12 OSINT Tools to Know

OSINT tools allow users to more easily explore the wonderful world of publicly available information.

Written by Ellen Glover
A cartoon drawing of two people looking through binoculars against a purple background with internet browsers.
Image: Shutterstock
UPDATED BY
Matthew Urwin | Oct 24, 2023

OSINT, or open source intelligence, is a method of gathering information from publicly available sources to gain knowledge and insights. It involves collecting data from various places like online government records, social media profiles, news articles and online search engines, and piecing it all together to get a more comprehensive understanding of a person, group or topic.

What Is OSINT?

Open source intelligence (OSINT) refers to the practice of collecting information from publicly available and published sources, typically done by IT, cybersecurity or law enforcement professionals to understand trends, gather evidence and discover connections.

Because open source intelligence involves looking at information that is already available to the public, it does not require hacking or illegal activities. Rather, OSINT tools make it easier for users to wade through the countless data sources and documents that are out there in order to find the information they need and produce actionable insights. 

 

Why Is OSINT Important for Businesses?

OSINT has become essential for organizations across various industries to achieve success. Below are just a few ways businesses use OSINT to improve their everyday processes.

  • Threat Detection: Companies can discover when sensitive data is leaked online and detect other network vulnerabilities
  • Market Analysis: Businesses can collect info on competitors and consumer sentiment to determine whether to enter a new market or move forward with a product launch
  • Compliance: Organizations can stay on top of industry, local, national and international laws to make sure they meet compliance standards. 
  • Brand Image: Companies can scan social media platforms and other online sources to understand how consumers and customers perceive their brands
  • Operations: Businesses can track supply chain processes and respond quickly when disruptions occur. 

While plenty of information is ready for businesses to harness, it can be challenging to process these massive amounts of public data. That’s where OSINT tools come into play, allowing businesses to glean faster insights from open source data.

Top OSINT Tools

  • Maltego
  • SpiderFoot
  • Intelligence X
  • Shodan
  • OSINT Framework
  • Metagoofil
  • Lampyre
  • Spokeo
  • Recon-ng
  • Mitaka
  • Babel Street
  • Seon

Whether it’s running a background check on a job candidate or identifying a potentially risky website, these popular OSINT tools help users gather the information they need.

 

OSINT Tools to Know

1. Maltego

Maltego helps users visualize data points and their relationships to one another, taking raw intelligence and turning it into actionable information. It works by automating the searching and gathering of information across various public data sources, and mapping connections between those pieces of information via different visualization layouts such as blocks, hierarchical or circular, using wrights and notes to adjust the graphs. By adjusting the layouts and weights, users can spot various patterns depending on what they need.

The tool can be used to spot all kinds of connections and relationships between names, aliases, email addresses, companies, websites, documents and more — all of which can benefit anything from law enforcement investigations to cybersecurity threat detection.

  • Price: Tools vary in price, with a free personal plan available; Pro version costs $1,000 a year
  • Key Features: Identifies relationships between data through visualization maps; runs on Linux, Windows and MacOS; useful for private or law enforcement investigations, cybersecurity operations, fraud detection and more 

 

2. SpiderFoot

SpiderFoot is an OSINT tool designed specifically for investigation professionals, particularly as it relates to the cybersecurity intelligence space. With more than 200 modules, it can be used either offensively for reconnaissance of a specific target, or defensively to gather information about what a user might have exposed over the internet and how likely the threat of a security breach is.

The tool has access to hundreds of open data sources to gather and analyze IP addresses, CIDR images, domains and subdomains, email addresses, phone numbers, usernames and more. Available on GitHub, SpiderFoot comes with both a command-line interface and an embedded web-server for a more intuitive user interface.

SpiderFoot has many uses, including Bitcoin and Ethereum address extraction, web scraping and web content analysis, dark web searching and IP geolocation.

  • Price: Not publicly available
  • Key Features: Offers a web-based UI or a command-line interface; written in Python 3 and is MIT-licensed; scan can target everything from a Bitcoin address to an email address
Find out who's hiring.
See all Data + Analytics jobs at top tech companies & startups
View Jobs

 

3. Intelligence X

Intelligence X is a search engine that preserves historic versions of web pages as well as entire leaked data sets that have otherwise been removed from the internet. All a user has to do is plug in a particular email address, URL or domain into the search bar, and the software will search the regular internet, the darknet, document sharing platforms, whois data and more to get any kind of open source intelligence that exists. 

