Best Top 15 OSINT Tools With Their use and all information about that tools | Cyber Stock


OSINT, or open source intelligence, is the practice of collecting information from published or otherwise publicly available sources. OSINT operations, whether practiced by IT security pros, malicious hackers, or state-sanctioned intelligence operatives, use advanced techniques to search through the vast haystack of visible data to find the needles they’re looking for to achieve their goals — and learn information that many don’t realize is public. Open source in this context doesn’t refer to the open source software movement, although many OSINT tools are open source; instead, it describes the public nature of the data being analyzed


While OSINT FRAMEWORK isn’t a tool to be run on your servers, it’s a very useful way to get valuable information by querying free search engines, resources, and tools publicly available on the Internet. They are focused on bringing the best links to valuable sources of OSINT data. While this web application was originally created focused on IT security, with the time it has evolved and today you can get other kinds of information from other industries as well. Most of the websites it uses to query the information are free, but some may require paying a low fee.

                                  OSINT Framework

2. CheckUserNames

CheckUserNames is an online OSINT tool that can help you to find usernames across over 170 social networks. This is especially useful if you are running an investigation to determine the usage of the same username on different social networks. 

” It can be also used to check for brand company names, not only individuals. “

3. HaveIbeenPwned

HaveIbeenPwned can help you to check if your account has been compromised in the past. This site was developed by Troy Hunt, one of the most respected IT security professionals of this market, and it’s been serving accurate reports since years.

If you suspect your account has been compromised, or want to verify for 3rd party compromises on external accounts, this is the perfect tool. It can track down web compromise from many sources like Gmail, Hotmail, Yahoo accounts, as well as LastFM, Kickstarter,, Linkedin and many other popular websites.

Once you introduce your email address, the results will be displayed, showing something like:

4. BeenVerified

BeenVerified is another similar tool that is used when you need to search people on public internet records. It can be pretty useful to get more valuable information about any person in the world when you are conducting an IT security investigation and a target is an unknown person.

After done, the results page will be displayed with all the people that match the person’s name, along with their details, geographic location, phone number, etc. Once found, you can build your own reports.

The amazing thing about BeenVerified it’s that it also includes information about criminal records and official government information as well.

BeenVerified background reports may include information from multiple databases, bankruptcy records, career history, social media profiles and even online photos.

5. Censys

Censys is a wonderful search engine used to get the latest and most accurate information about any device connected to the internet, it can be servers or domain names.

You will be able to find full geographic and technical details about 80 and 443 ports running on any server, as well as HTTP/S body content & GET response of the target website, Chrome TLS Handshake, full SSL Certificate Chain information, and WHOIS information.

6. BuiltWith

BuiltWith is a cool way to detect which technologies are used at any website on the internet.

It includes full detailed information about CMS used like WordPress, Joomla, Drupal, etc, as well as full depth Javascript and CSS libraries like jquery, bootstrap/foundation, external fonts, web server type (Nginx, Apache, IIS, etc), SSL provider as well as web hosting provider used.

BuiltWith also lets you find which are the most popular technologies running right now, or which ones are becoming trending.

Without any doubt, it is a very good open source intelligence tool to gather all the possible technical details about any website.

7. Google Dorks

While investigating people or companies, a lot of IT security newbies forget the importance of using traditional search engines for recon and intel gathering.

In this case, GOOGLE DORKS can be your best friend. They have been there since 2002 and can help you a lot in your intel reconnaissance.

Google Dorks are simply ways to query Google against certain information that may be useful for your security investigation.

Search engines index a lot of information about almost anything on the internet, including individual, companies, and their data.

Some popular operators used to perform Google Dorking:

~ Filetype: you can use this dork to find any kind of filetypes.

~ Ext: can help you to find files with specific extensions (eg. .txt, .log, etc).

~ Intent: can perform queries helps to search for specific text inside any page.

~ Intitle: it will search for any specific words inside the page title.

~ Inurl: will look out for mentioned words inside the URL of any website.

~ Log files aren’t supposed to be indexed by search engines, however, they do, and you can get valuable information from these Google Dorks, as you see below:

                                                     Google Dorks

8. Maltego

Is an amazing tool to track down footprints of any target you need to match. This piece of software has been developed by Paterva, and it’s part of the Kali Linux distribution.

Using Maltego will allow you to launch reconnaissance testes against specific targets.

One of the best things this software includes is what they call ‘transforms’. Transforms are available for free in some cases, and on others, you will find commercial versions only. They will help you to run a different kind of tests and data integration with external applications.

