OSINT Tools Directory

Discover, evaluate, and access the most comprehensive collection of open-source intelligence tools for professional investigators and researchers.

150+ OSINT Tools
25+ Categories
100% Free Access
24/7 Available

Popular Categories

OSINT Tools Directory

Loading tools...

OSINT Investigation Search

Live OSINT Intelligence Dashboard

Live Intelligence Dashboard: Real-time OSINT data collection from multiple API sources

Live Data Sources

This dashboard collects real-time data from multiple OSINT APIs and sources including URLScan.io, GitHub Security Advisories, National Vulnerability Database (NVD), and other threat intelligence feeds. Data updates every 30 seconds with live threat detections.

Live Statistics

Global cyber attack counts, malware samples, data breaches, and dark web activity - sourced from threat intelligence feeds

Live Threat Map

URLScan.io malicious scans plotted globally - each dot represents real malware, phishing campaigns, or suspicious URLs detected in the last 24 hours

Real CVE Alerts

Live alerts from NVD (National Vulnerability Database) and GitHub Security Advisories - critical CVEs and security patches as they're published

API Event Logs

Real-time API calls to URLScan.io, NVD, GitHub Security API - forensic logs of actual threat intelligence data collection with timestamps and IDs

2,847
Global Cyber Attacks (24h)
+127
432
New Malware Samples
+18
1.2M
Breach Records Exposed
-89K
3,156
Dark Web Mentions
+89

Threat Intelligence Feed

LIVE

Social Sentiment Analysis

LIVE

Network Traffic Flow

LIVE

Interactive Geolocation Intelligence

LIVE

Data Source Activity

LIVE

Live Alert Feed

LIVE

Real-time Event Log

The OSINT Framework Deconstructed

A Comprehensive Catalog of Digital Investigation Tools & Sources

Introduction: Defining the Framework and the OSINT Ecosystem

Open-Source Intelligence (OSINT) is the discipline of collecting and analyzing information from publicly available sources to produce actionable intelligence. In this vast and ever-expanding digital landscape, the primary challenge for practitioners—be they cybersecurity analysts, law enforcement investigators, or journalists—is not a lack of information, but the difficulty in finding the right tool for a specific investigative task.

This platform functions as a meticulously curated web-based directory, serving as a sitemap or an interactive mind map of the OSINT world. Its purpose is to categorize and link to hundreds of free tools and resources, guiding investigators to the appropriate solution based on their needs, whether they are analyzing an email address, a domain name, or a social media profile.

Part I: Foundational Intelligence Collection

Section 1: Human-Centric Intelligence

1.1 Username & Nickname Enumeration

Username enumeration involves taking a known username and querying hundreds of websites to determine where else that name is registered. This is foundational for mapping a target's digital footprint across disparate platforms.

Tool/Source Name Description & Function Notes
WhatsMyName Web-based tool that enumerates a username across hundreds of websites and services, categorizing hits by platform type. Web GUI, Exportable (CSV, PDF)
Sherlock Powerful command-line tool to hunt for social media accounts by username across a vast number of sites. Python, CLI Tool
Tookie Command-line OSINT tool written in Python for finding social media accounts based on various inputs. Python, CLI Tool
1.2 Email Address Investigation & Verification

An email address often functions as a de facto primary key for an individual's digital life, serving as the unique identifier that connects social media profiles, financial services, and professional accounts. This process involves searching for the email in data breach repositories, confirming its association with online accounts, and attempting to uncover the owner's name.

Key techniques include:

  • Holehe: Checks if an email was used to register on sites like Twitter and Instagram
  • GHunt: For Google accounts, extracts owner's name, profile picture, Google Maps reviews, and public calendar events
  • Google Doc Sharing: Share a Google Doc with the target email; platform often reveals account holder's name
  • Breach Services: Dehashed and Intelligence X allow pivoting from email to usernames, passwords, and PII
1.3 Phone Number Intelligence

Investigating a phone number can yield the owner's name, carrier, general location, and associated online accounts. Many modern applications use phone numbers for registration and two-factor authentication.