Intelligence X’s customers include security researchers, journalists and government entities. It has been used in several high-profile cases, including to research the email servers of prominent politicians like Hillary Clinton and Donald Trump, and to find and index footage from the 2021 Capitol Riots.

  • Price: Plans range from € 2,500 (about $2,600) to € 20,000 (about $21,400) annually; custom plans also available
  • Key Features: Can conduct searches in places like the darknet and document-sharing platforms; maintains a historical archive of web pages, similar to the Wayback Machine; customers include security researchers, journalists and government entities

 

4. Shodan

Shodan is a search engine that allows users to gain insights into all the devices they have connected to the internet within their network range, as well as set up real-time notifications when something changes or security has been compromised. By just typing in a company name, one can receive detailed insights into all their IoT devices according to its network or IP address, such as location, configuration details and security vulnerabilities. 

The platform helps companies monitor not just their own network, but also their devices or IP across the internet and around the world. This is useful in detecting data leaks to the cloud, phishing websites, compromised databases and more.

  • Price: $69/mo. for freelancers; $359/mo. for small businesses; $1,099/mo. for large corporations
  • Key Features: Allows companies to keep track of all their devices that are directly accessible from the internet; real-time notifications can be sent via Slack, email, Discord, Telegram, Microsoft Teams and more; available as both an API and command-line interface

Related ReadingWhy Is IoT Security Important?

 

5. OSINT Framework

OSINT Framework is a directory of data discovery tools for almost any kind of open source intelligence gathering job. It’s essentially a website full of links to free OSINT tools or resources, as opposed to an actual tool itself. Users can find whatever tool they need based on the task at hand, whether that be searching through public records or analyzing potentially malicious files. It also indicated whether a specific tool requires installation or registration, as well as other details. 

Because it organizes all the resources a person could need in a clean and searchable way, OSINT Framework is rapidly becoming one of the most popular solutions for data collection and information discovery. While all of the tools listed on the website have free options, some may also offer additional plans for more money.

  • Price: Free
  • Key Features: Nearly all of the tools linked on OSINT Framework are free, and some offer additional plans for subscription fees; sorted by category; includes training with tutorials and games to help users figure out what tool would work best for their needs

 

6. Metagoofil

Metagoofil is a free tool available on GitHub that specializes in extracting metadata from a variety of public documents, in formats like .pdf, .docx, .xls and more. By searching Google for specific types of files being publicly hosted on a website, the software is capable of unearthing lots of useful data, including usernames and real names associated with specific documents, along with server information and the path to these documents.

Metagoofil is a useful resource for not only OSINT gathering, but also penetration tests and determining whether private files have been leaked in search indexers like Google.

  • Price: Free
  • Key Features: Available on GitHub; extracts metadata from public documents in a variety of formats; useful resource for not only open source intelligence gathering, but also penetration tests and determining whether an organization’s files have been leaked to search indexers like Google
Find out who's hiring.
See all Data + Analytics jobs at top tech companies & startups
View Jobs

 

7. Lampyre

Lampyre is particularly useful in the law enforcement, cybersecurity, due diligence and financial analytics industries. Users can start with just a single data point (such as a person’s full name, or a phone number), and Lampyre will sift through more than 100 regularly updated data resources to extract interesting information about that data point. That information can then be organized in a variety of ways, including tables, maps, graphs or all three of them together.

Lampyre’s information is accessible via a PC software or through API calls.

  • Price: Depends on number of API calls; highest plan costs € 556 (about $589) annually
  • Key Features: Gathers data from more than 100 regularly updated data sources; offers monthly or annual subscription plans; particularly useful in the law enforcement, cybersecurity, due diligence and financial analytics industries

 

8. Spokeo

With Spokeo, users can look up information about people using their email, phone number or postal address, granting them access to billions of public records including property deeds, court records and social networks. Companies can use the platform to vet a job candidate or customer, and individuals can use it to find old friends or research an upcoming date. All they have to do is enter a single piece of information about the person they’re searching for, and Spokeo will handle the rest.

