ThreatPinch Lookup alternatives

The OSINT framework provides a collection of tools to gather and parse public data. The tool is web-based and makes it easy to find tools for a particular task.

This OSINT framework allows combining sources and provide data in different formats (web interface, API, command line).

DataSploit is a framework to perform intelligence gathering to discover credentials, domain information, and other information related to the target. It uses various reconnaissance techniques on companies, people, phone numbers, and even cryptocoin technology. It allows aggregating all raw data and return it in multiple formats.

OpenVAS is an open source vulnerability scanner that emerged from when Nessus became closed source in October of 2005.

The primary objective of this software is to avoid doing direct lookups into public CVE databases. This reduces leaking sensitive queries and improves performance.

vFeed consists of a database and utilities to store vulnerability data. It uses third-party references and data, which then can be used to see if a software component has a known vulnerability. The data itself is enriched by cross-checking it and store additional details about the vulnerabilities.

The vFeed tooling has an API available with JSON output. It can be used by security researchers and practitioners to validate vulnerabilities and retrieve all available details.

Tools like vulnix help with the detection of known weaknesses in packages by leveraging external resources. It can be used as an additional security layer on top of software patch management.

Bitscout contains a set of popular tools to acquire and analyze disk images onsite. It saves engineers from traveling to the physical location. In other words, it is providing the option to do remote forensics. The project claims that everything is correctly implemented when it comes to digital forensics. One of these requirements is that no data is altered. For example, the remote security professional can obtain a disk image clone, but not alter the machine state.

The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.

The Sleuth Kit is a forensics tool to analyze volume and file system data on disk images. With its modular design, it can be used to carve out the right data, find evidence, and use it for digital forensics.

TheHive is scalable and a complete platform to deal with security incidents. It allows for collaboration between those responsible for dealing with such incidents and related events. It can even use the data of the MISP project, making it easier to start analyzing from there.

Volatility is a well-known tool to analyze memory dumps. Interesting about this project is that the founders of this project decided to create a foundation around the project. This foundation is an independent 501(c) (3) non-profit organization that maintains and promotes open source memory forensics with The Volatility Framework.

This toolkit of scripts are made by Hal to help in forensic assignments. They make several parts of the job easier, like converting data to another format for further processing.

The libewf toolkit is useful for those who need to create a disk image or perform disk forensics.

Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.

OSINT-SPY is a modular tool to query information on different subjects like an IP address, domain, email address, or even Bitcoin address. This tool can be valuable during the reconnaissance phase of a penetration test. It can be used also for defenses purpose, like learning what information is publically available about your organization and its assets.

SpiderFoot can be used offensively during penetration tests, or defensively to learn what information is available about your organization.

This tool is a typical information collection tool to retrieve public data and get it all into one place. It is useful for penetration tests, or if you want to see what is available for your company.

This small utility can retrieve information from the WHOIS database, to see who owns an IP address or domain name. Besides that, it can obtain information from the system itself, like the uptime. DMitry also has the option to search for email addresses, perform a TCP port scan, and use modules specified by the user.

Although there are many port scanning utilities, sometimes it is specific functionality that makes a tool really powerful. For example, QuickScan saves the results of a scan, which then can be processed later for follow-up.

This tool can be called a true 'inspector tool' as it helps to discover many types of data.

• Website information
• Domain and subdomain information
• Mail server information and email
• Phone details
• IP addresses
• Detection of used CMS