Open Source OSINT Tools - Page 2
Sort By:
OSINT Tools
View 5765 business solutions-
Custom VMs From 1 to 96 vCPUs With 99.95% UptimeLive migration and automatic failover keep workloads online through maintenance. One free e2-micro VM every month.
-
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
1
Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains
Sudomy is a subdomain enumeration tool to collect subdomains and analyze domains performing advanced automated reconnaissance (framework). This tool can also be used for OSINT (Open-source intelligence) activities. Easy, light, fast and powerful. Bash script (controller) is available by default in almost all Linux distributions. By using bash script multiprocessing feature, all processors will be utilized optimally. Subdomain enumeration process can be achieved by using active method or passive method. Sudomy utilize Gobuster tools because of its highspeed performance in carrying out DNS Subdomain Bruteforce attack (wildcard support). The wordlist that is used comes from combined SecList (Discover/DNS) lists which contains around 3 million entries. By evaluating and selecting the good third-party sites/resources, the enumeration process can be optimized. More results will be obtained with less time required. -
2
uncover
Discover exposed internet hosts using multiple search engine APIs
Uncover is an open source reconnaissance tool designed to quickly discover exposed hosts on the internet by querying multiple search engine APIs through a unified interface. It acts as a Go-based wrapper around well-known internet intelligence platforms, allowing users to gather information about publicly accessible systems from a single command-line tool. By integrating with services such as Shodan, Censys, FOFA, ZoomEye, and others, the tool enables security professionals to efficiently search for internet-facing assets and services. The tool is built with automation in mind, making it suitable for security workflows and pipelines used by penetration testers, researchers, and bug bounty hunters. Instead of manually querying several search engines separately, uncover aggregates results from supported providers and returns them in a standardized format. This approach simplifies large-scale reconnaissance tasks and speeds up the discovery of exposed infrastructure or services. -
3
Hcon Security Testing Framework
Open Source Penetration Testing / Ethical Hacking Framework
HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more. -
4
YoungerSibling
YoungerSibling: Cross-platform OSINT tool for quick data gathering.
YoungerSibling is a Python-based terminal utility script designed for educational purposes. It provides a set of useful tools to perform tasks like searching the web, performing lookups (Google search, IP lookup, username lookup, etc.), and extracting metadata from images, directly from the terminal. This project aims to help students, developers, and hobbyists learn about web scraping, API usage, and terminal interaction with Python. -
Fully Managed MySQL, PostgreSQL, and SQL ServerCloud SQL handles your database ops end to end, so you can focus on your app.
-
5
Public Intelligence Tool
Simple Portable Web Browser for Open Source Intelligence
This is a Project I have been working on I call it PITT or Public Intelligence Tool, It is built of the open source web browser Iron, filled with links for searching tons for Public Information. There a similar tools on the market but I laid mine out the way I like it, and I hope everyone else will to. I will be hopefully trying to update this tool weekly with new links and information, making new improvements. I Have the discussions open if you want to add anything new or feel something should change just write it and il research it and add it in. Please use the tool responsibly and give credit where credit is due. This tool is not for criminal uses, it is only for Official use with proper permissions. I do not own any links in here. Be Awesome with a 100% Free Donation :D - http://adf.ly/4228472/free-donation !Contains Ads! It is for use by Security Researchers, Government Agencies, Law Enforcement, Student Research and Legal Red Teaming and Penetration Testing -
6
Zynix-Fusion
zynix-Fusion is a framework for hacking
zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else. -
7
Oculus
Oculus - OSINT VM
A pre-configured Kali Linux virtual machine designed for Open Source Intelligence investigations, including essential tools for reconnaissance, social media research, metadata analysis, and reporting, with privacy and cleanup adjustments applied -
8
retrap
Open-Source intelligence tracking and analysis tool.
