10 Free OSINT Tools for Beginners and Pros

Written By rae baker

A Comprehensive Review

Open Source Intelligence (OSINT) is a powerful approach to gathering information from publicly available sources. Whether you're a seasoned analyst or just entering the world of OSINT, having the right tools is crucial. In my book Deep Dive, I explore the role tools play in data gathering and emphasize that while tools are important, we shouldn't overlook the value of creativity and critical thinking. However, in this blog, I'll walk you through ten of what I consider the best free OSINT tools, how to use them, and their real-world applications.

1. Google Dorks

Overview: Google Dorks utilize advanced search operators to find specific information on websites that isn't easily accessible through a typical search. It helps the user to parse through tons of search results to narrow the focus to just what they need to find.

How to Use: Use operators like "site:", "filetype:", and "intitle:" to refine your search.
For example, "site.com filetype" will find all PDF files on a specific domain. Lists of these operators can be found across the internet but also Google provides and easy to fill out form with dropdowns and explanations on their Advanced Search page.

Real-World Application: Ideal for uncovering exposed documents, hidden pages, and sensitive information accidentally published on the open web.

2. Search Engine Image Search (Reverse Image Search and OCR)

Overview: Reverse image search tools like Google Images or Yandex Images, combined with OCR (Optical Character Recognition) tools, can help uncover an image's origin and context.

How to Use: Upload an image or paste the image URL into the search engine. For OCR, use tools like Google Lens or Bing Images to extract text from images and translate it when necessary.

Real-World Application: These tools are perfect for verifying an image's authenticity, tracking a photo’s usage across the internet, and extracting text from imagery.

3. Shodan and Censys

Overview: Shodan and Censys are search engines for Internet-connected devices. They help you find information about servers, IoT devices, web cameras, and more.

How to Use: Similar to Google Advanced Search, these engines use queries to return specific data. Create a free account, then start searching using queries like:
"country:US port:80" to find web servers in the US.

Real-World Application: Useful for network security assessments, identifying vulnerable devices, and gathering intelligence on IoT devices.

4. Epieos

Overview: Epieos is an OSINT tool that specializes in the investigation of email addresses. It can uncover associated accounts, breaches, and other relevant information. There is a paid tier for Epieos that does provide additional information but the free version is still useful.

How to Use: Input an email address into Epieos, and the tool will generate a detailed report on associated data including Google calendar links, additional accounts, and confirmation that an email is tied to a person.

Real-World Application: This tool is excellent for tracking down the origins of suspicious emails, identifying possible breaches, tying accounts together, and gathering information on email usage.

5. Internet Archive (Wayback Machine)

Overview: The Internet Archive's Wayback Machine allows you to view archived versions of web pages, offering a historical perspective on website content. Additionally, this tool can look back on social media and occasionally find old accounts with useful details.

How to Use: Enter a URL into the Wayback Machine to see snapshots of the website over time.

Real-World Application: Great for investigating changes to websites, recovering deleted content, and understanding the evolution of online information.

6. WhatsMyName.app

Overview: WhatsMyName.app helps you find usernames across various social media platforms and websites, revealing an individual's online presence. One of the best things about this site is that it is regularly maintained and updated by @osintcombine adding new features and additional social media platforms all the time.

How to Use: Enter a username into the tool, and it will search for matches across numerous platforms. It is important to remember to look for false positives, not every account shown will belong to your person of interest so verification is key!

Real-World Application: Useful for mapping out an individual's online footprint, identifying potential accounts, tying accounts together, and gathering social media intelligence.

7. HaveIBeenPwned

Overview: HaveIBeenPwned allows you to check to see if your email address has been involved in a data breach, providing details on the compromised data.

How to Use: Enter an email address or username to see if it appears in any known data breaches.

Real-World Application: Essential for personal security, identifying compromised accounts, and understanding the scope of data breaches as well as determining if your person of interest has had their passwords leaked.

8. Google Earth / Google Maps / Google Street View

Overview: Google Earth, Maps, and Street View provide geographic data, including satellite imagery, maps, and full panoramic street-level views.

How to Use: These tools can be used to explore locations, analyze geographic information, verify physical addresses, and even measure distances and sizes. These tools are the key to honing your geolocation skillset.

Real-World Application: Perfect for location verification, geolocating something from a video or image, and visual reconnaissance of physical locations.

9. OpenCorporates

Overview: OpenCorporates is the largest open database of company information, providing detailed records on millions of companies worldwide.

How to Use: Search for a company by name or registration number in order to access corporate data, including directors, shareholders, and financials. This database includes US as well as internationally-based companies AND shows the changes made over time.

Real-World Application: Great for corporate investigations, due diligence, and understanding business networks and ownership structures.

10. Whoxy

Overview: Whoxy is a Whois lookup tool that provides detailed information about domain registrations, including ownership and contact details.

How to Use: Enter a domain name into Whoxy to retrieve Whois records, historical data, and more.

Real-World Application: Useful for domain investigations, identifying domain ownership, and tracking changes in domain registration.

Conclusion

These ten free OSINT tools offer a wide range of capabilities for both beginners and experienced analysts. Whether you're mapping out large and complex networks, uncovering hidden documents, or tracking social media activity, these tools can significantly support your OSINT efforts. Remember, though, the key to successful OSINT is not just the tools you use but how you use them.

For more insights and in-depth guides on OSINT, don't forget to check out my book Deep Dive: Exploring the Real World Value of Open Source Intelligence and follow me on Twitter and LinkedIn.

rae baker
Previous

Getting Started with OSINT: A Beginner's Guide
Next

Using OSINT to Unmask Invisible Threats to Our Oceans