Notable tools:

  • Getcontact: Reveals how a phone number is saved in other users' contact lists
  • X-osint framework: Includes modules for gathering information linked to phone numbers
OPSEC Warning: Some tools require uploading your address book, potentially exposing your contacts and compromising anonymity.

Section 2: Technical & Web Intelligence

2.1 Domain, IP & DNS Investigation

Foundational web reconnaissance involves dissecting a target's online infrastructure. This includes WHOIS lookups, passive DNS analysis, and identifying "hosting neighbors." Historical records are crucial for "digital archaeology" as malicious actors frequently change hosting providers.

Tool/Source Name Description & Function Notes
Shodan Search engine for internet-connected devices, servers, webcams, and industrial control systems. Freemium, API Access
urlscan.io Browses submitted URLs and records all activity, domains contacted, resources requested, and technologies used. Web GUI, Free, API Access
Censys Continuously scans the internet to discover devices, networks, and certificates. Freemium, API Access
BGPView Explores internet structure via ASNs, IP prefixes, and BGP peering data. Free, Web Interface
2.2 Subdomain Enumeration & Discovery

Discovering subdomains (api.example.com, dev.example.com) is critical for expanding attack surface and finding hidden services. These often have weaker security configurations than main websites.

Key Tools:

  • theHarvester: Gathers emails, subdomains, hosts, employee names from public sources
  • OWASP Amass: Comprehensive network mapping using passive and active reconnaissance
  • Recon-ng: Modular CLI framework integrating with dozens of APIs
2.3 Website Analysis & Source Code Intelligence

Website content analysis involves identifying technologies, analyzing source code, and discovering related assets. Unique identifiers like Google Analytics IDs can reveal entire networks of related properties.

Advanced Techniques:

  • Analytics Tracking: Same Google Analytics ID across multiple sites reveals ownership networks
  • Favicon Hashing: Calculate favicon hash to find other servers with same icon via Shodan
  • JavaScript Analysis: SourceWolf finds endpoints and social media links in JS files
  • Technology Profiling: Wappalyzer browser extension for instant tech stack identification

Part II: Specialized Data & Advanced Reconnaissance

Section 3: Geospatial & Multimedia Intelligence (GEOINT/MMINT)
3.1 Maps, Geolocation & Transportation Tracking

Geospatial intelligence tools place digital data in the physical world. A single geotagged photograph can provide precise time and place for a target, demonstrating the erosion between online activity and real-world location.

Category Tools & Sources Capabilities
Geotagged Social Media Apps.skylens.io Aggregates geotagged posts from Twitter, YouTube onto single map
Aviation Tracking FlightAware, ADS-b.nl, Flight Connections Real-time commercial/military aircraft tracking, route mapping
Maritime Tracking MarineTraffic, Shipping Database Live vessel tracking via AIS, historical vessel data
Ground Transport Live Train Tracker, Waze Live Map Real-time train movements, crowdsourced road conditions
3.2 Satellite, Aerial & Street-Level Imagery
Tool/Source Name Description & Function Notes
Google Earth 3D Earth representation with satellite imagery, aerial photography, and historical data Desktop/Web App, Free
Sentinel Hub EO Browser Complete archive of Sentinel, Landsat, MODIS satellite data for global monitoring Web GUI, Freemium
USGS Earth Explorer Massive archive of US government satellite and aerial imagery spanning 40+ years Web GUI, Free, Registration Required
Mapillary Crowdsourced street-level imagery, often more recent than Google Street View Web GUI, Free
3.3 Document & Media Analysis (Metadata)

Metadata is the digital DNA of a file. Image EXIF data can reveal camera model, settings, and GPS coordinates. Documents can contain author names, organization details, and network paths. Threat actors often neglect to scrub this metadata.

