Cybersecurity

31 Free OSINT Tools For Security Researchers

Hazem Abbas

Hazem Abbas

18 min read
31 Free OSINT Tools For Security Researchers
Photo by Towfiqu barbhuiya / Unsplash

OSINT stands for Open Source Intelligence. It refers to the collection and analysis of information that is publicly available from open sources such as websites, social media, and news articles. OSINT is commonly used for gathering intelligence, conducting investigations, and supporting decision-making processes.

Some benefits of using OSINT include:

  • Access to a vast amount of publicly available information
  • Cost-effective compared to other intelligence-gathering methods
  • Provides real-time and up-to-date information
  • Can be used to identify trends and patterns
  • Supports proactive decision-making and risk assessment

In this list, we collect the best OSINT apps, frameworks, and projects that anyone can use for free.

1- BBOT

BBot is an open-source intelligence (OSINT) tool developed by Black Lantern Security. It is designed to assist in automating OSINT collection and analysis tasks. BBot provides features such as web scraping, data enrichment, and visualization, making it a valuable tool for OSINT practitioners.

GitHub - blacklanternsecurity/bbot: OSINT automation for hackers.
OSINT automation for hackers. Contribute to blacklanternsecurity/bbot development by creating an account on GitHub.
GitHubblacklanternsecurity

2- Gitformant

Gitformant is an open-source tool developed by Shogun Lab. It is a Git repository analyzer that helps users gain insights into their codebase. Gitformant provides various metrics and visualizations, allowing developers to understand the health and quality of their code, identify areas for improvement, and track project progress.

GitHub - shogunlab/Gitformant: OSINT tool for discovering confidential data leaked on Github.
OSINT tool for discovering confidential data leaked on Github. - GitHub - shogunlab/Gitformant: OSINT tool for discovering confidential data leaked on Github.
GitHubshogunlab

3- Osintgram

Osintgram is an open-source intelligence tool developed by Datalux. It is specifically designed for gathering intelligence from Instagram, leveraging the platform's publicly available data. Osintgram provides features such as user profiling, hashtag analysis, and location tracking, making it a valuable tool for OSINT practitioners interested in extracting information from Instagram.

GitHub - Datalux/Osintgram: Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname - GitHub - Datalux/Osintgram: Osintgram is a OSINT tool…
GitHubDatalux

4- holehe

Holehe is an open-source tool developed by Megadose. It is a credential scanner that can be used to identify leaked credentials, such as usernames and passwords, from various sources. Holehe is designed to help organizations and individuals identify potential security risks and take appropriate actions to protect their accounts and systems.

GitHub - megadose/holehe: holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function. - GitHub - megadose/holehe: ho…
GitHubmegadose

5- DaProfiler

DaProfiler is an open-source tool developed by DaProfiler. It is a performance profiling tool for .NET applications. DaProfiler helps developers identify performance bottlenecks and optimize their code by providing insights into the execution time and resource consumption of different parts of the application. It offers features such as CPU and memory profiling, thread analysis, and code coverage analysis, making it a valuable tool for developers looking to improve the performance of their .NET applications.

GitHub - daprofiler/DaProfiler: DaProfiler is an OSINT tool allowing you to collect certain information about yourself in order to rectify by rgpd requests the traces you may have left on the net. DaProfiler is indeed able to recover: Addresses, Social media accounts, e-mail addresses, mobile / landline number, jobs.
DaProfiler is an OSINT tool allowing you to collect certain information about yourself in order to rectify by rgpd requests the traces you may have left on the net. DaProfiler is indeed able to rec…
GitHubdaprofiler

6- Seekr

Seekr is an open-source intelligence (OSINT) tool developed by Seekr. It is designed to assist in automating OSINT collection and analysis tasks. Seekr provides features such as data gathering from various online sources, data enrichment, and visualization, making it a valuable tool for OSINT practitioners.

