Comparison

Top 10 OSINT (Open Source Intelligence) Software Tools 2023

List of 10 Best OSINT Tools

What Are Open Source Intelligence (OSINT) Tools?

Open-source intelligence software, abbreviated as OSINT software, are tools that allow the collection of information that is publicly available or open-source. The goal of using OSINT software is mainly to learn more about an individual or a business. 

According to former Google CEO Eric Schmidt, over 99% of the internet’s data cannot be accessed by major search engines. That includes public data that OSINT software can help you gather.

More advanced OSINT software will help you combine multiple data points in order to cross-reference information – and gain a source of truth.

Learn How OSINT can Help to Fight Fraud

OSINT means gathering publicly available data from the internet. See here how that data helps you against fraud

Read More

2 Approaches for OSINT Tools

Broadly speaking, there are two key approaches to consider when choosing your OSINT software:

  • Passive: The most common way of digging for information. An investigator will enter the data they already have into a passive OSINT tool, and gain extra information. This is akin to fishing with a wide net.
  • Active: This is a more focused way of acquiring data based on information that may be initially hidden. For instance, befriending a target’s acquaintance on Facebook to learn more about them in the long run. Going back to the fishing analogy, this is more like spearfishing. You don’t need specific software for active tactics; many tools can help your strategy.

Aside from that, any good OSINT software will help you access information that is:

  • published or broadcast (news, media, online posts, etc.)
  • available by public request (e.g. government census information)
  • available by subscription or purchase (paywalled publications, whitepapers)
  • publicly searchable (clear web)

The 10 Best OSINT Software & Tools

Maltego

Investigations via Java Graphs

Maltego is a Java application that claims to simplify and expedite your investigations. How? Thanks to its fantastic access to databases and visualization tools. 

Whether you’re in trust and safety, law enforcement, or cybersecurity, the company lets you run one-click investigations that deliver easy-to-understand results.

At the time of writing, Maltego lets you view up to one million entities on a graph, with access to 58 data sources. You can even connect your own public databases and upload data sources manually.

Once all the information is loaded in the program, you can choose from different visualization layouts, such as blocks, hierarchical, or circular, using weights and notes to adjust the graphs.

Finally, Maltego isn’t just a great tool; the company also has a fantastic collection of hand-picked resources on OSINT tools and techniques to help you get even more from the product. In fact, there is even a Maltego Foundation course you can purchase online. 

Pros

  • Great graph visualization tools
  • Multiple data viz options

Cons

  • Java application only
  • Outdated user interface (UI)

Maltego Pricing

  • Non-commercial use of the desktop application is free and includes up to 12 results per search. The Pro version costs around $1,000 per user per year. Enterprise and on-premise prices are available upon request.

Choose Maltego If

  • You need to conduct in-depth investigations frequently.

Maltego Pros

  • Great graph visualization tools
  • Multiple data viz options

Maltego Cons

  • Java application only
  • Dated UI
 

SEON

Best for Social and Digital Signal Checks

Confirming someone’s identity by checking for linked social media and online platform accounts is becoming increasingly popular for a number of good reasons:

  • It’s a high barrier of entry for fraudsters, who don’t have the time or resources to create fake profiles.
  • It’s a fantastic way to gather a user’s digital footprint.
  • It can help establish an idea of someone’s socioeconomic background, even in markets where financial information is scarce.
  • The type of social media linked to the user can reveal more about who they are.

Of course, you can manually search directly into your target network, by typing a name into LinkedIn, Facebook, or Twitter. For scalability reasons, however, it’s easier to use a specialist solution. This is where SEON shines.

 

Pros

  • Gather social media information
  • Scalable thanks to API calls
  • Real-time results
  • Data enrichment

Cons

  • Purely customer-focused

SEON Pricing

  • Starts at $599. Free version available with limited API calls.

Choose SEON If

  • You want to learn more about your customers without asking them directly.

SEON Pros

  • Gather social media information
  • Scalable thanks to API calls
  • Real-time results
  • Enrich data based on an email address, phone number, or IP address
  • Additional velocity checks, behavior checks, device fingerprinting

SEON Cons

  • It is customer-focused so it lacks some of the more forensic elements of some other entries on our list
 

Lampyre

Due Diligence and Cyberthreat Intelligence

Lampyre is a paid application designed specifically for OSINT. It’s particularly useful for due diligence, cyberthreat intelligence, crime analysis, and financial analytics. You can install it on your PC or run it online.

The key selling point of Lampyre is that it’s a one-click application. Start with single data points such as a company registration number, full name, or phone number, and Lampyre will sift through huge amounts of data to extract interesting information.

The company automatically processes 100+ regularly updated data sources, and you can access them via PC software or API calls if needed. The SaaS product is called Lighthouse, and you pay per API call.

