible or searchable through regular search engines.

Use case
Suppose a website was seized by the FBI, but the original content is no longer there. Researchers can use Wayback Machine to reveal information that the site may have contained prior to the raid.

Wayback Machine Wayback Machine

9. Find out if your account has been compromised using Have I Been Pwned


What it is
The service exposes the severity of the risks of online attacks, while helping victims of data breaches learn about compromises of their accounts. Users can subscribe to receive breach notifications, and search for pwned accounts and passwords across domains.

Use case
Users can securely enter email addresses and passwords to find out if they have been hacked. The site returns a complete list of breaches where specific accounts have been exposed, and what types of data (email addresses, names, passwords, locations, etc.) has been stolen.

Have I Been Pwned? Have I Been Pwned?

10. Follow the money with CipherTrace Maltego Transform


What it is
Maltego is a popular security research and forensics tool that uses the Bitcoin blockchain to track funds. Maltego uses identifiers for criminal, mixer, dark market, gambling, ATM, exchange activities. It comes in the form of a Maltego transform plugin.

Use case
Create directed graphs to track an asset's final destination, even when a Bitcoin mixer attempts to launder the funds.

CipherTrace Maltego Transform CipherTrace Maltego Transform

11. Search anyone’s public records though Voter Records


What it is
Voter Records is a free political research tool that contains more than 70 million voter registration records. Details include related public records, political party affiliations, relatives, location, current and previous addresses, and more.

Use case
A researcher could gain comprehensive information about any person’s affiliations, location, and connections.

Voter Records Voter Records

12. Find people and perform background checks with Whitepages


What it is
Whitepages offers to perform reverse name, address and phone number look up and returns high-level information on any individual or business.

Use case
A useful tool for verifying that the persons a researcher is dealing with are who they say they are. Investigations can locate people and businesses, verify their addresses, look up phone numbers, and even perform complete background checks.

Whitepages Whitepages

13. Disguise your identity with fake name generator


What it is
Fake Name Generator produces an entire new false identity for a person, including detailed contact information, a mother’s maiden name, street address, email, credit card numbers, phone number, social security number, and more.

Use case
A fake identity can be useful for filling out online forms without giving out personal details, using it as a pseudonym on the internet, testing payment options with randomly generated credit card numbers, and all other types of research where an analyst doesn’t want to expose his or her real identity.

Fake Name Generator Fake Name Generator

14. Explore crime maps with CityProtect


What it is
CityProtect is a crime visualization site. Users provide a location within the US, along with some other parameters, and detailed crime reports are delivered. The reports are rendered geospatially.

Use case
A user can analyze quantified criminal behavior in a geographic area over time to help build an intelligence led brief.

CityProtect CityProtect

15. Explore the dark net with Torch search engine


What it is
Torch, or TorSearch, is a search engine designed to explore the hidden parts of the internet. Torch claims to have over a billion dark net pages indexed, and allows users to browse the dark web uncensored and untracked.

Use case
Torch promises peace of mind to researchers who venture into the dark web to explore onion sites. It also doesn't censor results – so investigators can find all types of information and join discussion forums to find out more about current malware, stolen data for sale, or groups who might be planning a cyberattack.

Torch Torch

16. Go deeper into the dark web with Dark.fail


What it is
Dark.fail has been crowned the new hidden wiki. It indexes every major darknet site and keeps track of all domains linked to a particular hidden service.

Use case
Tor admins rely on Dark.fail to disseminate links in the wake of takedowns of sites like DeepDotWeb. Researchers can use Dark.fail when exploring sites that correlate with the hidden service.

Dark.Fail Dark.Fail

17. Use PhishTank to research suspected phishes


What it is
PhishTank is a free community site where anyone can submit, verify, track and share phishing data. PhishTank also provides an open API for developers and researchers to integrate anti-phishing data into their applications.

Use case
Users submit suspicious URLs via email, and PhishTank identifies, verifies, tracks, confirms, and publishes phishing site on its web page.

PhishTank PhishTank

18. HoneyDB: A community-driven honeypot sensor data collection service


What it is
HoneyDB has multiple honeypots throughout the internet waiting to be attacked. The service logs complete details of an attack, including IP address, and the binary that was used to execute it, and lists them in the HoneyDB database. HoneyDB enables users to run a reverse search on IOCs and correlates it back to campaigns that are happening on its honey pots.

Use case
A campaign that uses a unique exploit to commit a widespread attack on every system possible, would most likely infect one or more of the honeypots. A user then accesses detailed information on the attack to gather information about its intentions and perpetrators.

HoneyDB HoneyDB

19. ThreatMiner: IOC lookup and contextualization


What it is
ThreatMiner is a threat intelligence portal designed to enable an analyst to research indicators of compromise (IOCs) under a single interface. That interface allows for not only looking up IOCs but also providing the analyst with contextual information. With this context, the IOC is not just a data point but a useful piece of information and potentially intelligence.

Use case
Identify and enrich indicators of compromise to have a better understanding of attack origins.

ThreatMiner ThreatMiner

20. Analyze suspicious files and URLs with VirusTotal


What it is
VirusTotal inspects items with over 70 antivirus scanners and URL/domain blacklisting services. Scanning reports produced by VirusTotal are shared with the public to raise the global IT security level and awareness about potentially harmful content.

Use case
Users can select a file from their computer using their browser and send it to VirusTotal. Results are shared with the submitter, and also between the examining partners, who use this data to improve their own systems.

VirusTotal VirusTotal

21. Tap into the most comprehensive collection of exploits on Exploit DB


What it is
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Exploits are collected throughout the internet and through user submissions, and archived for community use.

Use case
The Exploit Database is a repository for publicly available exploits, making it a valuable resource for those who need actionable data at their fingertips.

The Exploit Database The Exploit Database

Explore Silo for Research

Data Sheet
Data Sheet

Silo for Research Analyst Pack

A suite of productivity enhancement features for analysts including Collecter and Gofer.

Data Sheet
Data Sheet

Harvester collection automation API

Authentic8’s Harvester Automation API enhances automated web-based collection by integrating into existing content collection workflows via a simple API

Video
Video

Take a self-guided tour of Silo for Research

Learn how Authentic8's unique approach meets the needs of online investigations for financial fraud, AML, threat intelligence, OSINT and other fields

Close
Close