31 Free OSINT Tools For Security Researchers
OSINT stands for Open Source Intelligence. It refers to the collection and analysis of information that is publicly available from open sources such as websites, social media, and news articles. OSINT is commonly used for gathering intelligence, conducting investigations, and supporting decision-making processes.
Some benefits of using OSINT include:
- Access to a vast amount of publicly available information
- Cost-effective compared to other intelligence-gathering methods
- Provides real-time and up-to-date information
- Can be used to identify trends and patterns
- Supports proactive decision-making and risk assessment
In this list, we collect the best OSINT apps, frameworks, and projects that anyone can use for free.
1- BBOT
BBot is an open-source intelligence (OSINT) tool developed by Black Lantern Security. It is designed to assist in automating OSINT collection and analysis tasks. BBot provides features such as web scraping, data enrichment, and visualization, making it a valuable tool for OSINT practitioners.
blacklanternsecurity2- Gitformant
Gitformant is an open-source tool developed by Shogun Lab. It is a Git repository analyzer that helps users gain insights into their codebase. Gitformant provides various metrics and visualizations, allowing developers to understand the health and quality of their code, identify areas for improvement, and track project progress.
shogunlab3- Osintgram
Osintgram is an open-source intelligence tool developed by Datalux. It is specifically designed for gathering intelligence from Instagram, leveraging the platform's publicly available data. Osintgram provides features such as user profiling, hashtag analysis, and location tracking, making it a valuable tool for OSINT practitioners interested in extracting information from Instagram.
Datalux4- holehe
Holehe is an open-source tool developed by Megadose. It is a credential scanner that can be used to identify leaked credentials, such as usernames and passwords, from various sources. Holehe is designed to help organizations and individuals identify potential security risks and take appropriate actions to protect their accounts and systems.
megadose5- DaProfiler
DaProfiler is an open-source tool developed by DaProfiler. It is a performance profiling tool for .NET applications. DaProfiler helps developers identify performance bottlenecks and optimize their code by providing insights into the execution time and resource consumption of different parts of the application. It offers features such as CPU and memory profiling, thread analysis, and code coverage analysis, making it a valuable tool for developers looking to improve the performance of their .NET applications.
daprofiler6- Seekr
Seekr is an open-source intelligence (OSINT) tool developed by Seekr. It is designed to assist in automating OSINT collection and analysis tasks. Seekr provides features such as data gathering from various online sources, data enrichment, and visualization, making it a valuable tool for OSINT practitioners.
seekr-osint7- yesitsme
0x0be/yesitsme is an open-source tool developed by 0x0be. It is a subdomain scanner that can be used to identify subdomains of a given domain. yesitsme helps organizations and individuals identify potential security risks associated with unsecured or misconfigured subdomains. By scanning and analyzing subdomains, yesitsme enables users to gain insights into their attack surface and take appropriate actions to secure their infrastructure.
0x0be8- Alfred
Alfred is a user-friendly tool designed to find usernames from an input, successfully accomplishing this task about 90% of the time. Created to assist new programmers or pentesters in OSINT, Alfred has over 700 weekly downloads and welcomes contributions for improvement.
Hazem
Alfredredbird9- sherlock
Hunt down social media accounts by username across social networks
sherlock-project10- Twint
Twint is an open-source intelligence (OSINT) tool developed by Twint. It is a Python-based tool used for scraping Twitter data. Twint allows users to extract valuable information from Twitter, including tweets, profiles, followers, and more.
This tool is particularly useful for researchers, investigators, and journalists who rely on Twitter data for various purposes, such as analyzing trends, monitoring user activity, and conducting social media investigations.
twintproject11- GHunt
GHunt is an open-source intelligence (OSINT) tool developed by mxrch. It is a Python-based tool used for investigating and gathering information from Google accounts. GHunt allows users to search for Google account information, such as email addresses, potential security issues, and account activity. This tool can be helpful for individuals and organizations conducting OSINT investigations or assessing the security of their own Google accounts.
mxrch12- Social Analyzer
Social Analyzer - API, CLI, and Web App for analyzing & finding a person's profile across +1000 social media \ websites. It includes different analysis and detection modules, and you can choose which modules to use during the investigation process.
The detection modules utilize a rating mechanism based on different detection techniques, which produces a rate value that starts from 0 to 100 (No-Maybe-Yes). This module is intended to have fewer false positives.
The analysis and public extracted information from this OSINT tool could help investigate profiles related to suspicious or malicious activities such as cyberbullying, cyber grooming, cyberstalking, and spreading misinformation.
qeeqbox13- OWASP Amass Project
OWASP Amass is an open-source intelligence (OSINT) tool developed by OWASP. It is a versatile and powerful tool used for network mapping and information gathering. OWASP Amass helps security professionals and researchers discover and map out external assets, such as domain names, subdomains, and IP addresses, associated with a target organization.
It supports a wide range of techniques, including DNS enumeration, web scraping, and API interaction, to collect and analyze valuable information about a target's online presence. This tool is particularly useful for penetration testers, bug bounty hunters, and security analysts who need to assess an organization's attack surface and identify potential security vulnerabilities.
owasp-amass14- theHarvester
theHarvester is an open-source intelligence (OSINT) tool developed by laramies. It is a Python-based tool used for gathering information about a target domain or email address from various public sources. theHarvester can collect data such as email addresses, subdomains, employee names, open ports, and more. This tool is commonly used by security professionals, penetration testers, and researchers to gather initial information about a target for reconnaissance and vulnerability assessment purposes.
laramies15- Web-Check
Lissy9316- reNgine
reNgine is a web application reconnaissance suite that simplifies and streamlines the reconnaissance process for security professionals, penetration testers, and bug bounty hunters. With configurable engines, data correlation capabilities, continuous monitoring, and an intuitive user interface, reNgine offers an excellent alternative to traditional reconnaissance tools, surpassing some commercial offerings.
The app is released as an open-source project under the GPL-3.0 License.
- Recommended
yogeshojha17- Moriarty Project
Moriarty Project is a powerful web based phone number investigation tool. It has 6 features and it allows you to choose either all features, or the features you like. You can visit the documentation page to learn more about features.
AzizKpln18- Trape
Trape is an OSINT analysis and research tool that enables real-time tracking and execution of intelligent social engineering attacks. Originally created to expose how large Internet companies could obtain confidential information without user knowledge, it has evolved to assist government organizations, companies, and researchers in tracking cybercriminals.
Features
- Locator optimization
- REST API
- Process Hooks
- Get Credentials
- Get user profiles
jofpin19- XRay
XRay is a tool for network OSINT gathering, its goal is to make some initial tasks of information gathering and network mapping automatic.
evilsocket20- TIDoS
TIDoS is a free and open-source complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.
Features
- the programming language: TIDoS is fully ported to Python3
- the interface: TIDoS presents a new, Metasploit-like console interface
- Parallelisation: TIDoS uses multiprocessing to speed up attacks
- An alternative CLI interface for faster interaction with one specific module
- Anonymity: Attacking through Tor is possible (95% done)
- Module Completion: Some modules have been feature-extended (e.g. more evasion, supporting more than 1 query parameter)
- Some new modules: arpscan
- A Graphical User Interface for easier interaction with the toolkit
- Supports non-default http(s) ports
0xInfection21- ReconDog
ReconDog is a free and open-source set of tools to collect and gather information.
Included Tools
It includes the following tools:
- Censys: Uses censys.io to gather massive amount of information about an IP address.
- NS Lookup: Does name server lookup
- Port Scan: Scan most common TCP ports
- Detect CMS: Can detect 400+ content management systems
- Whois lookup: Performs a whois lookup
- Detect honeypot: Uses shodan.io to check if target is a honeypot
- Find subdomains: Uses findsubdomains.com to find subdomains
- Reverse IP lookup: Does a reverse IP lookup to find domains associated with an IP address
- Detect technologies: Uses wappalyzer.com to detect 1000+ technologies
s0md3v22- ReconHound
ReconHound is Best OSINT Tool For Enumeration We've Given 10 Different Type Of Enumeration Sub Tools Its Recon Framework Based On Api.
