OSINT tools

Introduction

Most people leave a lot of traces in the digital world. Some of these traces are easy to find, especially when using social media like Facebook or Twitter. Others require a little bit more research. This is where OSINT tools come in.

Open source intelligence tools, or OSINT, gather data from public resources. Open source refers to the public availability of the information. Typical sources include social media, forums, and comments on websites. Together they can provide valuable information about a particular subject.

OSINT tools come in a wide variety, like typical other open source tools. Some are well-maintained, where others are one-time creations by their author. Depending on the type of information and data artifacts you are looking for, it is common to combine multiple tools. Sometimes it may be needed to use multiple tools to enrich the extracted data as much as possible.

Usage

OSINT tools are typically used for information gathering, intelligence gathering, OSINT research.

Users for these tools include forensic specialists, security professionals.

Tools

DataSploit (OSINT framework)

information gathering, OSINT research, security monitoring

DataSploit is a framework to perform intelligence gathering to discover credentials, domain information, and other information related to the target. It uses various reconnaissance techniques on companies, people, phone numbers, and even cryptocoin technology. It allows aggregating all raw data and return it in multiple formats.

GasMask (open source intelligence gathering tool)

information gathering

GasMask is an open source intelligence gathering tool (OSINT). It can be used to discover more information about a particular target. The sources it uses include search engines like Bing, Google, and Yandex. Additionally it retrieves information from GitHub, YouTube, and social media platforms like Twitter.

Gitem (GitHub organization reconnaissance tool)

information gathering, security assessment, security monitoring, self-assessment

Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.

Intrigue Core (attack surface discovery)

asset discovery, attack surface measurement, intelligence gathering, OSINT research, penetration testing, security assessment

Intrigue Core provides a framework to measure the attack surface of an environment. This includes discovering infrastructure and applications, performing security research, and doing vulnerability discovery.

Intrigue also allows enriching available data and perform OSINT research (open source intelligence). The related scans include DNS subdomain brute-forcing, email harvesting, IP geolocation, port scanning, and using public search engines like Censys, Shodan, and Bing.

OSINT Framework (collection of OSINT resources)

footprinting, intelligence gathering, OSINT research, reconnaissance

The OSINT framework provides a collection of tools to gather and parse public data. The tool is web-based and makes it easy to find tools for a particular task.

OSINT-SPY (open source intelligence gathering tool)

information gathering, penetration testing, reconnaissance

OSINT-SPY is a modular tool to query information on different subjects like an IP address, domain, email address, or even Bitcoin address. This tool can be valuable during the reconnaissance phase of a penetration test. It can be used also for defenses purpose, like learning what information is publically available about your organization and its assets.

SpiderFoot (OSINT tool)

information gathering

SpiderFoot can be used offensively during penetration tests, or defensively to learn what information is available about your organization.

XRay (reconnaissance and OSINT tool)

information gathering, reconnaissance

XRay is a security tool for reconnaissance, mapping, and OSINT gathering from public networks.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.