GitHub - seekr-osint/seekr: A multi-purpose OSINT toolkit with a neat web-interface.
A multi-purpose OSINT toolkit with a neat web-interface. - GitHub - seekr-osint/seekr: A multi-purpose OSINT toolkit with a neat web-interface.
GitHubseekr-osint

7- yesitsme

0x0be/yesitsme is an open-source tool developed by 0x0be. It is a subdomain scanner that can be used to identify subdomains of a given domain. yesitsme helps organizations and individuals identify potential security risks associated with unsecured or misconfigured subdomains. By scanning and analyzing subdomains, yesitsme enables users to gain insights into their attack surface and take appropriate actions to secure their infrastructure.

GitHub - 0x0be/yesitsme: Simple OSINT script to find Instagram profiles by name and e-mail/phone
Simple OSINT script to find Instagram profiles by name and e-mail/phone - GitHub - 0x0be/yesitsme: Simple OSINT script to find Instagram profiles by name and e-mail/phone
GitHub0x0be

8- Alfred

Alfred is a user-friendly tool designed to find usernames from an input, successfully accomplishing this task about 90% of the time. Created to assist new programmers or pentesters in OSINT, Alfred has over 700 weekly downloads and welcomes contributions for improvement.

Navigating the Social Media Maze: How ALFRED Transforms Online Investigations (OSINT)
Alfred is a user-friendly tool designed to discover usernames across various websites, similar to Sherlock. It is successful about 80% of the time and was created to assist new programmers or pentesters in the field of OSINT. Alfred, a tool with a 90% success rate, has gained attention in the
MEDevel.comHazem
GitHub - Alfredredbird/alfred: Alfred is a advanced OSINT information gathering tool that finds social media accounts based on inputs.
Alfred is a advanced OSINT information gathering tool that finds social media accounts based on inputs. - GitHub - Alfredredbird/alfred: Alfred is a advanced OSINT information gathering tool that f…
GitHubAlfredredbird

9- sherlock

Hunt down social media accounts by username across social networks

GitHub - sherlock-project/sherlock: 🔎 Hunt down social media accounts by username across social networks
🔎 Hunt down social media accounts by username across social networks - GitHub - sherlock-project/sherlock: 🔎 Hunt down social media accounts by username across social networks
GitHubsherlock-project

10- Twint

Twint is an open-source intelligence (OSINT) tool developed by Twint. It is a Python-based tool used for scraping Twitter data. Twint allows users to extract valuable information from Twitter, including tweets, profiles, followers, and more.

This tool is particularly useful for researchers, investigators, and journalists who rely on Twitter data for various purposes, such as analyzing trends, monitoring user activity, and conducting social media investigations.

GitHub - twintproject/twint: An advanced Twitter scraping & OSINT tool written in Python that doesn’t use Twitter’s API, allowing you to scrape a user’s followers, following, Tweets and more while evading most API limitations.
An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most…
GitHubtwintproject

11- GHunt

GHunt is an open-source intelligence (OSINT) tool developed by mxrch. It is a Python-based tool used for investigating and gathering information from Google accounts. GHunt allows users to search for Google account information, such as email addresses, potential security issues, and account activity. This tool can be helpful for individuals and organizations conducting OSINT investigations or assessing the security of their own Google accounts.

GitHub - mxrch/GHunt: 🕵️‍♂️ Offensive Google framework.
🕵️‍♂️ Offensive Google framework. Contribute to mxrch/GHunt development by creating an account on GitHub.
GitHubmxrch

12- Social Analyzer

Social Analyzer - API, CLI, and Web App for analyzing & finding a person's profile across +1000 social media \ websites. It includes different analysis and detection modules, and you can choose which modules to use during the investigation process.

The detection modules utilize a rating mechanism based on different detection techniques, which produces a rate value that starts from 0 to 100 (No-Maybe-Yes). This module is intended to have fewer false positives.

The analysis and public extracted information from this OSINT tool could help investigate profiles related to suspicious or malicious activities such as cyberbullying, cyber grooming, cyberstalking, and spreading misinformation.

GitHub - qeeqbox/social-analyzer: API, CLI, and Web App for analyzing and finding a person’s profile in 1000 social media \ websites
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites - GitHub - qeeqbox/social-analyzer: API, CLI, and Web App for analyzing and finding a person&#…
GitHubqeeqbox

13- OWASP Amass Project

OWASP Amass is an open-source intelligence (OSINT) tool developed by OWASP. It is a versatile and powerful tool used for network mapping and information gathering. OWASP Amass helps security professionals and researchers discover and map out external assets, such as domain names, subdomains, and IP addresses, associated with a target organization.

It supports a wide range of techniques, including DNS enumeration, web scraping, and API interaction, to collect and analyze valuable information about a target's online presence. This tool is particularly useful for penetration testers, bug bounty hunters, and security analysts who need to assess an organization's attack surface and identify potential security vulnerabilities.

GitHub - owasp-amass/amass: In-depth attack surface mapping and asset discovery
In-depth attack surface mapping and asset discovery - GitHub - owasp-amass/amass: In-depth attack surface mapping and asset discovery
GitHubowasp-amass

14- theHarvester

theHarvester is an open-source intelligence (OSINT) tool developed by laramies. It is a Python-based tool used for gathering information about a target domain or email address from various public sources. theHarvester can collect data such as email addresses, subdomains, employee names, open ports, and more. This tool is commonly used by security professionals, penetration testers, and researchers to gather initial information about a target for reconnaissance and vulnerability assessment purposes.

GitHub - laramies/theHarvester: E-mails, subdomains and names Harvester - OSINT
E-mails, subdomains and names Harvester - OSINT . Contribute to laramies/theHarvester development by creating an account on GitHub.
GitHublaramies

15- Web-Check

GitHub - Lissy93/web-check: 🕵️‍♂️ All-in-one OSINT tool for analysing any website
🕵️‍♂️ All-in-one OSINT tool for analysing any website - GitHub - Lissy93/web-check: 🕵️‍♂️ All-in-one OSINT tool for analysing any website
GitHubLissy93

16- reNgine

reNgine is a web application reconnaissance suite that simplifies and streamlines the reconnaissance process for security professionals, penetration testers, and bug bounty hunters. With configurable engines, data correlation capabilities, continuous monitoring, and an intuitive user interface, reNgine offers an excellent alternative to traditional reconnaissance tools, surpassing some commercial offerings.

The app is released as an open-source project under the GPL-3.0 License.

  • Recommended
GitHub - yogeshojha/rengine: reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine’s correlation, it just makes recon effortless.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous…
GitHubyogeshojha

17- Moriarty Project

Moriarty Project is a powerful web based phone number investigation tool. It has 6 features and it allows you to choose either all features, or the features you like. You can visit the documentation page to learn more about features.

GitHub - AzizKpln/Moriarty-Project: This tool gives information about the phone number that you entered.
This tool gives information about the phone number that you entered. - GitHub - AzizKpln/Moriarty-Project: This tool gives information about the phone number that you entered.
GitHubAzizKpln

18- Trape

Trape is an OSINT analysis and research tool that enables real-time tracking and execution of intelligent social engineering attacks. Originally created to expose how large Internet companies could obtain confidential information without user knowledge, it has evolved to assist government organizations, companies, and researchers in tracking cybercriminals.

Features

  1. Locator optimization
  2. REST API
  3. Process Hooks
  4. Get Credentials
  5. Get user profiles
GitHub - jofpin/trape: People tracker on the Internet: OSINT analysis and research tool by Jose Pino
People tracker on the Internet: OSINT analysis and research tool by Jose Pino - GitHub - jofpin/trape: People tracker on the Internet: OSINT analysis and research tool by Jose Pino
GitHubjofpin

19- XRay

XRay is a tool for network OSINT gathering, its goal is to make some initial tasks of information gathering and network mapping automatic.