In order to use Maltego you need to open a free account on their website, after that, you can launch a new machine or run transforms on the target from an existing one. Once you have chosen your transforms, Maltego app will start running all the transforms from Maltego servers.

Finally, Maltego will show you the results for the specified target, like IP, domains, AS numbers, and much more.

9. Recon-Ng

Recon-ng comes already built in the Kali Linux distribution and is another great tool used to perform quickly and thoroughly reconnaissance on remote targets.

This web reconnaissance framework was written in Python and includes many modules, convenience functions and interactive help to guide you on how to use it properly.

The simple command-based interface allows you to run common operations like interacting with a database, run web requests, manage API keys or standardizing output content.

Fetching information about any target is pretty easy and can be done within seconds after installing. It includes interesting modules like google_site_web and bing_domain_web that can be used to find valuable information about the target domains.

While some recon-ng modules are pretty passive as they never hit the target network, others can launch interesting stuff right against the remote host.

10. TheHarvester

TheHarvester is another great alternative to fetch valuable information about any subdomain names, virtual hosts, open ports and email address of any company/website.

This is especially useful when you are in the first steps of a penetration test against your own local network, or against 3rd party authorized networks. Same as previous tools, theHarvester is included inside Kali Linux distro.

TheHarvester uses many resources to fetch the data like PGP key servers, Bing, Baidu, Yahoo and Google search engine, and also social networks like Linkedin, Twitter and Google Plus.

It can also be used to launch active penetration test like DNS brute force based on dictionary attack, rDNS lookups and DNS TLD expansion using dictionary brute force enumeration.

11. Shodan

Shodan is a network security monitor and search engine focused on the deep web & the internet of things. It was created by John Matherly in 2009 to keep track of publicly accessible computers inside any network.

It is often called the ‘search engine for hackers’, as it lets you find and explore a different kind of devices connected to a network like servers, routers, webcams, and more.

Shodan is pretty much like Google, but instead of showing you fancy images and rich content / informative websites, it will show you things that are more related to the interest of IT security researchers like SSH, FTP, SNMP, Telnet, RTSP, IMAP and HTTP server banners and public information. Results will be shown ordered by country, operating system, network, and ports.

Shodan users are not only able to reach servers, webcams, and routers. It can be used to scan almost anything that is connected to the internet, including but not limited to traffic lights systems, home heating systems, water park control panels, water plants, nuclear power plants, and much more.

12. Jigsaw

Jigsaw is used to gather information about any company employees. This tool works perfectly for companies like Google, Linkedin, or Microsoft, where we can just pick up one of their domain names (like, and then gather all their employee’s emails on the different company departments.

The only drawback is that these queries are launched against Jigsaw database located at, so, we depend entirely on what information they allow us to explore inside their database. You will be able to find information about big companies, but if you are exploring a not so famous startup then you may be out of luck.

13. SpiderFoot

SpiderFoot is one of the best reconnaissance tools out there if you want to automate OSINT and have fast results for reconnaissance, threat intelligence, and perimeter monitoring.This recon tool can help you to launch queries over  Lakhs of public data sources to gather intelligence on generic names, domain names, email addresses, and IP addresses.

Using Spiderfoot is pretty much easy, just specify the target, choose which modules you want to run, and Spiderfoot will do the hard job for you collecting all the intel data from the modules.

14. Creepy

Creepy is a geo-location OSINT tool for infosec professionals. It offers the ability to get full geolocation data from any individuals by querying social networking platforms like Twitter, Flickr, Facebook, etc.

If anyone uploads an image to any of these social networks with geolocation feature activated, then you will be able to see a full active live where this person has been.

You will be able to filter based on exact locations, or even by date. After that, you can export the results in CSV or KML format.

15. Nmap

Nmap is one of the most popular and widely used security auditing tools, its name means “Network Mapper”. Is a free and open source utility utilized for security auditing and network exploration across local and remote hosts.

Some of the main features include:

~ Host detection: Nmap has the ability to identify hosts inside any network that have certain ports open, or that can send a response to ICMP and TCP packets.

~ IP and DNS information detection: including device type, Mac addresses and even reverse DNS names.

~ Port detection: Nmap can detect any port open on the target network, and let you know the possible running services on it.

~ OS detection: get full OS version detection and hardware specifications of any host connected.

~ Version detection: Nmap is also able to get application name and version number.


For more visit our


Backup ChannelHttps://


Leave a Comment