Reconnaissance and OSINT
105 tools found
Chiasmodon
OSINT tool to gather data from domains, apps, IPs, emails, organizations, and URL
Social Analyzer
Finds and analyzes user profiles on 1000+ sites with confidence-based detection scoring.
Oblivion
Monitors real-time data leaks and alerts if user credentials have been exposed.
GIT Wild Hunt
Hunts for exposed credentials on GitHub to aid OSINT and leak-hunting activities.
PIDRILA
Fast async web path scanner focused on deepweb link analysis for ethical netstalkers.
Exif GPS Tracer
Python script to extract geolocation from images, outputs to CSV and Google Maps HTML.
InfraChart
InfraChart maps and visualizes attack surfaces using graphs during penetration testing.
ProtOSINT
Python script to investigate ProtonMail accounts and ProtonVPN IP addresses.
Token-Hunter
Collect OSINT from GitLab groups and scan for sensitive data in GitLab assets.
MetaFinder
Searches domain documents via search engines to extract relevant metadata.
AAweRT
Recon framework automating phases of info gathering and vulnerability assessment, with organized session folders for each run.
AlterX
Fast, customizable subdomain wordlist generator using Domain-Specific Language (DSL).
uncover
Go wrapper using search engine APIs to discover exposed hosts on the internet for automation.
OSINT Tools
Find subdomains online using 9 hosted tools like Sublist3r, Amass, Findomain, and more.
getallurls
Fetches known URLs for a domain from OTX, Wayback, Common Crawl, and URLScan.
cdncheck
Identifies technologies linked to DNS/IP addresses for infrastructure reconnaissance.
shuffledns
Massdns wrapper for subdomain bruteforce and resolution with wildcard handling support.
Awesome Search Queries
Community-driven list of OSINT queries for multiple search engines and research purposes.
fff
Fast URL fetcher sending parallel requests at intervals without waiting for responses.
waybackurls
Fetches historical URLs for domains from the Wayback Machine for surface analysis.
httprobe
Probes a list of domains to identify which have active HTTP or HTTPS servers.
dishtance
Calculates the location where a photo/video with a satellite dish was taken.
Photon
Extracts URLs, intel (emails, social media), files, secret keys, and DNS data during crawling.
Wappalyzer Next
CLI tool and Python library for web technology detection using updated fingerprints.
