Certificate Transparency log search. Find all subdomains by looking up TLS certificates. Great for mapping web infrastructure.

Programmatic access to CT logs. Use SSLMate's certspotter API or Google's CT API to automate subdomain discovery.

RIPE NCC's data service. Look up IP addresses, ASNs, prefixes, and abuse contacts. Essential for network attribution.

BGP routing data and ASN relationships. See who peers with who, upstream providers, and network topology.

Historical snapshots of websites. See what a site looked like years ago. Recover deleted content, find old contact info, track changes.

Search engine for Internet-connected devices. Find exposed services, open ports, vulnerable systems. Free tier has limited searches.

Add /robots.txt or /sitemap.xml to any domain. Reveals hidden directories, admin panels, API endpoints that site owners don't want crawled.

Historical DNS records and subdomain discovery. Track domain changes over time. Free tier provides limited lookups per month.

DNS reconnaissance and subdomain mapping. Generates visual network diagrams. No registration required.

Reverse DNS lookup, reverse WHOIS, and DNS history. Multiple DNS intelligence tools in one interface.

Internet-wide scanning data. Certificate searches, device fingerprinting, and exposure mapping. More structured than Shodan for research.

IP address reputation database. Check if an IP has been reported for malicious activity. Community-driven threat intelligence.

IP geolocation, ASN details, and company information. Clean API for programmatic lookups. Free tier available.

Identifies internet background noise vs targeted attacks. Determines if IP scanning is mass scanning or targeted activity.

Open threat intelligence platform. Community-contributed indicators of compromise, malicious IPs, and threat data.

Threat intelligence search engine. Query IPs, domains, and URLs for threat indicators. Clean interface with API access.

Website technology profiler. Identifies frameworks, analytics, hosting providers, and tech stack. Free basic lookups, paid for historical data.

Search engine for exposed databases, API keys, and configuration files. Scans the internet for data leaks and misconfigurations.

Internet scanner and data platform. Maps exposed services, vulnerabilities, and hosts. API access for automated queries.

Cyber defense search engine. Collects data on exposed assets, threat intelligence, and internet infrastructure. Free tier available.

Search engine for publicly exposed AWS S3 buckets. Find misconfigured cloud storage containing sensitive files and data.

Searches across 2000+ platforms simultaneously. Includes social networks, forums, dating sites, and gaming communities. Designed for broad username reconnaissance.

Web-based username verification across 600+ sites. No registration required. Enter a username, receive structured results showing platform presence.

Check username availability across social networks and domain names. Includes less common platforms.

Lightning-fast username checking. Focuses on major platforms but updates frequently.

Email OSINT tool. Links email addresses to Google accounts, profile pictures, Google Maps reviews, and YouTube channels.

Find professional email addresses by company name. Verify email deliverability. Free tier allows limited monthly searches.

Reverse phone lookup. Identify spam callers, see caller ID info, and find who owns a phone number.

Advanced phone number information gathering. Identifies country, carrier, line type, and scans for online footprints.

Email reputation lookup. Checks if an email address is associated with data breaches, disposable services, or suspicious activity.

Check if an email or phone number appears in known data breaches. Maintained by Troy Hunt. API available for automated queries.

Email server diagnostics. SPF, DMARC, MX record lookups, blacklist checks, and DNS validation for email infrastructure.

Contact intelligence platform. Find email addresses, phone numbers, and social profiles for professionals. Ideal for investigative research and contact discovery.

Reverse phone, VOIP, address, name, and email lookup. Includes voicemail preview without calling the device. High accuracy for basic consumer-level OSINT.

Command-line tool for username enumeration across 400+ social networks. Automated search with structured output. Commonly used for identity mapping.

Advanced phone number information gathering tool. Scans international phone numbers to identify carrier, location, and online presence.

Gather emails, subdomains, IPs, and URLs from public sources. Uses search engines, PGP servers, and Shodan.

Collect dossier on a person by username. Checks 3000+ sites, extracts personal info from profiles.

Check if an email is used on different sites like Twitter, Instagram, Imgur without notifying the user.

Subdomain discovery tool. Passive reconnaissance using certificate transparency, DNS, and search engines. Fast and reliable.

In-depth DNS enumeration and network mapping. Active and passive subdomain discovery. Maintained by OWASP.

Fast web crawler designed for OSINT. Extracts URLs, emails, social media accounts, and files from websites.

Read, write, and edit metadata in images, videos, PDFs. Extract GPS coordinates, camera info, timestamps, author names.

Identify hash types. Determines what algorithm generated a hash string. Essential for password cracking and forensics.

Command-line interface for Censys internet scanning data. Query certificates, hosts, and services from the terminal.

