25 open-source intelligence (OSINT) tools used in cybersecurity

25 open-source intelligence (OSINT) tools used in cybersecurity
Photo by ThisisEngineering / Unsplash
Categories of Tools for Cybersecurity and OSINT Assessments
Cybersecurity and Open-Source Intelligence (OSINT) are essential fields in today’s digital landscape, requiring various tools to gather information, analyze data, and identify vulnerabilities. These tools can be broadly categorized based on their functionality and specific use cases. Below is an exploration of different tool categories used in cybersecurity and

1. CheckUserNames

  • Description: CheckUserNames is a tool that allows users to check the availability of a username across multiple social media platforms and websites. It helps in identifying all possible accounts associated with a particular username, which is useful for digital forensics and profiling.
  • URL: CheckUserNames

2. HaveIBeenPwned

  • Description: HaveIBeenPwned is a service that checks if your email address or phone number has been compromised in a data breach. It maintains a database of breached accounts and allows users to search for their data exposure.
  • URL: HaveIBeenPwned

3. BeenVerified

  • Description: BeenVerified is a people search and background check service that aggregates publicly available data from multiple sources to provide information on individuals, including social media profiles, criminal records, and contact details.
  • URL: BeenVerified

4. OSINT Framework

  • Description: OSINT Framework is a collection of OSINT tools and resources organized by category to assist in finding free information for cybersecurity investigations. It is not a tool itself but a resource that helps in locating OSINT tools for specific needs.
  • URL: OSINT Framework

5. Censys

  • Description: Censys is a search engine for internet-connected devices, allowing users to discover devices and networks exposed to the public internet. It collects and analyzes data about all internet devices and services.
  • URL: Censys

6. BuiltWith

  • Description: BuiltWith is a website profiling tool that provides detailed information about the technologies used by a website, including web servers, hosting providers, CMS platforms, analytics, and more. It helps in assessing a target’s technology stack.
  • URL: BuiltWith

7. Google Dorks

  • Description: Google Dorks refers to using advanced search operators in Google Search to find sensitive data or security vulnerabilities. It's often used for finding exposed databases, sensitive documents, and misconfigured websites.
  • URL: Google Dorks Guide

8. Maltego

  • Description: Maltego is a data visualization and link analysis tool that helps in gathering and connecting information from various online sources. It’s widely used for mapping and analyzing the relationships between entities, such as people, organizations, domains, and IP addresses.
  • URL: Maltego

9. Recon-Ng

  • Description: Recon-Ng is a web reconnaissance framework designed to perform automated information gathering. It provides a modular environment for collecting and analyzing data from different sources, including DNS lookups, WHOIS information, and social media profiles.
  • URL: Recon-Ng GitHub

10. theHarvester

  • Description: theHarvester is a tool designed to gather emails, subdomains, IPs, and URLs from various public sources, including search engines, social media, and PGP key servers. It's widely used for OSINT in penetration testing and reconnaissance.
  • URL: theHarvester GitHub

11. Shodan

  • Description: Shodan is a search engine that allows users to find specific types of devices connected to the internet. It’s used for security research to identify and analyze potentially vulnerable or misconfigured devices.
  • URL: Shodan

12. Jigsaw (Google)

  • Description: Jigsaw is a unit within Google that focuses on developing tools and technologies to protect against online threats like censorship, disinformation, and digital attacks. Jigsaw's tools are aimed at journalists, activists, and users in high-risk areas.
  • URL: Jigsaw

13. SpiderFoot

  • Description: SpiderFoot is an OSINT automation tool that helps gather data from over 100 public sources. It collects data like domain names, IP addresses, emails, and social media profiles to provide a comprehensive digital footprint of a target.
  • URL: SpiderFoot

14. Creepy

  • Description: Creepy is a geolocation tool that extracts geolocation information from various social networking platforms and image-sharing sites. It’s useful for tracking a person’s location history based on the data shared publicly online.
  • URL: Creepy GitHub

15. Nmap

  • Description: Nmap (Network Mapper) is a powerful network scanning tool used for network discovery and security auditing. It identifies open ports, running services, and potential vulnerabilities on a target network.
  • URL: Nmap

16. WebShag

  • Description: WebShag is a web server audit tool that performs web page analysis, scans for web application vulnerabilities, and can be used for penetration testing purposes. It’s particularly useful for discovering hidden directories and resources on web servers.
  • URL: WebShag GitHub

17. OpenVAS

  • Description: OpenVAS (Open Vulnerability Assessment System) is an open-source vulnerability scanner that helps organizations identify security issues in their networks and applications. It’s widely used for vulnerability assessments.
  • URL: OpenVAS

18. Fierce

  • Description: Fierce is a network reconnaissance tool used to locate non-contiguous IP space and hostnames on a target network. It’s effective for discovering possible entry points or assets within a target’s infrastructure.
  • URL: Fierce GitHub

19. Unicornscan

  • Description: Unicornscan is a network reconnaissance tool designed for information gathering and profiling activities, especially in large-scale network scans. It can detect open ports, services, and operating systems.
  • URL: Unicornscan GitHub

20. FOCA (Fingerprinting Organizations with Collected Archives)

  • Description: FOCA is a tool used for extracting metadata from public documents. It helps identify sensitive information such as usernames, software versions, and server information, which can be useful for social engineering and network attacks.
  • URL: FOCA GitHub

