Alien.
OSINT Repos List, Repository with gathered from GitHub utilities for OSINT, Development and DevOps. The number of artifacts in the repository exceeded 2800: https://github.com/bormaxi8080/osint-repos-list
Malicious Firefox Extensions Unmasked. Fake Games, VPNs, & Calendar Tools Hijack Traffic, Steal Crypto & OAuth Tokens: https://securityonline.info/malicious-firefox-extensions-unmasked-fake-games-vpns-calendar-tools-hijack-traffic-steal-crypto-oauth-tokens/
Limitless OSINT provides training in open source intelligence, cyber threat intelligence and operational security through immersive, practical challenges:
https://www.limitless-osint.com/
Stratir. A creative intelligence company synthesizing human ingenuity and artificial intelligence to solve complex problems:
https://stratir.com/
Designed for ultimate security and ease of use, Tresorit SecureCloud provides an all-in-one, customizable workspace for storing sensitive data and collaborating with your teams, clients, and partners:
https://tresorit.com/
Cryptee. Private & Encrypted European Cloud Storage:
https://crypt.ee/
GDELT. Global Database of Events, Language and Tone. Search news around the world by keyword. Filter by country, language and domain. See the density of news on the topic you are researching on the map and analyse the dynamics of their number in different periods of time:
https://gdelt.github.io/
Whether you're a journalist, analyst, investigator, or just OSINT-curious, having the right tools is key. This [Start.me](
http://Start.me
) page collects essential OSINT resources: search engines, maps, reverse image search, and privacy tools. All clearly organized into widgets and categories, so you can quickly find what you need and build your workflow. Ideal for small teams or solo researchers who want a structured start:
https://start.me/p/p1Ba7E/basic-osint-tools
OSINT resources for researching ransomware. List with brief explanations by Matt (OSINTme). Ransomware news & publications, Learning resources from CISA, Cryptocurrency deposit addresses, Shodan queries & filters, Ransomware related intelligence: https://www.osintme.com/index.php/2024/09/20/osint-resources-for-researching-ransomware/
OSINT of Egypt. Open Data, Company Registries / Business Info, Land & Property Records, Vehicle & Registration Info, Litigation & Regulatory, People Search & Personal Data, Procurement & Tenders:
Ecuador OSINT. Open Data Portals, Company Registries / Business Information, Land Records / Property Ownership, Vehicle Information, People Search, Procurement and Government Contracts, Courts, WHOIS and Domain Info, Maps, Corruption:
Awesome OSINT Chrome Extensions. Often, much of the OSINT analyst's work is done using a browser. And sometimes it consists only of endless data search on different sites. This repository contains extensions for Chrome/Brave that will help make this process more comfortable and efficient: https://github.com/ubikron/awesome-osint-chrome-extensions
OSINT Tools, Services and Investigations:
WebCapture. Simple Python tool for extracting sensitive data from web pages - emails, phones, links, subdomains, whois and ip info gathering: https://github.com/drackyjr/WEBCAPTURE
Telepipe. A simple command-line utility to send messages to Telegram: https://github.com/Linuxmaster14/telepipe
As most of email products out there, Unsend also uses Amazon SES under the hood to send emails. We provide an open and alternative way to send emails reliably and cheaply with a great dashboard. You can also use Unsend manage contacts and send bulk emails(newsletter, product updates etc): https://github.com/unsend-dev/unsend
Master OSINT is a comprehensive, beginner-friendly Python toolkit designed for open source intelligence investigations. The tool supports multiple investigative methods including image geolocation, social media profiling, email breach and verification checkup, domain lookup, metadata extraction, Google dorking, Wayback Machine querying, IP geolocation with blacklist checks, reverse image search, geospatial Intelligence and phone number validation: https://github.com/techenthusiast167/Master-OSINT-Toolkit-
PyLeak. Detect leaked asyncio tasks, threads, and event loop blocking with stack trace in Python. Inspired by GoLeak: https://github.com/deepankarm/pyleak
APKDeepLens is a Python based tool designed to scan Android applications (APK files) for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration testers, and security researchers to assess the security posture of Android apps: https://github.com/d78ui98/APKDeepLens
Webripper Pro is a comprehensive, professional-grade web vulnerability scanner that automates the detection of security flaws in websites. It is designed for penetration testers, bug bounty hunters, and security professionals seeking fast, actionable insights into the security posture of web applications: https://github.com/MrpasswordTz/webripper-pro
AX Framework. The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning-On Your Terms. Easily distribute arbitrary binaries and scripts using any of our nine supported cloud providers: https://github.com/attacksurge/ax
V2RayCollector. This project crawls v2ray configs from Telegram channels: https://github.com/mrvcoder/V2rayCollector