Real-time social media search. Monitor mentions across Twitter, Facebook, Instagram, YouTube, Reddit, and more.

Search engine for data leaks, breaches, and the darknet. Paid subscription for unlimited searches and exports.

Twitter analytics and search. Find people by bio keywords, compare followers, analyze activity patterns.

Advanced Twitter scraping tool. Bypass API limits, scrape tweets, followers, following, likes without authentication.

Direct access to U.S. federal court documents, case filings, and dockets. Official government system. $0.10 per page, free up to $30 per quarter.

Most U.S. states maintain free searchable databases for criminal and civil cases. Search by name, case number, or party. Each state operates its own system.

Official U.S. government registry. Search registered sex offenders across all states. Includes photos, addresses, and conviction details.

Most counties provide free online access to property ownership records, tax assessments, and sale history. Direct access to assessor databases.

World's largest open database of companies. Search 200+ million companies across jurisdictions. Track officers, filings, ownership.

Each U.S. state maintains official business entity databases. Search LLC registrations, corporation filings, and registered agent information.

Public data aggregation platform. Search phone numbers, emails, usernames across multiple open-source intelligence databases.

Global sanctions database. Search politically exposed persons (PEPs), criminal watchlists, and anti-money laundering data from official sources worldwide.

Professional-grade OSINT and risk-analysis platform used by investigators to aggregate public data across multiple sources. Subscription-based investigative tool.

Read, write, and edit metadata in images, videos, PDFs. Extract GPS coordinates, camera info, timestamps, author names.

Crawl websites and extract metadata from Office documents, PDFs. Finds usernames, software versions, network paths.

Online metadata viewer. Upload images, documents, or videos to extract hidden data. No installation required. Works in browser.

B2B contact database. Company hierarchies, decision makers, direct dials. Enterprise pricing, expensive but comprehensive.

Email finder and verification API. Domain search returns all public email addresses. Email pattern detection and deliverability checks.

Search US government research funding. Find grants, principal investigators, institutions, publications, patents from NIH-funded research.

European Commission research database. Find EU-funded projects, participants, publications, results from Framework Programmes.

Largest collection of dissertations and theses. Free previews, full access through libraries. Find academic research by author or topic.

Search local government databases for property records, court filings, business licenses, permits. Every county has different online systems.

Search code, commits, issues, repos with advanced filters. Find API keys, credentials, personal info accidentally committed. Filter by date, language, user.

Create permanent snapshots of web pages. Search for archived versions of deleted content. Captures complete pages including dynamic elements.

Search across multiple web archives simultaneously. Aggregates results from Internet Archive, Archive.today, and other archival services.

Advanced browser fingerprinting detector. Analyzes canvas, WebGL, audio, fonts, and other fingerprint vectors. Open-source testing tool.

Check how unique your browser fingerprint is. Analyzes plugins, screen resolution, timezone, fonts, and other identifying characteristics.

Displays detailed device and browser information. Shows what data websites can collect about your system and network.

U.S. Securities and Exchange Commission database. Access all public company filings, financial statements, and regulatory documents.

Meta's social media analytics platform. Track public content performance across Facebook, Instagram, Reddit. Requires application and approval.

International Consortium of Investigative Journalists database. Search Panama Papers, Paradise Papers, and other offshore leak investigations. Track shell companies and hidden wealth.

Free VIN lookup from NICB. Check if vehicle was reported stolen or has salvage title.

Official U.S. government VIN decoder. Identifies vehicle specifications, manufacturer details, and recall information. Direct access to NHTSA database.

Aggregates public property records from county assessors. Shows ownership history, sale prices, and tax assessments. Free access to most data.

Find where images appear online. Track down original sources, find higher resolution versions, identify people and places.

Reverse image search with oldest and newest sorting. Find image modifications, track usage, locate sources.

Russian search engine with excellent face recognition. Often finds results Google misses, especially for Eastern European content.

Browser extension for video verification. Fragment videos, reverse image search frames, analyze metadata. Essential for journalists.

Extract upload time, thumbnail images from YouTube videos for verification and reverse image searching.

Visual link analysis for OSINT investigations. Map relationships between people, companies, domains, IPs. Free version has limited transforms.

Startup and company information. Funding rounds, investors, key people, competitors. Free basic search, paid for exports.

Advanced LinkedIn search and filtering. Boolean searches, company insights, org charts. Business subscription required.

Create permanent snapshots of web pages. Search for archived versions of deleted content. Unlike Wayback Machine, captures complete pages.

Search multiple cache sources at once. Checks Google Cache, Wayback Machine, Archive.is from one interface.

View Google's cached version of any page. Add "cache:" before URL or click dropdown next to search result.