31 Free OSINT Tools For Security Researchers

31 Free OSINT Tools For Security Researchers
Photo by Towfiqu barbhuiya / Unsplash

OSINT stands for Open Source Intelligence. It refers to the collection and analysis of information that is publicly available from open sources such as websites, social media, and news articles. OSINT is commonly used for gathering intelligence, conducting investigations, and supporting decision-making processes.

Some benefits of using OSINT include:

  • Access to a vast amount of publicly available information
  • Cost-effective compared to other intelligence-gathering methods
  • Provides real-time and up-to-date information
  • Can be used to identify trends and patterns
  • Supports proactive decision-making and risk assessment

In this list, we collect the best OSINT apps, frameworks, and projects that anyone can use for free.

1- BBOT

BBot is an open-source intelligence (OSINT) tool developed by Black Lantern Security. It is designed to assist in automating OSINT collection and analysis tasks. BBot provides features such as web scraping, data enrichment, and visualization, making it a valuable tool for OSINT practitioners.

GitHub - blacklanternsecurity/bbot: OSINT automation for hackers.
OSINT automation for hackers. Contribute to blacklanternsecurity/bbot development by creating an account on GitHub.

2- Gitformant

Gitformant is an open-source tool developed by Shogun Lab. It is a Git repository analyzer that helps users gain insights into their codebase. Gitformant provides various metrics and visualizations, allowing developers to understand the health and quality of their code, identify areas for improvement, and track project progress.

GitHub - shogunlab/Gitformant: OSINT tool for discovering confidential data leaked on Github.
OSINT tool for discovering confidential data leaked on Github. - GitHub - shogunlab/Gitformant: OSINT tool for discovering confidential data leaked on Github.

3- Osintgram

Osintgram is an open-source intelligence tool developed by Datalux. It is specifically designed for gathering intelligence from Instagram, leveraging the platform's publicly available data. Osintgram provides features such as user profiling, hashtag analysis, and location tracking, making it a valuable tool for OSINT practitioners interested in extracting information from Instagram.

GitHub - Datalux/Osintgram: Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname - GitHub - Datalux/Osintgram: Osintgram is a OSINT tool…

4- holehe

Holehe is an open-source tool developed by Megadose. It is a credential scanner that can be used to identify leaked credentials, such as usernames and passwords, from various sources. Holehe is designed to help organizations and individuals identify potential security risks and take appropriate actions to protect their accounts and systems.

GitHub - megadose/holehe: holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function. - GitHub - megadose/holehe: ho…

5- DaProfiler

DaProfiler is an open-source tool developed by DaProfiler. It is a performance profiling tool for .NET applications. DaProfiler helps developers identify performance bottlenecks and optimize their code by providing insights into the execution time and resource consumption of different parts of the application. It offers features such as CPU and memory profiling, thread analysis, and code coverage analysis, making it a valuable tool for developers looking to improve the performance of their .NET applications.

GitHub - daprofiler/DaProfiler: DaProfiler is an OSINT tool allowing you to collect certain information about yourself in order to rectify by rgpd requests the traces you may have left on the net. DaProfiler is indeed able to recover: Addresses, Social media accounts, e-mail addresses, mobile / landline number, jobs.
DaProfiler is an OSINT tool allowing you to collect certain information about yourself in order to rectify by rgpd requests the traces you may have left on the net. DaProfiler is indeed able to rec…

6- Seekr

Seekr is an open-source intelligence (OSINT) tool developed by Seekr. It is designed to assist in automating OSINT collection and analysis tasks. Seekr provides features such as data gathering from various online sources, data enrichment, and visualization, making it a valuable tool for OSINT practitioners.

GitHub - seekr-osint/seekr: A multi-purpose OSINT toolkit with a neat web-interface.
A multi-purpose OSINT toolkit with a neat web-interface. - GitHub - seekr-osint/seekr: A multi-purpose OSINT toolkit with a neat web-interface.

7- yesitsme

0x0be/yesitsme is an open-source tool developed by 0x0be. It is a subdomain scanner that can be used to identify subdomains of a given domain. yesitsme helps organizations and individuals identify potential security risks associated with unsecured or misconfigured subdomains. By scanning and analyzing subdomains, yesitsme enables users to gain insights into their attack surface and take appropriate actions to secure their infrastructure.

GitHub - 0x0be/yesitsme: Simple OSINT script to find Instagram profiles by name and e-mail/phone
Simple OSINT script to find Instagram profiles by name and e-mail/phone - GitHub - 0x0be/yesitsme: Simple OSINT script to find Instagram profiles by name and e-mail/phone

8- Alfred

Alfred is a user-friendly tool designed to find usernames from an input, successfully accomplishing this task about 90% of the time. Created to assist new programmers or pentesters in OSINT, Alfred has over 700 weekly downloads and welcomes contributions for improvement.

