(1) Maltego – Investigations via Java Graphs
is a Java application that claims to simplify and expedite your investigations. How exactly? Thanks to its fantastic access to databases and visualization tools.Whether you’re in trust and safety, law enforcement, or cybersecurity, the company lets you run one-click investigations that deliver easy-to-understand results.
At the time of writing, Maltego lets you view up to 1 million entities on a graph, with access to 58 data sources. You can even connect your own public databases and upload data sources manually.
Once all the information is loaded in the program, you can choose from different visualization layouts, such as blocks, hierarchical, or circular, using weights and notes to adjust the graphs.
Finally, Maltego isn’t just a great tool; the company also has a fantastic collection of hand-picked resources on OSINT tools and techniques to help you get even more from their product. In fact, there is even a Maltego foundations course you can purchase online.
(2) SEON – Best for Social and Digital Signal Checks
Confirming someone’s identity by checking for linked social media and online platform accounts is becoming increasingly popular for a number of good reasons:- It’s a high barrier of entry for fraudsters, who don’t have the time or resources to create fake profiles.
- It’s a fantastic way to gather a user’s digital footprint.
- It can help establish an idea of someone’s socioeconomic background, even in markets where financial information is scarce.
- The type of social media linked to the user can also reveal more about who they are.
(3) Lampyre – Due Diligence and Cyberthreat Intelligence
Lampyre is a paid application designed specifically for OSINT. It’s particularly useful for due diligence, cyber threat intelligence, crime analysis, and financial analytics. You can install it on your PC or run it online.The key selling point of Lampyre is that it’s a one-click application. Start with single data points such as a company registration number, full name, or phone number, and Lampyre will sift through huge amounts of data to extract interesting information.
The company automatically processes 100+ regularly updated data sources, and you can access them via PC software or API calls if needed. The SaaS product is called Lighthouse, and you pay per API call.
An important point here: As with many OSINT tools, you have to perform your due diligence to check if the databases are really open source. Lampyre may automate searches, but you may still have to double-check where the information comes from, as well as who exactly it is that is sourcing it for you, as one researcher found out.
(4) Recon-ng – An Open Source OSINT Framework
Recon-ng initially started as a free and open-source script for gathering technical information about website domains. Since its creation, it has evolved into a full framework, which you can access via a command-line interface on Kali Linux, or as a web application.Its interface is similar to Metasploitable, another computer security project designed for penetration testing, and has similar goals: to assess and identify web vulnerabilities. Its features include GeoIP lookup, DNS lookup, and port scanning, among others.
While it’s certainly one of the more technical tools featured on this list, you’ll find plenty of resources online to learn how Recon-ng can locate sensitive files such as robots.txt, identify hidden subdomains, look for SQL errors, and get information about a company’s CMS or WHOIS.
(5) SpiderFoot – Cybersecurity Intelligence
SpiderFoot is an OSINT tool designed specifically for investigation professionals. It’s loved by cybersecurity intelligence experts who need to perform regular asset discovery or attack surface monitoring. SpiderFoot was acquired by Intel471 in November 2022, with the company announcing that it plans to integrate SpiderFoot’s capabilities into its solutions.The tool can access hundreds of open data sources and monitor the results in real-time. The key difference with other OSINT tools, however, is how you can use SpiderFoot.
You can choose to self-host it as a true open-source version. You can also purchase the hosted version, which is completely managed by SpiderFoot.
There are numerous advantages to the latter. For instance, you’ll get better performance, full team collaboration, and the ability to see correlations in your investigation. All the modules and third-party tools will come preinstalled and preconfigured.
(6) Spokeo – Check US Citizen Records
When it comes to checking US citizens’ records, there are plenty of services offering more or less the same features at the same price range. You might hear of BeenVerified, Pip, or Intelius.offers an easy-to-use interface and the results seem to be more accurate upon testing. You can also use Spokeo as a reverse email lookup, phone lookup tool, and postal , to get info based on a single data point.
The service is available online, and there’s even an Android app to perform searches directly from your smartphone.
You’ll be able to access billions of records such as property deeds, court records, and even historical records and social networks.
The only downside is that it tends to be very US-centric, so if you’re looking for someone located elsewhere, you might have to use another tool.
(7) Have I Been Pwnd? – The Data Breach Go-To
We’ve previously written about how you can use an for user verification, but it’s particularly useful when looking at whether an email address exists or not. In fact, you can even infer how mature the address is depending on which data breach it’s been found in.And Have I Been Pwned? is still the best site to quickly search for email addresses that appear in said data leaks (you can now also do the same with phone numbers). Best of all, it’s completely free.
(8) PhoneInfoga – Python-Based Phone Lookup
You may need to be rather tech-savvy to use it, but you’ll be hard-pressed to find a better open-source tool for OSINT for .The tool squeezes as much information as you can imagine from a phone number, and it works for every location worldwide.
Note, however, that unlike with SEON’s tool, you don’t get reverse social media lookup to learn which networks the user has registered to with their phone number.
(9) Email Hippo – MX Records Checks for Email Lookup
Email Hippo, which you can also access through VerifyEmailAddress.io, has been operating since 2009. However, it recently underwent a complete overhaul and is now far from free and open.Instead, the solution is split into CORE, MORE, ASSESS AND WHOIS, covering use cases such as data enrichment for investigations, marketing and fraud prevention.
Unfortunately, this sea change in the way the product positions itself has rendered it much more complicated to comprehend. However, the free trial does not require a credit card and lasts 14 days, which can help figure out whethr it is for you.