Reading time : 5 min
Whether you're a cybersecurity professional, an investigative journalist or simply a curious person, having access to the right OSINT tools is essential. In this article, we'll explore the TOP 10 OSINT tools, providing insights and recommendations that can improve your information-gathering capabilities.
Google Dorks are special queries you can use in the Google search engine to find specific information. They are essential for online information seekers.
For example, if you have special queries, you can search for all .pdf files containing the keyword "secret".
At your own risk, even if these requests are authorized, access to these resources may not be permitted.
➡️ Discover our complete guide to Google Dorks
Sherlock is an OSINT tool specialized in searching for social network accounts using a username. It can be very useful for tracking individuals or investigating online profiles.
Simply enter a person's username, and the tool will bring up all the accounts associated with that username.
Inevitably, several people may have the same username, so false positives may be generated. It's a fairly effective tool, but it needs to be coupled with others to ensure the veracity of the information obtained.
Same principle as Sherlock, but this time the tool is based on email rather than username! So it's bound to be much more reliable.
How does it work? Holehe will simply try to create an account with the email to see if it's already taken, or use the forgotten password request function. If the site gives no error, an account is associated with that email address. Clever!
Shodan is often referred to as the "search engine for hackers".
It scans the Internet for connected devices, providing valuable information on servers, webcams and more. A useful tool for identifying potential vulnerabilities.
It's on this engine that you'll find countless unsecured connected objects such as printers, cameras, servers... Which just goes to show why it's so important to configure all your tools properly to prevent them from ending up within everyone's reach.
theHarvester is a tool developed in Python. It is used to extract information from various public sources, including search engines such as Shodan and PGP key servers. Data collected includes e-mail addresses, subdomains, hosts, employee names, open ports and banners. The tool is mainly used for passive reconnaissance, enabling anyone to understand what an attacker might discover about an organization.
The name "theHarvester" in French literally means "the harvester", which perfectly reflects the tool's function: to harvest publicly accessible data from the Internet.
# apt install git python3 # cd /opt # git clone https://github.com/laramies/theHarvester # cd theHarvester # python3 -m pip install -r requirements/base.txt # python3 theHarvester.py ******************************************************************* * _ _ _ * * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ * * | __| _ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| * * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | * * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| * * * * theHarvester 3.2.2 * * Coded by Christian Martorella * * Edge-Security Research * * firstname.lastname@example.org * * * ******************************************************************* usage: theHarvester.py [-h] -d DOMAIN [-l LIMIT] [-S START] [-g] [-p] [-s] [--screenshot SCREENSHOT] [-v] [-e DNS_SERVER] [-t DNS_TLD] [-r] [-n] [-c] [-f FILENAME] [-b SOURCE] theHarvester.py: error: the following arguments are required: -d/--domain #
PimEyes is OSINT's image search tool. It allows you to search the Internet for similar images or specific faces.
Based on a photo, PimEyes is able to find all the other photos of this person on the Internet that are publicly available. Whether it's on social networks, on a company's website... everything is examined with a fine-tooth comb!
If you value your privacy, you can of course ask this service to de-index your results.
➡️ Discover our complete guide to PimEyes
The WHOIS Lookup service is an essential tool for open source inquiries (OSINT). It provides crucial information on domain names and IP addresses, including owner name, address, contact e-mail, creation and expiration date.
This makes it possible to verify the legitimacy of a website, investigate suspicious online activity and strengthen cybersecurity. WHOIS Lookup is a major asset for understanding and protecting online space.
OSINT Framework is an essential tool for Open Source Investigation (OSINT). It provides an interface that brings together various OSINT resources and tools in one place, simplifying online research.
Whether you're a security researcher, cybersecurity professional or intelligence enthusiast, OSINT Framework provides fast access to a multitude of data sources, including search engines, social networks, geolocation tools and much more.
This makes it a reference tool for conducting in-depth investigations, verifying online information and gathering vital intelligence. All in all, OSINT Framework is a valuable companion for exploring and analyzing the digital world.
These tools are generally legal for legitimate purposes, such as cybersecurity, research and investigation. However, always make sure you comply with relevant laws and ethical guidelines.
Although some tools are more user-friendly, having some technical knowledge can be beneficial for effective use. Fortunately, there are tutorials and resources to help you get started.
Using these OSINT tools involves privacy and ethical considerations. Always respect privacy and use these tools responsibly.
Start your cybersecurity training!
Theory & Practice
Customized by level
Start your cybersecurity training
Breathe new life into your career with our cybersecurity training courses