A curated list of web-based tools, browser extensions, and services to support defenders and investigators with discovery, enrichment, and analysis.
- Browser Extensions
- VPN
- Encoding / Decoding
- Investigations
- Browser Isolation
- Acquisitions
- Autonomous System Numbers (ASN)
- Apex Domains
- Subdomains
- Service Discovery
- Data Exposure
- Third-Party & Brand Abuse
| Tool | Type | Purpose |
|---|---|---|
| Instant Data Scraper | Free | Scrape tabular data from web pages to CSV/Excel. |
| Open Multiple URLs | Free | Open a list of URLs in new tabs. |
| User Agent Switcher | Free | Spoof/change browser user-agent. |
| Link Gopher | Free | Extract and deduplicate all links on a page. |
| TruffleHog | Free | Detect exposed credentials on pages you visit. |
| Clear Cache | Free | One-click browser cache clearing. |
| Wappalyzer | Free | Detect site technologies from the browser. |
| Tool | Type | Purpose |
|---|---|---|
| NordVPN | Paid (referral) | General-purpose VPN provider. |
| Surfshark | Paid (referral) | General-purpose VPN provider. |
| Tool | Type | Purpose |
|---|---|---|
| CyberChef | Free | Encoding, decoding, data transformation and analysis. |
| Tool | Type | Purpose |
|---|---|---|
| OSINT Tracker | Free | Track OSINT cases, tasks and artefacts. |
| Tool | Type | Purpose |
|---|---|---|
| Kasm | Paid | Browser/container isolation platform. |
| Browserling | Free / Paid | Online browser sandbox and testing. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| Crunchbase | Free | Company | Website, domain, parent company, acquisitions. |
| OCCRP Aleph | Free | Company, domain | Acquisitions, trademarks. |
| GitHub MA001 | Free | Company, website, date range | Company, website, acquisition status. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| BGP | Free (Global) | ASN, IP, company, keyword | ASN, ASN name, CIDR, WHOIS org and technical contact details. |
| RIPE DB | Free (EU) | Company, ASN, IP, email, keyword | ASN, CIDR, company, WHOIS org and technical contact details. |
| ARIN | Free (US) | Company, ASN, IP, email, keyword | ASN, CIDR, company, WHOIS org and technical contact details. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| OnlineDnsLookup – Bulk Whois | Free | Domain | WHOIS org and technical contact details, register/expiry dates, name servers. |
| ViewDNS – Whois | Free | Domain | WHOIS org and technical contact details, register/expiry dates, name servers. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| Bigdomaindata – Whois History | Free | Domain | Historic WHOIS, WHOIS org and technical contact details, similar/fuzzy domains, typosquatting. |
| Whoxy – Reverse Whois | Free | Registrant name, email, company | WHOIS org and technical contact details, created/expiry dates. |
| WhoisXMLAPI – Reverse Whois | Free Credits / Paid | Domain, organisation, registrant or admin email | Domains. |
| Bigdomaindata – Reverse Whois | Free | Domain, keyword, registrant, email, company, address, name server | WHOIS org and technical contact details, created/expiry dates. |
| Host.io | Free | Domain | Google Manager/Analytics IDs, copyright, A, AAAA, MX, NS, co-hosted domains, backlinks, links to domains, redirects to domains, third-party domains. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| DNSLytics | Free | Domain, keyword, IP, CIDR, MX, Google Manager/Analytics IDs | ASN, IP, domain, reverse MX/NS, Domain, keyword, IP, CIDR, MX, Google Manager/Analytics IDs. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| crt.sh | Free | Domain, company, SSL org | Domains, subdomains, cert CN, identity, issuer. |
| C99 Subdomain Finder | Free | Domain | Subdomains, IP, WAF. |
| ViewDNS – Subdomains | Free | Domain | Subdomains, IP. |
| HackerTarget – DNS Host Records | Free | Domain | Subdomains, IP. |
| VirusTotal | Free | Domain, subdomain, IP, hash | Subdomains, IP, historical IP. |
| [VirusTotal Domain API] https://www.virustotal.com/vtapi/v2/domain/report?apikey=Enter_APIKEY&domain=EXAMPLE.COM |
Domain | Domain, API key | Domains, subdomains, IPs, historical IPs, hashes, URLs. |
| [VirusTotal IP API] https://www.virustotal.com/vtapi/v2/ip-address/report?apikey=Enter_APIKey&ip=Enter_IP |
Domain | IP, API key | Domains, subdomains, IPs, historical IPs, hashes, URLs. |
