Open Source OSINT Tools - Page 4
Sort By:
OSINT Tools
View 5766 business solutions-
Train ML Models With SQL You Already KnowBuild and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
-
Host LLMs in Production With On-Demand GPUsDeploy your model, get an endpoint, pay only for compute time. No GPU provisioning or infrastructure management required.
-
1
IVRE
Open source framework for large scale network reconnaissance and analy
IVRE is an open source network reconnaissance framework designed to collect, process, and analyze intelligence gathered from network scans and traffic data. It provides tools for both active and passive reconnaissance, enabling users to understand how networks behave and identify exposed services or infrastructure. The framework integrates with well known security and scanning tools such as Nmap, Masscan, ZGrab2, ZDNS, and Zeek to gather large amounts of network intelligence. IVRE stores the collected data in a database and offers multiple ways to explore and analyze it, including a web interface, command line tools, and a Python API. This allows security professionals to query scan results, inspect network flows, and identify patterns across large datasets. The project can be used to build self hosted alternatives to internet scanning services such as Shodan or Censys, giving organizations full control over their own reconnaissance infrastructure. -
2
Moriarty Project
Web-based OSINT tool for investigating phone number information
Moriarty Project is an open source web-based investigation tool designed to gather publicly available information about phone numbers. It allows users to input a phone number and analyze various details related to that number through multiple investigation features. It performs information gathering by scraping data from online sources to retrieve insights such as owner information, spam risk, and related web references. Users can select specific investigation features to run individually or execute all available checks at once depending on their needs. Moriarty Project operates through a browser-based interface and includes multithreading improvements that help speed up the investigation process. Moriarty Project focuses strictly on OSINT-style information gathering and does not provide tracking, hacking, or harmful capabilities against phone number owners. It is fully open source, allowing users to inspect the code and understand how the data collection mechanisms work. -
3
Scope Sentry
Cyberspace asset mapping and vulnerability scanning platform
ScopeSentry is an open source cybersecurity tool designed for cyberspace asset mapping and automated security analysis. It helps security researchers and penetration testers discover, monitor, and analyze internet-facing assets belonging to a target scope. ScopeSentry combines multiple reconnaissance and vulnerability assessment capabilities such as subdomain enumeration, port scanning, directory scanning, and sensitive information detection. ScopeSentry can automatically identify assets and services, extract URLs, and crawl websites to collect useful security data for further analysis. It also includes vulnerability scanning and subdomain takeover detection to help identify common security weaknesses across web infrastructure. It supports distributed scanning with multiple nodes, allowing large scanning tasks to be performed efficiently across different systems. -
4
SiteDorks
Automate search engine dorking across hundreds of websites
SiteDorks is a command line tool designed to automate advanced search queries across multiple search engines and websites. It allows users to perform search engine “dork” queries against a large set of predefined domains, making it easier to discover publicly available information across different platforms. SiteDorks supports several major search engines including Google, Bing, Brave, Ecosia, DuckDuckGo, Yahoo, and Yandex. Instead of manually running the same query for many sites, SiteDorks generates and executes the queries automatically using lists of “dorkable” websites. A built-in dataset contains hundreds of websites grouped into categories such as cloud services, developer platforms, documentation sites, social platforms, and communication tools. Users can also supply custom domain lists or CSV files to tailor searches for tasks like penetration testing, bug bounty research, or OSINT investigations. -
Powerful App Monitoring Without Surprise BillsTired of monitoring tools that punish you for scaling? AppSignal offers transparent, predictable pricing with every feature unlocked on every plan. Track errors, monitor performance, detect anomalies, and manage logs across Ruby, Python, Node.js, and more. Trusted by developers since 2012 with free dev-to-dev support. No credit card required to start your 30-day trial.
