goosint-cyber-toolkit

Goosint Cyber Toolkit

A curated list of amazing web-based tools related to cybersecurity, threat intelligence, and digital investigations.

This list helps you gathering information you need about your target through publicly available data. Know more about your organization’s internet exposure, and assess you applications and infrastructure security.

Most of the tools are completely free, and just few are partially free (i.e. for open source projects).

Enjoy them! :smiling_imp:

Table of Contents

• Attack Surface Management
• Malware Analysis and Sandbox
• Security Reputation and Malware Scanners
• Fraud Detection Tools
• Email Security Tools
• Email Lookup and Verification Tools
• DNS Lookup and Whois Tools
• Domain and DNS Security Scanner
• IP and Network Tools
• Image Intelligence
• Web Application Security Scanner
• Code Security and Analysis Tools
• Authentication and Encryption Tools
• Cybersecurity Alerts and Advisories
• Vulnerability Databases
• Threat Intelligence and Leaked Data
• News Aggregators and Automation Tools
• Investigation Visualiser
• Active Directory and M365 Security Tools
• Endpoint Security Testing
• Cyber Rating and Company Security Exposure Assessments
• Cybersecurity Program and GRC Management Platforms
• Search Tools and Data Extractors
• General OSINT Tools & Platforms

↑ Credits

Goosint is a personal project that started out in May 2023 as initially for sharing amazing, free, and ready-to-use Open-source intelligence (OSINT) tools for cybersecurity specialists. At the end of 2023, the plateform has expanded to cover other topics in the field of peoples’ safety in France, and Information Security in general. In February 2025, I decided to migrate my website, goosint.com, with +300 resources curated for almost 2 years to github.com and make it more collaborative.

↑ Contributing

If you want to add other tools or have any suggestions to improve this project, you can contact me here.

PS. I still need to work on a proper contribution process in github. Please give me some time :cowboy_hat_face:.

↑ Attack Surface Management

Search engines and platforms for attack surface management, cybersecurity intelligence, and threat analysis.

• Shodan - Intelligence search engine.
• Cloudflare Radar - Internet data & security radar.
• Censys - Intelligence search engine.
• ZoomEye - Intelligence search engine.
• IntelligenceX - Intelligence search engine.
• FullHunt - Attack surface management.
• Onyphe - Cyber defense search engine.
• Greynoise - Asset and vulnerabilities search engine.
• SOCRadar - Threat intelligence platform for dark web.
• SecurityTrails - Attack surface intelligence API.
• CriminalIP - Intelligence search.
• Hunter - Hunter internet search.
• FOFA - Network assets search engine.
• Netlas - Attack surface discovery engine.
• Polyswarm - Malware intelligence engine by Swarm.
• HudsonRock - Free cybercrime intelligence tools.
• Favi Hash - Get the hash of a favicon to identify websites using it.

↑ Malware Analysis and Sandbox

Online sandboxes and security frameworks for analyzing malware, URLs, and files.

• AppAnyRun - Interactive malware analysis.
• BrowserLing - Online browser sandbox.
• BrowserLing (new interface) - Online browser sandbox.
• Joe Sandbox - Windows, macOS, and Android sandbox.
• Urlscan - Public sandbox for URL analysis.
• Filescan - Sandbox by OPSWAT for file scanning.
• Cuckoo CERT - Online malware analysis tool.
• Triage - Analyze malware samples.
• MobSF - Android/iOS/Windows mobile security framework.
• Browser.lol - Visit blocked or risky websites.

↑ Security Reputation and Malware Scanners

Malware analysis, reputation lookup, and threat investigation.

• VirusTotal - Free malware scanner by Google.
• HybridAnalysis - Free malware scanner by CrowdStrike.
• Opentip Kaspersky - File analysis by Kaspersky.
• Talos - Asset reputation lookup by Cisco.
• CyberGordon - Multi-engine cyber reputation check.
• Zulu Zscaler - URL risk scoring engine.
• isMalicious - Check if IP/Domain is in public malicious lists.
• AbuseIP - Asset reputation lookup.
• IP Quality Score - IP reputation lookup.
• IBM X-Force - Malware analysis by IBM.
• Palo Alto Filtering - URL reputation by Palo Alto.
• Bluecoat Review - URL reputation by Symantec.
• Malwares - Hash, IP, and domain malware scan (Get file hash).
• URLVoid - Website reputation lookup.
• Valkyrie - Malware analysis for files and websites.
• DocGuard - Malware threat scan from hash.
• MetaDefender - Scan anything with OPSWAT.
• RST Cloud - IoC lookup by RST Cloud.
• Threatyeti - Investigate host risk score.
• CheckPhish - Free URL phishing scan with screenshot.