Navigating the Social Media Maze: How ALFRED Transforms Online Investigations (OSINT)
Alfred is a user-friendly tool designed to discover usernames across various websites, similar to Sherlock. It is successful about 80% of the time and was created to assist new programmers or pentesters in the field of OSINT. Alfred, a tool with a 90% success rate, has gained attention in the
GitHub - Alfredredbird/alfred: Alfred is a advanced OSINT information gathering tool that finds social media accounts based on inputs.
Alfred is a advanced OSINT information gathering tool that finds social media accounts based on inputs. - GitHub - Alfredredbird/alfred: Alfred is a advanced OSINT information gathering tool that f…

9- sherlock

Hunt down social media accounts by username across social networks

GitHub - sherlock-project/sherlock: 🔎 Hunt down social media accounts by username across social networks
🔎 Hunt down social media accounts by username across social networks - GitHub - sherlock-project/sherlock: 🔎 Hunt down social media accounts by username across social networks

10- Twint

Twint is an open-source intelligence (OSINT) tool developed by Twint. It is a Python-based tool used for scraping Twitter data. Twint allows users to extract valuable information from Twitter, including tweets, profiles, followers, and more.

This tool is particularly useful for researchers, investigators, and journalists who rely on Twitter data for various purposes, such as analyzing trends, monitoring user activity, and conducting social media investigations.

GitHub - twintproject/twint: An advanced Twitter scraping & OSINT tool written in Python that doesn’t use Twitter’s API, allowing you to scrape a user’s followers, following, Tweets and more while evading most API limitations.
An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most…

11- GHunt

GHunt is an open-source intelligence (OSINT) tool developed by mxrch. It is a Python-based tool used for investigating and gathering information from Google accounts. GHunt allows users to search for Google account information, such as email addresses, potential security issues, and account activity. This tool can be helpful for individuals and organizations conducting OSINT investigations or assessing the security of their own Google accounts.

GitHub - mxrch/GHunt: 🕵️‍♂️ Offensive Google framework.
🕵️‍♂️ Offensive Google framework. Contribute to mxrch/GHunt development by creating an account on GitHub.

12- Social Analyzer

Social Analyzer - API, CLI, and Web App for analyzing & finding a person's profile across +1000 social media \ websites. It includes different analysis and detection modules, and you can choose which modules to use during the investigation process.

The detection modules utilize a rating mechanism based on different detection techniques, which produces a rate value that starts from 0 to 100 (No-Maybe-Yes). This module is intended to have fewer false positives.

The analysis and public extracted information from this OSINT tool could help investigate profiles related to suspicious or malicious activities such as cyberbullying, cyber grooming, cyberstalking, and spreading misinformation.

GitHub - qeeqbox/social-analyzer: API, CLI, and Web App for analyzing and finding a person’s profile in 1000 social media \ websites
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites - GitHub - qeeqbox/social-analyzer: API, CLI, and Web App for analyzing and finding a person&#…

13- OWASP Amass Project

OWASP Amass is an open-source intelligence (OSINT) tool developed by OWASP. It is a versatile and powerful tool used for network mapping and information gathering. OWASP Amass helps security professionals and researchers discover and map out external assets, such as domain names, subdomains, and IP addresses, associated with a target organization.

It supports a wide range of techniques, including DNS enumeration, web scraping, and API interaction, to collect and analyze valuable information about a target's online presence. This tool is particularly useful for penetration testers, bug bounty hunters, and security analysts who need to assess an organization's attack surface and identify potential security vulnerabilities.

GitHub - owasp-amass/amass: In-depth attack surface mapping and asset discovery
In-depth attack surface mapping and asset discovery - GitHub - owasp-amass/amass: In-depth attack surface mapping and asset discovery

14- theHarvester

theHarvester is an open-source intelligence (OSINT) tool developed by laramies. It is a Python-based tool used for gathering information about a target domain or email address from various public sources. theHarvester can collect data such as email addresses, subdomains, employee names, open ports, and more. This tool is commonly used by security professionals, penetration testers, and researchers to gather initial information about a target for reconnaissance and vulnerability assessment purposes.

GitHub - laramies/theHarvester: E-mails, subdomains and names Harvester - OSINT
E-mails, subdomains and names Harvester - OSINT . Contribute to laramies/theHarvester development by creating an account on GitHub.

15- Web-Check

GitHub - Lissy93/web-check: 🕵️‍♂️ All-in-one OSINT tool for analysing any website
🕵️‍♂️ All-in-one OSINT tool for analysing any website - GitHub - Lissy93/web-check: 🕵️‍♂️ All-in-one OSINT tool for analysing any website

16- reNgine

reNgine is a web application reconnaissance suite that simplifies and streamlines the reconnaissance process for security professionals, penetration testers, and bug bounty hunters. With configurable engines, data correlation capabilities, continuous monitoring, and an intuitive user interface, reNgine offers an excellent alternative to traditional reconnaissance tools, surpassing some commercial offerings.

