Contents of the article
- What is OSINT
- List of the best free OSINT tools
- Best Free OSINT Tools
In today's article, I want to introduce you to the best free OSINT tools that will help you gather the necessary information before starting a pentest.
Recon-ng is an open-source Python framework for web reconnaissance and OSINT. It helps automate the process of searching and collecting information from open sources. The framework does not have a graphical interface and works from the terminal. The interface is very similar to the popular Metasploit Framework. Recon-ng only works on Linux and with Python 2.0 or higher installed.
Advantages:
Flaws:
In my opinion, Recon-ng is one of the best free OSINT tools. The services in the tool help consolidate data from different sources and identify possible connections.
Shodan is a popular hacker search engine that indexes all devices connected to the network. The search engine can find: webcams, servers, routers, smart TVs, refrigerators, cars, etc.
In addition to detecting IoT devices, Shodan can also be used to monitor databases for data leaks on public sites and even find hidden servers on corporate networks.
Advantages:
Flaws:
Price:
Shodan is offered in three different versions: Freelancer ($59/month), Small Business ($299/month), Corporate ($899/month).
Maltego is a powerful OSINT and digital forensics tool. Maltego is used to analyze relationships between people, companies, websites, and find publicly available information. Maltego allows you to gather information together and present aggregated data in the form of a visual map.
The tool runs on Java and can be installed on Windows, macOS, and Linux.
Advantages:
Flaws:
Price:
Maltego is available in different versions. Maltego CE is a free community edition. Maltego Classic ($999) and Maltego XL ($1999).
You can download the free version of Maltego CE by registering on the official website.
TheHarvester is a simple and free OSINT tool written in Python. It was designed to collect information from various sources such as search engines, Shodan database, Hunter, Baidu, etc.
Can find information about domains, subdomains, IP addresses, email accounts, employee names and more. Allows you to use modules with APIs such as bingapi, gitHub and others.
Advantages:
Flaws:
Metagoofil is a free metadata scraper written in Python. It is used to extract information from documents: pdf, doc, XLS, ppt, ODP and ods, which are located on the target web page or any other publicly accessible site.
The tool uses Google to search for documents, then downloads them, extracts and analyzes the metadata. It can find sensitive information such as usernames, emails, etc.
It can also show a hacker file paths that can reveal the OS, network names, shares, and more.
Advantages:
Flaws:
SpiderFoot is an open-source Python reconnaissance tool. The tool can automatically query over 100 public sources and collect information about IP addresses, domains, web servers, email addresses, and more.
Examples of SpiderFoot modules include "sfp_arin.py" which queries the ARIN registry for contact information, or "sfp_crt.py" which collects hostnames from historical certificates in crt.sh.
Once you select the modules, SpiderFoot will automatically collect the information and generate a report.
SpiderFoot is available for Windows and Linux.
Advantages:
Flaws:
Last but not least is the OSINT Framework. If you haven’t found the perfect OSINT tool yet (or it’s not on this list), the OSINT Framework will point you in the right direction.
The OSINT Framework is not a specific software, but a set of tools that make OSINT tasks much easier.
The OSINT Framework presents information as an interactive web-based mind map that visually organizes information.
The framework is popular among pentesters and information security specialists.
With this platform you can browse various OSINT tools that are filtered by categories.
For example, some categories are username, email, geolocation/maps, dark web, search engines, transportation, public records, and more.
Advantages:
Flaws:
- What is OSINT
- List of the best free OSINT tools
- Best Free OSINT Tools
- Recon
- Shodan
- Maltego
- TheHarvester
- Metagoofil
- SpiderFoot
- OSINT Framework
In today's article, I want to introduce you to the best free OSINT tools that will help you gather the necessary information before starting a pentest.
What is OSINT
OSINT is the collection of information from publicly available sources. We talked about OSINT in more detail in the article "What is OSINT". I highly recommend reading the article before you start using OSINT tools.List of the best free OSINT tools
Here is a list of the best OSINT tools:- Recon-ng is a free, fully-featured, modular web reconnaissance framework written in Python.
- Shodan is a search engine for hackers and pentesters that indexes all devices connected to the network: routers, webcams, cars and smart refrigerators.
- Maltego is a powerful tool for building and exploring relationships between different subjects and objects.
- theHarvester is a tool for searching and collecting email addresses, searching subdomains, searching for data on company employees.
- Metagoofil is a utility that allows you to download all documents from a target site and extract metadata from them.
- GHDB is a list of common mistakes made by web server administrators that can be easily found using Google. This technique is also called Google Dorks.
- SpiderFoot is a free and open-source Python tool for automated reconnaissance and intelligence gathering on a given target.
