Contents
In the ever-expanding world of open source intelligence (OSINT), having the right tools at your disposal can make all the difference in gathering valuable information and uncovering critical insights.
OSINT tools like social media platforms are more than one-size-fits-all. Platforms like YouTube, Reddit, and Facebook have unique features. Similarly, OSINT tools function differently, and the right open-source tools for gathering threat intelligence may not be initially apparent.
This article provides a comprehensive guide on what OSINT tools are, why companies use them, and the best OSINT tools available across various platforms.
Let's dive in.
What are OSINT tools, and Why Are They Necessary for Gathering Information?
OSINT tools are online software, applications, or other platforms that scour the internet to identify pertinent information. These OSINT tools can be used for open source intelligence investigations by any individual, government agency, private company, or corporation.
Most OSINT tools act as a search engine for varying corners of the internet, like the dark web or social media. Depending on the function, an OSINT tool can provide real-time situational or emergency information and detailed info on a potential bad actor, including phone numbers, email addresses, IP addresses used, and social media accounts.
These tools fit within a general OSINT framework for security personnel and help fill the gaps in identifying web vulnerabilities, possible access points for data leaks, personnel safety concerns, or potential threats.
Types of OSINT tools
Generally, many OSINT tools come in three categories:
- Discovery Tools are basic tools that search for information already available online. A great example is Google. Though Google seems like a simple search tool, it can be a powerful place to start an OSINT investigation, depending on the investigator’s open source intelligence expertise.
- Scraping tools "scrape" helpful or pertinent data from website domains, social media accounts, and other open-source platforms for further analysis. The best OSINT tools for scraping only extract the essential public data relevant to a specific open source intelligence investigation, so no hefty data extractions or excess information are involved.
- Aggregation tools are used for deeper investigations into existing data. Once data has been extracted and stored in a secure location like an embedded web server, it needs further analysis to fit the puzzle pieces from multiple data sources into a clear picture. Aggregation tools combine these related pieces of information, allowing investigators to better visualize better data relevant to their company.
What are the best OSINT tools?
A Google search for “OSINT tools” provides pages of options. Established social media giants and alt-tech social media networks have grown exponentially over the past few years. Accordingly, there are many threat intelligence sources and OSINT software companies from which to choose.
Below, we’ve highlighted the best OSINT tools for Reddit, Facebook, TikTok, Telegram, Transport Tracking, YouTube, and Image and Video Verification.
While there are other OSINT tools, this list provides a great (and centralized) place to start.
Reddit OSINT Tools
Cama’s Reddit Search
Cama’s Reddit Search is a simple, easy-to-use OSINT search tool. Cama allows investigators to search by Author (i.e., Reddit username), subreddit, posts/comments, score, date range, and keywords. While the documentation may be lacking, we discovered a helpful tip: You can restrict search results to multiple subreddits by simply placing a comma between each one. For example, if you want to confine your "OSINT" search query to the subreddits of OSINT and Corporate Security, you will enter it in the "Subreddit" field as OSINT, Corporate Security minus the quotation marks.
Redditsearch.io
This OSINT tool from pushshift.io offers all the functionality of Cama’s Reddit Search, plus the ability to search for articles from a specific domain. However, there are some limitations. Some features like "Aggregations" and "DataViz" don’t always yield consistent results. Moreover, the “User Analyzer” and “Subreddit Suggestions” features aren’t particularly user-friendly.
On the plus side, you can dork to your heart's content using your search engine of choice. To search a specific subreddit, enter the dork "site:reddit.com/r/[insert subreddit name] + keyword/username” (without quotes).
Karma Decay
Karma is a reverse image tool that tracks the different subreddits where photos have been published, often offering intriguing results. Conducting a reverse image search is simple - upload an image, copy/paste a Reddit URL, or install the browser plugin that integrates Karma Decay. Remember that the image processing time might be slightly longer, so it may take longer than a Google Image Search.
For more Reddit OSINT Tools, read here.
Facebook OSINT Tools
Who posted what?
Who posted what? is a private Facebook keyword search for people who work in the public interest arena. Once an investigator accesses the website, they can search for keywords corresponding to specific dates. Who posted what? is handy for identifying historical data on current and past threats. Additionally, it provides more recent information on imminent security threats.
Facebook Video Downloader
The Facebook Video Downloader is a simple and helpful OSINT tool that quickly downloads any video posts to Facebook for immediate or future use. Type in the Facebook link, click the "download video" button, and you'll have a concrete file of any video on the platform.
HaveIBeenZuckered
HaveIBeenZuckered was created in response to the 2019 Facebook data breach, wherein a large dataset of approximately 533 million Facebook accounts was made available for download. With a quick search, investigators can check HaveIBeenZuckered to see if phone numbers belonging to their company, executives, and personnel were included in this breach. This check ensures no current threat spillover from the 2019 event.
More Facebook OSINT tools here.
TikTok OSINT Tools
TikTok Api in Python
TikTok does not officially support scraping public data like Twitter or YouTube, but alternative tools, such as the TikTok API, are available. With this OSINT tool, you can search for TikTok users by name, search by hashtags linked to videos, and to watch videos. The API’s primary limitation is that developers with intricate knowledge of data-scraping practices will be able to utilize it best.
Bellingcat TikTok # Analysis Tool
The Bellingcat TikTok analysis tool allows analysts to collect a dataset of TikToks connected with specific hashtags over a more extended period. Additionally, it provides insight into what other topics appear together with specific hashtags most consistently. Analyzing patterns in the joint use of hashtags can help analysts spot coordinated influence or disinformation campaigns. Additionally, if the same set of hashtags is used repeatedly, examining a large cohort of posts can provide contextual insight for specific hashtags.
