Open Source Python OSINT Tools
Sort By:
Python OSINT Tools
View 5859 business solutionsBrowse free open source Python OSINT Tools and projects below. Use the toggles on the left to filter open source Python OSINT Tools by OS, license, language, programming language, and project status.
-
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
1
fsociety
Modular CLI framework for managing penetration testing tools
fsociety is a modular penetration testing framework designed to provide a unified interface for running and managing a wide range of security tools. It focuses on simplifying penetration testing workflows by integrating multiple external security utilities into a single command line environment. Instead of implementing its own security scanners, the framework acts as a wrapper and orchestrator that helps users discover, install, and execute tools from various GitHub repositories. Its modular architecture organizes tools into categories such as information gathering, networking, web application security, and password testing. This structure allows users to quickly navigate through different security tasks while maintaining a consistent interface. fsociety can automatically clone and manage required tools, reducing the manual effort typically needed to set up a penetration testing toolkit. fsociety is distributed as a Python package. -
2
Ignorant
Checks if a phone number is registered on online services
Ignorant is a Python-based OSINT tool designed to determine whether a specific phone number is associated with accounts on various online platforms. It performs phone number enumeration by sending requests to supported services and analyzing their responses to identify whether an account exists for that number. By querying endpoints used during account registration, login, or other interactions, Ignorant can infer the presence of an account without notifying the phone number owner. This allows investigators, researchers, or security professionals to perform reconnaissance without alerting the target. Ignorant supports multiple platforms, including services such as Instagram, Snapchat, and Amazon, using a modular architecture where each platform is implemented as a separate module. Ignorant is built with asynchronous Python technologies, enabling concurrent checks across multiple services for faster results. It also provides standardized output in JSON format. -
3
X-osint
Open source OSINT tool for gathering data on emails, phones, and IPs
X-osint is an open source intelligence framework designed to collect and analyze publicly available information from multiple sources. It focuses on gathering useful and credible data about entities such as phone numbers, email addresses, and IP addresses using a range of automated OSINT techniques. It provides investigators and researchers with a centralized interface for running information-gathering tasks that would normally require multiple separate tools. X-osint can also perform domain-related reconnaissance activities such as subdomain enumeration, DNS lookups, and host discovery to help identify infrastructure associated with a target. In addition to network and domain intelligence, it includes features for extracting metadata from files or images and analyzing text content to uncover hidden details. X-osint is written primarily in Python and is designed to run in terminal environments, particularly on Linux systems and Termux setups. -
4
holehe
Check if the mail is used on different sites
holehe is a Python-based OSINT utility designed to determine whether a specific email address is registered across a wide range of online services. The tool works by leveraging password-reset mechanisms and other public account-existence checks to infer whether an email is associated with accounts on major platforms. It supports more than a hundred websites and is commonly used during reconnaissance, digital investigations, and account exposure assessments. holehe is designed to operate quickly and quietly, emphasizing efficiency and minimal footprint during enumeration tasks. The project can be used both as a standalone command-line tool and as a library embedded into larger automation pipelines. Overall, holehe provides investigators with a focused and scalable method for mapping an email’s online presence. -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
5
theHarvester
E-mails, subdomains and names
theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources. -
6
Blackbird
OSINT tool for finding accounts across 600+ sites by username or email
Blackbird is an open source OSINT tool designed to search for user accounts across social networks and online platforms using a username or email address. The project focuses on helping investigators, researchers, and security professionals quickly discover where a specific identity appears on the internet. It performs reverse searches across more than 600 websites by leveraging data from the community-driven WhatsMyName project, which improves detection accuracy and reduces false positives. The tool operates primarily through a command line interface, allowing users to run automated searches and gather results from many platforms in a single process. Blackbird also includes an optional AI-powered profiling feature that analyzes discovered sites to generate behavioral and technical insights about a user’s online presence. Results from searches can be exported in formats such as PDF, CSV, or JSON for documentation or reporting purposes. -
7
WhatsApp Beacon
OSINT tool for tracking WhatsApp online status via Web automation