↑ Fraud Detection Tools

Analyzing website business legitimacy, link redirection, and fraud detection.

• Where Goes - Track where a link redirects.
• ScamAdviser - E-commerce website reputation lookup.
• Blacklist Checker - Check if an IP, domain, or email is blacklisted.
• Scamalytics - IP address fraud score.
• Google Safe - Google Transparency Report for website safety.
• France Verif - E-commerce reputation checker (browser extension available).

↑ Email Security Tools

Checking email breaches, phishing domains, and email security analysis.

• HaveIBeenPwned - Check if an email is leaked.
• DomainSearch - Get notified if your domain is in a breach.
• HaveIBeenSquatted - Find potential phishing domains similar to your domain.
• DNS Twist - Detect phishing domains similar to yours.
• Red Flag Domains - Recently registered, potentially malicious domains.
• Breach Directory - Check email compromission.
• MxToolBox - Email headers analyzer.
• PhishTool - Email deep forensic tool.
• PhishTank - Phishing prevention community and API.

↑ Email Lookup and Verification Tools

Retrieving and verifying emails, as well as mapping digital footprints.

• PhoneBook - Retrieve emails from a given domain by IntelligenceX.
• Epieos - Retrieve emails from a given domain.
• Hunter - Retrieve emails from a given domain or verify email.
• Dehashed - Retrieve passwords from a domain.
• Email Hippo - Email address verification tool.
• Snov - Quick email format finder.
• OSINT Industries - Map email and phone over 200 websites (paid).
• Predicta Search - Email & phone digital footprint (paid).
• Anymail Finder - Paid tool to find emails.

↑ DNS Lookup and Whois Tools

DNS record lookup, whois information, and DNS intelligence.

• Whatsmydns - DNS Whois details.
• DigWebInterface - DNS dig tool.
• Google Dig - DNS Dig by Google.
• DiG GUI - DNS dig (new interface).
• DomainTools - DNS whois lookup.
• View DNS - DNS intelligence.
• DNSDumpseter - Deep DNS lookup.
• MXToolBox - DNS MX records audit.
• SecurityTrails - DNS lookup.
• DNS History - DNS records history.

↑ Domain and DNS Security Scanner

Domain security analysis, email authentication, and DNS security checks.

• Blacklist Checker - Check if your domain is blacklisted.
• DMARCLY Tools - Multiple DNS security checkers.
• MXToolBox - DNS MX records audit.
• BIMI Inspector - Check your domain compliance with BIMI.
• Learn DMARC - Console to learn and test DMARC and email.
• Easy DMARC - Domain security analyzer.
• DMARC Advisor - Domain security analyzer.
• MEROX Check - Domain security analyzer.
• DKIM Core - Generate DKIM core key and audit DKIM.
• DNS Security - DNS security check by Merox.
• NCSC DNS Security - DNS security check by UK National Cybersecurity.

↑ IP and Network Tools

IP address lookups, network scanning, and BGP information.

• BGP Tools - BGP info from ASN, prefix, or DNS.
• IPinfo - Trusted IP address data.
• KeyCDN - IP lookup.
• Lupovis - IP lookup.
• IP Tools - Basic IP and network tools from Hacker Target servers.
• IPvoid - Popular IP tools.
• Nmap Online - Nmap IP ports scan.
• Port Scanner - Online port scanner.
• Hping - Custom ping for security assessment.
• PeeringDB - Network, internet exchange, and facility database.
• Wigle - Wireless networks mapping.

↑ Image Intelligence

Reverse image search, face recognition, and image metadata analysis.

• TinEye - Reverse image search.
• PimEyes - Reverse face specialized image search.
• Pic2map - Image EXIF data viewer.
• PNG Tools - Online PNG tools.

↑ Web Application Security Scanner

Scanning vulnerabilities, checking security headers, SSL certificates, and more.