-
5
WhatsApp Beacon
OSINT tool for tracking WhatsApp online status via Web automation
WhatsApp Beacon is an open source OSINT tool designed to monitor and analyze the online activity status of WhatsApp users through WhatsApp Web. It uses Selenium automation to interact with the web interface and detect when a target account goes online or offline. By continuously monitoring these changes, WhatsApp Beacon records connectivity patterns and builds a historical dataset of activity sessions. The collected information is stored in logs and a local database, allowing users to review behavioral patterns over time. In addition, the project supports exporting collected data to spreadsheet formats for further analysis or reporting. WhatsApp Beacon is designed to run across multiple operating systems and can operate in the background using headless browser automation. It is intended for educational and research purposes related to open-source intelligence (OSINT) and digital investigation. -
6
geowifi
OSINT tool for locating WiFi networks using BSSID or SSID data
geowifi is an open source OSINT tool designed to search and retrieve geolocation information about WiFi networks using their BSSID or SSID identifiers. It queries several public WiFi geolocation databases and aggregates the results to help identify the approximate location of a wireless access point. By combining multiple data sources such as Wigle, Apple, Google, WifiDB, Mylnikov, and Combain, the tool can provide location data that may include coordinates and additional network metadata. Users can run searches through a command-line interface by specifying either the BSSID (MAC address) or the SSID of a network. The results can be displayed in different formats, including a structured JSON output or an interactive HTML map showing the discovered locations. geowifi also supports API-based integrations with certain services, which allows geowifi to retrieve more accurate or detailed geolocation data when valid API credentials are configured. -
7
gitGraber
Real-time GitHub monitor that detects leaked API keys and secrets
gitGraber is a Python-based security tool designed to monitor GitHub in real time to detect exposed sensitive information in publicly indexed repositories. It scans recently indexed files on GitHub and searches for patterns that may indicate leaked credentials, API keys, or other confidential data used by popular online services. Instead of analyzing the full history of repositories, the tool focuses on newly indexed content, allowing security researchers and bug bounty hunters to quickly identify fresh leaks as they appear. gitGraber uses carefully crafted regular expressions to detect tokens and secrets associated with platforms such as AWS, Google, PayPal, Twitter, Stripe, and many others. When a potential leak is discovered, the tool can notify users through messaging platforms or display results directly in the command line. This approach helps organizations and security professionals monitor potential exposures. -
8
wholeaked
Tool that embeds identifiers in files to trace leak sources
wholeaked is an open source file distribution and tracking tool designed to help identify the source of leaked files. It works by generating unique versions of a file for each recipient and embedding identifying signatures or metadata into each distributed copy. If the file later appears in an unauthorized location, the embedded identifier can be analyzed to determine which recipient originally received that specific version. This approach allows organizations, researchers, or individuals to trace the origin of leaks in sensitive documents, binaries, or other shared resources. wholeaked automates the process of creating personalized file variants and associating them with a list of recipients. By integrating metadata signatures into each distributed file, wholeaked makes it easier to track potential data leaks while maintaining a structured record of distribution. Overall, it provides a practical method for accountability and leak attribution when sharing confidential files. -
9
Hakrawler
Fast Go web crawler for discovering URLs and web app endpoints
hakrawler is a lightweight command-line web crawler built in Go that is designed to quickly discover URLs, endpoints, and assets within web applications. It is primarily used during the reconnaissance phase of security testing, bug bounty hunting, and penetration testing. It works by automatically crawling web pages and extracting links, JavaScript file locations, and other resources that may reveal additional attack surface or hidden functionality. hakrawler is implemented as a simple and efficient crawler using the Gocolly library, which allows it to perform fast and concurrent crawling of web pages. It accepts URLs through standard input, making it easy to integrate into command-line pipelines with other security tools. This workflow enables researchers to combine it with subdomain enumeration, HTTP probing, and vulnerability scanning utilities to automate reconnaissance processes. hakrawler can follow links within a website and optionally include subdomains. -
Auth0 B2B Essentials: SSO, MFA, and RBAC Built InAuth0's B2B Essentials plan gives you everything you need to ship secure multi-tenant apps. Unlimited orgs, enterprise SSO, RBAC, audit log streaming, and higher auth and API limits included. Add on M2M tokens, enterprise MFA, or additional SSO connections as you scale.
