★ #OSINT Tips ★ 17 short tips for website investigations

[1/17: tactical information👁️]
Purpose: collect and analyze tactical information.
1. Visit website
2. Collect visible info (contact details, VAT numbers, etc.)
3. Analyze information
4. Have fun!

[2/17: WHOIS information]
Purpose: find owner/host of website
1. Find top level domain
2. Find TLD register via iana.org/root/domains/db*
3. Fill in target URL
4. Look for registrant/registrar
5. Have fun!

* Use multiple databases/registers!

[3/17: archives]
Purpose: find archived information
1. Visit archive.org*
2. Fill in target URL
3. Check for archived information
4. Have fun!

* Use other websites such as archive.is
* Use cached version of search engines

[4/17: text]
Purpose: find related information by text
1. Copy text from target website
2. Paste text in search engine*
3. Have fun!

* Or use websites such as copyscape.com

[5/17: images | reverse image search ]
Purpose: find websites that use the same/a similar image
1. Copy image location of target image
2. Navigate to google.com/images*
3. Find identical and overeenkomstige afbeeldingen
4. Have fun!

* Also use Yandex, Bing, Baidu, TinEye

[6/17: images | EXIF data]
Purpose: find EXIF data of digital images
1. Navigate to target image
2. Download target image
3. Extract EXIF data*
4. Analyze data
5. Have fun!

* Or use Jeffreys Exif viewer / add-ons (wxIF)

[7/17: source code]
Purpose: investigate source code
1. Navigate to target website
2. View source code
3. Analyze source code (hidden info, ID's, templates, plugins)
4. Find vulnerabilities/related websites
5. Have fun!

* Builtwith.com & Publicwww.com

[8/17: other TLD's]
Purpose: find other tld's of target website
1. Use operators -site:target.com -site:target.*
2. Analyze and verify the results
3. Have fun!

[9/17: mentions of target]
Purpose: find mentions of target website
1. Use operators -site:target.com "target.com"
2. Analyze and verify the results
3. Have fun!

[10/17: check info via RSS]
Purpose: find information via RSS feeds
1. Navigate to target.com/RSS*
2. Analyze and verify the results
3. Have fun!

* Will of course not always work. Will probably do on Wordpress websites.

[11/17: investigate SSL certificates]
Purpose: find (sub)domains of target
1. Navigate to crt.sh
2. Typ in target website
3. Check certificate ID's
4. Analyze information
5. Have fun!

[12/17: check robots/sitemaps]
Purpose: find "hidden" webpages and content
1. Navigate to target.com/robots.txt
2. Analyse all disallowed pages and content
3. Visit pages and content
4. Have fun!

[13/17: port scans]
Purpose: find open ports and services
1. Use a TCP port scanner such as NMAP
2. Run scan
3. Analyze results
4. Have fun!

[14/17: reverse IP lookup]
Purpose: find other domains on same IP address
1. Use a service such as viewdns.info
2. Typ in target website
3. Analyze results
4. Be aware of shared hosting services
5. Have fun!

* Reverse DNS is also interesting

[15/17: reverse DNS lookup]
Purpose: find other domains that use same DNsame IP address
1. Use a service such as viewdns.info
2. Typ in target website
3. Analyze results
4. Be aware of shared hosting services
5. Have fun!

[16/17: monitoring changes]
Purpose: monitor changes on website
1. Use a service such as visualping.io
2. Fill in all information
3. Wait for changes
4. Analyze changes
5. Have fun!

[17/17: malware check]
Purpose: check for malware on target website
1. Use a service such as any.run
2. Fill in all information
3. Wait for the results
4. Analyze results
5. Have fun!

Want to add more tips? let us know!

And the link has to be iana.org/domains/root/db