Most people leave a lot of traces in the digital world. Some of these traces are easy to find, especially when using social media like Facebook or Twitter. Others require a little bit more research. This is where OSINT tools come in.
Open source intelligence tools, or OSINT, gather data from public resources. Open source refers to the public availability of the information. Typical sources include social media, forums, and comments on websites. Together they can provide valuable information about a particular subject.
OSINT tools come in a wide variety, like typical other open source tools. Some are well-maintained, where others are one-time creations by their author. Depending on the type of information and data artifacts you are looking for, it is common to combine multiple tools. Sometimes it may be needed to use multiple tools to enrich the extracted data as much as possible.
OSINT tools are typically used for OSINT research, information gathering, intelligence gathering.
Users for these tools include forensic specialists and security professionals.
Popular OSINT tools
DataSploit (OSINT framework)
OSINT research, information gathering, security monitoring
DataSploit is a framework to perform intelligence gathering to discover credentials, domain information, and other information related to the target. It uses various reconnaissance techniques on companies, people, phone numbers, and even cryptocoin technology. It allows aggregating all raw data and return it in multiple formats.
GasMask (open source intelligence gathering tool)
GasMask is an open source intelligence gathering tool (OSINT). It can be used to discover more information about a particular target. The sources it uses include search engines like Bing, Google, and Yandex. Additionally it retrieves information from GitHub, YouTube, and social media platforms like Twitter.
Gitem (GitHub organization reconnaissance tool)
information gathering, security assessment, security monitoring, self-assessment
Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.
Intrigue Core (attack surface discovery)
OSINT research, asset discovery, attack surface measurement, intelligence gathering, penetration testing, security assessment
Intrigue Core provides a framework to measure the attack surface of an environment. This includes discovering infrastructure and applications, performing security research, and doing vulnerability discovery.
Intrigue also allows enriching available data and perform OSINT research (open source intelligence). The related scans include DNS subdomain brute-forcing, email harvesting, IP geolocation, port scanning, and using public search engines like Censys, Shodan, and Bing.
OSINT Framework (collection of OSINT resources)
OSINT research, footprinting, intelligence gathering, reconnaissance
The OSINT framework provides a collection of tools to gather and parse public data. The tool is web-based and makes it easy to find tools for a particular task.
OSINT-SPY (open source intelligence gathering tool)
information gathering, penetration testing, reconnaissance
OSINT-SPY is a modular tool to query information on different subjects like an IP address, domain, email address, or even Bitcoin address. This tool can be valuable during the reconnaissance phase of a penetration test. It can be used also for defenses purpose, like learning what information is publically available about your organization and its assets.
SpiderFoot (OSINT tool)
SpiderFoot can be used offensively during penetration tests, or defensively to learn what information is available about your organization.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.