- OSINT Framework is a powerful and free online service for searching various information.
Best Free OSINT Tools
Now let's look at each tool separately.Recon
Recon-ng is an open-source Python framework for web reconnaissance and OSINT. It helps automate the process of searching and collecting information from open sources. The framework does not have a graphical interface and works from the terminal. The interface is very similar to the popular Metasploit Framework. Recon-ng only works on Linux and with Python 2.0 or higher installed.
Advantages:
- Rich functionality.
- Open source.
- Large community of users.
- Similar to the familiar Metaspoit.
Flaws:
- It takes time to understand all the features of Recon-ng.
In my opinion, Recon-ng is one of the best free OSINT tools. The services in the tool help consolidate data from different sources and identify possible connections.
Shodan
Shodan is a popular hacker search engine that indexes all devices connected to the network. The search engine can find: webcams, servers, routers, smart TVs, refrigerators, cars, etc.
In addition to detecting IoT devices, Shodan can also be used to monitor databases for data leaks on public sites and even find hidden servers on corporate networks.
Advantages:
- Easy to understand, even for beginners.
- Allows you to export results and create reports.
Flaws:
- Shodan is a freemium tool. Without registration there are limitations in functionality.
Price:
Shodan is offered in three different versions: Freelancer ($59/month), Small Business ($299/month), Corporate ($899/month).
Maltego
Maltego is a powerful OSINT and digital forensics tool. Maltego is used to analyze relationships between people, companies, websites, and find publicly available information. Maltego allows you to gather information together and present aggregated data in the form of a visual map.
The tool runs on Java and can be installed on Windows, macOS, and Linux.
Advantages:
- Great interface, easy to understand.
- Good functionality.
Flaws:
- Proprietary.
Price:
Maltego is available in different versions. Maltego CE is a free community edition. Maltego Classic ($999) and Maltego XL ($1999).
You can download the free version of Maltego CE by registering on the official website.
TheHarvester
TheHarvester is a simple and free OSINT tool written in Python. It was designed to collect information from various sources such as search engines, Shodan database, Hunter, Baidu, etc.
Can find information about domains, subdomains, IP addresses, email accounts, employee names and more. Allows you to use modules with APIs such as bingapi, gitHub and others.
Advantages:
- Easy to understand.
- Free and open source.
- Supported by a large community.
Flaws:
- No data visualization
Metagoofil
Metagoofil is a free metadata scraper written in Python. It is used to extract information from documents: pdf, doc, XLS, ppt, ODP and ods, which are located on the target web page or any other publicly accessible site.
The tool uses Google to search for documents, then downloads them, extracts and analyzes the metadata. It can find sensitive information such as usernames, emails, etc.
It can also show a hacker file paths that can reveal the OS, network names, shares, and more.
Advantages:
- Export reports in various formats, including PDF.
- Filters can be used to clean usernames, emails, and passwords.
- Free and open source.
Flaws:
- Data visualization is very rudimentary.
SpiderFoot
SpiderFoot is an open-source Python reconnaissance tool. The tool can automatically query over 100 public sources and collect information about IP addresses, domains, web servers, email addresses, and more.
Examples of SpiderFoot modules include "sfp_arin.py" which queries the ARIN registry for contact information, or "sfp_crt.py" which collects hostnames from historical certificates in crt.sh.
Once you select the modules, SpiderFoot will automatically collect the information and generate a report.
SpiderFoot is available for Windows and Linux.
Advantages:
- Simple minimalistic interface
- Requests most public resources - great for collecting large amounts of data
- New modules offer additional sources for data collection
- Absolutely free
Flaws:
- Pages marked as "noindex" will not be displayed, giving an incomplete picture of the true scale of the attack surface.
OSINT Framework
Last but not least is the OSINT Framework. If you haven’t found the perfect OSINT tool yet (or it’s not on this list), the OSINT Framework will point you in the right direction.
The OSINT Framework is not a specific software, but a set of tools that make OSINT tasks much easier.
The OSINT Framework presents information as an interactive web-based mind map that visually organizes information.
The framework is popular among pentesters and information security specialists.
With this platform you can browse various OSINT tools that are filtered by categories.
For example, some categories are username, email, geolocation/maps, dark web, search engines, transportation, public records, and more.
Advantages:
- The leading framework in the OSINT community.
- One of the best for data collection.
- You can sort tools by categories.
- Absolutely free.
Flaws:
- May seem complicated for those new to OSINT.
Conclusion
OSINT not only helps ensure an organization's cybersecurity posture is met, but can also help protect any area from the company's perimeter, increase online anonymity, and protect against social engineering.
Last edited:
