Open Source ChromeOS OSINT Tools - Page 2
Sort By:
OSINT Tools for ChromeOS
-
Earn up to 16% annual interest with Nexo.Put idle assets to work with competitive interest rates, borrow without selling, and trade with precision. All in one platform. Geographic restrictions, eligibility, and terms apply.
-
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
1
secator
Automated framework for running pentesting tools and workflows
Secator is a task and workflow runner designed to streamline security assessments by integrating many well-known penetration testing and reconnaissance tools into a unified framework. It acts as a centralized automation platform that helps security professionals run tasks, workflows, and scans more efficiently from a single command-line interface. It supports dozens of established security tools and organizes them into structured workflows, enabling users to perform complex reconnaissance and vulnerability discovery processes with minimal manual effort. By standardizing input parameters and output formats across different tools, Secator simplifies how results are collected and processed during security testing. Secator is built to improve productivity for penetration testers, bug bounty hunters, and security researchers who frequently chain multiple tools together during assessments. -
2
yesitsme
Simple OSINT script to find Instagram profiles by name
yesitsme is a Python-based OSINT utility designed to help investigators identify potential Instagram accounts associated with a specific person using limited identifying data. The script works by querying indexed public information and comparing obfuscated email addresses and phone numbers against user-provided inputs to estimate match confidence. It is intended to automate a time-consuming manual investigation process by aggregating candidate usernames and classifying them into match levels such as high, medium, or low. The tool requires an Instagram session cookie to operate and includes configurable timeout controls to help avoid detection or rate limiting during searches. Its minimal codebase and straightforward command-line interface make it accessible for researchers, security analysts, and digital investigators performing social media intelligence work. -
3
ASNmap
CLI tool for mapping organization network ranges using ASN data
asnmap is a command line tool and Go library designed to quickly map network ranges belonging to organizations using Autonomous System Number (ASN) data. It allows users to convert different types of inputs (such as ASN numbers, IP addresses, domain names, or organization names) into their associated CIDR ranges. This capability makes it particularly useful for security researchers, penetration testers, and reconnaissance workflows that require identifying network infrastructure owned by a target organization. asnmap retrieves ASN-related data and returns structured results that can be easily integrated into automated pipelines. Output can be generated in multiple formats including plain text, JSON, and CSV, enabling flexible data processing and analysis. asnmap also supports reading input from standard input and piping its results directly into other command line tools for chained workflows. -
4
Harpoon
Command line OSINT and threat intelligence automation tool
Harpoon is a command line tool designed to assist with open source intelligence (OSINT) and threat intelligence investigations. It helps security professionals and researchers collect and analyze publicly available information from a wide range of online sources. Harpoon is written in Python and organized around a modular plugin system, where each plugin is responsible for querying a specific platform, API, or intelligence service. This design allows users to automate many reconnaissance and intelligence gathering tasks directly from the terminal. Harpoon integrates with numerous security and data services such as Shodan, VirusTotal, AlienVault OTX, and many other intelligence providers to retrieve information about domains, IP addresses, emails, and other indicators. Many commands rely on API keys that can be configured through a central configuration file, allowing users to connect their own intelligence accounts and data sources. -
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
5
WhatBreach
OSINT tool for discovering email addresses in known data breaches
WhatBreach is an open source OSINT (Open Source Intelligence) tool designed to help users discover whether an email address has appeared in known data breaches. It simplifies the process of investigating compromised credentials by allowing users to search for a single email address or analyze multiple email addresses at once. It gathers breach information from various sources and APIs to identify where the email has been exposed in leaked databases or online paste sites. Once breaches are discovered, WhatBreach can provide additional context such as the databases associated with those leaks and any related paste dumps containing the email address. If the breach databases are publicly available, the tool can attempt to download them for further analysis. It also supports deeper investigation of email domains and related profiles, making it useful for researchers, security analysts, and penetration testers conducting reconnaissance or breach analysis. -
6
socialscan
Scan platforms to check username and email account usage