An important point here: As with many OSINT tools, you have to perform your due diligence to check if the databases are really open source. Lampyre may automate searches, but you may still have to double-check where the information comes from, as well as who exactly it is that is sourcing it for you, as one researcher found out.

Pros

  • Great for cybersecurity
  • Gather data from 100+ sources
  • Affordable subscription

Cons

  • Not very intuitive

Lampyre Pricing

  • Lampyre is affordable, but you need to pay for a trial ($1). You can also purchase a $300 yearly version for each user. SaaS pricing is via the Lighthouse subscription, priced at $3.25-$130 per month, depending on the number of calls you make.

Choose Lampyre If

  • You are looking for a powerful tool to augment your manual investigations.

Lampyre Pros

  • Great for cybersecurity as well as due diligence
  • Gather data from 100+ sources
  • Affordable subscription or yearly purchase

Lampyre Cons

  • Lampyre and its Lighthouse SaaS aren’t the most intuitive pieces of software to use, so there is a bit of a learning curve
 

Google

Free OSINT (if You Know How to Use It)

Search engines such as Google, Bing, or DuckDuckGo are perfectly adequate free OSINT tools. That is, if you know how to use advanced filters. In short, it’s about refining your search to benefit from the indexing power of some of the best algorithms on the planet.

Over the years, talented investigators have learned how to reverse-engineer search engines. The method is called Google dorking, or Google hacking, and it uses search operators or functions to expand the capacity of the tools (it works with search engines beyond Google, too).

The method is controversial, because it may cross the line in terms of how “public” the information is. 

For instance, you may find a link to a PDF file containing a list of passwords, but downloading it may be a prosecutable offense.

Pros

  • Free
  • Limited results
  • Requires a lot of trial-and-error

Cons

  • Privacy issues

Google Pricing

  • It’s completely free (but comes with concerns about your personal data).

Choose Google If

  • You need a starting point for your investigations, but you’ll have to turn to other tools if you want more contextual insights.

Google Pros

  • The free price, obviously
  • Limited results
  • Requires a lot of trial-and-error

Google Cons

  • Privacy issues
  • May fall into a grey area when it comes to the legality of obtaining certain documents
 

Recon-ng

An Open Source OSINT Framework

Recon-ng initially started as a free and open-source script for gathering technical information about website domains. Since its creation, it has evolved into a full framework, which you can access via a command-line interface on Kali Linux, or as a web application.

Its interface is similar to Metasploitable, another computer security project designed for penetration testing, and has similar goals: to assess and identify web vulnerabilities. Its features include GeoIP lookup, DNS lookup, and port scanning, among others.

While it’s certainly one of the more technical tools featured on this list, you’ll find plenty of resources online to learn how Recon-ng can locate sensitive files such as robots.txt, identify hidden subdomains, look for SQL errors, and get information about a company’s CMS or WHOIS. 

Pros

  • Free and open-source
  • Great for cybersecurity

Cons

  • Command-line interface only
  • Only for tech-savvy investigators

Recon-ng Pricing

  • It’s free and open source – but limited in the type of information it can return for you.

Choose Recon-ng If

  • You want to find out as much as possible about a given website.
 

SpiderFoot

Cybersecurity Intelligence

SpiderFoot is an OSINT tool designed specifically for investigation professionals. It’s loved by cybersecurity intelligence experts who need to perform regular asset discovery or attack surface monitoring. SpiderFoot was acquired by Intel471 in November 2022, with the company announcing that it plans to integrate SpiderFoot’s capabilities into its solutions.

The tool can access hundreds of open data sources and monitor the results in real-time. The key difference with other OSINT tools, however, is how you can use SpiderFoot – you can choose to self-host it as a true open-source version. You can also purchase the hosted version, which is completely managed by SpiderFoot.

There are numerous advantages to the latter. For instance, you’ll get better performance, full team collaboration, and the ability to see correlations in your investigation. All the modules and third-party tools will come preinstalled and preconfigured.

Pros

  • Affordable plans
  • Team collaboration
  • Loved by intelligence experts

Cons

  • Steep learning curve

SpiderFoot Pricing

  • SpiderFoot recently removed all pricing information from its website, so there is a chance the tiered-level pricing system has changed. Please contact SpiderFoot for specifics if you are interested.

Choose SpiderFoot If

  • You want to automate your OSINT investigations.
 

Spokeo

Check US Citizen Records

When it comes to checking US citizens’ records, there are plenty of services offering more or less the same features at the same price range. You might hear of BeenVerified, Pip, or Intelius, for example. 

Spokeo offers an easy-to-use interface and the results seem to be more accurate upon testing. You can also use Spokeo as a reverse email lookup, phone lookup tool, and postal address lookup, to get info based on a single data point. 

The service is available online, and there’s even an Android app to perform searches directly from your smartphone.