GitHub - evilsocket/xray: XRay is a tool for recon, mapping and OSINT gathering from public networks.
XRay is a tool for recon, mapping and OSINT gathering from public networks. - GitHub - evilsocket/xray: XRay is a tool for recon, mapping and OSINT gathering from public networks.
GitHubevilsocket

20- TIDoS

TIDoS is a free and open-source complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.

Features

  • the programming language: TIDoS is fully ported to Python3
  • the interface: TIDoS presents a new, Metasploit-like console interface
  • Parallelisation: TIDoS uses multiprocessing to speed up attacks
  • An alternative CLI interface for faster interaction with one specific module
  • Anonymity: Attacking through Tor is possible (95% done)
  • Module Completion: Some modules have been feature-extended (e.g. more evasion, supporting more than 1 query parameter)
  • Some new modules: arpscan
  • A Graphical User Interface for easier interaction with the toolkit
  • Supports non-default http(s) ports
GitHub - 0xInfection/TIDoS-Framework: The Offensive Manual Web Application Penetration Testing Framework.
The Offensive Manual Web Application Penetration Testing Framework. - GitHub - 0xInfection/TIDoS-Framework: The Offensive Manual Web Application Penetration Testing Framework.
GitHub0xInfection

21- ReconDog

ReconDog is a free and open-source set of tools to collect and gather information.

Included Tools

It includes the following tools:

GitHub - s0md3v/ReconDog: Reconnaissance Swiss Army Knife
Reconnaissance Swiss Army Knife. Contribute to s0md3v/ReconDog development by creating an account on GitHub.
GitHubs0md3v

22- ReconHound

ReconHound is Best OSINT Tool For Enumeration We've Given 10 Different Type Of Enumeration Sub Tools Its Recon Framework Based On Api.

Features

  • Easy setup
  • User-friendly
  • Zone transfer
  • DNS lookup
  • Port scan
  • HTTP Header detector
  • Link grabber
  • Traceroute
  • Host Scan
  • ASN Lookup
GitHub - indiancybertroops/ReconHound: ReconHound is Best OSINT Tool For Enumeration We’ve Given 10 Different Type Of Enumeration Sub Tools Its Recon Framework Based On Api
ReconHound is Best OSINT Tool For Enumeration We've Given 10 Different Type Of Enumeration Sub Tools Its Recon Framework Based On Api - GitHub - indiancybertroops/ReconHound: ReconHound is Best…
GitHubindiancybertroops

23- Twitark

Archive the Twitter sample firehose and daily trends.

GitHub - pantchox/Twitark: Archive the Twitter sample firehose and daily trends
Archive the Twitter sample firehose and daily trends - GitHub - pantchox/Twitark: Archive the Twitter sample firehose and daily trends
GitHubpantchox

24- DaProfiler (France)

DaProfiler allows you to create a profile on your target based in France only.

GitHub - dalunacrobate/DaProfiler: DaProfiler allows you to create a profile on your target based in France only. The particularity of this program is its ability to find the e-mail addresses your target.
DaProfiler allows you to create a profile on your target based in France only. The particularity of this program is its ability to find the e-mail addresses your target. - GitHub - dalunacrobate/Da…
GitHubdalunacrobate

25- Hackerwasii

Hackerwasii is an information collection tool (OSINT) which aims to carry out research on a French, Swiss, Luxembourgish or Belgian person. It provides various modules that allow efficient searches. Hackerwasii does not require an API key or login ID. you Can Run This Tool ON command Port Linux & Termux

GitHub - evildevill/Hackerwasi: Hackerwasii is an information collection tool (OSINT) which aims to carry out research on a French, Swiss, Luxembourgish or Belgian person. It provides various modules that allow efficient searches. Hackerwasii does not require an API key or login ID. you Can Run This Tool ON command Port Linux & Termux
Hackerwasii is an information collection tool (OSINT) which aims to carry out research on a French, Swiss, Luxembourgish or Belgian person. It provides various modules that allow efficient searches…
GitHubevildevill

26- MOSINT

MOSINT is the fastest OSINT Tool for emails. It helps you gather information about the target email. Email validation, check social accounts, check data breaches and password leaks, finding related emails and domains, scan Pastebin Dumps. Google Search and DNS Lookup.