WhatsApp Beacon is an open source OSINT tool designed to monitor and analyze the online activity status of WhatsApp users through WhatsApp Web. It uses Selenium automation to interact with the web interface and detect when a target account goes online or offline. By continuously monitoring these changes, WhatsApp Beacon records connectivity patterns and builds a historical dataset of activity sessions. The collected information is stored in logs and a local database, allowing users to review behavioral patterns over time. In addition, the project supports exporting collected data to spreadsheet formats for further analysis or reporting. WhatsApp Beacon is designed to run across multiple operating systems and can operate in the background using headless browser automation. It is intended for educational and research purposes related to open-source intelligence (OSINT) and digital investigation. -
8
Osintgram
Osintgram is a OSINT tool on Instagram
Osintgram is an OSINT (Open Source Intelligence) tool designed to extract, analyze, and store information from public Instagram profiles. It allows users to retrieve data like followers, hashtags, stories, tagged posts, and locations. The tool is often used by researchers and security analysts for data gathering, footprinting, and investigative purposes related to social media profiling. -
9
Instagram OSINT Tool
Instagram OSINT tool for gathering profile data and public posts
InstagramOSINT is an open source intelligence (OSINT) tool designed to collect publicly accessible information from Instagram profiles. It retrieves details that are not always easily visible when browsing an Instagram account normally, allowing investigators, researchers, and developers to gather structured data about a target profile. It works by scraping publicly available profile information and extracting metadata from Instagram pages using Python. It collects various attributes such as the username, profile name, follower counts, account status indicators, and profile metadata. In addition to profile information, it can also retrieve post-related data and download publicly available images associated with an account. The results are saved locally in structured formats such as JSON-style data inside text files, making them easy to analyze or integrate into other applications. InstagramOSINT also exposes a Python API so developers can import the functionality. -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
10
Toutatis
Extract public Instagram account information from usernames
Toutatis is an open source command-line tool designed to extract publicly available information from Instagram accounts. It helps users gather various data points from a target profile by querying Instagram using a username or account ID. The tool can retrieve details such as profile metadata, follower counts, biography information, and other publicly accessible account attributes. In addition to basic profile data, Toutatis can also reveal contact details that may be publicly exposed, including email addresses and phone numbers associated with the account. The utility is implemented in Python and runs through a simple command-line interface, making it easy to integrate into OSINT workflows and automation scripts. Toutatis is commonly used in open source intelligence investigations, research tasks, and security analysis that involve collecting publicly available social media data. -
11
User Scanner
Scan usernames and emails across many platforms from the CLI
user-scanner is a command-line OSINT tool designed to analyze the presence and availability of usernames and email addresses across many online platforms. It helps users quickly determine whether a specific username or email is already associated with accounts on social networks, developer platforms, creator communities, gaming services, and other sites. user-scanner is useful for security researchers, investigators, and analysts performing open source intelligence, as well as individuals or businesses looking for a unique username across multiple services. By scanning many platforms in a single command, it simplifies the process of checking account existence and identifying a digital footprint. user-scanner uses a modular architecture where each platform is implemented as a small validator module that determines whether a username exists or is available. -
12
geowifi
OSINT tool for locating WiFi networks using BSSID or SSID data
geowifi is an open source OSINT tool designed to search and retrieve geolocation information about WiFi networks using their BSSID or SSID identifiers. It queries several public WiFi geolocation databases and aggregates the results to help identify the approximate location of a wireless access point. By combining multiple data sources such as Wigle, Apple, Google, WifiDB, Mylnikov, and Combain, the tool can provide location data that may include coordinates and additional network metadata. Users can run searches through a command-line interface by specifying either the BSSID (MAC address) or the SSID of a network. The results can be displayed in different formats, including a structured JSON output or an interactive HTML map showing the discovered locations. geowifi also supports API-based integrations with certain services, which allows geowifi to retrieve more accurate or detailed geolocation data when valid API credentials are configured. -
13
GHunt
Offensive Google framework