Features
- Easy setup
- User-friendly
- Zone transfer
- DNS lookup
- Port scan
- HTTP Header detector
- Link grabber
- Traceroute
- Host Scan
- ASN Lookup
indiancybertroops23- Twitark
Archive the Twitter sample firehose and daily trends.
pantchox24- DaProfiler (France)
DaProfiler allows you to create a profile on your target based in France only.
dalunacrobate25- Hackerwasii
Hackerwasii is an information collection tool (OSINT) which aims to carry out research on a French, Swiss, Luxembourgish or Belgian person. It provides various modules that allow efficient searches. Hackerwasii does not require an API key or login ID. you Can Run This Tool ON command Port Linux & Termux
evildevill26- MOSINT
MOSINT is the fastest OSINT Tool for emails. It helps you gather information about the target email. Email validation, check social accounts, check data breaches and password leaks, finding related emails and domains, scan Pastebin Dumps. Google Search and DNS Lookup.
Features
- Email validation
- Check social accounts
- Check data breaches and password leaks
- Find related emails and domains
- Scan Pastebin Dumps
- Google Search
27- theHarvester
theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement.
Use it for open source intelligence (OSINT) gathering to help determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources.
Features
- Microsoft search engine, through the API
- Uses data from Rapid7's Project Sonar
- Censys search engine, will use certificates searches to enumerate subdomains and gather emails
- GitHub code search engine
- Online vulnerability scanners and network intelligence to help organizations
- Take screenshots of subdomains that were found
28- ReconSpider
ReconSpider is an advanced Open Source Intelligence (OSINT) Framework for scanning IP Addresses, Emails, Websites, and Organizations to gather information from various sources. It is used by Infosec Researchers, Penetration Testers, Bug Hunters, and Cyber Crime Investigators to obtain deep information about their targets.
ReconSpider aggregates raw data, visualizes it on a dashboard, and facilitates alerting and monitoring. It combines the capabilities of Wave, Photon, and Recon Dog to comprehensively enumerate attack surfaces. Reconnaissance is the mission of gathering information about the activities and resources of an enemy or potential enemy. A Web crawler, also known as a spider or spiderbot, systematically browses the World Wide Web for the purpose of Web indexing.
Features
- Performs OSINT scan on a IP Address, Emails, Websites, Organizations and find out information from different sources
- Correlates and collaborate the results, show them in a consolidated manner
- Use specific script / launch automated OSINT for consolidated data
- Currently available in only Command Line Interface (CLI)
- Clone ReconSpider on linux system
- Make sure python3 and python3-pip is installed on your systemhis
29- Public Intelligence Tool
This is an open-source public intelligence tool that allows you to collect publicly available data for free. It also allows you to explore threat analysis for certain websites, profiles and more.
30- Oryon OSINT Browser
Oryon OSINT Browser is a web browser designed to assist researchers in conducting Open Source Intelligence (OSINT) investigations. Oryon comes with dozens of pre-installed tools and a selected set of links cataloged by category.
Features
- Based on SRWare Iron Portable
- More than 60 pre-installed tools to support investigators in their everyday work
- More than 400 links to specialized sources of information and online investigative tools
- Custom Search Engines
- QueryTool (Google Spreadsheet)
- Oryon Bookmarklet
- Additional privacy protection features
31- HconSTF
HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more.
Features
- Categorized and comprehensive toolset
- Contains hundreds of tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few
- HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
- Each and every option is configured for penetration testing and Vulnerability assessments
- Specially configured and enhanced for gaining easy & solid anonymity
- Works for web app testing assessments specially for owasp top 10
- Easy to use & collaborative Operating System like interface
- Multi-Language support (feature in heavy development translators needed)
