OSINT, or open source intelligence, is a method of gathering information from publicly available sources to gain knowledge and insights. It involves collecting data from various places like online government records, social media profiles, news articles and online search engines, and piecing it all together to get a more comprehensive understanding of a person, group or topic. The goal is to help users understand trends, gather evidence and discover connections between different pieces of information.
Top OSINT Tools
- Intelligence X
- OSINT Framework
- Babel Street
OSINT has many applications, including research and analysis, business intelligence, law enforcement and due diligence. It has also become a useful tool for cybersecurity professionals in penetration testing, external threat detection and ethical hacking.
Because open source intelligence involves looking at information that is already available to the public, it does not require hacking or illegal activities. Rather, OSINT tools make it easier for users to wade through the countless data sources and documents that are out there in order to find the information they need and produce actionable insights.
Whether it’s running a background check on a job candidate or identifying a potentially risky website, these popular OSINT tools help users gather the information they need.
OSINT Tools to Know
Maltego helps users visualize data points and their relationships to one another, taking raw intelligence and turning it into actionable information. It works by automating the searching and gathering of information across various public data sources, and mapping connections between those pieces of information via different visualization layouts such as blocks, hierarchical or circular, using wrights and notes to adjust the graphs. By adjusting the layouts and weights, users can spot various patterns depending on what they need.
The tool can be used to spot all kinds of connections and relationships between names, aliases, email addresses, companies, websites, documents and more — all of which can benefit anything from law enforcement investigations to cybersecurity threat detection.
Pricing: Tools vary in price, with a free personal plan available; Pro version costs $1,000 a year
• Identifies relationships between data through visualization maps
• Runs on Linux, Windows and MacOS
• Useful for private or law enforcement investigations, cybersecurity operations, fraud detection and more
SpiderFoot is an OSINT tool designed specifically for investigation professionals, particularly as it relates to the cybersecurity intelligence space. With more than 200 modules, it can be used either offensively for reconnaissance of a specific target, or defensively to gather information about what a user might have exposed over the internet and how likely the threat of a security breach is.
The tool has access to hundreds of open data sources to gather and analyze IP addresses, CIDR images, domains and subdomains, email addresses, phone numbers, usernames and more. Available on GitHub, SpiderFoot comes with both a command-line interface and an embedded web-server for a more intuitive user interface.
Pricing: Not publicly available
• Offers a web-based UI or a command-line interface
• Written in Python 3 and is MIT-licensed
• A SpiderFoot scan can target everything from a Bitcoin address to an email address
3. Intelligence X
Intelligence X is a search engine that preserves historic versions of web pages as well as entire leaked data sets that have otherwise been removed from the internet. All a user has to do is plug in a particular email address, URL or domain into the search bar, and the software will search the regular internet, the darknet, document sharing platforms, whois data and more to get any kind of open source intelligence that exists.
Intelligence X’s customers include security researchers, journalists and government entities. It has been used in several high-profile cases, including to research the email servers of prominent politicians like Hilary Clinton and Donald Trump, and to find and index footage from the 2021 Capitol Riots.
Pricing: Plans range from € 2,500 (about $2,600) to € 20,000 (about $21,400) annually; custom plans also available
• Can conduct searches in places like the darknet and document sharing platforms
• It maintains a historical archive of web pages, similar to the Wayback Machine
• Customers include security researchers, journalists and government entities
Shodan is a search engine that allows users to gain insights into all the devices they have connected to the internet within their network range, as well as set up real-time notifications when something changes or security has been compromised. By just typing in a company name, one can receive detailed insights into all their IoT devices according to its network or IP address, such as location, configuration details and security vulnerabilities.
The platform helps companies monitor not just their own network, but also their devices or IP across the internet and around the world. This is useful in detecting data leaks to the cloud, phishing websites, compromised databases and more.
Pricing: $69/mo. for freelancers; $359/mo. for small businesses; $1,099/mo. for large corporations
• Allows companies to keep track of all their devices that are directly accessible from the internet, helping them stay secure
• Real-time notifications can be sent via Slack, email, Discord, Telegram, Microsoft Teams and more
• Available as both an API and command-line interface
5. OSINT Framework
OSINT Framework is a directory of data discovery tools for almost any kind of open source intelligence gathering job. It’s essentially a website full of links to free OSINT tools or resources, as opposed to an actual tool itself. Users can find whatever tool they need based on the task at hand, whether that be searching through public records or analyzing potentially malicious files. It also indicated whether a specific tool requires installation or registration, as well as other details.
Because it organizes all the resources a person could need in a clean and searchable way, OSINT Framework is rapidly becoming one of the most popular solutions for data collection and information discovery. While all of the tools listed on the website have free options, some may also offer additional plans for more money.
• Nearly all of the tools linked on OSINT Framework are free, and some offer additional plans for subscription fees
• Sorted by category
• Includes training with tutorials and games to help users figure out what tool would work best for their needs
Metagoofil is a free tool available on GitHub that specializes in extracting metadata from a variety of public documents, in formats like .pdf, .docx, .xls and more. By searching Google for specific types of files being publicly hosted on a website, the software is capable of unearthing lots of useful data, including usernames and real names associated with specific documents, along with server information and the path to these documents.