Socialscan is an open source intelligence (OSINT) tool designed to check whether usernames or email addresses are associated with accounts on various online platforms. It allows users to quickly determine if a specific username or email address is already in use across multiple services, making it useful for security research, digital investigations, and account enumeration tasks. It focuses on accuracy by querying platform endpoints in a way that reliably detects whether a credential exists without producing misleading results. Socialscan can be used both as a Python library and as a command-line utility, making it flexible for developers and analysts alike. It uses asynchronous networking to perform multiple queries efficiently, enabling fast scans across different services. Because of its programmatic interface, the tool can also be integrated into larger workflows, automation scripts, or OSINT pipelines. Overall, Socialscan helps investigators, researchers, and developers. -
7
NExfil
Fast OSINT tool for discovering web profiles by username
NExfil is an open source OSINT (Open Source Intelligence) tool designed to locate user profiles across the web based on a given username. Developed in Python, the tool automates the process of checking hundreds of websites to determine whether a specific username exists on those platforms. By performing automated queries across numerous services, NExfil helps investigators, researchers, and security professionals quickly identify potential accounts associated with a particular username. The tool focuses on delivering results rapidly while minimizing false positives during the search process. Users can supply a single username, multiple usernames, or a file containing a list of usernames for bulk scanning. NExfil processes these inputs and attempts to detect matching profiles across more than 350 websites within seconds. Because it is command-line based and open source, it can be easily integrated into OSINT workflows and cybersecurity research environments. -
8
paramspider
Mine parameterized URLs from web archives for security testing
ParamSpider is an open source command-line tool designed to discover URLs that contain parameters by mining historical data from web archives such as the Wayback Machine. It helps security researchers, penetration testers, and bug bounty hunters collect potential attack surfaces by automatically gathering archived URLs related to a specific domain. Instead of returning every discovered URL, the tool intelligently filters results to highlight parameterized endpoints that are more useful for vulnerability testing. These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. It can process a single domain or multiple domains from a list, making it useful for both targeted testing and large-scale reconnaissance. -
9
Gitrob
Scans GitHub repositories for potentially sensitive files
Gitrob is an open source reconnaissance tool designed to identify potentially sensitive files that have been committed to public GitHub repositories. It helps security professionals, researchers, and organizations detect accidental data exposure by scanning repositories associated with specific GitHub users or organizations. The tool works by cloning repositories and analyzing their commit history to search for files that match predefined signatures of sensitive data. These signatures are used to flag items such as credentials, private keys, configuration files, and other materials that may expose confidential information. By automatically inspecting repository histories, Gitrob simplifies the process of identifying security risks that might otherwise remain unnoticed in publicly accessible codebases. The results of the scan are presented through a built-in web interface that allows users to browse findings, review flagged files, and analyze potential leaks more efficiently. -
Train ML Models With SQL You Already KnowBuild and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
-
10
Metabigor
Command-line OSINT and reconnaissance tool without API keys
Metabigor is a command-line intelligence and OSINT tool designed to perform reconnaissance and security research tasks without requiring API keys. It focuses on simplifying access to public intelligence sources so that researchers, penetration testers, and bug bounty hunters can gather information efficiently from a single interface. It enables users to discover IP ranges, domains, and infrastructure details related to organizations, domains, or autonomous systems. Metabigor integrates multiple public data sources such as certificate transparency logs, BGP routing data, reverse WHOIS services, and IP intelligence databases to help map digital infrastructure. It can also enrich IP information with service, port, and vulnerability data using Shodan InternetDB while remaining accessible without authentication keys. In addition, it provides utilities that coordinate network scanning workflows by acting as a wrapper for tools like rustscan, masscan, and nmap. -
11
Mitaka
Browser extension for fast OSINT searches and IOC investigation
Mitaka is a browser extension designed to streamline Open Source Intelligence (OSINT) investigations by enabling quick searches and scans directly from the browser. It allows security researchers, analysts, and investigators to easily examine various indicators of compromise (IoCs) such as IP addresses, domains, URLs, hashes, email addresses, and more. Instead of manually copying and pasting suspicious indicators into multiple intelligence platforms, users can simply highlight a value on any webpage and access multiple OSINT services through a context menu. Mitaka automatically detects the type of indicator and generates appropriate search options for relevant threat intelligence services. Mitaka also includes a refanging capability that converts obfuscated indicators, such as example[.]com or hxxp://example.com, into valid formats that can be analyzed immediately. -
12
OnionSearch
Search multiple Tor .onion engines at once and collect hidden links.