-
10
Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains
Sudomy is a subdomain enumeration tool to collect subdomains and analyze domains performing advanced automated reconnaissance (framework). This tool can also be used for OSINT (Open-source intelligence) activities. Easy, light, fast and powerful. Bash script (controller) is available by default in almost all Linux distributions. By using bash script multiprocessing feature, all processors will be utilized optimally. Subdomain enumeration process can be achieved by using active method or passive method. Sudomy utilize Gobuster tools because of its highspeed performance in carrying out DNS Subdomain Bruteforce attack (wildcard support). The wordlist that is used comes from combined SecList (Discover/DNS) lists which contains around 3 million entries. By evaluating and selecting the good third-party sites/resources, the enumeration process can be optimized. More results will be obtained with less time required. -
11
XRAY
XRay for recon, mapping and OSINT gathering from public networks
XRAY is a modular security toolset that helps developers and security professionals analyze, fuzz, and test web applications, protocols, and network services for vulnerabilities. It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. The modular architecture means users can customize or extend the engine with new analyzers, fuzzers, or output formats tailored to specific testing environments. Rather than being a “one-size-fits-all” black box scanner, XRAY encourages interactive exploration and integrates with other tooling. -
12
secator
Automated framework for running pentesting tools and workflows
Secator is a task and workflow runner designed to streamline security assessments by integrating many well-known penetration testing and reconnaissance tools into a unified framework. It acts as a centralized automation platform that helps security professionals run tasks, workflows, and scans more efficiently from a single command-line interface. It supports dozens of established security tools and organizes them into structured workflows, enabling users to perform complex reconnaissance and vulnerability discovery processes with minimal manual effort. By standardizing input parameters and output formats across different tools, Secator simplifies how results are collected and processed during security testing. Secator is built to improve productivity for penetration testers, bug bounty hunters, and security researchers who frequently chain multiple tools together during assessments. -
13
dnstwist
Detects phishing and lookalike domains using DNS fuzzing techniques
dnstwist is an open source cybersecurity tool designed to identify malicious or suspicious domain names that imitate legitimate websites. It works by generating a large set of domain name permutations based on a target domain and analyzing whether any of those variants are actively registered or used. These permutations simulate common techniques used in phishing attacks, typosquatting, and brand impersonation campaigns. Security teams can use the tool to discover potential threats where attackers attempt to deceive users with lookalike domains. dnstwist also helps detect phishing activity by comparing web page content and visual similarity between domains using fuzzy hashing and perceptual hashing techniques. By automating DNS fuzzing and analysis, it provides organizations with an additional source of targeted threat intelligence. The tool can output results in structured formats, making it easier to integrate with security workflows or further analyze suspicious domains. -
14
Hcon Security Testing Framework
Open Source Penetration Testing / Ethical Hacking Framework
HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more. -
15
YoungerSibling
YoungerSibling: Cross-platform OSINT tool for quick data gathering.
YoungerSibling is a Python-based terminal utility script designed for educational purposes. It provides a set of useful tools to perform tasks like searching the web, performing lookups (Google search, IP lookup, username lookup, etc.), and extracting metadata from images, directly from the terminal. This project aims to help students, developers, and hobbyists learn about web scraping, API usage, and terminal interaction with Python. -
16
Zynix-Fusion
zynix-Fusion is a framework for hacking
zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else. -
17
Public Intelligence Tool
Simple Portable Web Browser for Open Source Intelligence
This is a Project I have been working on I call it PITT or Public Intelligence Tool, It is built of the open source web browser Iron, filled with links for searching tons for Public Information. There a similar tools on the market but I laid mine out the way I like it, and I hope everyone else will to. I will be hopefully trying to update this tool weekly with new links and information, making new improvements. I Have the discussions open if you want to add anything new or feel something should change just write it and il research it and add it in. Please use the tool responsibly and give credit where credit is due. This tool is not for criminal uses, it is only for Official use with proper permissions. I do not own any links in here. Be Awesome with a 100% Free Donation :D - http://adf.ly/4228472/free-donation !Contains Ads! It is for use by Security Researchers, Government Agencies, Law Enforcement, Student Research and Legal Red Teaming and Penetration Testing -
18
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Sn1per Professional is an all-in-one offensive security platform that provides a comprehensive view of your internal and external attack surface and offers an asset risk scoring system to prioritize, reduce, and manage risk. With Sn1per Professional, you can discover the attack surface and continuously monitor it for changes. It integrates with the leading open source and commercial security testing tools for a unified view of your data. -
19
Oculus
Oculus - OSINT VM
A pre-configured Kali Linux virtual machine designed for Open Source Intelligence investigations, including essential tools for reconnaissance, social media research, metadata analysis, and reporting, with privacy and cleanup adjustments applied -