Essential Tools:

  • ExifTool: Command-line utility for reading/writing metadata from images, documents, videos
  • Bulk Metadata Extractor: Online service for quick metadata analysis

Section 4: Data Repositories & Search Infrastructure

4.1 Specialized & Custom Search Engines

While Google is powerful, many investigations require specialized search engines:

  • IoT Search: Shodan, Censys, ZoomEye for internet-connected devices
  • File Search: FilePursuit, de digger for specific file types in public directories
  • Threat Intelligence: Criminal IP, IntelX for cybersecurity-relevant data
4.2 Web Archives & Historical Data

Web archives provide a time machine for investigators. The Internet Archive's Wayback Machine is the cornerstone, with tools like Waybackpack for downloading entire archived histories and Wayback Tweets for finding deleted Twitter posts.

4.3 Leaked Data, Breaches & Pastebin Monitoring

Massive OSINT volumes derive from data breaches and public text-sharing "pastebins." These sites are used by developers for code snippets but also by threat actors for leaking data and sharing tutorials.

Key Resources:

  • Pastebin Sites: Pastebin.com, GitHub Gist, Hastebin
  • Aggregators: PsbDmp archives millions of public pastes
  • Breach Search: Dehashed, Intelligence X for searching billions of leaked records
4.4 Dark Web & Deep Web Search

The dark web is critical for threat intelligence. While associated with illicit marketplaces, it's where threat actors collaborate, discuss vulnerabilities, and leak data. Monitoring provides proactive intelligence on emerging threats.

Access Tools:

  • Ahmia: Tor-native search engine with harmful content filtering
  • OnionSearch: Automates scraping of multiple .onion search engines
  • Commercial Services: Intelligence X, DarkOwl for indexed dark web content

Part III: Operational & Strategic Intelligence

Section 5: Corporate & Commercial Intelligence

OSINT extends beyond individual tracking to corporate due diligence, brand protection, and market research. Tools exist for investigating business registrations, corporate structures, and financial data essential for competitive intelligence and M&A analysis.

Section 6: Operational Toolkits & Frameworks
6.1 Browser Extensions & Analysis Add-ons

Browser extensions integrate OSINT capabilities directly into analyst workflows:

  • Sputnik: Pop-up menu for sending IPs, domains, hashes to services like VirusTotal and Shodan
  • linkKlipper: Extract all links from webpages into downloadable lists
  • Technology Profilers: Identify website software stacks
6.2 Command-Line (CLI) Frameworks & Scripts

For automation and scalability, CLI frameworks are essential:

  • Recon-ng: Automates reconnaissance with consistent API interface
  • SpiderFoot: Integrates 200+ data sources for automated target mapping
  • OSRFramework: Suite of scripts for username, domain, and DNS enumeration
6.3 Data Visualization & Link Analysis

Raw data is not intelligence. Link analysis platforms help process and visualize data to find hidden relationships. Maltego is the industry standard, representing data as nodes on a graph with connecting relationships, enabling pattern recognition that's impossible in spreadsheets.

Strategic Application & Best Practices

Core Principles for OSINT Practitioners
1. Operational Security (OPSEC) is Paramount

The act of investigating can expose the investigator. Best practices are non-negotiable:

  • Use a trusted VPN
  • Conduct investigations from dedicated virtual machines (CSI Linux, Tails, Qubes OS)
  • Use non-attributable "sock puppet" accounts for online services
  • Never access malicious websites from production systems
2. Principle of Triangulation

No single tool or source is infallible. Data can be outdated, inaccurate, or deliberately misleading. Any critical finding must be cross-verified with at least two other independent sources to ensure accuracy and avoid building investigations on false premises.

3. Build a Personalized Toolkit

The most effective analyst masters a curated set of tools tailored to their specific needs. A threat intelligence analyst's toolkit differs significantly from a journalist's or due diligence investigator's. This platform serves as a master catalog for building efficient, effective, and secure workflows.

Legal and Ethical Considerations

Important Disclaimer: This platform and its catalogued tools are for educational and authorized research purposes only. Users are responsible for ensuring their activities comply with applicable laws and regulations. Always respect privacy, obtain proper authorization before conducting investigations, and adhere to your organization's policies and local legal requirements.

The tools and techniques described here should only be used for legitimate purposes such as cybersecurity research, authorized penetration testing, digital forensics, journalism, and academic research within appropriate legal frameworks.