OSINT (Open Source Intelligence) is one of our favorite topics. Here are some useful sites that we like to use when performing OSINT on IP Addresses. Some of the sites can also provide information on other types of Artifacts. We highly encourage you to check them out at least once to play around and add it to your bookmarks! You never know when they will come in handy. 🙂

Shodan.io

Shodan.io is a great place to start when you want to explore the internet-of-things devices that are out there. There is a paid account you can purchase (Not the developer account), which unlocks some useful features as well. The price occasionally drops for events like Black Friday (Check their Twitter/X for updates on this).

Cool Features:

  • Explore page
  • “Passive” port and vulnerability enumeration
  • Advanced search/Search in HTML or other payloads (Some of this requires a paid account)
  • Map view

shodan

VirusTotal

VirusTotal is a tool from Google. The platform will provide you with a massive list of related items to almost any artifact you enter.

Cool Features:

  • VirusTotal Graph (Visualize relationships between different artifacts)
  • File upload (Don’t upload sensitive data)
  • “Passively” enumerate sub-domains

virustotal

GreyNoise

GreyNoise provides some similar information to Shodan, but with added context. The platform is good at identifying IPs performing scans.

Cool Features:

  • Added context for IPs
  • Scanning IP detection

greynoise

IBM X-Force Exchange

This is a great platform to see the historical classifications of IP addresses or other artifacts.

Cool Features:

  • Risk Score
  • Historical classifications (You can see if the IP was classified for scanning activity)
  • Artifact Collections made by others

ibm-xforce

IPInfo.io

This tool can be used to pull general information about an IP, including geolocation data. They also have a generous free tier for their Python module.

Cool Features:

  • Geolocation data (Maybe from MaxMind?)
  • Python module with a good free tier

ipinfo

IPVoid

IPVoid is a multi-tool for IPs and other artifacts. The platform contains dozens of “mini” tools and if work checking out.

Cool Features:

  • Lots of tools

ipvoid