20
BlackWidow
Python web scanner for OSINT gathering and OWASP vulnerability fuzzing
BlackWidow is a Python-based web application scanning tool designed to crawl target websites and collect open-source intelligence (OSINT) while identifying potential security vulnerabilities. It functions as a web spider that systematically explores a site to gather valuable information such as URLs, dynamic parameters, subdomains, email addresses, and phone numbers associated with the target domain. By automatically extracting this data, BlackWidow helps security professionals and researchers build a clearer understanding of a website’s structure and publicly accessible information. In addition to information gathering, the project includes a built-in fuzzing component called Inject-X, which tests dynamic URLs for common vulnerabilities listed in the OWASP Top 10. The scanner analyzes parameters and injects payloads to detect issues such as SQL injection, cross-site scripting (XSS), and open redirect vulnerabilities. -
21
FavFreak
Favicon hash–based reconnaissance tool for security research
FavFreak is an open source reconnaissance tool designed to assist security researchers, bug bounty hunters, and penetration testers in identifying web technologies using favicon hashes. It works by taking one or more URLs as input and automatically retrieving the favicon.ico file associated with each target website. After fetching the favicon, it calculates a hash value and organizes the scanned domains, subdomains, or IP addresses according to these hashes. FavFreak then compares the generated hashes against a predefined fingerprint dictionary that maps known favicon hashes to specific technologies or services. If a match is found, it displays the corresponding technology information in the output, helping researchers quickly identify potential targets or related infrastructure. This approach is particularly useful during reconnaissance phases of security assessments because many web services share identical favicon hashes. -
22
HostHunter
OSINT reconnaissance tool for discovering hostnames from IP addresses
HostHunter is an open source reconnaissance tool designed to discover and extract hostnames associated with a large set of IPv4 or IPv6 addresses. It helps security professionals map IP addresses to virtual hostnames using a combination of OSINT data sources and active reconnaissance techniques. This approach enables users to identify hidden or additional services that may be hosted behind a single IP address. By correlating hostname information from certificates, APIs, HTTP headers, and other sources, the tool helps reveal the broader attack surface of an organization or infrastructure. HostHunter is commonly used in penetration testing, bug bounty reconnaissance, and security assessments where identifying virtual hosts is critical. HostHunter supports multiple output formats, making it easier to integrate the results into other security tools or workflows. -
23
ISeeYou
Location tracking tool for social engineering and phishing tests
I-See-You is an open source Bash and JavaScript tool designed to capture the geographic location of a target during social engineering or phishing engagements. It works by generating a link that can be sent to a target as part of a phishing scenario, where the webpage requests permission to access the user’s location. When the user allows location access, I-See-You records the latitude and longitude coordinates and displays them in the terminal logs for the operator. These coordinates can then be used to determine the user’s approximate physical location using mapping services. It is intended for reconnaissance during security testing, allowing penetration testers or red team operators to gather contextual information about potential targets. It operates by exposing a locally hosted server to the internet so the target can access the generated page and trigger the location request. I-See-You is intended strictly for educational purposes and authorized testing environments. -
24
Mantis
Automated framework for asset discovery and vulnerability scanning
Mantis is an open source security framework designed to automate the workflow of asset discovery, reconnaissance, and vulnerability scanning for organizations and security teams. Mantis operates through a command line interface and accepts targets such as top level domains, IP addresses, or network ranges as input. From these inputs, it automatically discovers associated digital assets including subdomains and SSL certificates, allowing users to map the attack surface of a system. After discovery, the framework performs reconnaissance on active assets to gather technical information such as open ports, technologies, network details, and hosting infrastructure. Mantis then conducts security scans to identify vulnerabilities, exposed secrets, configuration weaknesses, and potentially malicious phishing domains. It integrates both open source and custom security tools to automate multiple phases of a security assessment in a single workflow. -
25
OWASP Maryam
Modular OSINT framework for automated open-source intelligence gatheri
Maryam is an open source intelligence (OSINT) framework designed to automate the process of gathering and analyzing publicly available information from the internet. It provides a modular environment that enables users to collect data from search engines, open data sources, and various online services for reconnaissance and investigative purposes. Written in Python, Maryam is built to provide a flexible and extensible framework for harvesting information quickly and efficiently from open sources. Maryam helps security researchers and analysts streamline routine data-gathering tasks that typically involve searching multiple sources such as Google, Bing, or other online platforms. Maryam organizes its functionality into several modules that focus on different aspects of intelligence gathering, including footprint analysis, OSINT data extraction, and general search operations.