Features

  • Email validation
  • Check social accounts
  • Check data breaches and password leaks
  • Find related emails and domains
  • Scan Pastebin Dumps
  • Google Search
MOSINT
Download MOSINT for free. An automated e-mail OSINT tool. MOSINT is the fastest OSINT Tool for emails. It helps you gather information about the target email.
SourceForge

27- theHarvester

theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement.

Use it for open source intelligence (OSINT) gathering to help determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources.

Features

  • Microsoft search engine, through the API
  • Uses data from Rapid7's Project Sonar
  • Censys search engine, will use certificates searches to enumerate subdomains and gather emails
  • GitHub code search engine
  • Online vulnerability scanners and network intelligence to help organizations
  • Take screenshots of subdomains that were found
theHarvester
Download theHarvester for free. E-mails, subdomains and names. theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a company…
SourceForge

28- ReconSpider

ReconSpider is an advanced Open Source Intelligence (OSINT) Framework for scanning IP Addresses, Emails, Websites, and Organizations to gather information from various sources. It is used by Infosec Researchers, Penetration Testers, Bug Hunters, and Cyber Crime Investigators to obtain deep information about their targets.

ReconSpider aggregates raw data, visualizes it on a dashboard, and facilitates alerting and monitoring. It combines the capabilities of Wave, Photon, and Recon Dog to comprehensively enumerate attack surfaces. Reconnaissance is the mission of gathering information about the activities and resources of an enemy or potential enemy. A Web crawler, also known as a spider or spiderbot, systematically browses the World Wide Web for the purpose of Web indexing.

Features

  • Performs OSINT scan on a IP Address, Emails, Websites, Organizations and find out information from different sources
  • Correlates and collaborate the results, show them in a consolidated manner
  • Use specific script / launch automated OSINT for consolidated data
  • Currently available in only Command Line Interface (CLI)
  • Clone ReconSpider on linux system
  • Make sure python3 and python3-pip is installed on your systemhis
ReconSpider
Download ReconSpider for free. Most Advanced Open Source Intelligence (OSINT) Framework . ReconSpider is most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Addresses, Emails, Websites, and Organizations and find out information from different sources. ReconSpider can be used by…
SourceForge

29- Public Intelligence Tool

This is an open-source public intelligence tool that allows you to collect publicly available data for free. It also allows you to explore threat analysis for certain websites, profiles and more.

Public Intelligence Tool
Download Public Intelligence Tool for free. Simple Portable Web Browser for Open Source Intelligence . This is a Project I have been working on I call it PITT or Public Intelligence Tool, It is built of the open source web browser Iron, filled with links for searching tons for Public Information. Th…
SourceForge

30- Oryon OSINT Browser

Oryon OSINT Browser is a web browser designed to assist researchers in conducting Open Source Intelligence (OSINT) investigations. Oryon comes with dozens of pre-installed tools and a selected set of links cataloged by category.

Features

  • Based on SRWare Iron Portable
  • More than 60 pre-installed tools to support investigators in their everyday work
  • More than 400 links to specialized sources of information and online investigative tools
  • Custom Search Engines
  • QueryTool (Google Spreadsheet)
  • Oryon Bookmarklet
  • Additional privacy protection features

31- HconSTF

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more.