GHunt (v2) is an offensive Google framework, designed to evolve efficiently. It's currently focused on OSINT, but any use related with Google is possible. It will automatically use venvs to avoid dependency conflicts with other projects. First, launch the listener by doing ghunt login and choose between 1 of the 2 first methods. Put GHunt on listening mode (currently not compatible with docker) Paste base64-encoded cookies. Enter manually all cookies. The development of this extension has followed Firefox guidelines to use the Promise-based WebExtension/BrowserExt API being standardized by the W3 Browser Extensions group, and is using webextension-polyfill to provide cross-browser compatibility with no changes. -
14
Tookie-OSINT
Username OSINT tool for discovering accounts across many websites
Tookie-OSINT is an open source intelligence tool designed to help security researchers, ethical hackers, and investigators discover online accounts associated with a specific username. It automates the process of searching for usernames across multiple websites, making it easier to identify a person's presence on different platforms. By entering a target username, Tookie-OSINT scans a list of supported sites and checks whether the username exists on those platforms. This approach removes the need for manual checks and significantly speeds up OSINT investigations. It is similar in concept to tools such as Sherlock, focusing on identifying user profiles across social media and other online services. Tookie-OSINT includes both command-line and optional web interface functionality, giving users flexible ways to run scans and analyze results. Tookie-OSINT was created to help beginners and aspiring security professionals learn about OSINT techniques. -
15
Instaloader
Download pictures (or videos) along with their captions
Instaloader is a mature open-source utility for downloading and archiving Instagram content along with rich metadata. It enables users to retrieve posts, stories, reels, highlights, profile pictures, and associated information such as captions, comments, timestamps, and geotags. The tool supports both public and permitted private content when proper authentication is provided, making it useful for research, digital archiving, and social media analysis. Instaloader can be run as a simple command-line tool or used programmatically through its Python module, offering flexibility for automation workflows. It includes smart update mechanisms that resume interrupted downloads and fetch only new media to maintain efficient archives. The project is widely adopted by investigators and analysts who need structured Instagram data collection. In essence, Instaloader provides a robust and highly configurable pipeline for Instagram content retrieval. -
16
Robin
AI-powered tool for dark web OSINT search and investigation
Robin is an AI-powered open source tool designed to assist investigators and researchers in conducting dark web OSINT (Open Source Intelligence) investigations. It combines automated dark web search capabilities with large language models (LLMs) to analyze and summarize information discovered across hidden services and Tor-based search engines. The tool helps refine investigative queries, collect results from multiple dark web sources, and filter relevant intelligence using AI-driven processing. Robin also performs scraping of discovered pages through Tor sessions, allowing users to gather additional context from dark web sites while maintaining the required network routing. By integrating AI models, the platform can interpret results, highlight key information, and produce summaries that help analysts understand findings faster. The project provides a modular architecture separating search, scraping, and AI processing components so it can be extended with new data sources. -
17
ClatScope
OSINT reconnaissance tool for IP, domain, email, and username lookups
ClatScope is a Python-based OSINT (open source intelligence) utility designed to gather and analyze publicly available information from multiple online sources. It is primarily aimed at investigators, cybersecurity professionals, penetration testers, and researchers who need a centralized platform for reconnaissance tasks. It integrates with numerous public APIs and internet services to retrieve detailed data about IP addresses, domains, email addresses, phone numbers, usernames, and other digital identifiers. By combining these sources, ClatScope automates the process of collecting intelligence that would normally require multiple separate tools or manual searches. It operates through a menu-driven command line interface that allows users to choose from many reconnaissance functions and receive formatted results directly in the terminal. ClatScope supports dozens of OSINT operations, including domain analysis, breach checks, and account discovery. -
18
NExfil
Fast OSINT tool for discovering web profiles by username
NExfil is an open source OSINT (Open Source Intelligence) tool designed to locate user profiles across the web based on a given username. Developed in Python, the tool automates the process of checking hundreds of websites to determine whether a specific username exists on those platforms. By performing automated queries across numerous services, NExfil helps investigators, researchers, and security professionals quickly identify potential accounts associated with a particular username. The tool focuses on delivering results rapidly while minimizing false positives during the search process. Users can supply a single username, multiple usernames, or a file containing a list of usernames for bulk scanning. NExfil processes these inputs and attempts to detect matching profiles across more than 350 websites within seconds. Because it is command-line based and open source, it can be easily integrated into OSINT workflows and cybersecurity research environments. -
19
OnionSearch
Search multiple Tor .onion engines at once and collect hidden links.