(OSINT) Open-Source intelligence tracking and analysis tool. - Disclaimer: This tool is experimental in its Alpha phase. It's developed and published as a small building block of a master's thesis research. So use it for educational purposes only and at your own discretion, the author cannot be held responsible for any damages caused. -
9
zynix-fusion
zynix-Fusion is a framework for hacking
zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else. -
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
10
Oryon C Portable (moved)
Open Source Intelligence Framework
NEW PROJECT PAGE: https://sourceforge.net/projects/oryon-osint-browser/ Oryon C Portable is a web browser designed to assist researchers in conducting Open Source Intelligence investigations. Oryon comes with dozens of pre-installed tools and a select set of links cataloged by category – including those that can be found in the OI Shared Resources. ▪ Based on SRWare Iron version 31.0.1700.0 (Chromium) ▪ More than 70 pre-installed tools to support investigators in their everyday work ▪ More than 600 links to specialized sources of information and online investigative tools ▪ Additional privacy protection features ▪ A ready to use opml file containing a sorted collection of information sources in the fields such as: OSINT, Intelligence, online research, InfoSec, defense, and more. -
11
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Sn1per Professional is an all-in-one offensive security platform that provides a comprehensive view of your internal and external attack surface and offers an asset risk scoring system to prioritize, reduce, and manage risk. With Sn1per Professional, you can discover the attack surface and continuously monitor it for changes. It integrates with the leading open source and commercial security testing tools for a unified view of your data. -
12
ASN
Command line ASN lookup, network recon, and traceroute tool
asn is a multifunctional network investigation and OSINT command line tool designed for analyzing Autonomous System (ASN) and IP-related data. It provides a comprehensive set of capabilities for inspecting network infrastructure, routing information, and security signals associated with IP addresses, hostnames, prefixes, and organizations. It aggregates data from multiple external services to present detailed information such as BGP statistics, RPKI validation status, IP reputation, geolocation, and prefix ownership. It can also perform AS path tracing, allowing users to observe the network route between systems and identify Internet Exchange Points or anomalies in the path. In addition to its command line usage, asn can run as a web-based traceroute server or as a self-hosted lookup API that returns JSON-formatted data for automated workflows. This flexibility allows the tool to support manual investigations, incident response, and automated network analysis pipelines. -
13
Argus
Python toolkit for OSINT and reconnaissance with 135+ modules
Argus is a Python-based open source toolkit designed to simplify information gathering and reconnaissance tasks in cybersecurity. It provides an integrated command-line environment that consolidates numerous reconnaissance utilities into a single framework. The tool enables users to collect data about networks, domains, web applications, and infrastructure in an organized and efficient manner. Argus includes a modular architecture with more than 130 modules that support activities such as DNS analysis, port scanning, web application inspection, and threat intelligence lookups. Its interactive CLI allows users to browse available modules, configure targets, run scans, and review results from within a unified interface. The project aims to reduce the complexity of using multiple separate reconnaissance tools by bringing them together in one streamlined platform. Argus also supports integrations with external intelligence services. -
14
AttackSurfaceMapper
Automated tool for mapping & expanding organization’s attack surface
AttackSurfaceMapper (ASM) is a reconnaissance and attack surface discovery tool designed to automate the process of mapping potential targets within an organization's infrastructure. It combines open source intelligence (OSINT) with selective active reconnaissance techniques to expand and analyze a target’s external attack surface. Users can supply domains, subdomains, or IP addresses as input, and applies multiple discovery methods to identify additional related assets such as new subdomains, associated IP ranges, and hosts within the same network ownership. It performs both brute-force and passive enumeration techniques to uncover infrastructure components that may not be immediately visible. After building an expanded list of targets, AttackSurfaceMapper collects intelligence such as screenshots of web applications, information about exposed services, and possible vulnerabilities identified through integrated services. It can also search for publicly exposed credentials. -
15
BigBountyRecon
Automates reconnaissance for bug bounty and penetration testing target