OnionSearch is a Python-based command-line tool designed to collect and aggregate links from multiple search engines on the Tor network. The script works by scraping results from a variety of .onion search services, allowing users to perform a single query while gathering results from many sources at once. This approach helps researchers and investigators locate hidden services more efficiently without manually querying each individual search engine. It is primarily intended for educational use and open-source intelligence (OSINT) research involving the Tor network. OnionSearch supports multiple engines and can combine results into a single output, making it easier to analyze discovered onion links. It also offers flexible command-line options that allow users to limit results, choose which engines to query, and export collected data. By automating searches across several dark web search engines, OnionSearch simplifies the process of discovering information on hidden services. -
13
Photon
Incredibly fast crawler designed for OSINT
Photon is an extremely fast web crawler built specifically for OSINT and reconnaissance use cases. It is designed to extract URLs, endpoints, files, and other intelligence artifacts from target websites with minimal overhead. The crawler prioritizes speed and breadth, making it suitable for mapping web attack surfaces and discovering hidden resources. Photon is commonly used during early reconnaissance phases to build a comprehensive inventory of reachable assets. Its Python implementation makes it accessible for customization and integration into larger automation frameworks. Despite its speed focus, the tool still provides useful filtering and extraction capabilities for analysts who need structured results. Overall, Photon functions as a lightweight yet powerful reconnaissance spider for web intelligence gathering. -
14
XRAY
XRay for recon, mapping and OSINT gathering from public networks
XRAY is a modular security toolset that helps developers and security professionals analyze, fuzz, and test web applications, protocols, and network services for vulnerabilities. It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. The modular architecture means users can customize or extend the engine with new analyzers, fuzzers, or output formats tailored to specific testing environments. Rather than being a “one-size-fits-all” black box scanner, XRAY encourages interactive exploration and integrates with other tooling. -
15
uncover
Discover exposed internet hosts using multiple search engine APIs
Uncover is an open source reconnaissance tool designed to quickly discover exposed hosts on the internet by querying multiple search engine APIs through a unified interface. It acts as a Go-based wrapper around well-known internet intelligence platforms, allowing users to gather information about publicly accessible systems from a single command-line tool. By integrating with services such as Shodan, Censys, FOFA, ZoomEye, and others, the tool enables security professionals to efficiently search for internet-facing assets and services. The tool is built with automation in mind, making it suitable for security workflows and pipelines used by penetration testers, researchers, and bug bounty hunters. Instead of manually querying several search engines separately, uncover aggregates results from supported providers and returns them in a standardized format. This approach simplifies large-scale reconnaissance tasks and speeds up the discovery of exposed infrastructure or services. -
16
ASN
Command line ASN lookup, network recon, and traceroute tool
asn is a multifunctional network investigation and OSINT command line tool designed for analyzing Autonomous System (ASN) and IP-related data. It provides a comprehensive set of capabilities for inspecting network infrastructure, routing information, and security signals associated with IP addresses, hostnames, prefixes, and organizations. It aggregates data from multiple external services to present detailed information such as BGP statistics, RPKI validation status, IP reputation, geolocation, and prefix ownership. It can also perform AS path tracing, allowing users to observe the network route between systems and identify Internet Exchange Points or anomalies in the path. In addition to its command line usage, asn can run as a web-based traceroute server or as a self-hosted lookup API that returns JSON-formatted data for automated workflows. This flexibility allows the tool to support manual investigations, incident response, and automated network analysis pipelines. -
17
AttackSurfaceMapper
Automated tool for mapping & expanding organization’s attack surface
AttackSurfaceMapper (ASM) is a reconnaissance and attack surface discovery tool designed to automate the process of mapping potential targets within an organization's infrastructure. It combines open source intelligence (OSINT) with selective active reconnaissance techniques to expand and analyze a target’s external attack surface. Users can supply domains, subdomains, or IP addresses as input, and applies multiple discovery methods to identify additional related assets such as new subdomains, associated IP ranges, and hosts within the same network ownership. It performs both brute-force and passive enumeration techniques to uncover infrastructure components that may not be immediately visible. After building an expanded list of targets, AttackSurfaceMapper collects intelligence such as screenshots of web applications, information about exposed services, and possible vulnerabilities identified through integrated services. It can also search for publicly exposed credentials. -
18
Buster
OSINT tool for discovering information linked to email addresses
Buster is an open source OSINT tool designed for email reconnaissance and information gathering. It helps investigators, security researchers, and penetration testers discover publicly available information related to email addresses and usernames. It can analyze an email address to identify associated social media accounts, references across the web, and potential data breaches linked to that email. It also performs reverse WHOIS lookups to discover domains that may have been registered using a specific email address. In addition to investigating existing addresses, Buster can generate possible email combinations and usernames based on personal details such as a person’s name, birthdate, or additional hints. Buster supports validating generated email addresses and retrieving contextual information about them. By combining multiple online sources and services, Buster helps automate the process of gathering intelligence related to digital identities. -
19
IPRanges
Daily updated lists of cloud, bot, and service IP ranges