Features

  • Categorized and comprehensive toolset
  • Contains hundreds of tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few
  • HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
  • Each and every option is configured for penetration testing and Vulnerability assessments
  • Specially configured and enhanced for gaining easy & solid anonymity
  • Works for web app testing assessments specially for owasp top 10
  • Easy to use & collaborative Operating System like interface
  • Multi-Language support (feature in heavy development translators needed)
Hcon Security Testing Framework
Download Hcon Security Testing Framework for free. Open Source Penetration Testing / Ethical Hacking Framework. HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability s…
SourceForge


BLUESPAWN: Shield Your Windows Network with Active Defense and Rapid Malware Elimination!

BLUESPAWN is an active defense, endpoint detection, and response tool designed for quick detection, identification, and elimination of malicious activity and malware across a network. The tool encourages user participation and contribution; suggestions for new features, bug reports, and development assistance are welcomed through their Discord server. The creation and


Enhancing macOS Security with macOS-Fortress

If you have ever been concerned about the security of your MacOS device, you will be pleased to learn about macOS-Fortress. This powerful tool is a combination of firewall, blackhole, and privatizing proxy for trackers, attackers, malware, adware and spammers. It provides kernel-level, OS-level, and client-level security, making your MacOS


Exploring TheFatRat: An Educational Open-source Tool for Understanding Malware Dynamics

What is the FatRat? TheFatRat is an exploitation and pentesting tool designed for educational purposes. It has the capability to compile malware with popular payloads, which can then be executed on various platforms including Windows, Linux, Mac, and Android. This makes it a versatile tool for understanding the dynamics of


Looking for a Free Network ARP Scanners? Here is the Top 19 for Linux, Unix, Windows and macOS


How Likely is it You'll Be Hacked?

Do you know how likely it is that you’ll be hacked? Click here to find out.


Experience the Power of Blocky: Your Free Ad-blocker and DNS Proxy Solution

Introduction to Blocky! Blocky is an open-source local network DNS proxy and ad-blocker developed in Go. Its features include the blocking of DNS queries with external lists for ad-blocking and malware protection, as well as the allowance of whitelisting. It allows the definition of allow/denylists per client group, such


Pi.Alert is a Free WIFI / LAN Intruder Detector with Web Service Monitoring

What is Pi.Alert? Pi.Alert is a comprehensive WIFI and LAN intruder detector equipped with web service monitoring for enhanced security and efficiency. This powerful tool conducts regular scans on all the devices that are connected to your WIFI or LAN. It meticulously records the identities of all known


Healthcare Institutions Face Cybersecurity Threats as They Move to Green Tech

Digitalization is ongoing since many decades in a lot of healthcare institutions. The more digitized a healthcare institution is, the more services and quality it can be provided to patients. This, however, means that medical data and transactions which once were offline, are now possibly accessible from anywhere on Earth.


19 Free Self-hosted Anonymous Chat Solutions for Secure private Messaging and Anonymous Chat Groups

Anonymous chat apps are applications that allow users to communicate with others without revealing their identity. They offer users the ability to engage in real-time conversations while maintaining their privacy. Use-cases of Anonymous chat apps These applications are used in various scenarios. For instance, they can be used for online


Massive Cyber Attack: Is Your Data Safe? 85 Million Egyptian Records For Sale!

In a major cybersecurity incident, an alleged database containing personal information of 85 million Egyptian citizens is reportedly up for sale on a hacking forum. The threat actor claims the database includes sensitive data such as National Identification numbers, full names, family information, mother's names, insurance numbers, and


Read more


Articles

Tutorials Development Productivity Marketing

Systems

Cross-platform macOS Windows Linux Android RaspberryPi

Development

Frameworks JavaScript Flutter Next.js Straters

Apps

Docker Self-hosted Terminal Java

Science - Healthcare

Healthcare Medical Records Radiology (DICOM-PACS)


Open-source Apps

9,500+

Medical Apps

500+

Lists

450+

Dev. Resources

900+