| SecurityTrails – Subdomains | Free | Domain, keyword | Subdomains. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| Shodan – Advanced Search | Free | ASN, IP, CIDR, port, domain, subdomain, SSL, favicon, OS, website title, product, country | ASN, IP, original IP, port, domain, subdomain, technology, SSL, country, favicon, cloned websites. |
| Shodan – Facet Search | Free | ASN, IP, CIDR, port, domain, subdomain, SSL, favicon, OS, website title, product, country | ASN, IP, original IP, port, domain, subdomain, technology, SSL, fraudulent websites, country, favicon. |
| FOFA | Free | ASNs, IPs, CIDRs, ports, domains, website headers, website titles, website bodies, favicons, copyright, products, product versions, SSL | ASN, IP, original IP, port, domain, subdomain, technology, SSL, country, favicon, cloned websites. |
| Zoomeye | Free | ASNs, IPs, CIDRs, ports, domains, website headers, website titles, website bodies, favicons, copyright, products, product versions, SSL | ASN, IP, original IP, port, domain, subdomain, technology, SSL, country, favicon, cloned websites. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| ViewDNS – Reverse IP | Free | IP | Domains, subdomains. |
| SecurityTrails – Reverse IP | Free | IP | Domains, subdomains. |
| WhoisXMLAPI – Reverse IP | Free | IP | Domains on IP, first/last seen dates. |
| SecurityTrails – Historical IP | Free | Domain, subdomain | Historical IPs, org, first/last seen. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| Wappalyzer | Free | URL | Server stack, frameworks, CMS, analytics. |
| WebTechSurvey | Free | URL | Technologies, redirects, IP, reverse IP, ASN, linked domains, tech changes. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| ThreatYeti | Free | Domain, URL, IP | IPs, shared IPs, subdomains, redirects, inbound/outbound links. |
| TenantIDLookup | Free | Domain, tenant ID, URL | Azure AD tenant ID, default domain, org name, region, MX. |
| SPF-Record | Free | Domain, subdomain | SPF IPs, third-party senders, domains. |
| OnlineDnsLookup – Bulk DNS | Free | Domains, subdomains | ASN, ASN org, IPs, CNAMEs. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| DNSChecker – Port Scanner | Free | Domain, hostname, IP | Port open/closed state. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| Wayback Machine | Free | Domain, subdomain | Historic site content, files, configs, secrets, emails. |
| [Wayback CDX API] https://web.archive.org/cdx/search/cdx?url=*.EXAMPLE.COM/*&collapse=urlkey&output=text&fl=original |
Free | Domain, date, keyword | Historic site content, files, configs, secrets, emails. |
| [Wayback CDX Filtered] https://web.archive.org/cdx/search/cdx?url=*.EXAMPLE.COM/*&collapse=urlkey&output=text&from=2024&to=2025&filter=statuscode:(200)&fl=original&filter=original:.*\.(xls |
sql | doc | ppt |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| Free | Dork, keyword | Domains, URLs, documents, files. | |
| Ultimate Google Dork Generator | Free | Dork, keyword | Domains, URLs, documents, files. |
| Exploit-DB GHDB | Free | Dork, keyword | Domains, URLs, documents, files. |
| Pentest-Tools Google Hacking | Free | Dork, keyword | ADomains, URLs, documents, files. |
| GitHub | Free | Dork, keyword | API keys, tokens, secrets, code, files. |
| Sourcegraph | Free | Dork, keyword | API keys, tokens, secrets, code, files. |
Postman via Googlesite:documenter.getpostman.com <keyword> |
Free | Dorks, domains, company names, keywords | Public Postman docs, APIs, potential secrets/code. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| GrayHatWarfare – Buckets | Free | Domain, company, keywords | Exposed buckets, file listings, URLs, secrets. |
| GrayHatWarfare – Shorteners | Free | Domain, company, keywords | Shortened URLs and resolved targets. |
| Tool | Type | Inputs (Seeds) | Outputs (Identifiers) |
|---|---|---|---|
| URLScan | Free | Dork, Domain, URL, IP, hash, title, keyword | Subdomains, IPs, third-party use, clones, typosquats. |
| KMSec – Favicon Hash | Free | URL, filename, hash | Sites sharing favicon hash (similar/clone sites). |
| BuiltWith | Free | Domain, subdomain, keyword | Tech stack, Google Manager/Analytics IDs, clones, historical IP. |
| Google – Trademark/Copyright | Free | Dork, trademark, copyright (e.g. "Example © 2025" -www) |
URLs, domains/subdomains. |
| Bigdomaindata – Similar Domains | Free | Domain, keyword | Similar domains, typosquats. |
| Bigdomaindata – Fuzzy Domains | Free | Domain | Fuzzy/typo variants (typosquats). |
| Copyscape | Free | URL, text | Plagiarised or cloned websites. |