EdOverflow / Contact.sh
Licence: mit
An OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216
Programming Languages
shell
77523 projects
Projects that are alternatives of or similar to Contact.sh
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1492.13%)
Mutual labels: osint, infosec, bugbounty
Metabigor
Intelligence tool but without API key
Stars: ✭ 424 (+96.3%)
Mutual labels: osint, infosec, bugbounty
Breach.tw
A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.
Stars: ✭ 144 (-33.33%)
Mutual labels: osint, infosec
Pockint
A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (-9.26%)
Mutual labels: osint, infosec
Urlcrazy
Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
Stars: ✭ 150 (-30.56%)
Mutual labels: osint, infosec
Spaces Finder
A tool to hunt for publicly accessible DigitalOcean Spaces
Stars: ✭ 122 (-43.52%)
Mutual labels: osint, infosec
Proof Of Concepts
A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (-31.48%)
Mutual labels: infosec, bugbounty
Autosetup
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (-35.19%)
Mutual labels: infosec, bugbounty
Asnip
ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Stars: ✭ 126 (-41.67%)
Mutual labels: osint, bugbounty
Basecrack
Decode All Bases - Base Scheme Decoder
Stars: ✭ 196 (-9.26%)
Mutual labels: infosec, bugbounty
Chatter
internet monitoring osint telegram bot for windows
Stars: ✭ 123 (-43.06%)
Mutual labels: osint, infosec
Offensive Dockerfiles
Offensive tools as Dockerfiles. Lightweight & Ready to go
Stars: ✭ 150 (-30.56%)
Mutual labels: osint, infosec
Qsfuzz
qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: ✭ 201 (-6.94%)
Mutual labels: infosec, bugbounty
Asnlookup
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-24.54%)
Mutual labels: infosec, bugbounty
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-21.76%)
Mutual labels: osint, bugbounty
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-15.74%)
Mutual labels: infosec, bugbounty
contact.sh
An OSINT tool to find contacts in order to report security vulnerabilities.
Installation
🐧 GNU/Linux
Make sure you have installed the whois and jq packages.
$ git clone https://github.com/EdOverflow/contact.sh.git
$ cd contact.sh/
$ chmod u+x contact.sh
$ ./contact.sh -d google.com -c google
🍎 OSX
$ brew install gnu-sed --with-default-names
$ brew install jq
$ git clone https://github.com/EdOverflow/contact.sh.git
$ cd contact.sh/
$ chmod u+x contact.sh
$ ./contact.sh -d google.com -c google
Usage
$ ./contact.sh
_ _ __ _|_ _ _ _|_ _ |_
(_ (_)| | |_(_|(_ |_ o _> | |
---
by EdOverflow
[i] Description: An OSINT tool to find contacts in order to report security vulnerabilities.
[i] Usage: ./contact.sh [Options] use -d for hostnames (-d example.com), -c for vendor name (-c example), and -f for a list of hostnames in a file (-f domains.txt)
[i] Example: ./contact.sh -d google.com -c google
Use the -d flag when trying to find addresses linked to a domain. contact.sh will return a "Confidence level" based on the source of the information retrieved. A security.txt file located on the domain will have a higher priority than a Twitter account on the company's website.
$ ./contact.sh -d google.com
The -c flag allows you to specify the company's name.
$ ./contact.sh -c google
If the company's name contains spaces, make sure to place the name inside quotes.
$ ./contact.sh -c "keeper security"
You can check a list of domains using the -f flag.
$ ./contact.sh -f domains.txt
For the best results, combine both flags as follows:
$ ./contact.sh -d google.com -c google
contact.sh abides by the target's robots.txt file.
$ ./contact.sh -d linkedin.com
_ _ __ _|_ _ _ _|_ _ |_
(_ (_)| | |_(_|(_ |_ o _> | |
---
by EdOverflow
[+] Finding security.txt files
| Confidence level: ★ ★ ★
[!] The robots.txt file does not permit crawling this hostname.
[+] Checking HackerOne's directory for hostname
| Confidence level: ★ ★ ★
https://hackerone.com/linkedin
Contributing
I welcome contributions from the public.
Using the issue tracker 💡
The issue tracker is the preferred channel for bug reports and features requests.
Issues and labels 🏷
The bug tracker utilizes several labels to help organize and identify issues.
Guidelines for bug reports 🐛
Use the GitHub issue search — check if the issue has already been reported.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].