Bellingcat Tik Tok Timestamp Tool
This OSINT tool lets analysts pinpoint the exact upload date and time for TikTok video URLs. Input the video URL; the tool will display the specific upload time.
For more TikTok OSINT tools, read here.
Telegram OSINT Tools
Lyzem
Lyzem is one of many search engines created for Telegram. This tool lets you search for conversations highlighting key phrases. Additionally, analysts can use Lyzem to unearth public channels, users, and groups. Lyzem is especially helpful for corporate analysts who work for organizations that prohibit them from creating an account on the site.
Geogramint
Geogramint uses Telegram's API to identify nearby users and groups. The now-discontinued Tejado's Telegram Nearby Map inspired this social media tracking tool. Geogramint aims to improve the Nearby Map's original concept by providing a more user-friendly experience.
Geogramint’s primary limitation is that it only finds Telegram users and groups that have activated the "nearby" feature. Otherwise, it's deactivated.
This OSINT tool is fully supported on Windows and partially on Mac OS and Linux distributions.
Intelligence X: TG
Intelligence X: TG has a helpful search engine for uncovering Telegram content. Type a keyword or series of related phrases into the search bar. Then, the query will return related information from Telegram, users, channels, groups, or bots.
For more Telegram OSINT tools, read here.
Transport Tracking OSINT Tools
Flight Aware
Flight Aware provides real-time flight traffic in your immediate region and worldwide. Featuring an interactive map that provides an overview of current flights, investigators can click on any specific aircraft or airport for more information on flight numbers, ETA, potential delays, and even local weather conditions.
Flight Radar
Like Flight Tracker, Flight Radar is a transport tracking tool using an interactive map to show all global flights. Investigators can easily zoom in and out to acquire information from a specific corner of the world. A left-side menu also allows investigators to track particular flights and weather conditions and monitor the movements of executives, personnel, and other persons or flights of interest.
Air Now
Air Now is an OSINT software tool that utilizes map-based flight tracking. Air Now is continually updated with a top ticker that shows the most viewed flights in recent history. Investigators can click on any flight in the region to obtain more information, including scheduled arrival time, the aircraft model and flight number, and the exact longitude and latitude of its current location.
YouTube OSINT Tools
Aware Online
Aware Online allows users to utilize keywords to search for specific videos, playlists, and channels. Analysts can filter video searches by upload date and evaluate channels. Easy to use and completely free, Aware Online is a good starting point to start a broader search. The vast number of search results means that some extra work will go into refining the results into usable threat intelligence.
OSINT Toolkit
OSINT Toolkit is a similar and broadly-based social media investigation tool that uses the same URL manipulation as Aware Online to identify videos, channels, and other data that matches specific keywords. Users can also search by an exact phrase, title, live videos, and upload date to achieve even more targeted results.
YouTube Geofind
Videos uploaded at the scene can help provide real-time information during emergencies, and this is where a location-based tool like YouTube Geofind comes in handy. YouTube Geofind allows investigators to enter an address or general location to identify videos posted in a geographic area. Geofind is an excellent way to identify videos of recent crimes, incidents, or disasters in a given locale.
Remember, analysts should interpret location data as the reported location data. YouTube allows users to self-select the video's location. Furthermore, the technology used to spoof locations is increasingly available and effective.
For more YouTube OSINT tools, click here.
OSINT Tools for Image and Video Verification
TinEye
TinEye is a social media tracking tool that executes reverse image searches to identify the accompanying data. To use, investigators can copy and paste the image URL (or upload the file directly), and TinEye will list the various locations, dates, and websites that have utilized the image over time.
Search by Image
Search by Image is supported by various search engines, including Google and Bing. It is a browser extension that makes effortless reverse image searches possible. The Search by Image extension helps journalists, researchers, and investigators verify image authenticity and helps identify social media disinformation campaigns.
Foto Forensics
Foto Forensics uses a heat map-like filter to identify altered areas of a photo or image. Featuring an easy interface where investigators can copy and paste an image link, this social media tracking tool will detail any areas of the picture where adjustments to the original file may have occurred.
For more image and video verification OSINT tools, read here.
What to Consider Before Using an OSINT Tool
All the above-listed tools have some limitations, and an investigator needs to recognize these gaps so that nothing falls through the cracks. Whether you are using a paid application explicitly designed for a specific social media platform or a free tool for a general purpose like financial analytics, here's what you need to remember regarding the potential drawbacks of specific OSINT software tools.
- Limitations in data sources – Some tools may only monitor social media, while others look at specific types of internet data, like dark websites or government agencies. As such, unless an investigator utilizes an all-encompassing product, they may need to monitor multiple tools for comprehensive and in-depth data collection.
- There may be a learning curve – Several tools require special skills (like understanding and utilizing command-line interface) to be effective. Investigators unfamiliar with a command-line interface, Google Dorking, or other advanced search methods may have difficulty accessing and using specific OSINT tools.
- The cost may be higher than you expect – Free OSINT tools may not provide comprehensive data, while subscription or fee-based OSINT software companies may be pricier than they’re worth. Researching and identifying the best OSINT tools for your organization and specific needs is essential.
LifeRaft: The best way to protect your people, assets, brand, and data
The best open-source intelligence gathering source is an advanced OSINT software platform like LifeRaft’s Navigator. Navigator is a powerful open source tool that provides threat intelligence from unlimited data sources. This OSINT tool monitors publicly available data 24/7 and provides instant alerts on sensitive data that may be valuable for security personnel.
The Complete Guide to OSINT Tools
Bottom Line. Your job as a security professional is challenging enough without having to discern which tools are best for each platform.
Reach out to our LifeRaft team today, and we will work together to ensure that you have the requisite tool for an intelligence-led security program.