OSINT Bookmarklet Library for OSINT Investigations

The Meta Tag Extractor bookmarklet is designed for investigators who need a fast, defensible readout of what a page claims about itself. When executed, it scans every meta tag in the DOM, including standard SEO descriptions, Open Graph fields, Twitter cards, robots directives, and custom properties. The output opens in a clean, local window so analysts can copy evidence directly into a report without relying on developer tools. This matters for attribution and reputation work because metadata often exposes brand impersonation, tracking infrastructure, or mismatched ownership data. Use it during early reconnaissance to capture the current state of a page before it changes. The bookmarklet runs client-side only and does not transmit data anywhere beyond the investigator’s browser. It is rated low risk because it reads existing HTML and displays it to the user without any network side effects, making it safe for rapid triage on sensitive cases.

javascript:(()=>{const k='osv:meta:ts';const n=Date.now();if(localStorage.getItem(k)&&n-parseInt(localStorage.getItem(k),10)<1500){alert('Please wait before running again.');return;}localStorage.setItem(k,n);const rows=[...document.querySelectorAll('meta')].map(m=>`${m.getAttribute('name')||m.getAttribute('property')||m.getAttribute('http-equiv')||'meta'}: ${m.content||''}`);const win=window.open('','_blank');win.document.write('<pre>'+rows.join('\\n')+'</pre>');})();

The Analytics ID Finder bookmarklet identifies the tracking IDs embedded in a page’s JavaScript, giving investigators a quick way to spot shared infrastructure between suspicious sites. When triggered, it scans inline scripts for common analytics identifiers such as Google Analytics, GA4, and Google Tag Manager codes. The results appear in a clean local window for rapid evidence capture. Analysts use this bookmarklet to connect domains owned by the same operator, verify affiliate campaigns, or locate duplicated tracking across cloned phishing pages. It is especially useful in takedown workflows where an investigator needs hard signals that multiple sites are part of a coordinated network. The bookmarklet runs entirely in the browser and only inspects the current DOM, but it is marked medium risk because it reads script contents that may be large and could include sensitive tokens. Use it deliberately on pages where you have authorization to collect technical data.

javascript:(()=>{const k='osv:analytics:ts';const n=Date.now();if(localStorage.getItem(k)&&n-parseInt(localStorage.getItem(k),10)<1500){alert('Please wait before running again.');return;}localStorage.setItem(k,n);const ids=[...document.querySelectorAll('script')].map(s=>s.innerText).join(' ');const matches=[...ids.matchAll(/(UA-\\d{4,}-\\d+|G-[A-Z0-9]{6,}|GT-[A-Z0-9]+)/g)].map(m=>m[0]);const win=window.open('','_blank');win.document.write('<pre>'+(matches.length?matches.join('\\n'):'No analytics IDs found')+'</pre>');})();

'+(json.length?json.join('\\n\\n'):'No schema markup found')+'

The Schema Markup Viewer bookmarklet surfaces JSON-LD and structured data embedded inside a web page. For investigators, schema provides direct clues about ownership, business locations, contact points, and declared relationships that are often overlooked. This tool extracts every JSON-LD block and renders it in a separate window so the data can be reviewed without digging through source code. It is useful when validating a brand impersonation report, checking if an entity is claiming false affiliations, or verifying that a site actually links to legitimate corporate profiles. Because schema is machine-readable, it can reveal an attacker’s operational footprint or shortcut attribution work. This bookmarklet is rated low risk, as it only reads existing markup and does not perform network requests. It keeps your workflow purely client-side and produces a copy-ready record for case files or evidence logs.