• OpenVAS Online - Online vulnerability scanner.
• Faraday Personal - Vulnerability management platform.
• Webbkoll - Check what data-protecting measures a site has taken.
• EDPB Web Auditing - Check website compliance with GDPR for free.
• Hardenize - General reports (DNS, email, certificate, security conf.) against your public domain.
• SSLLabs - Website SSL certificate scanner by Qualys.
• SSL Scan - SSL/TLS scan.
• Report URI - CSP, CSR and certificates scanners.
• Security Header - HTTP response headers security scanner.
• WafWoof - WAF detection.
• Sucuri - Detecting payloads, WAF, blocklisting, and security patches.
• Pentester - Website security check (WAF, technologies, SSL/TLS, etc.).
• Pentest Tools - Multiple free scan & discovery tools.
• NetCraft - Website technologies and infrastructure scanner.
• BuiltWith - Assets technologies scanner.
• WhatWeb - Web assets recognizer.
• Wappalizer - Website technologies scanner.
• Web Check - All-in-one website OSINT tool.
• SpyOnWeb - Find related websites from IP or domain.
• DNSlytics - List domains sharing the same IP host.
• Hackertarget WP - WordPress security scan.
• Hackertarget Joomla - Joomla security scan.
• Hackertarget Drupal - Drupal security scan.
• SimilarWeb - Website approximate traffic and ranking.
• Web Archive - Internet archive machine.
• Visual Ping - Monitor changes on a website page.

↑ Code Security and Analysis Tools

Secure code review, static application security testing, and code quality improvement.

• GitGuardian (Free & Paid) - Secure code review tool offering free unlimited secrets detection.
• SonarCloud (Free & Paid) - Static application security testing platform free for open-source projects.
• GuardRails (Paid, Free tier) - Static application security testing platform.
• CodeScene (Free & Paid) - Code analysis tool using behavioral insights to improve code quality.

↑ Authentication and Encryption Tools

Certificate history search, MFA/2FA verification, and data analysis/encoding.

• Crt - Certificate history search engine.
• 2FA Directory - Check if MFA/2FA is supported.
• CyberChef - Analyzing and encoding data.

↑ Cybersecurity Alerts and Advisories

Official alerts and advisories from global cybersecurity teams and organizations.

• CERT-EU Advisory (EN) - Alerts and advisories from the European Union Computer Emergency Response Team.
• CISA Advisory (EN) - Cybersecurity alerts and advisories from CISA (US Cyber Defense Agency).
• MyCert Advisory (EN) - Malaysia Computer Emergency Response Team (MyCERT) alerts.
• CERT-FR Advisory (FR) - Computer Emergency Response Team from the French security agency (ANSSI).

↑ Vulnerability Databases

Prioritizing and analyzing vulnerabilities, CVE databases and CVSS calculator.

• VulnCheck KEV - Largest vulnerabilities prioritization database.
• Exploit DB - Vulnerabilities advanced database.
• CVEShield - Find information about any vulnerabilities.
• CVE Details - Vulnerabilities database by SSC.
• Vulners - Exploit search engine.
• First.org - Custom CVSS score calculator.

↑ Threat Intelligence and Leaked Data

Resources for threat intelligence, leaks, and databases of compromised data for security researchers.

• LeakIX - Assets leaks and security incident monitoring.
• Nuclear Leaks - Largest free website leak database collection.
• Abuse.ch - Community-driven threat intelligence (6 databases).
• Ransomware.live - Monitor ransomware groups’ activity.
• Any Run CTI - Threat intelligence platform by Any Run.
• BinaryEdge Threat Intelligence Platform - Threat intelligence platform.
• ThreatBook CTI - Threat intelligence platform.
• Pulsedive - Threat intelligence platform.
• Alienvault OTX - Community-powered open threat exchange platform.
• OpenCTI - CTI structuring platform by French ANSSI.
• Carbon Black - VMware CB real-time threat research data.
• Palo Alto ATOMs - Actionable threat objects and mitigations.
• RiskIQ - Internet intelligence by Microsoft.
• Filesec - Latest attackers’ file extensions.
• LOLBIN - Attackers’ binaries used outside their intended purpose.
• GTFOBins - Binaries to bypass misconfigured systems.
• LOLC2 - Collection of C2 frameworks to evade detections.
• NTLM - Database of +8.7 billion password hashes.
• VXIntelligence - Find compromised passwords from vulnerable C2 servers.
• 0day.today - Marketplace for 0-day exploits.
• Malware Bazaar - Malware sharing platform for infosec professionals.
• Feodo Tracker - Browse botnet command & control infrastructure.
• Snusbase (paid) - Search engine for leaked databases, allowing users to find compromised credentials.
• DeHashed (paid) - Advanced breach search engine to find leaked personal and corporate data.
• RocketReach (paid) - Contact and company intelligence platform for finding professional emails and phone numbers.
• CTF Search - Search CTF (Capture The Flag) writeups.
• Altenens - Forum where people share data leaks.