You’ll be able to access billions of records such as property deeds, court records, and even historical records and social networks. 

The only downside is that it tends to be very US-centric, so if you’re looking for someone located elsewhere, you might have to use another tool.

Pros

  • Great for US-based due diligence
  • Access historical records
  • Reverse email or address lookup

Cons

  • Checks are slow
  • Not as free as it claims
  • US-centric

 

Have I Been Pwnd?

The Data Breach Go-to

We’ve previously written about how you can use an email data breach for user verification, but it’s particularly useful when looking at whether an email address exists or not. In fact, you can even infer how mature the address is depending on which data breach it’s been found in. 

Have I Been Pwned? is still the best site to quickly search for email addresses that appear in said data leaks (you can now also do the same with phone numbers). Best of all, it’s completely free. 

Pros

  • Can bulk search entire domains
  • Free for manual checks

Cons

  • Limited to phone and email checks

Have I Been Pwned? Pricing

  • $0 for manual checks. Using its API comes with a $3.5 monthly fee.

Choose Have I Been Pwned? If

  • You want a general idea of the legitimacy and age of an email address.
 

PhoneInfoga

Python-Based Phone Lookup

You may need to be rather tech-savvy to use it, but you’ll be hard-pressed to find a better open-source tool for OSINT for reverse phone lookups

The tool squeezes as much information as you can imagine from a phone number, and it works for every location worldwide. 

Note, however, that unlike with SEON’s tool, you don’t get reverse social media lookup to learn which networks the user has registered to with their phone number.

Pros

  • It’s completely free
  • Worldwide coverage

Cons

  • Steep learning curve

PhoneInfoga Pricing

  • This product is free.

Choose PhoneInfoga If

  • Your primary data is a phone number.
 

Email Hippo

MX Records Checks for Email Lookup

Email Hippo, which you can also access through VerifyEmailAddress.io, has been operating since 2009. However, it recently underwent a complete overhaul and is now far from free and open.

Instead, the solution is split into CORE, MORE, ASSESS and WHOIS, covering use cases such as data enrichment for investigations, marketing and fraud prevention.

Unfortunately, this sea change in the way the product positions itself has rendered it much more complicated to comprehend. However, the free trial does not require a credit card and lasts 14 days, which can help you figure out whether it is for you.

Pros

  • Established name in email intelligence

Cons

  • Perhaps no longer as useful to OSINT researchers

Email Hippo Pricing

  • Depends entirely on the product you choose and the frequency of payment or the number of requests sent. CORE, for instance, will set you back $9.88 a month for 1,000 checks.

Choose Email Hippo If

  • You want to verify email addresses for marketing and other purposes.
 
Block Fraudsters Instantly with SEON

SEON’s fraud APIs are highly configurable for various business use cases to match your unique business needs. Leverage the power of OSINT from 90+ sources to stop fraud and learn more about your customers.

Speak with an Expert

Why Do We Need OSINT Tools?

OSINT tools and techniques are common in cybersecurity, where they are used to identify external threads or for ethical hacking and penetration testing. 

Law enforcement agencies, private investigators, and journalists also rely on the same techniques to learn more about a crime, suspect, organization, or person of interest. 

Similarly, HR professionals can perform searches on potential candidates by conducting background checks on open-source directories.

Marketing and sales teams can use OSINT tools when they need to target a specific user, or simply check if an email address is valid.

Sadly, fraudsters and criminals can use the same tools and techniques for exploits. For instance, when building a synthetic ID, a fraudster can stitch data they have acquired from a darknet marketplace, and combine it with data acquired through public records.

In the context of fraud detection, OSINT helps make decisions relating to: 

  • accepting a transaction in a card not present (CNP) scenario
  • onboarding a new user on a platform (neobank, financial institution, iGaming)
  • accepting a withdrawal (iGaming, crypto exchanges)
  • performing a credit check for a loan (fintech, microfinancing)

Choosing the Best OSINT Tool

Open-source intelligence is a broad topic. Investigators rely on its techniques for a variety of reasons, and it’s easy to go down a rabbit hole of advanced, very technical tools. 

We hope this post offers a good primer on the best OSINT tools you can start using today, whether your aim is to find marketing leads, solve a crime, secure a website, or reduce fraud rates. 

FAQ

What is OSINT?

OSINT, short for open-source intelligence, is a process designed to gather information from public sources. These sources may be government databases, websites, or brochures, for example. To achieve this, investigators use several manual as well as automatic tools.

Who uses OSINT tools?

OSINT is a key feature of cybersecurity and criminal investigations. OSINT techniques are also used in fraud detection, trust and safety, and risk management. HR and business managers can use these tools for due diligence on potential employees or partners. Marketing teams can also rely on OSINT techniques to learn more about leads and segment users. 

Sources

Recorded Future: What Is Open Source Intelligen