Excel Url Checker. This Python script checks the HTTP status codes for a list of URLs provided in an Excel file. It processes the URLs in parallel using multiple threads, handles errors gracefully, and saves the results (status codes or error messages) in a new column in the output Excel file: https://github.com/vollh4rD/Excel-Url-Checker
WiFi Password Stealer. Simple Windows and Linux keystroke injection tool that exfiltrates stored WiFi data (SSID and password): https://github.com/AleksaMCode/WiFi-password-stealer
DarkScrape. OSINT Tool For Scraping Dark Websites: https://github.com/itsmehacker/DarkScrape
Universal Search & AI:
BruteForceAI. Advanced LLM-powered brute-force tool combining AI intelligence with automated login attacks: https://github.com/MorDavid/BruteForceAI
Detect AI. Deep AI image analysis - searching for copies of images on different websites, detect visual anomalies and statistical improbabilities, detect AI-generated content, quick google images/google fact-check buttons:
https://detectai.live
AgenticSeek. Fully Local Manus AI. No APIs, No $200 monthly bills. Enjoy an autonomous agent that thinks, browses the web, and code for the sole cost of electricity: https://github.com/Fosowl/agenticSeek
Contextual AI. This service converts PDF files into clean text, ready to be fed into neural networks. Simply upload the document, and the tool will extract the structure, sections, tables, diagrams, and images, turning them into understandable text with metadata:
https://app.contextual.ai/
Jina AI. Convert any URL to an LLM-friendly input with a simple prefix: https://github.com/jina-ai/reader
Talo. Real-Time AI Translator for Video Calls:
https://www.taloai.com/
Software Development & APIs:
Fissure. The RF and reverse engineering framework for everyone: https://github.com/ainfosec/FISSURE
nats.go. Golang client for NATS, the cloud native messaging system: https://github.com/nats-io/nats.go
Puppeteer IDE Extension. A standalone extension to write and execute puppeteer scripts from browser's developer tools: https://github.com/gajananpp/puppeteer-ide-extension
A monorepo for puppeteer-extra, a modular plugin framework for Puppeteer: https://github.com/berstend/puppeteer-extra
Linux & DevOps:
BrewKit. Container-native build system. Meaning that BrewKit is a single tool that you should use(across Docker) to build project: https://github.com/ispringtech/brewkit
Probe codebase of RIPE Atlas, a global network measuring Internet connectivity and reachability: https://github.com/RIPE-NCC/ripe-atlas-software-probe
Merliot (
https://merliot.io/
) Hub is an AI-integrated device hub. What does that mean? It means you can control and interact with your physical devices, your security cameras, your thermometer, seamlessly using natural language from an LLM host such as Claude Desktop (https://claude.ai/download) or Cursor (
https://cursor.com/
). The hub is a gateway between AI and the physical world: https://github.com/merliot/hub
Systemd Pilot. Desktop application for managing systemd services: https://github.com/mfat/systemd-pilot
Flipper Zero & Other Devices:
FlipperZero Lightmeter. Lightmeter app for photography based on BH1750 sensor: https://github.com/oleksiikutuzov/flipperzero-lightmeter
ESP32 Bus Pirate is an open-source firmware that turns your device into a multi-protocol hacker's tool: https://github.com/geo-tp/ESP32-Bus-Pirate
New from CyberDetective:
Reversely. Reverse image and face search engine. Searches not bad, but in the free version it shows only part of the text from the found page (but it can be useful too):
https://www.reversely.ai/
Enter email to check if it is connected to some PGP key (it can then be used to gather information in document archives, leak databases, forums, etc):
https://keys.openpgp.org
GeoMastr. Huge database of unique objects for different countries on road photos. Bollards, Fuel Stations, License Plate, Post Company, Road Lines, Street Signs, Alphabet and more:
https://geomastr.com/
Hunchly. It's a good old tool that's worth reminding once again:
- save the pages you visit (text, screenshots, path to opening)
- extract "juicy info" (email, IPs, Tor links and MUCH more + use your own regex)
- make notes, to-do lists
- generate reports
https://hunch.ly
New from GitHub Community:
TableCruncher. A lightweight, powerful CSV editor for macOS, Windows and Linux — with built-in JavaScript macros: https://github.com/Tablecruncher/tablecruncher
Quik. The most beautiful SMS messenger for Android: https://github.com/octoshrimpy/quik
bormaxi8080 OSINT timeline:
GitHub: https://github.com/bormaxi8080/osint-timeline
You can see Systematized List of my GitHub Starred OSINT Repositories
You can contact me on SubStack:
If you like the projects that I do, I will be grateful for donations in private dialogue.
WARNING! All tools, programs and techniques published in this article and repository are used for informational, educational purposes or for information security purposes. The authors are not responsible for the activities that users of these tools and techniques may carry out, and urge them not to use them to carry out harmful or destructive activities directed against other users or groups on the Internet.