OSINT Tools for Network and Internet Infrastructure Investigations

When investigating cybercrime or conducting OSINT (Open-Source Intelligence) research, IP addresses and network infrastructure play a crucial role. Below are some powerful tools for gathering intelligence on IPs, domains, and internet infrastructure.

IP Investigation Toolbox

🔗 https://cipher387.github.io/domain_investigation_toolbox/ip.html
This open-source tool aggregates data from 15+ OSINT sources, including:
– Shodan (exposed devices & services)
– Censys (internet-wide scanning)
– WHOIS (domain/IP ownership)
– Geolocation (IP mapping)

You Should Know:

• Run a quick IP scan via CLI using `curl` and jq:

  curl "https://api.shodan.io/shodan/host/{IP}?key=YOUR_API_KEY" | jq
  

• Use `nmap` for port scanning:

  nmap -sV -Pn {IP}
  

CyberBro (IP Intelligence Aggregator)

🔗 https://github.com/stanfrbd/cyberbro
A powerful tool for CTI (Cyber Threat Intelligence) analysts, offering:
– EDR (Endpoint Detection & Response) integration
– OpenCTI compatibility
– Graph-based threat mapping

You Should Know:

• Install & run CyberBro:

  git clone https://github.com/stanfrbd/cyberbro 
  cd cyberbro 
  python3 cyberbro.py --ip {TARGET_IP} 
  

• For bulk IP analysis, use:

  for ip in $(cat ip_list.txt); do python3 cyberbro.py --ip $ip; done
  

FOFA (Chinese Internet Mapping Engine)

🔗 https://en.fofa.info/

A Chinese alternative to Shodan, specializing in:

• IoT device detection
• Chinese firewall (GFW) bypass

⚠ Warning: Avoid submitting sensitive data due to PRC surveillance laws.

You Should Know:

• Use `curl` to query FOFA’s API (requires account):

  curl "https://fofa.info/api/v1/search/all?email=YOUR_EMAIL&key=API_KEY&q=ip={IP}"
  

Spur.us (VPN/Proxy Detection)

🔗 https://spur.us/context-api/

Identifies anonymized IPs (VPNs, Tor, proxies).

You Should Know:

• Check if an IP is a VPN via CLI:

  curl "https://api.spur.us/v2/context/{IP}" -H "Token: YOUR_API_KEY"
  

StopForumSpam (Anti-Spam Database)

🔗 https://www.stopforumspam.com/usage
Tracks forum spam linked to IPs, emails, and usernames.

You Should Know:

• Query via API:

  curl "https://api.stopforumspam.org/api?ip={IP}&json"
  

What Undercode Say

OSINT tools for IP investigations are essential for cybersecurity, fraud detection, and threat hunting. Combining automated tools (nmap, Shodan, CyberBro) with manual analysis provides the best results.

Expected Commands Cheat Sheet:

 Geolocate an IP 
curl ipinfo.io/{IP}

Bulk WHOIS lookup 
for ip in $(cat ips.txt); do whois $ip >> whois_results.txt; done

Detect open ports (fast scan) 
nmap -T4 -F {IP}

Check VPN/Proxy 
curl "https://ipqualityscore.com/api/json/ip/YOUR_API_KEY/{IP}" 

Prediction

As IPv6 adoption grows, OSINT tools will evolve to track dynamic IP assignments more efficiently. AI-driven IP attribution may replace manual analysis in the next 5 years.

Expected Output:

A structured report containing:

• IP geolocation
• Open ports & services
• VPN/Proxy detection
• Historical WHOIS data
• Associated malicious activity

IT/Security Reporter URL:

Reported By: Devaidan Osint – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram