OSINT

Open-source    

Create attack surface maps of subdomains with pre-compiled binaries

Free    

A digital archive providing historical snapshots of websites and other media for OSINT and research purposes

Open-source    

Revived and enhanced DNS reconnaissance and enumeration tool, offering subdomain brute-forcing, email harvesting, and metadata analysis

Commercial   Free    

Web technology profiler used for OSINT, competitive analysis, and cyber reconnaissance

Commercial    

Subdomain scanning tool

Free    

Brazilian OSINT tool listing

Commercial   Free    

Threat intelligence and mapping platform

Open-source    

Geolocation gathering via social media platforms

Free    

Certificate Transparency log search engine for discovering issued SSL/TLS certificates

Open-source    

OSINT framework based around corporate espionage

Commercial    

Network traffic interception and analysis for Mac

Open-source    

Command line tool to brute force directories and files

Open-source    

This tool generates a combination of domain names from the provided input

Free    

Curated collection of open-source intelligence tools and resources, organized for targeted investigations across various domains

Open-source    

A graphical network monitor for Unix with graphic network activity display

Open-source    

Getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl

Free   Commercial    

OSINT search engine and data archive indexing darknet, leaks, and public records

Open-source    

A python script to parse relative URLs from JavaScript files

Commercial    

Open-source intelligence and graphical link analysis tool for gathering and connecting information for intelligence and forensics.

Open-source    

Metadata harvester with email extraction functions

Free   Commercial        

Email and network diagnostic platform offering tools for blacklist monitoring, DNS lookups, and email deliverability analysis

Open-source    

A networking tool for reading and writing data across networks

Commercial    

Network configuration & audit tool for internal teams

Open-source    

Community-driven repository compiling OSINT tools and resources categorized by country, facilitating targeted open-source investigations

Open-source    

Security testing data repository

Commercial   Free    

Search for Internet-connected devices

Free    

Service by Qualys that performs deep analysis of SSL/TLS configurations for public web servers

Open-source    

A subdomain discovery tool that discovers valid subdomains for websites by using passive online sources

Open-souce    

Fast subdomain enumeration tool that uses OSINT sources and brute-force techniques to aid hunters in mapping domain footprints

Open-source    

Harvest E-mail, subdomain and names via OSINT

Open-source    

Analyze URLs and estimate entropies to find URLs that might be vulnerable to attack

Open-source    

Accept line-delimited domains on stdin, fetch URLs from the Wayback Machine for *.domain and output them on stdout

Open-Source    

Open-source website analysis tool to identify potential vulnerabilities and security misconfigurations

Free    

Curated collection of open-source intelligence tools and resources, organized for targeted investigations across various domains

Open-source    

Recon, mapping, OSINT for public networks

Commercial    

Network component search engine