21. ZoomEye

  • Description: ZoomEye is a search engine for finding internet-connected devices and discovering vulnerabilities. It indexes data about exposed devices and services, helping researchers and organizations identify weak points in their infrastructure.
  • URL: ZoomEye

22. Spyse

  • Description: Spyse is an internet-wide search engine that provides comprehensive data on domains, IPs, SSL certificates, open ports, and vulnerabilities, allowing users to assess the security posture of their targets.
  • URL: Spyse

23. IVRE (IVRE Reconnaissance and Vulnerability Explorer)

  • Description: IVRE is an open-source network reconnaissance framework that provides tools for scanning, vulnerability detection, and visualizing the data for comprehensive network analysis.
  • URL: IVRE GitHub

24. Metagoofil

  • Description: Metagoofil is a metadata extraction tool that searches public documents, such as PDFs, Word, and Excel files, on a target domain and extracts metadata like usernames, paths, and software versions.
  • URL: Metagoofil GitHub

25. ExifTool

  • Description: ExifTool is a powerful utility for reading, writing, and editing metadata in image, video, and document files. It can extract metadata that can reveal sensitive information, such as GPS location, camera settings, and file creation details.
  • URL: ExifTool

These tools provide a comprehensive set of capabilities for OSINT investigations, from discovering exposed data and devices to analyzing metadata and assessing vulnerabilities.

12 open-source threat-hunting tools
Categories of Tools for Cybersecurity and OSINT AssessmentsCybersecurity and Open-Source Intelligence (OSINT) are essential fields in today’s digital landscape, requiring various tools to gather information, analyze data, and identify vulnerabilities. These tools can be broadly categorized based on their functionality and specific use cases. Below is an exploration of

Additional OSINT and Cybersecurity Tools:

  1. Amass
    • Description: Amass is an advanced open-source tool designed for in-depth DNS enumeration, subdomain discovery, and asset mapping. It leverages various techniques such as scraping, recursive brute-forcing, and analyzing passive data sources to provide comprehensive information about an organization's external footprint.
    • URL: Amass GitHub
  2. Datasploit
    • Description: Datasploit is an OSINT tool that consolidates various techniques to gather relevant information about a target. It performs data collection from multiple open-source sources, including domain names, emails, usernames, and phone numbers, to identify vulnerabilities or potential attack vectors.
    • URL: Datasploit GitHub
  3. Photon
    • Description: Photon is a lightning-fast web crawler that extracts information like URLs, email addresses, secret files, and endpoints from websites. It helps identify the attack surface of a target by collecting sensitive data exposed on the web.
    • URL: Photon GitHub
  4. Sublist3r
    • Description: Sublist3r is a tool designed for enumerating subdomains of websites using OSINT. It helps security researchers and penetration testers collect and gather subdomains for a target domain, enhancing the visibility of all possible attack surfaces.
    • URL: Sublist3r GitHub
  5. ReconDog
    • Description: ReconDog is a lightweight and fast information-gathering tool with multiple automated functionalities. It is particularly useful for quick reconnaissance, combining several OSINT tools and scripts into one.
    • URL: ReconDog GitHub
  6. OSRFramework
    • Description: OSRFramework is an OSINT toolset that can be used to perform username enumeration, DNS lookups, and domain monitoring. It supports multiple services and platforms, making it versatile for different types of OSINT investigations.
    • URL: OSRFramework GitHub
  7. FOFA (Fingerprint of All)
    • Description: FOFA is an advanced search engine for the cybersecurity field, similar to Shodan and ZoomEye. It indexes devices and networks exposed to the internet and allows users to query for specific devices, vulnerabilities, and services.
    • URL: FOFA
  8. Wayback Machine
    • Description: The Wayback Machine is an internet archive that provides access to billions of archived web pages. It is valuable for OSINT investigations to view historical versions of websites, analyze content changes, and recover deleted data.
    • URL: Wayback Machine
  9. ReconBot
    • Description: ReconBot is a tool that assists in domain name enumeration, scanning websites for exposed information, and finding potential security risks through automated scans.
    • URL: ReconBot GitHub
  10. URLScan.io
    • Description: URLScan.io is an online service that scans and analyzes websites for security risks, malicious content, and vulnerabilities. It provides detailed insights into the URL structure, external requests, and page content, making it useful for identifying potential threats.
    • URL: URLScan.io
  11. Cortex
    • Description: Cortex is an open-source tool used for analyzing and enriching data collected during investigations. It can automate data collection, querying, and threat intelligence enrichment, making it suitable for incident response teams and threat hunters.
    • URL: Cortex GitHub
  12. Sherlock
    • Description: Sherlock is an OSINT tool that finds usernames across social networks. It takes a username and checks its availability on over 300 social media platforms, which can be useful for profiling and identity verification.
    • URL: Sherlock GitHub

These tools complement the ones you provided earlier and are widely used in cybersecurity and OSINT investigations. Each of these additional tools serves a specific purpose, from subdomain enumeration to metadata extraction, which can significantly aid in gathering intelligence and identifying potential vulnerabilities.

Read more

Cybersecurity Insurance vs. Cybersecurity Warranties: Navigating New Solutions for Risk Management

Cybersecurity Insurance vs. Cybersecurity Warranties: Navigating New Solutions for Risk Management

As the cyber threat landscape continues to evolve, businesses have increasingly looked for ways to manage the financial risks associated with data breaches, ransomware, and other cybersecurity incidents. Traditionally, cybersecurity insurance has been the go-to solution, offering businesses financial coverage in the event of a cyberattack. However, in recent years,

By Security Careers