Metagoofil is a useful resource for not only OSINT gathering, but also penetration tests and determining whether private files have been leaked in search indexers like Google.
• Available on GitHub
• Extracts metadata from public documents in a variety of formats
• A useful resource for not only open source intelligence gathering, but also penetration tests and determining whether an organization’s files have been leaked to search indexers like Google
Lampyre is particularly useful in the law enforcement, cyber security, due diligence and financial analytics industries. Users can start with just a single data point (such as a person’s full name, or a phone number), and Lampyre will sift through more than 100 regularly updated data resources to extract interesting information about that data point. That information can then be organized in a variety of ways, including tables, maps, graphs or all three of them together.
Lampyre’s information is accessible via a PC software or through API calls.
Pricing: Depends on number of API calls; highest plan costs € 580 (about $620) annually
• Gathers data from more than 100 regularly updated data sources
• Offers monthly or annual subscription plans
• Particularly useful in the law enforcement, cyber security, due diligence and financial analytics industries
With Spokeo, users can lookup information about people using their email, phone number or postal address, granting them access to billions of public records including property deeds, court records and social networks. Companies can use the platform to vet a job candidate or customer, and individuals can use it to find old friends or research an upcoming date. All they have to do is enter a single piece of information about the person they’re searching for, and Spokeo will handle the rest.
Spokeo has become a rather popular resource for US-based due diligence, serving some 23 million users a month and handling about 500,000 searches a day, according to the company’s website. The tool is available both as a web page and an Android app, where users can perform searches directly from their smartphone.
Pricing: Users allowed one free search; paid monthly subscription after that
• Offers reverse address, phone number or email look-up
• Offers access to billions of public records, including property deeds and court records
• Only works for people who are living in the United States or who are US citizens
Recon-ng is a free, open source web reconnaissance tool developed by Python. It originally started as a script, but it has since evolved into a full framework, and it continues to grow thanks to the developers that contribute to its capabilities.
Accessible via a command-line interface on Kali Linux, Recon-ng is designed to automate some of the more time-consuming tasks of OSINT work, including standardizing outputs, interacting with databases, making web requests and managing API keys. It also features GeoIP lookup, DNS lookup and port scanning, and is good at locating sensitive files, finding hidden subdomains and looking for SQL errors. Once any information has been collected, it is stored in a database, which can then be used to generate custom reports according to what the user needs.
• Designed exclusively for web-based open source reconnaissance
• Its modular framework makes it easy for even the newest of Python developers to contribute
• Features include GeoIP lookup, DNS lookup and port scanning
Available for download as a browser extension on both Chrome and Firefox, Mitaka allows users to browse dozens of search engines to help them identify any malware, sketchy sites or spam emails that may pop up on their computer. All they have to do is plug in a specific IP address, domain, URL, hash or Bitcoin wallet address and Mitaka will send a notification if it detects a potential security threat.
• Helps users identify malware, determine the credibility of an email address and learn whether a specific URL is associated with a sketchy site
• Queries more than six dozen search engines with one click
• Available as both a Chrome and Firefox extension
11. Babel Street
Babel Street is a cloud-based tool that uses artificial intelligence to sift through billions of public data sources in more than 200 languages in order to rapidly discover and translate foreign threats. Its machine learning algorithms extract insights from these data sources according to whatever task a particular organization needs, which are then automatically translated into the organization’s native language and organized in one place to allow for deeper analysis and action.
Private companies use Babel Street to keep their information private and secure, whether that’s protecting intellectual property from fraud or removing risk from supply chains. The tool is also commonly used by law enforcement and other government entities to detect and monitor international threats and patrol borders. In fact, the company claims more than 80 percent of U.S. National Security agencies have used its service. Recently, the system has been used to track the movements of Russia’s army in Ukraine, monitor terrorist activity in Somalia and even analyze the social media activity of U.S. citizens and refugees.
Pricing: Not publicly available
• Uses artificial intelligence to translate documents from billions of public data sources into more than 200 languages
• Used by private companies to secure IP and global supply chains, and used by government entities to monitor international threats
Seon is a fraud prevention tool. Users can cross check a person’s email address, IP address or phone number with more than 50 social and online signals in order to not only verify their information, but also collect deeper insights about their overall digital footprint. The platform also uses machine learning to determine a person’s comprehensive risk score based on their online behavior patterns and connections.
Seon is used across a variety of sectors, including banking, ecommerce, travel and ticketing and crypto trading. Queries can be made either directly on Seon’s website, via an API or through its Chrome extension.
Pricing: Free subscription available; monthly subscription starts at $299
• Users get access to more than 50 different social signals
• Seon not only confirms the validity of a person’s email address or phone number, but also collects deeper insights about their overall digital footprint
• Queries can be made on Seon’s website, via an API or through its Chrome extension