Greatest Open Supply Intelligence (OSINT) Instruments in 2023



The acronym “OSINT” refers to Open Supply Intelligence software program, that are applications used to collect knowledge from open sources. OSINT instruments are primarily used to collect intelligence on a goal, whether or not an individual or an organization.

A few of the commonest OSINT instruments are listed under (in no specific order):


Maltego is a versatile open-source intelligence platform that will shorten and pace up inquiries. To facilitate extra exact analysis, it offers you entry to 58 knowledge sources, means that you can manually add knowledge, and homes databases with as many as 1 million entities. Its strong visualization options additionally permit you to select from varied codecs, similar to block, hierarchical, or round graphs, and add weights and annotations for much more nuanced evaluation.

Belief and security groups, regulation enforcement, and cybersecurity specialists could all profit from Maltego’s capacity to supply investigative findings and easy-to-understand insights with a single click on.

Intel 471

Intel 471 is a free and open-source OSINT reconnaissance instrument that will gather and look at varied data, similar to IP addresses, CIDR ranges, domains and subdomains, ASNs, e-mail addresses, cellphone numbers, names and usernames, and even Bitcoin addresses.

Intel 471 has over 200 modules that may perform probably the most intensive operations and reveal essential info about any goal. It presents each a command-line interface and an embedded net server geared up with a user-friendly GUI interface, each out there on GitHub.

It’s possible you’ll use it to see whether or not any safety holes exist in your organization on account of uncovered knowledge. As an entire, it’s a formidable cyber intelligence instrument with the flexibility to disclose beforehand unknown details about probably hazardous web organizations.

OSINT Framework

The Open Supply Intelligence (OSINT) Framework is a wonderful instrument. It’s extra handy than independently investigating each utility and gear out there because it comprises every thing from knowledge sources to helpful connections to profitable instruments.

This listing isn’t restricted to Linux; it additionally has alternate options for different OSes, making it a common useful resource. In truth, having such well-organized sources is extra useful than ever earlier than; the one problem is devising an environment friendly search method that narrows down outcomes like automotive registration or e-mail addresses. The Open Supply Intelligence (OSINT) Framework is turning into a go-to instrument for gathering intelligence and organizing knowledge.


Utilizing an individual’s social media and different on-line accounts to show their identification is turning into extra widespread in at this time’s digital financial system. To confirm digital identities, SEON has taken the lead.

Your organization could have entry to over 50 social alerts that mix to kind an intensive danger evaluation utilizing its e-mail and cellphone quantity methods. Not solely do these alerts confirm a buyer’s e-mail handle or cellphone quantity, however in addition they glean further details about the client’s on-line conduct.

Along with its ease of use and accessibility, SEON permits organizations to implement queries instantly, through an API, and even via a Google Chrome plugin.


Lampyre is OSINT-focused premium software program that helps with issues like due diligence, cyber menace intelligence, felony investigation, and monetary analytics in an efficient manner. It’s possible you’ll set up it in your laptop with a single click on or use it in your browser.

Lampyre can mechanically analyze 100+ incessantly up to date knowledge sources starting with a single knowledge level, similar to a agency registration quantity, full title, or cellphone quantity.

It’s possible you’ll use both a downloadable program on your laptop or an utility programming interface (API) to get the data. Lampyre’s SaaS product providing, Lighthouse, permits clients to pay per API name for a whole platform to watch dangers and analyze threats.

Google – Free OSINT (If You Know The way to Use It)

Free and efficient OSINT instruments embrace Google serps and others like Bing and DuckDuckGo. In fact, that’s assuming you’ve some familiarity with subtle filtering methods. This implies honing your search such that probably the most related outcomes are returned utilizing probably the most superior indexing algorithms.

Expert sleuths have found out the way to “reverse-engineer” serps all through the years. Google Dorking (also referred to as Google hacking) makes use of particular search operators or capabilities to drastically improve the effectiveness of Google’s sources (it really works with serps past Google, too).


In its inception, Recon-ng was launched as open-source and free software program for analyzing web site domains’ infrastructure. It has grown right into a complete framework since its inception and is now out there as a command-line interface for Kali Linux and an internet utility.

Its major goal is identical as that of Metasploitable, one other penetration testing software program program, and the 2 applications have a placing resemblance of their person interfaces. It has many helpful instruments, similar to port scanning, DNS search, and GeoIP lookup.

Recon-ng is among the extra subtle instruments on our listing. Nonetheless, a wealth of fabric is accessible on-line that will help you learn to use it to uncover delicate recordsdata like robots.txt, uncover hidden subdomains, detect SQL points, and uncover a enterprise’s content material administration system (CMS) and WHOIS.

Spokeo – Test US Citizen Information

Spokeo has a user-friendly design, and preliminary testing signifies that its findings are extra dependable. Spokeo’s versatility extends to its utilization as a reverse e-mail search, reverse cellphone lookup, and reverse handle lookup instrument.

The billions of paperwork out there embrace property deeds, judicial information, and even historical past information and social networks. The service can be utilized on-line, and there may be additionally an Android app for doing searches. The primary disadvantage is that it largely focuses on the USA, so it’s possible you’ll must strive one other useful resource should you’re in search of somebody in a special nation.


You’d be hard-pressed to discover a higher open-source program for OSINT for cellphone quantity lookups, albeit it does want a good quantity of technical know-how to make the most of. The know-how is common and might extract as a lot knowledge as attainable from a cellphone quantity in any nation.

In distinction to SEON’s service, nevertheless, you can not do a reverse social media search to find which networks an individual has signed up for utilizing a sure cellphone quantity.