↑ News Aggregators and Automation Tools

Tools for aggregating news, managing links, and automating threat intelligence workflows.

• FreshRSS - Self-hosted RSS feed aggregator (requires setup).
• Google News - News aggregator from Google.
• Feedly - RSS feed aggregator.
• IFTTT - Automation platform to connect apps and devices through custom workflows.
• Raindrop.io - Bookmark manager for organizing and syncing links across devices.

↑ Investigation Visualiser

Tools for tracking investigations, organizing notes, and visualizing data.

• OSINTracker - Track your investigations online.
• Obsidian - Create notes and visualize them in graphs.
• Draw.io - Make diagrams and flow charts online.

↑ Active Directory and M365 Security Tools

Tools for auditing, hardening, and reporting on Active Directory (AD), Microsoft 365 security, GWP security.

• Purple Knight - Active Directory Security Audit by Semperis (requires setup).
• PingCastle - Active Directory Security at 80% by Vincent Le Toux (requires setup).
• BloodHound - AD and AAD Complex Attack Path Audit (requires setup).
• Harden AD - AD and M365 Infrastructure Hardening (requires setup).
• CRT - CrowdStrike Reporting Tool for Azure AD / O365.
• AADInternals - Extract openly available tenant information.
• Adalanche - Open-Source Active Directory ACL Visualizer (requires setup).
• ScubaGear - Assess the state of your M365 tenant against CISA’s baselines (requires setup).
• ScubaGoggles - Assess the state of your Google Workspace tenant against CISA’s baselines (requires setup).

↑ Endpoint Security Testing

Tools to assess your defense and test your security mechanisms.

• Ransomware Risk Scan - Test your ransomware defense by Zscaler.
• Wicar - Test your anti-malware and anti-virus.
• Browser Test - Web browser scan.
• SurfShark - DNS leak test.
• Security Preview - Internet threat exposure analysis.
• OTX EndPoint Security - Community-powered endpoint security tool.

↑ Cyber Rating and Company Security Exposure Assessments

Tools to evaluate the security posture of your network and partners.

• ShadowServer - Daily reports for your network and security exposure.
• Coalition - Cyber score for your company.
• Bitsight - Free customized security ratings report.
• SecurityScorecard - Security score of your partners (14-day trial).

↑ Cybersecurity Program and GRC Management Platforms

Tools for managing and ensuring compliance with international cybersecurity standards and company requirements.

• CISO Assistant - Cybersecurity program & compliance management platform by a French company.
• Gapps - Cybersecurity compliance management platform (requires setup).
• Demin - Management tool for information security management system (requires setup).
• Tenacy.io - Cybersecurity program management platform by a French company (paid).
• Simple Risk - Cybersecurity program management platform (paid).

↑ Search Tools and Data Extractors

Advanced engines for searching code, data, and public information across various platforms.

• Publicwww - Search across web pages’ HTML, JS, and CSS code.
• Metacrawler - Aggregates search engines.
• Pastebin - Use Google Dorks on this pastebin.
• Dork Search - Google Dorking commands generator.
• Startpage - Anonymous search engine.
• SearchCode - Search in 40M lines of code.
• Grep - Search across Git repositories.
• Telemetry - Advanced search across Telegram.
• Instant Data Scraper - Browser extension to extract website data.
• KQL Queries - Search engine for KQL lovers.
• Diggers - Search for public multiple files in file-sharing services.

↑ General OSINT Tools and Platforms

Tools and platforms for general Open Source Intelligence (OSINT) gathering and investigations.

• Kasm Web - Browser-based desktop for your investigations.
• Whonix - A definitely maximum anonymity and security VM.
• Gray Hat Warfare - Buckets and shorteners finder.
• Black Bird - Map accounts by username.
• Grabify - Track clicks on your URL.
• OpenCorporates - Largest database to search professionals and entities.
• AIHIT DATA - Business and companies OSINT.
• Name Checkup - Check if a username is in use/available.
• OSINT VM - Specialized OSINT virtual machine by Trace Labs.
• VMWare VM - Free workstation player by VMWare.
• Trace Labs - A non-profit organization to help find missing people.
• OnChain Industries - Search a wallet, username, or email.

↑ License

This work is licensed under CC BY-NC-SA 4.0. In other words, share generously but provide attribution to the authors (e.g, credit: goosint.com).

Sincerely, Khalil B.