ipranges is an open source repository that provides continuously updated lists of IP address ranges associated with major cloud providers, search engine crawlers, and online services. ipranges collects IP ranges from publicly available sources and organizes them into structured files that can be easily used in security, networking, and automation workflows. It includes address ranges from providers such as Google Cloud, Amazon AWS, Microsoft, Oracle Cloud, and DigitalOcean, as well as well known service platforms like GitHub, Facebook, Twitter, and Telegram. It also tracks IP ranges used by search engine bots and automated agents including Googlebot, Bingbot, and OpenAI’s GPTBot. Lists are published in both IPv4 and IPv6 formats and are regularly updated through automated processes to keep the data current. In addition to provider specific lists, the project also offers merged and combined datasets that aggregate ranges from multiple sources into a single file. -
20
Open Semantic Search
Open source semantic search and text analytics for large document sets
Open Semantic Search is an open source research and analytics platform designed for searching, analyzing, and exploring large collections of documents using semantic search technologies. It provides an integrated search server combined with a document processing pipeline that supports crawling, text extraction, and automated analysis of content from many different sources. Open Semantic Search includes an ETL framework that can ingest documents, process them through analysis steps, and enrich the data with extracted information such as named entities and metadata. It also supports optical character recognition to extract text from images and scanned documents, including images embedded inside PDF files. It integrates text mining and analytics capabilities that allow users to examine relationships, topics, and structured data within document collections. -
21
Phishing Catcher
Real-time phishing domain detection via Certificate Transparency logs
phishing_catcher is a security monitoring tool designed to detect potential phishing domains in near real time by analyzing TLS certificate issuance events. It listens to Certificate Transparency (CT) logs through the CertStream API and evaluates newly issued certificates as they appear. Each certificate often contains one or more domain names, which the tool analyzes to determine whether they resemble suspicious or phishing-related domains. phishing_catcher applies a configurable scoring mechanism that assigns numeric values to certain keywords, patterns, or top-level domains found within certificate domain names. When a domain’s score exceeds predefined thresholds, it is flagged as potentially malicious and reported accordingly. It operates continuously, processing certificate updates as they arrive and displaying or logging domains that appear suspicious. This approach allows analysts, researchers, and security teams to identify phishing infrastructure early. -
22
SiteDorks
Automate search engine dorking across hundreds of websites
SiteDorks is a command line tool designed to automate advanced search queries across multiple search engines and websites. It allows users to perform search engine “dork” queries against a large set of predefined domains, making it easier to discover publicly available information across different platforms. SiteDorks supports several major search engines including Google, Bing, Brave, Ecosia, DuckDuckGo, Yahoo, and Yandex. Instead of manually running the same query for many sites, SiteDorks generates and executes the queries automatically using lists of “dorkable” websites. A built-in dataset contains hundreds of websites grouped into categories such as cloud services, developer platforms, documentation sites, social platforms, and communication tools. Users can also supply custom domain lists or CSV files to tailor searches for tasks like penetration testing, bug bounty research, or OSINT investigations. -
23
SocialPwned
OSINT tool to collect emails from social networks and find leaks
SocialPwned is an OSINT tool designed to gather publicly exposed email addresses from social networks and analyze them for potential credential leaks. It helps security researchers and penetration testers identify vulnerable targets during the footprinting phase of ethical hacking engagements. It collects email addresses associated with individuals or organizations from platforms such as Instagram, LinkedIn, and Twitter. Once emails are discovered, SocialPwned searches for leaked credentials using breach databases like PwnDB and Dehashed to determine whether those accounts have appeared in data leaks. SocialPwned also integrates with GHunt to retrieve additional public information related to Google accounts linked to the discovered emails. By combining social media intelligence with breach data analysis, SocialPwned helps investigators identify reused passwords and patterns that may indicate potential security weaknesses. -
24
Username Anarchy
Username generator for penetration testing and user enumeration
Username Anarchy is an open source command line tool designed to generate possible usernames for use in penetration testing and security assessments. It focuses on solving one of the common challenges in authentication attacks: identifying valid usernames before attempting password attacks. It generates large sets of potential usernames based on a person’s name and common naming conventions used in corporate or online systems. These generated username lists can then be used for activities such as username enumeration, password spraying, or brute force testing during security audits. Username Anarchy supports numerous formatting styles, allowing security testers to replicate patterns commonly used in enterprise environments such as first.last, flast, or firstinitiallastname. Username Anarchy can also utilize name sources gathered from OSINT techniques such as social networks or other public data to produce realistic username lists. -
25
urlhunter
Search exposed URLs from shortener services using keyword filtering
urlhunter is an open source reconnaissance tool designed to help security researchers discover URLs that have been exposed through URL shortener services such as bit.ly and goo.gl. It works by analyzing large datasets generated from brute-forced short links that are publicly released by the URLTeam project. These datasets contain resolved long URLs that were originally hidden behind short links, which can sometimes reveal sensitive or previously unknown endpoints. urlhunter downloads these collections and allows users to search and analyze them using custom keywords or patterns. This capability makes it useful for identifying exposed resources such as documents, internal panels, or forgotten endpoints that may still be accessible online. urlhunter is written in Go and operates as a command-line utility, making it suitable for automation and integration into reconnaissance workflows.