E-mail Hippo

E-mail Hippo has been round since 2009; it’s accessible via Regardless of this, it has currently undergone vital modifications and is now not out there to the general public. Information enrichment for investigations, advertising and marketing, and fraud safety are simply a number of the use instances catered to by the answer’s division into CORE, MORE, ASSESS, and WHOIS.

Sadly, the product’s positioning has dramatically shifted, making it more durable to grasp. The free trial lasts solely 14 days and doesn’t want a bank card, however that’s loads of time to resolve whether or not it’s best for you.


Shodan is a complicated search engine that gives prompt visibility into an organization’s IT infrastructure. By coming into an organization’s title, customers could get a categorized listing of their IoT gadgets, organized by community or IP handle, together with details about their whereabouts, configuration settings, and any safety holes.

Shodan’s cutting-edge software program toolsets additionally enable for in-depth analysis of the OS, open ports, net server kind, and design language utilized by an organization’s workers.


Professionals within the subject of knowledge safety make the most of Aircrack-ng, a strong and complete safety penetration testing instrument, to test the safety of wi-fi networks. Body seize, WEP IV assortment, and entry level location monitoring via GPS are simply a number of the monitoring knowledge that may be gathered with this program.

If you wish to know what weaknesses a wi-fi community has earlier than you attempt to assault it, Aircrack-ng is a must have instrument. Furthermore, it may well undertake token injection assaults, pretend entry level assaults, and replay assaults to evaluate community safety and look at efficiency. In the end, it may well break WEP and WPA PSK passwords (WPA 1 and a pair of).

Its adaptability to many working methods, together with Home windows, OS X, and FreeBSD, is a major power of this utility, which was initially designed for Linux. Furthermore, its command line interface (CLI) capabilities present further flexibility. This permits extra skilled customers to rapidly and easily construct scripts to additional customise the instrument to satisfy their particular wants.


BuiltWith is an impressively highly effective web site detective that exposes the know-how stack, frameworks, plugins, and different particulars behind well-known web sites. It’s a great useful resource for anyone contemplating utilizing comparable know-how on their web sites.

BuiltWith additionally features a listing of JavaScript and CSS libraries {that a} web site could also be employed, providing you with much more particular data on the construction of these web sites. So, BuiltWith is useful for casual analysis and conducting reconnaissance on behalf of enterprises or organizations in search of to be taught the interior workings of assorted web sites. Mix BuiltWith with an internet site safety scanner like WPScan, which is designed to search out probably the most frequent vulnerabilities affecting an internet site for optimum safety.


Metagoofil is a free, open-source program on GitHub that will extract data from many public paperwork, similar to PDFs, Phrase paperwork, PowerPoint displays, and Excel spreadsheets. It’s a powerful search engine, so it may well discover all kinds of useful data, together with which customers have entry to which public papers and their true identities, in addition to the server that shops these paperwork and the way to get there.

Wayback Machine

Once you use the Wayback Machine, it’s possible you’ll entry a digital archive of the web and the world broad net. It’s maintained to take periodic screenshots of net pages and save them for additional reference. It does a spidery factor over the online, visiting totally different websites and taking screenshots in order that the online could also be archived for posterity. A webpage snapshot could also be added to the archive for future reference.

Along with being utterly free, utilizing the Wayback Machine is a breeze. Round 699 billion net pages have been archived by this open-source intelligence-gathering know-how. Utilizing the given timeline, calendar, and time stamps, it’s possible you’ll search based mostly on a sure date by coming into the URL of the specified web site. This can be a screenshot of the MakeUseOf homepage from April 6, 2007.


Spyse is the “largest thorough web belongings registry” for cyber safety analysts. Spyse is an information assortment instrument a number of organizations use, together with Open Internet Utility Safety Undertaking (OWASP), IntelligenceX, and Intel 471. The Spyse engine then examines this data to determine potential safety threats and set up relationships between the organizations concerned.

Nonetheless, paying subscriptions could also be obligatory for builders who need to create purposes that use the Sypse API (regardless of the supply of a free plan).


Troy Hunt’s Have I Been Pwned is a service that enables customers to see whether or not their private data, similar to e-mail addresses and cellphone numbers, has been uncovered on-line on account of a hacking incident. To test whether or not your username, password, or cellphone quantity has been hacked, all you must do is enter that data into the web site’s search field.

Intelligence X

Intelligence X is the first-of-its-kind archiving service and search engine of its kind, preserving archived copies of net pages and full leaked knowledge units that may in any other case be erased off the online for causes of objectionable content material or authorized grounds. Though this may increasingly appear to be the work of the Web Archive’s Wayback Machine, there are necessary variations within the form of materials that Intelligence X goals to archive. Intelligence X will archive any knowledge set, regardless of how contentious it might be.

Some darkish net customers could concentrate on one of the best locations to hunt for sure data, however for others who’re simply getting began, could also be a useful useful resource. DarkSearch, like one other darkish net search engine referred to as Ahmia, is free and has an API for doing automated searches.

Don’t neglect to affix our 16k+ ML SubRedditDiscord Channel, and E-mail Publication, the place we share the most recent AI analysis information, cool AI tasks, and extra. When you’ve got any questions relating to the above article or if we missed something, be at liberty to e-mail us at [email protected]

Prathamesh Ingle is a Mechanical Engineer and works as a Information Analyst. He’s additionally an AI practitioner and authorized Information Scientist with an curiosity in purposes of AI. He’s smitten by exploring new applied sciences and developments with their real-life purposes