OSINT tools for hosts, ports and more

Security with Open Source – Part 2
OSINT tools for hosts, ports and more

providers on the subject

Various open source tools are available to check hosts and ports, most of which also run completely in the browser. This allows the security settings of servers that use an Internet connection to be tested very quickly.

With tools from the Open Source Intelligence (OSINT) area, weaknesses and security gaps in computers and servers that are available on the Internet can be discovered and websites can also be checked. In the second part of our series on OSINT tools, we will go into various tools that can also be used directly in the web browser to discover gaps.

URLScan.io – Scan websites, detect connections, check IP addresses

With the web tool URLScan.io, websites can be scanned for HTTP connections. The tool therefore comprehensively lists links and connections between websites. Relationships with other websites can also be analyzed in this way. Therefore, by scanning a web page, all the necessary information that is important for a web page can be displayed. No local installation is required to use URLScan.io, the tool works entirely in the web browser.

In addition to the HTTP elements, the tool examines other objects on the page. This also includes HTML, CSS, Javascript or DOM content. The tool therefore also shows the technologies used by websites. Cookies, IP addresses and other details can also be seen. For the IP addresses of larger and international websites, the page also displays the flag of the respective country.

The tool also detects dangerous content, such as cryptojacking campaigns, phishing sites or even hacked websites. Downloads on the pages can also be seen as well as the SSL certificates used and their validity. Information can be shown or hidden using the “Details: Visible” or “Details Hidden” button. Different views can be displayed with “Showing All Hits” and “Collaped by Hostname”. By clicking on a scanned link, URLScan.io displays further information, for example the cloud provider through which the website is made available.

picture gallery

Picture gallery with 7 pictures

Scanless – Online port scanner

Scanless is a tool that can also be used in the CLI to scan host ports. The Python program can thus also be used in your own applications. The installation can also be done in Python via “pip”:

pip install scanless --user

A Python installation on the computer is therefore necessary for the use of Scanless. The tool displays help with “scanless –help”. The tool can also be integrated into the security distribution Kali, for example with:

git clone https://github.com/vesche/scanless.git

Scanless is a tool that performs port scans. The scanning solution uses different scanners and displays their results directly in the terminal. The scanners used are: hackertarget, ipfingerprints, pingeu, portcheckers, spiderip, t1shopper, viewdns and yougetsignal.

masscan: Massive IP port scanner for a large number of devices to be scanned

masscan is a port scanner that can scan a very large number of devices in a very short time. The tool works similar to nmap. For its deployment, masscan uses its own IP stack. For example, the syntax for the tool looks like this:

masscan -p80,8000-8100 10.0.0.0/8 2603:3001:2d00:da00::/112

This command scans subnet 10.xxx and subnets 2603:3001:2d00:da00::x Ports 80 and 8000 to 8100 are scanned. More information about the tool can be found on the developer’s website on GitHub.

Search for names, user information and brands on social networks: KnowEm, NameCheckup and NameCheckr

The website can be a valuable help when searching for duplicate usernames, phishing fakes or fake brands and user information in social networks. The web tool has the task of searching for specific terms in social networks and checking whether a specific login name is already in use or available on social networks.

This makes it possible to quickly identify fakes in this area and check whether user names have been leaked in certain social networks. The tool can search for domains and trademarks at the same time. For researching information in this area, Knowem offers many more options and information than Google or other search engines. Another search engine in this area is Namecheckr. This tool also searches for specific user names in social networks and clearly displays the result. Similar information can be found on the NameCheckup page. The three tools therefore offer a fairly comprehensive overview of user names and their use. Instant Username Search also checks social networks for existing usernames.

As of 10/30/2020

It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. You can find detailed information in our data protection declaration.

READ:  SaarGummi: Into The Future with Next-Generation Firewalls

Consent to the use of data for advertising purposes

I agree that Vogel IT-Medien GmbH, Max-Josef-Metzger-Straße 21, 86157 Augsburg, including all companies affiliated with it within the meaning of Sections 15 et seq. AktG (hereinafter: Vogel Communications Group) my E e-mail address for sending editorial newsletters. Lists of the respective associated companies can be accessed here.

The content of the newsletter extends to the products and services of all the companies mentioned above, including, for example, trade journals and specialist books, events and trade fairs as well as event-related products and services, print and digital media offers and services such as other (editorial) newsletters, competitions, lead campaigns, Market research in the online and offline area, subject-specific web portals and e-learning offers. If my personal telephone number was also collected, it may be used for submitting offers for the aforementioned products and services from the aforementioned companies and for market research.

If I call up content that is protected on the Internet on portals of the Vogel Communications Group, including its affiliated companies within the meaning of Sections 15 ff. AktG, I have to register with additional data for access to this content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here.

READ:  What is OPSEC (Operational Security)?

right of revocation

I am aware that I can revoke this consent at any time for the future. My revocation does not affect the legality of the processing carried out on the basis of my consent up to the time of revocation. In order to declare my revocation, I can use the contact form available at as one option. If I no longer wish to receive individual newsletters to which I have subscribed, I can also click on the unsubscribe link at the end of a newsletter. I can find more information about my right of withdrawal and how to exercise it, as well as the consequences of my withdrawal, in the data protection declaration, section Editorial newsletters.

picture gallery

Picture gallery with 7 pictures

Reverse lookup for email addresses, IP addresses and extract email addresses from domains: ThatsThem

With the open source tool ThatsThem it is possible to perform a reverse search for e-mail addresses. After entering the email address, the tool tries to find out who exactly owns this email address. ThatsThem is also able to perform a reverse lookup of IP addresses and display information about that domain. If the IP address belongs to a common block or a subnet, ThatsThem also shows this. If domains are linked to the address, the tool also displays this information. Hunter, in turn, focuses on searching for email addresses from specific domains. After entering a domain, the search engine will display all email addresses that belong to that domain.

(ID:48651789)