'+(json.length?json.join('\\n\\n'):'No schema markup found')+'

'+(json.length?json.join('\\n\\n'):'No schema markup found')+'

javascript:(()=>{const k='osv:schema:ts';const n=Date.now();if(localStorage.getItem(k)&&n-parseInt(localStorage.getItem(k),10)<1500){alert('Please wait before running again.');return;}localStorage.setItem(k,n);const json=[...document.querySelectorAll('script[type="application/ld+json"]')].map(s=>s.innerText.trim()).filter(Boolean);const win=window.open('','_blank');win.document.write('<pre>'+(json.length?json.join('\\n\\n'):'No schema markup found')+'</pre>');})();

'+(inputs.length?inputs.join('\\n'):'No hidden inputs found')+'

Hidden form inputs often contain campaign identifiers, tracking parameters, and application logic that reveal how a page operates. The Hidden Input Finder bookmarklet captures those fields in seconds, presenting the name-value pairs in a clean, local output window. Investigators use it to discover lead capture workflows, detect hidden tracking, and validate whether a form is routing data to unexpected destinations. It is especially useful during phishing analysis or compliance checks, because hidden inputs can be abused to pass identifiers without user visibility. This bookmarklet does not alter form data or submit anything; it simply reads what is already present. It is rated medium risk because it exposes form fields that may include sensitive values on internal systems, so only run it where you have authorization and a legitimate investigative need.

'+(inputs.length?inputs.join('\\n'):'No hidden inputs found')+'

'+(inputs.length?inputs.join('\\n'):'No hidden inputs found')+'

javascript:(()=>{const k='osv:hidden:ts';const n=Date.now();if(localStorage.getItem(k)&&n-parseInt(localStorage.getItem(k),10)<1500){alert('Please wait before running again.');return;}localStorage.setItem(k,n);const inputs=[...document.querySelectorAll('input[type="hidden"]')].map(i=>`${i.name||'unnamed'} = ${i.value||''}`);const win=window.open('','_blank');win.document.write('<pre>'+(inputs.length?inputs.join('\\n'):'No hidden inputs found')+'</pre>');})();

The Link Graph Snapshot bookmarklet creates an immediate list of every outbound and internal link on a page. Investigators use it to capture a moment-in-time view of a site’s relationships and pivot points, especially when tracking redirect chains or affiliate networks. By exporting the link list, you can quickly identify external services, payment processors, social profiles, or hidden navigation targets. It is also effective for verifying whether a suspicious page is using cloaked links or undisclosed affiliate routing. The output opens in a separate window for fast copy and documentation. This tool is low risk because it only reads visible HTML links and does not trigger navigation. It is a lightweight, repeatable method for documenting a page’s external connections before it changes or disappears.

javascript:(()=>{const k='osv:links:ts';const n=Date.now();if(localStorage.getItem(k)&&n-parseInt(localStorage.getItem(k),10)<1500){alert('Please wait before running again.');return;}localStorage.setItem(k,n);const links=[...document.querySelectorAll('a[href]')].map(a=>a.href);const uniq=[...new Set(links)];const win=window.open('','_blank');win.document.write('<pre>'+uniq.join('\\n')+'</pre>');})();

The Page Fingerprint Summary bookmarklet packages a quick forensic snapshot of the current page into a single readable block. It captures the URL, title, language, and referrer and presents them in a JSON-style summary that is easy to copy into investigative notes. Analysts use this tool for triage when responding to reports of impersonation, misinformation, or policy abuse. The point is speed: in seconds you can lock in the basics without opening developer tools or losing focus. This bookmarklet is marked medium risk because it includes referrer data that may expose sensitive navigation context on internal systems, so it should only be run under authorized conditions. It performs no network calls beyond the page you are already viewing. The output helps create consistent evidence logs across investigations and supports repeatable, structured documentation.

javascript:(()=>{const k='osv:fingerprint:ts';const n=Date.now();if(localStorage.getItem(k)&&n-parseInt(localStorage.getItem(k),10)<1500){alert('Please wait before running again.');return;}localStorage.setItem(k,n);const info={title:document.title,url:location.href,lang:document.documentElement.lang,referrer:document.referrer};const win=window.open('','_blank');win.document.write('<pre>'+JSON.stringify(info,null,2)+'</pre>');})();