Online Investigation Tools
Organized By What You Want To Do
One-Line Flow: Bookmark this โ look stuff up โ feel like a hacker โ actually stay safe online.
Why this matters:
Your data is already out there. Your passwords have probably leaked. That sketchy link your aunt sent? Could drain your bank account.
These tools let you check all of it โ for free โ without knowing a single line of code.
Consider this your cheat code to the internetโs security layer.
๐บ๏ธ WATCH HACKERS IN REAL TIME (Live Attack Maps)
Ever wanted to see cyberattacks happening right now? These maps visualize global hacking activity like a movie โ except itโs real.
Why bother: Screenshots flex, conversation starter, reminds you the internet is a warzone.
| Map | Vibe |
|---|---|
| Kaspersky Cybermap | Spinning globe, very Matrix |
| Check Point ThreatMap | Clean, attack types by country |
| Bitdefender ThreatMap | Infections + attacks live |
| Digital Attack Map | DDoS visualized (Google-backed) |
| NETSCOUT Horizon | DDoS deep-dive, filterable |
| Radware Live Threat Map | Botnet activity |
| Imperva Threat Map | Bot + DDoS attacks |
| Fortinet Threat Map | Attack severity + types |
Open any of these at a coffee shop. Instant conversation starter.
๐จ LIVE RANSOMWARE VICTIM FEEDS (Watch Companies Get Hacked)
Ransomware gangs post their victims publicly. These sites scrape those leak sites so you donโt have to touch the dark web.
Why bother: See which companies just got breached before the news reports it. Wild entertainment value. Reminds you to back up your files.
| Tracker | What It Shows |
|---|---|
| ransomware.live | Real-time scraping of leak sites, new victims as posted |
| RansomLook | Group profiles, stats, API access |
| Ransom-DB | Live feed with victim details |
| DarkFeed | Ransomware monitor + video updates |
GitHub bonus: ransomware.live source code โ see how it works
๐ AM I ALREADY HACKED? (Breach Checkers)
Your email and passwords have probably leaked in at least one breach. These tools tell you which ones.
Why bother: Find out before someone else uses your credentials. Takes 5 seconds. Could save your bank account.
| Tool | What It Checks |
|---|---|
| Have I Been Pwned | Email in data breaches |
| HIBP Passwords | Is this exact password exposed? |
| HIBP Pwned Websites | Full breach database list |
| DataBreach.com | Email, SSN, phone, address, username |
| Mozilla Monitor | Privacy-focused breach scanner |
What to do if youโre pwned: Change password immediately โ enable 2FA โ check if you reused it anywhere else.
๐ HOW FAST WOULD MY PASSWORD CRACK? (Strength Testers)
Type your password. Watch it calculate how long a computer would take to guess it. Humbling experience.
Why bother: Most peopleโs passwords crack in under a second. Find out before a hacker does.
| Tool | Special Feature |
|---|---|
| Security.org Checker | Shows crack time in years/seconds |
| Password Monster | Detailed breakdown of weaknesses |
| NordPass Checker | Also checks against breach database |
| Bitwarden Tester | Clean, trusted, no BS |
| Kaspersky Checker | Checks against known leaked passwords |
| Enzoic Password Check | Billions of compromised passwords checked |
| DNS Checker | Simple strength meter |
Pro tip: If it cracks in under 1 year, change it. If under 1 day, panic.
๐ IS THIS LINK SAFE? (URL & Phishing Scanners)
Got a sketchy link? Paste it here before clicking. These tools scan for malware, phishing, and scam sites.
Why bother: One wrong click = malware, stolen credentials, or ransomware. 30 seconds of checking > 30 hours of recovery.
| Scanner | Best For |
|---|---|
| urlscan.io | Deep scan with screenshots + DOM analysis |
| VirusTotal | 70+ antivirus engines scan the URL |
| CheckPhish | Phishing + typosquat detection |
| URLVoid | 30+ blocklist engines |
| Sucuri SiteCheck | Malware + blacklist scan |
| NordVPN Link Checker | Quick safe/unsafe verdict |
| Bitdefender Link Checker | Shortened URL expansion |
| F-Secure Link Checker | Fast, reliable |
| IPQualityScore | Phishing + C2 detection |
| EasyDMARC Phishing Checker | ML-based detection |
| URLert | AI-powered, catches cloaking attacks |
How to use: Copy link โ paste โ scan โ read verdict โ proceed (or donโt).
๐ค FIND ANYONE BY USERNAME (Cross-Platform Search)
Enter a username. See every platform where that username exists. Works across 500-1500+ sites.
Why bother: Find someoneโs other accounts. Check if YOUR username is taken everywhere. OSINT flex.
| Tool | Sites Searched |
|---|---|
| WhatsMyName.io | 1500+ platforms, web-based, free |
| SherlockOSINT | Sherlock with a web interface |
| Namecheckup | Username availability across socials |
| OSINT.sh | Multi-tool: IP, domain, username, hash |
| Digital Footprint Check | 500+ platforms |
| Aware Online Username Tool | Custom search queries |
CLI tools (for nerds):
- Sherlock (GitHub) โ the OG
- Blackbird โ 600+ sites + AI profiling
- WhatsMyName JSON โ the data source many tools use
More username tools: Massive list on GitHub
๐ IP & DOMAIN LOOKUP (Who Is This?)
Paste an IP address or domain. Get location, ISP, hosting info, and reputation.
