# OSINT

## Sites

* [OSINT Framework](https://osintframework.com)

## Google Dorking

* [Sans Cheatsheet](https://www.sans.org/posters/google-hacking-and-defense-cheat-sheet)
* [sundowndev Cheatsheet](https://gist.github.com/sundowndev/283efaddbcf896ab405488330d1bbc06)

## Mail

Query domain records

```bash
nslookup -type=any <domain>
```

```bash
dig <domain> any
```

### SPF (Sender Policy Framework)

> Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email.\[2] SPF alone, though, is limited to detecting a forged sender claim in the envelope of the email, which is used when the mail gets bounced.\[2] Only in combination with DMARC can it be used to detect the forging of the visible sender in emails (email spoofing\[3]), a technique often used in phishing and email spam.
>
> \-- [*Wikipedia*](https://en.wikipedia.org/wiki/Sender_Policy_Framework)

Query domain, check `TXT` record.

```
"v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.123 a -all"
```

### DMARC (Domain-based Message Authentication, Reporting and Conformance)

> DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing emails, email scams and other cyber threat activities.
>
> \-- [*Wikipedia*](https://en.wikipedia.org/wiki/DMARC)

Query `_dmarc.<domain>`, check `TXT` record.

```
"v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:dmarcreports@example.com;"
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/reconnaissance/02-osint.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.