BigBountyRecon is an open source reconnaissance tool designed to assist security researchers, penetration testers, and bug bounty hunters during the early stages of security assessments. It automates the collection of publicly accessible information about a target organization by combining numerous reconnaissance techniques with widely used Google dorks and other open source resources. Its main goal is to accelerate the information-gathering phase, which is often considered one of the most important steps in penetration testing and bug hunting. By quickly identifying potential information leaks and publicly exposed resources, the tool helps users gain an initial understanding of the target’s security posture. BigBountyRecon allows researchers to perform multiple reconnaissance checks without having to manually remember or craft complex search queries. It aggregates results from dozens of discovery techniques so analysts can identify possible entry points and weak configurations. -
16
BlackWidow
Python web scanner for OSINT gathering and OWASP vulnerability fuzzing
BlackWidow is a Python-based web application scanning tool designed to crawl target websites and collect open-source intelligence (OSINT) while identifying potential security vulnerabilities. It functions as a web spider that systematically explores a site to gather valuable information such as URLs, dynamic parameters, subdomains, email addresses, and phone numbers associated with the target domain. By automatically extracting this data, BlackWidow helps security professionals and researchers build a clearer understanding of a website’s structure and publicly accessible information. In addition to information gathering, the project includes a built-in fuzzing component called Inject-X, which tests dynamic URLs for common vulnerabilities listed in the OWASP Top 10. The scanner analyzes parameters and injects payloads to detect issues such as SQL injection, cross-site scripting (XSS), and open redirect vulnerabilities. -
17
ClatScope
OSINT reconnaissance tool for IP, domain, email, and username lookups
ClatScope is a Python-based OSINT (open source intelligence) utility designed to gather and analyze publicly available information from multiple online sources. It is primarily aimed at investigators, cybersecurity professionals, penetration testers, and researchers who need a centralized platform for reconnaissance tasks. It integrates with numerous public APIs and internet services to retrieve detailed data about IP addresses, domains, email addresses, phone numbers, usernames, and other digital identifiers. By combining these sources, ClatScope automates the process of collecting intelligence that would normally require multiple separate tools or manual searches. It operates through a menu-driven command line interface that allows users to choose from many reconnaissance functions and receive formatted results directly in the terminal. ClatScope supports dozens of OSINT operations, including domain analysis, breach checks, and account discovery. -
18
CrossLinked
LinkedIn employee enumeration tool using search engine scraping
CrossLinked is an open source LinkedIn enumeration tool designed to collect employee names associated with a target organization. Instead of accessing LinkedIn directly or relying on its API, it performs search engine scraping using services such as Google and Bing to discover public LinkedIn profile results. By analyzing these search results, CrossLinked extracts employee names and processes them into usable formats for security assessments or reconnaissance activities. This approach allows the tool to operate without credentials, authentication tokens, or LinkedIn account access. CrossLinked is commonly used by penetration testers and security professionals during the reconnaissance phase to identify potential usernames or email address formats for a target organization. It also supports customizable naming templates, enabling users to generate usernames or email formats that match corporate account conventions. -
19
Findomain
Fast open source tool for discovering and monitoring domain subdomains
Findomain is an open source reconnaissance tool designed to discover and enumerate subdomains associated with a target domain. It focuses on speed and reliability by using Certificate Transparency logs and multiple well tested public APIs instead of relying solely on brute force scanning techniques. By querying multiple passive data sources in parallel, the tool can identify a large number of subdomains within a short time, making it useful for security researchers, penetration testers, and bug bounty hunters. Findomain aggregates information from various online services to provide a comprehensive list of discovered subdomains without directly attacking the target infrastructure. The tool also supports monitoring capabilities that allow users to track newly discovered subdomains and send alerts through integrations such as messaging platforms. Written in Rust, Findomain benefits from strong performance, safe concurrency, and cross platform compatibility. -
20
GitGot
Semi-automated tool for discovering exposed secrets in GitHub data
GitGot is an open source security tool designed to help users quickly search large amounts of public data on GitHub to identify potentially exposed secrets. It operates as a semi-automated, feedback-driven system that combines automated search capabilities with human guidance to refine results during investigation. GitGot leverages the GitHub Search API to perform queries across repositories, files, and gists, allowing security researchers and penetration testers to discover sensitive information that may have been unintentionally exposed in public code. During a search session, users review results and provide feedback that allows GitGot to filter out irrelevant or repetitive findings. This feedback is used to build blacklists that eliminate results based on repository names, file names, user names, or fuzzy matches of file content. The approach helps reduce noise while guiding the search process toward more relevant results. -
