The definitive guide to open-source intelligence tools β from surface web recon to deep digital forensics. Every tool. Every use case. Zero fluff.
Every tool you need, organized by category. Click any card to expand usage details.
Advanced Google search operators to surface hidden content, exposed files, and sensitive data that normal searches miss.
Use Case: Finding exposed documents, login pages, sensitive data, open directories, and email lists.
The world's first search engine for internet-connected devices. Finds servers, webcams, routers, and industrial systems.
Use Case: Exposed device discovery, vulnerability research, network mapping, attack surface analysis.
Visual intelligence platform that maps relationships between people, domains, IPs, and organizations using graph-based analysis.
Use Case: Cyber investigations, mapping criminal networks, corporate intelligence, digital footprint tracking.
People search engines aggregating public records, social profiles, contact info, and background data in one place.
Use Case: Background checks, identity verification, finding contact info, locating individuals.
Instantly checks username availability across 100+ platforms. Green = available, Red = taken (someone is there).
Use Case: Finding all social media accounts tied to a username, tracking online presence.
Open-source CLI tool that hunts for a username across 300+ social networks simultaneously. Fast and reliable.
Use Case: Username tracking, digital footprint mapping, social media investigation across platforms.
Finds and verifies professional email addresses for any company domain. Also reveals the email format pattern used.
Use Case: Corporate email discovery, sales prospecting, journalist outreach, email verification.
Complete suite for DNS diagnostics, email server analysis, blacklist checks, and email header tracing.
Use Case: Email header forensics, verifying authenticity, domain recon, spam investigation.
Reveals domain registration info β owner, organization, registrar, dates, and name servers. Historical lookups via DomainTools.
Use Case: Identifying website owners, domain history, investigating suspicious sites, legal research.
CLI tool for gathering emails, subdomains, IPs, and URLs from multiple public sources in one command.
Use Case: Pre-engagement recon, email harvesting, subdomain enumeration, penetration testing prep.
Search engines that find where an image appears online and identify visually similar images across the web.
Use Case: Fake profile detection, tracing image origin, verifying photo authenticity, finding original sources.
Browser plugin and web tool for verifying images and videos. Extracts keyframes, checks metadata, runs reverse searches.
Use Case: Viral content verification, deepfake detection, news fact-checking, journalistic verification.
Reads and writes metadata embedded in images, PDFs, and media files β including GPS coordinates, device info, and timestamps.
Use Case: Geolocating photos, identifying camera/device, finding timestamps, privacy cleanup.
Satellite and street-level mapping for geolocation analysis. Historical imagery in Google Earth tracks changes over time.
Use Case: Photo geolocation, verifying claimed locations, infrastructure change tracking, conflict zone analysis.
AI-powered tools that predict photo locations from visual clues like terrain, architecture, vegetation, and signs.
Use Case: Locating photos with no metadata, confirming or disproving claimed locations, journalism verification.
Free service that scans URLs, files, IPs, and domains using 70+ antivirus engines and security databases simultaneously.
Use Case: Malware checking, suspicious link verification, domain reputation, threat intelligence.
Search engine for internet-facing infrastructure, TLS certificates, and open ports. Finds all assets tied to an organization.
Use Case: Attack surface mapping, certificate intelligence, finding shadow IT, security auditing.
Internet Archive's historical web snapshots. View how any website looked at any point in the past going back decades.
Use Case: Recovering deleted content, tracking site changes, finding old contact info, legal evidence gathering.
Real-time social media search engine covering Twitter, Facebook, Instagram, YouTube, and more from one interface.
Use Case: Brand monitoring, tracking topics in real-time, competitive intelligence, social investigations.
Database of billions of credentials from known data breaches. Check if any email/phone has been compromised.
Use Case: Credential monitoring, security awareness, corporate breach detection, personal security checks.
All 20 tools at a glance.
| # | Tool | Category | Best For | Free Tier |
|---|---|---|---|---|
| 01 | Google Dorks | Search | Hidden web content, exposed files | β Free |
| 02 | Shodan | Cyber | Exposed devices, IoT recon | Limited |
| 03 | Maltego | Cyber | Relationship mapping | Limited |
| 04 | Pipl / BeenVerified | People | Background checks | Paid |
| 05 | Namechk | People | Username tracking | β Free |
| 06 | Sherlock | People | Cross-platform username search | β Free |
| 07 | Hunter.io | Email discovery | Limited | |
| 08 | MXToolbox | DNS & email forensics | β Free | |
| 09 | WHOIS | Domain | Domain ownership | β Free |
| 10 | theHarvester | Domain | Domain recon, email harvest | β Free |
| 11 | Google Reverse Image | Image | Image verification | β Free |
| 12 | InVID / WeVerify | Image | Video fact-checking | β Free |
| 13 | ExifTool | Metadata | Image metadata extraction | β Free |
| 14 | Google Earth | Geo | Geolocation, historical imagery | β Free |
| 15 | GeoSpy | Geo | AI photo geolocation | Limited |
| 16 | VirusTotal | Cyber | Malware & URL scanning | β Free |
| 17 | Censys | Cyber | Infrastructure mapping | Limited |
| 18 | Wayback Machine | Archive | Historical web content | β Free |
| 19 | Social Searcher | Social | Real-time social monitoring | Limited |
| 20 | Have I Been Pwned | Breach | Credential breach checking | β Free |