OSINT Tools list

1. LibreWolf
URL: https://librewolf.net/
What it does: Privacy-focused web browser based on Firefox, hardened for tracking protection and anonymity.
Setup required: Download and install (Windows/Linux/macOS); optional manual config for privacy tuning.
Cost: Free (open-source)

2. Maltego
URL: https://www.maltego.com/
What it does: Visual link analysis tool that maps relationships between people, domains, emails, and organisations.
Setup required: Install desktop client + create account + configure “transforms” (data sources/APIs).
Cost: Free Community Edition; Paid (~$1,000+/year for Pro)

3. SpiderFoot
URL: https://github.com/smicallef/spiderfoot
What it does: Automated OSINT scanner aggregating data from 200+ sources to build a target’s digital footprint.
Setup required: Python environment or Docker; optional API keys for extended data sources.
Cost: Free (open-source); Paid HX version available

4. Shodan
URL: https://www.shodan.io/dashboard
What it does: Search engine for internet-connected devices, revealing exposed servers, ports, and vulnerabilities.
Setup required: Account signup; optional API usage for automation.
Cost: Free tier (limited); Paid (~$69/month+)

5. theHarvester
URL: https://github.com/laramies/theHarvester
What it does: Gathers emails, subdomains, IPs, and names from public sources for reconnaissance.
Setup required: Python install; run via CLI; optional API keys for sources.
Cost: Free (open-source)

6. Recon-ng
URL: https://github.com/lanmaster53/recon-ng
What it does: Modular reconnaissance framework for structured OSINT workflows (DNS, WHOIS, etc.).
Setup required: Python + CLI environment; configure modules and API keys.
Cost: Free (open-source)

7. Creepy
URL: https://github.com/ilektrojohn/creepy
What it does: Geolocation OSINT tool that collects and maps location data from social media posts.
Setup required: Python environment + API keys (e.g., Twitter/Flickr).
Cost: Free (open-source)

8. OSINT Tools Collection (SundownDev List)
URL: https://gist.github.com/sundowndev/283efaddbcf896ab405488330d1bbc06
What it does: Curated list of hundreds of OSINT tools and resources across domains (social, network, metadata, etc.).
Setup required: None (reference list; tools inside may require setup).
Cost: Free

9. Social-Engineer Toolkit (SET)
URL: https://github.com/trustedsec/social-engineer-toolkit
What it does: Framework for simulating social engineering attacks (phishing, credential harvesting) for security testing.
Setup required: Linux (often Kali); Python; requires security testing environment.
Cost: Free (open-source)

10. FOCA
URL: https://github.com/ElevenPaths/FOCA
What it does: Extracts metadata from documents (PDF, DOC, etc.) to uncover infrastructure and organisational details.
Setup required: Windows installation; target document collection.
Cost: Free (open-source)

11. OSINT Framework
URL: https://github.com/lockfale/OSINT-Framework
What it does: Web-based directory of OSINT tools organised by category (people, domains, social media, etc.).
Setup required: None (web interface).
Cost: Free

12. BeenVerified
URL: https://www.beenverified.com/
What it does: People search and background check service aggregating public records (phone, address, etc.).
Setup required: Account signup; search via web interface.
Cost: Paid subscription (monthly)

13. Checked (Australia)
URL: https://www.checked.com.au/
What it does: Australian background and identity checking service (police checks, verification, etc.).
Setup required: Account + identity verification depending on service.
Cost: Paid per check / service

14. Pipl
URL: https://pipl.com/
What it does: Advanced identity search platform focused on deep web data for people and risk intelligence.
Setup required: Business account; API integration for enterprise use.
Cost: Paid (enterprise pricing)

⬅️ Back to Home