Why bother: Trace where traffic comes from. Check if an IP is malicious. Find out whoโs behind a website.
| Tool | What It Shows |
|---|---|
| IPLocation.net | Geo, ISP, map visualization |
| IPInfo.io | Clean API, ASN data, hostname |
| OSINT.sh IP Lookup | IP + reverse lookup |
| Shodan | Search IoT devices by IP (advanced) |
| GreyNoise | Is this IP scanning the internet? |
| IPVoid | Reputation + blocklist check |
| VirusTotal | IP reputation from 70+ engines |
| AbuseIPDB | Reported malicious IPs |
Domain-specific:
- ViewDNS.info โ DNS records, reverse IP, history
- SecurityTrails โ historical DNS data
- DNSlytics โ domain intelligence
๐ง WHERE DID THIS EMAIL COME FROM? (Header Analyzers)
Every email has hidden headers showing the path it traveled. Paste those headers here to trace the senderโs real IP and location.
Why bother: Verify if an email is legit. Trace phishing attempts. Find the actual source, not just the โFromโ field.
| Tool | Features |
|---|---|
| Email Header Analyzer | SPF/DKIM/DMARC checks, IP geolocation |
| IPLocation Email Analyzer | Visual trace + map |
| DNS Checker Email Analyzer | Parse + geolocate sender |
| IPVoid Email Tracer | Simple, fast |
| WhatIsMyIP Analyzer | Detailed breakdown |
| IP2Location Tracer | Geographic tracing |
| Trustifi Analyzer | Upload .eml files directly |
How to get headers:
- Gmail: Open email โ 3 dots โ โShow originalโ
- Outlook: File โ Properties โ Internet headers
- Yahoo: More โ View raw message
๐ธ WHAT'S HIDDEN IN THIS FILE? (Metadata & EXIF Viewers)
Every photo, document, and video contains hidden data: GPS coordinates, device info, timestamps, author names.
Why bother: Find where a photo was taken. Check if a document was edited. Privacy check before sharing files.
| Tool | File Types |
|---|---|
| EXIF.tools | Images โ GPS, camera, timestamp |
| Metadata2Go | Images, docs, video, audio, ebooks |
| Jimpl | Photo EXIF + map location |
| MetadataKit | 500+ formats, forensic-level |
| ExifMeta | 50+ file types, powered by ExifTool |
| Online-Metadata | Video, audio, archives |
| ExifInfo.org | Media files + documents |
What you might find: Exact GPS coordinates, phone/camera model, software used, edit history, author name, creation date.
๐ฎ LEARN TO HACK (Legally) โ Practice Platforms
These sites let you hack real systems โ legally. Puzzles, challenges, virtual machines designed to be broken into.
Why bother: Build actual skills. Prep for cybersecurity careers. Fun hobby that might become a job.
| Platform | Skill Level | Cost |
|---|---|---|
| picoCTF | Total beginner | FREE (CMU-backed) |
| TryHackMe | Beginner โ Intermediate | Free tier available |
| OverTheWire Wargames | Beginner (start with Bandit) | FREE |
| Hack The Box | Intermediate+ | Free tier available |
| Root Me | All levels, 600+ challenges | FREE |
| Hacker101 | Web security focus | FREE (HackerOne) |
| VulnHub | Download VMs to hack offline | FREE |
| RingZer0 CTF | Varied challenges | FREE |
Roadmap: 350+ Free TryHackMe Rooms (GitHub)
Where to start: picoCTF if total beginner โ TryHackMe Pre-Security path โ OverTheWire Bandit
๐ฐ STAY UPDATED (News Without The Corporate Filter)
Where security researchers actually get their news. No fluff, no PR spin.
| Source | Format | Why Itโs Good |
|---|---|---|
| vx-underground | Website + Twitter/X | Breach confirmations before anyone else, malware samples, memes |
| Darknet Diaries | Podcast | True crime for hackers, 150+ episodes |
| BleepingComputer | News site | Tech security news, readable |
| The Record | News site | Recorded Futureโs journalism arm |
| Malicious Life | Podcast | History of cyberattacks |
Twitter/X accounts worth following:
- @vxunderground โ breach news + drama
- @malaboratory โ malware analysis
- @BleepinComputer โ breaking security news
๐งฐ ALL-IN-ONE TOOLKITS (Bookmarks That Do Everything)
Instead of 50 bookmarks, these sites bundle multiple tools together.
| Toolkit | Whatโs Inside |
|---|---|
| OSINT.sh | IP lookup, reverse DNS, tech stack, WHOIS history, hash lookup, username search |
| OSINT Combine Tools | Social media geo-search, content verification, TikTok search, alt-tech platform search |
| OSINT Framework | Massive categorized link tree of every OSINT tool |
| DeepDarkCTI (GitHub) | Curated dark web intel sources |
Social Media OSINT collection: GitHub mega-list
๐ฌ MALWARE RESEARCH (For The Curious)
Want to see what malware looks like? These are educational resources used by actual researchers.
| Resource | What It Is |
|---|---|
| vx-underground | Largest malware sample collection (35M+ samples) |
| MalwareSourceCode (GitHub) | Source code of historical malware |
| ThreatFox (Abuse.ch) | Open-source IOC sharing |
| MalwareBazaar | Malware sample sharing |
Donโt download samples unless you know what youโre doing. These are real malware. Use isolated VMs only.
Quick Start Guide
Just got here? Do this:
- Check yourself โ haveibeenpwned.com (email) + Passwords (your go-to password)
- Test your password โ security.org checker
- Watch the chaos โ Kaspersky Cybermap
- Look someone up โ whatsmyname.io
- Bookmark for sus links โ urlscan.io
Want to learn more? Start with picoCTF โ itโs free and built for complete beginners.
Want daily drama? Follow vx-underground on Twitter.
All tools listed are free. No signups required for most. No dark web access needed.
!