OnionSearch is a Python-based command-line tool designed to collect and aggregate links from multiple search engines on the Tor network. The script works by scraping results from a variety of .onion search services, allowing users to perform a single query while gathering results from many sources at once. This approach helps researchers and investigators locate hidden services more efficiently without manually querying each individual search engine. It is primarily intended for educational use and open-source intelligence (OSINT) research involving the Tor network. OnionSearch supports multiple engines and can combine results into a single output, making it easier to analyze discovered onion links. It also offers flexible command-line options that allow users to limit results, choose which engines to query, and export collected data. By automating searches across several dark web search engines, OnionSearch simplifies the process of discovering information on hidden services. -
20
Phishing Catcher
Real-time phishing domain detection via Certificate Transparency logs
phishing_catcher is a security monitoring tool designed to detect potential phishing domains in near real time by analyzing TLS certificate issuance events. It listens to Certificate Transparency (CT) logs through the CertStream API and evaluates newly issued certificates as they appear. Each certificate often contains one or more domain names, which the tool analyzes to determine whether they resemble suspicious or phishing-related domains. phishing_catcher applies a configurable scoring mechanism that assigns numeric values to certain keywords, patterns, or top-level domains found within certificate domain names. When a domain’s score exceeds predefined thresholds, it is flagged as potentially malicious and reported accordingly. It operates continuously, processing certificate updates as they arrive and displaying or logging domains that appear suspicious. This approach allows analysts, researchers, and security teams to identify phishing infrastructure early. -
21
SiteDorks
Automate search engine dorking across hundreds of websites
SiteDorks is a command line tool designed to automate advanced search queries across multiple search engines and websites. It allows users to perform search engine “dork” queries against a large set of predefined domains, making it easier to discover publicly available information across different platforms. SiteDorks supports several major search engines including Google, Bing, Brave, Ecosia, DuckDuckGo, Yahoo, and Yandex. Instead of manually running the same query for many sites, SiteDorks generates and executes the queries automatically using lists of “dorkable” websites. A built-in dataset contains hundreds of websites grouped into categories such as cloud services, developer platforms, documentation sites, social platforms, and communication tools. Users can also supply custom domain lists or CSV files to tailor searches for tasks like penetration testing, bug bounty research, or OSINT investigations. -
22
WhatBreach
OSINT tool for discovering email addresses in known data breaches
WhatBreach is an open source OSINT (Open Source Intelligence) tool designed to help users discover whether an email address has appeared in known data breaches. It simplifies the process of investigating compromised credentials by allowing users to search for a single email address or analyze multiple email addresses at once. It gathers breach information from various sources and APIs to identify where the email has been exposed in leaked databases or online paste sites. Once breaches are discovered, WhatBreach can provide additional context such as the databases associated with those leaks and any related paste dumps containing the email address. If the breach databases are publicly available, the tool can attempt to download them for further analysis. It also supports deeper investigation of email domains and related profiles, making it useful for researchers, security analysts, and penetration testers conducting reconnaissance or breach analysis. -
23
RedAmon
AI-powered framework for automated penetration testing and red teaming
RedAmon is an AI-powered red team framework designed to automate offensive cybersecurity operations from reconnaissance to exploitation and post-exploitation. It combines artificial intelligence with traditional penetration testing tools to create a fully autonomous pipeline capable of discovering vulnerabilities and executing security assessments without human intervention. It begins with a multi-phase reconnaissance engine that maps the entire attack surface of a target, collecting information such as subdomains, open ports, services, and potential vulnerabilities. RedAmon then uses an AI agent orchestrator to analyze this data, select appropriate tools, and perform exploitation steps such as credential brute forcing or CVE-based attacks. All discovered assets, relationships, and vulnerabilities are stored in a Neo4j knowledge graph, allowing the system to reason about the environment and make informed decisions during the attack process. -
24
email2phonenumber
OSINT tool to discover phone numbers using an email address
email2phonenumber is an open source OSINT (Open Source Intelligence) tool designed to help researchers identify a target’s phone number using only an email address. The project was created as a proof-of-concept during research into new OSINT methodologies for extracting personal information from publicly accessible sources and account recovery mechanisms. The tool works by automating interactions with password reset processes on various online services, which may reveal masked phone number digits associated with an account. By combining these partial digits with other publicly available information, the tool attempts to reconstruct or identify the full phone number. The application includes several functions that support different phases of this process, such as scraping phone number fragments, generating possible numbers based on national numbering plans, and testing potential numbers against service recovery mechanisms. -
25
Argus
Python toolkit for OSINT and reconnaissance with 135+ modules
Argus is a Python-based open source toolkit designed to simplify information gathering and reconnaissance tasks in cybersecurity. It provides an integrated command-line environment that consolidates numerous reconnaissance utilities into a single framework. The tool enables users to collect data about networks, domains, web applications, and infrastructure in an organized and efficient manner. Argus includes a modular architecture with more than 130 modules that support activities such as DNS analysis, port scanning, web application inspection, and threat intelligence lookups. Its interactive CLI allows users to browse available modules, configure targets, run scans, and review results from within a unified interface. The project aims to reduce the complexity of using multiple separate reconnaissance tools by bringing them together in one streamlined platform. Argus also supports integrations with external intelligence services.
