Browser-based OSINT tools used in the workshop. All tools work in a standard web browser – no software installation required. Tools marked with “Free tier” require account creation but provide sufficient access for workshop activities at no cost.
| Tool |
URL |
Purpose |
Account Required |
Used In |
| crt.sh |
crt.sh |
Certificate transparency search. Query certificate logs to discover subdomains and domain patterns |
No |
M2 |
| DNSDumpster |
dnsdumpster.com |
DNS enumeration and network mapping. Visual map of DNS records and subdomains |
No |
M2 |
| SecurityTrails |
securitytrails.com |
DNS history, subdomain intelligence, and WHOIS data. Historical DNS records reveal infrastructure changes |
Free tier |
M2 |
| Subdomain Finder |
subdomainfinder.c99.nl |
Subdomain enumeration with JSON export. Aggregates results from multiple sources |
No |
M2 |
| Tool |
URL |
Purpose |
Account Required |
Used In |
| Shodan |
shodan.io |
Internet-connected device search. Identifies exposed services, ports, products, and versions on target IP ranges |
Free tier |
M2, M5 |
| Censys |
search.censys.io |
Internet-connected device search. Similar to Shodan with different data sources and query syntax |
Free tier |
M2, M5 |
| Shodan Monitor |
monitor.shodan.io |
Continuous monitoring alerts for Shodan results. Notifies when new services appear on monitored IP ranges |
Free tier (limited) |
M5 |
| Tool |
URL |
Purpose |
Account Required |
Used In |
| HaveIBeenPwned |
haveibeenpwned.com |
Breach database search by email address. Shows which data breaches contain a given email |
No |
M3, M5 |
| HIBP Domain Search |
haveibeenpwned.com/DomainSearch |
Domain-level breach search. Shows all breached email addresses for a verified domain |
Domain verification required |
M3, M5 |
| Tool |
URL |
Purpose |
Account Required |
Used In |
| NVD |
nvd.nist.gov |
National Vulnerability Database. CVE details, CVSS scores, CPE identifiers, and affected product versions |
No |
M4 |
| NVD CPE Search |
nvd.nist.gov/products/cpe/search |
CPE identifier validation. Verify AI-generated CPE strings against the official CPE dictionary |
No |
M4 |
| CISA KEV |
cisa.gov/known-exploited-vulnerabilities-catalog |
Known Exploited Vulnerabilities catalog. Confirmed actively exploited vulnerabilities with remediation deadlines |
No |
M4, M5 |
| CISA ICS Advisories |
cisa.gov/news-events/cybersecurity-advisories |
ICS-specific security advisories. Vulnerability disclosures and mitigations for industrial control systems |
No |
M4, M5 |
| ICS Advisory Project |
icsadvisoryproject.com |
Curated ICS/OT advisory aggregator. Dashboard view of ICS advisories with search and filtering. Note: focuses on ICS vendors; does not cover IT infrastructure vendors like Fortinet or Cisco |
No |
M4 |
| Tool |
URL |
Purpose |
Account Required |
Used In |
| Google Alerts |
google.com/alerts |
Keyword-based web monitoring. Sends email notifications when new content matching your search terms appears |
Google account |
M5 |
AI Clients
The workshop is AI-client agnostic. Use whichever AI assistant you have access to:
| Tool |
URL |
Notes |
| ChatGPT |
chat.openai.com |
OpenAI. Free tier available |
| Claude |
claude.ai |
Anthropic. Free tier available |
| Other AI assistants |
Varies |
Any AI client that accepts text prompts and returns structured analysis |
Free Tier Limitations
Tools with free-tier accounts typically limit the number of queries per day or the amount of data returned. For workshop purposes, free tiers provide sufficient access. If you plan to use these tools operationally after the workshop, review each tool’s pricing for your expected query volume.
| Tool |
Free Tier Limit |
Operational Consideration |
| Shodan |
Limited searches per day, no API access |
API access ($49/lifetime membership) needed for automated monitoring |
| Censys |
250 searches/month, limited API |
API access needed for scripted checks |
| SecurityTrails |
50 queries/month |
Sufficient for monthly pull-based checks |