21
GitHound
Search GitHub for leaked API keys, credentials, and exposed secrets
GitHound is a reconnaissance and security scanning tool designed to search GitHub for exposed secrets such as API keys, credentials, and other sensitive tokens. It works by combining GitHub search queries (often called “GitHub dorks”) with pattern matching techniques to locate potential secrets across public repositories. Instead of scanning only a limited set of repositories, the tool leverages GitHub’s Code Search API to analyze results from across the entire public GitHub ecosystem, including repositories and Gists. GitHound examines files returned by search queries and applies detection methods such as regex pattern matching, entropy analysis, and contextual evaluation to identify likely credentials. It can also dig into commit history to uncover secrets that may have been removed or reverted but still exist in older revisions. This capability makes it useful for security researchers, DevSecOps teams, and bug bounty hunters who need to detect leaked credentials. -
22
Gitrob
Scans GitHub repositories for potentially sensitive files
Gitrob is an open source reconnaissance tool designed to identify potentially sensitive files that have been committed to public GitHub repositories. It helps security professionals, researchers, and organizations detect accidental data exposure by scanning repositories associated with specific GitHub users or organizations. The tool works by cloning repositories and analyzing their commit history to search for files that match predefined signatures of sensitive data. These signatures are used to flag items such as credentials, private keys, configuration files, and other materials that may expose confidential information. By automatically inspecting repository histories, Gitrob simplifies the process of identifying security risks that might otherwise remain unnoticed in publicly accessible codebases. The results of the scan are presented through a built-in web interface that allows users to browse findings, review flagged files, and analyze potential leaks more efficiently. -
23
GooFuzz
OSINT fuzzing tool using Google dorks to find exposed resources
GooFuzz is an open source security tool designed to perform fuzzing using an OSINT-based approach by leveraging advanced Google search techniques. It is written in Bash and automates the use of Google Dorking queries to discover publicly accessible information related to a target domain. Instead of directly sending requests to the target server, GooFuzz gathers results through search engine indexing, allowing enumeration without leaving traces in the target’s server logs. This method enables the discovery of potentially sensitive files, directories, subdomains, and parameters that are already exposed on the web. By combining wordlists, search operators, and file extension filters, the tool helps security professionals locate misconfigured or unintentionally exposed resources. GooFuzz is commonly used in penetration testing, reconnaissance, and bug bounty research where passive information gathering is important. -
24
Hakrawler
Fast Go web crawler for discovering URLs and web app endpoints
hakrawler is a lightweight command-line web crawler built in Go that is designed to quickly discover URLs, endpoints, and assets within web applications. It is primarily used during the reconnaissance phase of security testing, bug bounty hunting, and penetration testing. It works by automatically crawling web pages and extracting links, JavaScript file locations, and other resources that may reveal additional attack surface or hidden functionality. hakrawler is implemented as a simple and efficient crawler using the Gocolly library, which allows it to perform fast and concurrent crawling of web pages. It accepts URLs through standard input, making it easy to integrate into command-line pipelines with other security tools. This workflow enables researchers to combine it with subdomain enumeration, HTTP probing, and vulnerability scanning utilities to automate reconnaissance processes. hakrawler can follow links within a website and optionally include subdomains. -
25
IVRE
Open source framework for large scale network reconnaissance and analy
IVRE is an open source network reconnaissance framework designed to collect, process, and analyze intelligence gathered from network scans and traffic data. It provides tools for both active and passive reconnaissance, enabling users to understand how networks behave and identify exposed services or infrastructure. The framework integrates with well known security and scanning tools such as Nmap, Masscan, ZGrab2, ZDNS, and Zeek to gather large amounts of network intelligence. IVRE stores the collected data in a database and offers multiple ways to explore and analyze it, including a web interface, command line tools, and a Python API. This allows security professionals to query scan results, inspect network flows, and identify patterns across large datasets. The project can be used to build self hosted alternatives to internet scanning services such as Shodan or Censys, giving organizations full control over their own reconnaissance infrastructure.