The app is released as an open-source project under the GPL-3.0 License.

  • Recommended
GitHub - yogeshojha/rengine: reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine’s correlation, it just makes recon effortless.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous…

17- Moriarty Project

Moriarty Project is a powerful web based phone number investigation tool. It has 6 features and it allows you to choose either all features, or the features you like. You can visit the documentation page to learn more about features.

GitHub - AzizKpln/Moriarty-Project: This tool gives information about the phone number that you entered.
This tool gives information about the phone number that you entered. - GitHub - AzizKpln/Moriarty-Project: This tool gives information about the phone number that you entered.

18- Trape

Trape is an OSINT analysis and research tool that enables real-time tracking and execution of intelligent social engineering attacks. Originally created to expose how large Internet companies could obtain confidential information without user knowledge, it has evolved to assist government organizations, companies, and researchers in tracking cybercriminals.

Features

  1. Locator optimization
  2. REST API
  3. Process Hooks
  4. Get Credentials
  5. Get user profiles
GitHub - jofpin/trape: People tracker on the Internet: OSINT analysis and research tool by Jose Pino
People tracker on the Internet: OSINT analysis and research tool by Jose Pino - GitHub - jofpin/trape: People tracker on the Internet: OSINT analysis and research tool by Jose Pino

19- XRay

XRay is a tool for network OSINT gathering, its goal is to make some initial tasks of information gathering and network mapping automatic.

GitHub - evilsocket/xray: XRay is a tool for recon, mapping and OSINT gathering from public networks.
XRay is a tool for recon, mapping and OSINT gathering from public networks. - GitHub - evilsocket/xray: XRay is a tool for recon, mapping and OSINT gathering from public networks.

20- TIDoS

TIDoS is a free and open-source complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.

Features

  • the programming language: TIDoS is fully ported to Python3
  • the interface: TIDoS presents a new, Metasploit-like console interface
  • Parallelisation: TIDoS uses multiprocessing to speed up attacks
  • An alternative CLI interface for faster interaction with one specific module
  • Anonymity: Attacking through Tor is possible (95% done)
  • Module Completion: Some modules have been feature-extended (e.g. more evasion, supporting more than 1 query parameter)
  • Some new modules: arpscan
  • A Graphical User Interface for easier interaction with the toolkit
  • Supports non-default http(s) ports
GitHub - 0xInfection/TIDoS-Framework: The Offensive Manual Web Application Penetration Testing Framework.
The Offensive Manual Web Application Penetration Testing Framework. - GitHub - 0xInfection/TIDoS-Framework: The Offensive Manual Web Application Penetration Testing Framework.

21- ReconDog

ReconDog is a free and open-source set of tools to collect and gather information.

Included Tools

It includes the following tools:

GitHub - s0md3v/ReconDog: Reconnaissance Swiss Army Knife
Reconnaissance Swiss Army Knife. Contribute to s0md3v/ReconDog development by creating an account on GitHub.

22- ReconHound

ReconHound is Best OSINT Tool For Enumeration We've Given 10 Different Type Of Enumeration Sub Tools Its Recon Framework Based On Api.

Features

  • Easy setup
  • User-friendly
  • Zone transfer
  • DNS lookup
  • Port scan
  • HTTP Header detector
  • Link grabber
  • Traceroute
  • Host Scan
  • ASN Lookup
GitHub - indiancybertroops/ReconHound: ReconHound is Best OSINT Tool For Enumeration We’ve Given 10 Different Type Of Enumeration Sub Tools Its Recon Framework Based On Api
ReconHound is Best OSINT Tool For Enumeration We've Given 10 Different Type Of Enumeration Sub Tools Its Recon Framework Based On Api - GitHub - indiancybertroops/ReconHound: ReconHound is Best…

23- Twitark

Archive the Twitter sample firehose and daily trends.

GitHub - pantchox/Twitark: Archive the Twitter sample firehose and daily trends
Archive the Twitter sample firehose and daily trends - GitHub - pantchox/Twitark: Archive the Twitter sample firehose and daily trends

24- DaProfiler (France)

DaProfiler allows you to create a profile on your target based in France only.

