OSINT (Open Source Intelligence)

Last modified: 2023-09-27

Network OSINT Reconnaissance Web

Open-soruce intelligence is the collection and analysis of data gathered from open sources to produce actionable intelligence.


OSINT is a powerful method for investigating target organizations, websites, etc. However, it's the tedious task to surfin the internet for finding desired information one by one. For that reason, it's also recommended to use automation tools.

*It might overlap a bit with recon automation tools

  • BBOT

    A powerful subdomain scanner and port mapper.

  • Blackbird

    Searches accounts by username in social networks.

  • Maltego

    A comprehensive tool for information gathering.

  • PhoneInfoga

    An information gathering framework for phone numbers.

Comprehensive Tools

  • DeHashed

    We can search anything assets but it requires subscription for seeing detailed information.

  • FOFA

    A search engine for the global cyberspace.
    Below are search query examples.

    # Domain
    # IP range
  • HudsonRock Free Tools

    We can search for compromised corporate, employee, or users.

  • MetaDefender Cloud

    An advanced threat detection and prevention platform.

  • Nmmapper

    We can use it for WAF detection, subdomain finder, ping, IP lookup, IP geo location, etc.

  • Shodan

    A search engine that lets users search for various types of servers connected to the internet using a variety of filters.

  • Spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    python3 sf.py -l

    Then access to in browser.

  • Threat Intelligence Platform

    Find detailed information about a host and its underlying infrastructure in seconds through the Threat Intelligence Platform web interface.

  • ViewDNS.info

    It provides Reverse IP Lookup, finds WHOIS records, so on. Checks other domains on the same IP.


  • Cisco Talos

    One of the largest commercial threat intelligence teams in the world.

  • NerdyData

    Get a list of websites that use certain source (HTML/Javascript source code e.g. Googla Analytics code).

  • Security Headers

    Scan websites.

  • urlscan.io

    URL and website scanner.

  • URLhaus

    A project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.

  • Wappalyzer

It identifies technologies on websites.

  • Wayback Machine

    It provides archived web pages.

    • Research Old Information

      1. robots.txt, sitemap.xml, and other interesting files.

      2. Directories

      3. URL parameters

      4. API keys

    • Useful Tools

      • Waybackurls

        Fetch all URLs that the Wayback Machine knows about for a domain.


  • Whoxy

    A domain search engine.

IP Address

  • AbuseIPDB

    A project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.

  • Censys Search

    It provides information of specific IP addresses and domains.

  • Cloudflare Radar

    Up to date Internet trends and insight.

  • ipinfo.io

MAC Address

  • MAC Address Lookup

    It provides you information about any MAC Address of a networking card installed into your computer or any other device.


  • MalShare

    A community driven public malware repository that works to provide free access to malware samples and tooling to the infomation.

  • MalwareBazaar

    A project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.

Indicators of Compromise (IOCs)

  • ThreatFox

    A platform from abuse.ch with the goal of sharing indicators of compromise (IOCs) associated with malware with the infosec community, AV vendors and threat intelligence providers.


  • Feodo Tracker

    A project of abuse.ch with the goal of sharing botnet C&C servers associated with Dridex, Emotet (aka Heodo), TrickBot, QakBot (aka QuakBot / Qbot) and BazarLoader (aka BazarBackdoor).


  • Qualys

    This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.


    A project of abuse.ch with the goal of detecting malicious SSL connections, by identifying and blacklisting SSL certificates used by botnet C&C servers. In addition, SSLBL identifies JA3 fingerprints that helps you to detect & block malware botnet C&C communication on the TCP layer.

Email Address

Threat Intelligence