Spokeo has become a rather popular resource for U.S.-based due diligence, serving some 23 million users a month and handling about 500,000 searches a day, according to the company’s website. The tool is available both as a web page and an Android app, where users can perform searches directly from their smartphone.

  • Price: One free search; paid monthly subscription after that
  • Key Features: Offers reverse address, phone number or email look-up; provides access to billions of public records, including property deeds and court records; only works for people who are living in the United States or who are U.S. citizens

More in Big DataWhat Is Data Governance?

 

9. Recon-ng

Recon-ng is a free, open source web reconnaissance tool developed by Python. It originally started as a script, but it has since evolved into a full framework, and it continues to grow thanks to the developers that contribute to its capabilities.

Accessible via a command-line interface on Kali Linux, Recon-ng is designed to automate some of the more time-consuming tasks of OSINT work, including standardizing outputs, interacting with databases, making web requests and managing API keys. It also features GeoIP lookup, DNS lookup and port scanning, and is good at locating sensitive files, finding hidden subdomains and looking for SQL errors. Once any information has been collected, it is stored in a database, which can then be used to generate custom reports according to what the user needs.

  • Price: Free
  • Key Features: Designed exclusively for web-based open source reconnaissance; modular framework makes it easy for even the newest of Python developers to contribute; features include GeoIP lookup, DNS lookup and port scanning

 

10. Mitaka

Available for download as a browser extension on both Chrome and Firefox, Mitaka allows users to browse dozens of search engines to help them identify any malware, sketchy sites or spam emails that may pop up on their computer. All they have to do is plug in a specific IP address, domain, URL, hash or Bitcoin wallet address and Mitaka will send a notification if it detects a potential security threat.

  • Price: Free
  • Key Features: Helps identify malware, determine the credibility of an email address and learn whether a specific URL is associated with a sketchy site; queries more than six dozen search engines with one click; available as both a Chrome and Firefox extension

 

11. Babel Street

Babel Street is a cloud-based tool that uses artificial intelligence to sift through billions of public data sources in more than 200 languages in order to rapidly discover and translate foreign threats. Its machine learning algorithms extract insights from these data sources according to whatever task a particular organization needs, which are then automatically translated into the organization’s native language and organized in one place to allow for deeper analysis and action. 

Private companies use Babel Street to keep their information private and secure, whether that’s protecting intellectual property from fraud or removing risk from supply chains. The tool is also commonly used by law enforcement and other government entities to detect and monitor international threats and patrol borders. In fact, the company claims more than 80 percent of U.S. National Security agencies have used its service. Recently, the system has been used to track the movements of Russia’s army in Ukraine, monitor terrorist activity in Somalia and even analyze the social media activity of U.S. citizens and refugees.

  • Price: Not publicly available
  • Key Features: Cloud-based; uses AI to translate documents from billions of public data sources into more than 200 languages; used by private companies to secure IP and global supply chains, and used by government entities to monitor international threats

More in Cybersecurity17 Types of Cyber Attacks (With Examples)

 

 12. Seon

Seon is a fraud prevention tool. Users can cross-check a person’s email address, IP address or phone number with more than 50 social and online signals in order to not only verify their information, but also collect deeper insights about their overall digital footprint. The platform also uses machine learning to determine a person’s comprehensive risk score based on their online behavior patterns and connections.  

Seon is used across a variety of sectors, including banking, ecommerce, travel and ticketing and crypto trading. Queries can be made either directly on Seon’s website, via an API or through its Chrome extension.

  • Price: Free subscription available; monthly subscription starts at $299
  • Key Features: Offers access to more than 50 different social signals; not only confirms the validity of a person’s email address or phone number, but also collects deeper insights about their overall digital footprint; queries can be made on Seon’s website, via an API or through its Chrome extension​ 

 

Frequently Asked Questions

OSINT (open source intelligence) tools are software that gather information from publicly available sources to gain knowledge and insights.

OSINT tools are legal to use, as they only rely on information available through public sources.

Explore Job Matches.