GitHub - dalunacrobate/DaProfiler: DaProfiler allows you to create a profile on your target based in France only. The particularity of this program is its ability to find the e-mail addresses your target.
DaProfiler allows you to create a profile on your target based in France only. The particularity of this program is its ability to find the e-mail addresses your target. - GitHub - dalunacrobate/Da…

25- Hackerwasii

Hackerwasii is an information collection tool (OSINT) which aims to carry out research on a French, Swiss, Luxembourgish or Belgian person. It provides various modules that allow efficient searches. Hackerwasii does not require an API key or login ID. you Can Run This Tool ON command Port Linux & Termux

GitHub - evildevill/Hackerwasi: Hackerwasii is an information collection tool (OSINT) which aims to carry out research on a French, Swiss, Luxembourgish or Belgian person. It provides various modules that allow efficient searches. Hackerwasii does not require an API key or login ID. you Can Run This Tool ON command Port Linux & Termux
Hackerwasii is an information collection tool (OSINT) which aims to carry out research on a French, Swiss, Luxembourgish or Belgian person. It provides various modules that allow efficient searches…

26- MOSINT

MOSINT is the fastest OSINT Tool for emails. It helps you gather information about the target email. Email validation, check social accounts, check data breaches and password leaks, finding related emails and domains, scan Pastebin Dumps. Google Search and DNS Lookup.

Features

  • Email validation
  • Check social accounts
  • Check data breaches and password leaks
  • Find related emails and domains
  • Scan Pastebin Dumps
  • Google Search
MOSINT
Download MOSINT for free. An automated e-mail OSINT tool. MOSINT is the fastest OSINT Tool for emails. It helps you gather information about the target email.

27- theHarvester

theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement.

Use it for open source intelligence (OSINT) gathering to help determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources.

Features

  • Microsoft search engine, through the API
  • Uses data from Rapid7's Project Sonar
  • Censys search engine, will use certificates searches to enumerate subdomains and gather emails
  • GitHub code search engine
  • Online vulnerability scanners and network intelligence to help organizations
  • Take screenshots of subdomains that were found
theHarvester
Download theHarvester for free. E-mails, subdomains and names. theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a company…

28- ReconSpider

ReconSpider is an advanced Open Source Intelligence (OSINT) Framework for scanning IP Addresses, Emails, Websites, and Organizations to gather information from various sources. It is used by Infosec Researchers, Penetration Testers, Bug Hunters, and Cyber Crime Investigators to obtain deep information about their targets.

ReconSpider aggregates raw data, visualizes it on a dashboard, and facilitates alerting and monitoring. It combines the capabilities of Wave, Photon, and Recon Dog to comprehensively enumerate attack surfaces. Reconnaissance is the mission of gathering information about the activities and resources of an enemy or potential enemy. A Web crawler, also known as a spider or spiderbot, systematically browses the World Wide Web for the purpose of Web indexing.

Features

  • Performs OSINT scan on a IP Address, Emails, Websites, Organizations and find out information from different sources
  • Correlates and collaborate the results, show them in a consolidated manner
  • Use specific script / launch automated OSINT for consolidated data
  • Currently available in only Command Line Interface (CLI)
  • Clone ReconSpider on linux system
  • Make sure python3 and python3-pip is installed on your systemhis
ReconSpider
Download ReconSpider for free. Most Advanced Open Source Intelligence (OSINT) Framework . ReconSpider is most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Addresses, Emails, Websites, and Organizations and find out information from different sources. ReconSpider can be used by…

29- Public Intelligence Tool

This is an open-source public intelligence tool that allows you to collect publicly available data for free. It also allows you to explore threat analysis for certain websites, profiles and more.

Public Intelligence Tool
Download Public Intelligence Tool for free. Simple Portable Web Browser for Open Source Intelligence . This is a Project I have been working on I call it PITT or Public Intelligence Tool, It is built of the open source web browser Iron, filled with links for searching tons for Public Information. Th…

30- Oryon OSINT Browser

Oryon OSINT Browser is a web browser designed to assist researchers in conducting Open Source Intelligence (OSINT) investigations. Oryon comes with dozens of pre-installed tools and a selected set of links cataloged by category.

Features

  • Based on SRWare Iron Portable
  • More than 60 pre-installed tools to support investigators in their everyday work
  • More than 400 links to specialized sources of information and online investigative tools
  • Custom Search Engines
  • QueryTool (Google Spreadsheet)
  • Oryon Bookmarklet
  • Additional privacy protection features

31- HconSTF

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more.

Features

  • Categorized and comprehensive toolset
  • Contains hundreds of tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few
  • HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
  • Each and every option is configured for penetration testing and Vulnerability assessments
  • Specially configured and enhanced for gaining easy & solid anonymity
  • Works for web app testing assessments specially for owasp top 10
  • Easy to use & collaborative Operating System like interface
  • Multi-Language support (feature in heavy development translators needed)
Hcon Security Testing Framework
Download Hcon Security Testing Framework for free. Open Source Penetration Testing / Ethical Hacking Framework. HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability s…