Skip to content

Best Osint Tools for Social Media

Social media sites like Twitter, Instagram, Pinterest, LinkedIn, etc. are all great to use when investigating a missing person. But sifting through millions of posts is tough. This article breaks down the best osint tools for social media that will help identify the most relevant social media posts.

Some of the best osint tools have been evaluated and recommended by Robin Sage, a well-known information security expert. In this report, he shows how these devices can be used as a help for intelligence analysts as well as as a tool for cyber security to search for incidents, data leaks, and vulnerabilities in enterprises, state organizations, critical infrastructure providers.


Maltego specializes in uncovering relationships among people, companies, domains and publicly accessible information on the internet. It’s also known for taking the sometimes enormous amount of discovered information and plotting it all out in easy-to-read charts and graphs. The graphs do a good job of taking raw intelligence and making it actionable, and each graph can have up to 10,000 data points.

The Maltego program works by automating the searching of different public data sources, so users can click on one button and execute multiple queries. A search plan is called a “transform action” by the program, and Maltego comes with quite a few by default that include common sources of public information like DNS records, whois records, search engines and social networks. Because the program is using public interfaces to perform its searching, it’s compatible with almost any source of information that has a public interface, so adding more searches to a transform action or making up a whole new one is easily possible.

Once the information is gathered, Maltego makes connections that can unmask the hidden relationships between names, email addresses, aliases, companies, websites, document owners, affiliations and other information that might prove useful in an investigation, or to look for potential future problems. The program itself runs in Java, so it works with Windows, Mac and Linux platforms.

There is a free version of the program with limited features called Maltego CE. Desktop versions of Maltego XL run $1,999 per instance. Server installations for large-scale commercial use start at $40,000 and come with a complete training program.


Available as a Chrome extension and Firefox add-onMitaka lets you search over six dozen search engines for IP addresses, domains, URLs, hashes, ASNs, Bitcoin wallet addresses, and various indicators of compromise (IOCs) from your web browser. Ax Sharma

The extension saves up your time by acting as a shortcut to various online databases that can be queried with a click.

For those who prefer a focused, more limited set, an alternative extension Sputnik is also available.


Spiderfoot is a free OSINT reconnaissance tool that integrates with multiple data sources to gather and analyze IP addresses, CIDR ranges, domains and subdomains, ASNs, email addresses, phone numbers, names and usernames, BTC addresses, etc. Available on GitHub, Spiderfoot comes with both a command-line interface and an embedded web-server for providing an intuitive web-based GUI.

The application itself comes with over 200 modules making it ideal for red teaming reconnaissance activities, to discover more information about your target or identify what you or your organisation may be inadvertently exposing on the internet.


Spyse describes itself as the “most complete internet assets registry” geared toward cybersecurity professionals. Relied on by projects like OWASP, IntelligenceX, and the aforementioned Spiderfoot, Spyse collects publicly available data on websites, their owners, associated servers, and IoT devices. This data is then analyzed by the Spyse engine to spot any security risks in and connections between these different entities.

A free plan is available, although for developers planning on building apps using the Sypse API, paid subscriptions may be required.


As the name implies, BuiltWith lets you find what popular websites are built with. Different tech stacks and platforms power different sites. BuiltWith can, for example, detect whether a website is using WordPress, Joomla, or Drupal as its CMS and provide further details.

BuiltWith also generates a neat list of known JavaScript/CSS libraries (e.g., jQuery or Bootstrap) that a website uses. Further, the service provides a list of plugins installed on the websites, frameworks, server information, analytics and tracking information, etc. BuiltWith can be used for reconnaissance purposes.

What’s more? Combine BuiltWith with website security scanners like WPScan that, for example, integrate with WordPress Vulnerability Database API to spot common security vulnerabilities impacting a website.

For those looking to identify mainly the tech stack makeup of a site, Wappalyzer may be better suited as it provides a more focused, concise output. Try both BuiltWith and Wappalyzer for yourself and see which suits your needs better.

Intelligence X

Intelligence X is a first-of-its-kind archival service and search engine that preserves not only historic versions of web pages but also entire leaked data sets that are otherwise removed from the web due to the objectionable nature of content or legal reasons. Although that may sound similar to what Internet Archive’s Wayback Machine does, Intelligence X has some stark differences when it comes to the kind of content the service focuses on preserving. When it comes to preserving data sets, no matter how controversial, Intelligence X does not discriminate.

Intelligence X has previously preserved the list of over 49,000 Fortinet VPNs that were found vulnerable to a Path Traversal flaw. Later during the week, plaintext passwords to these VPNs were also exposed on hacker forums which, again, although removed from these forums, were preserved by Intelligence X.

Previously, the service has indexed data collected from email servers of prominent political figures like Hillary Clinton and Donald Trump. Another recent example of the media indexed by on Intelligence X is the footage from the 2021 Capitol Hill riots and the Facebook’s data leak of 533 million profiles. To intel gatherers, political analysts, news reporters, and security researchers, such information can be incredibly valuable in various ways.

 OSINT Framework

This is perhaps one of the most popular OSINT tools out there. The thing is that OSINT Framework is more of a website with a directory of tools rather than just one single tool. And, it is perhaps this ability to find all the tools you may need to dig up all the information on a target, in one place, that makes it the go-to option for information gathering.

Another reason this is a popular collection is that many of the best OSINT tools are written or created for a Linux environment. This directory, meanwhile, has many tools that can be run from a browser and, even when the installation is needed, there are options for most major operating systems.

The collection of OSINT tools can help dig up information using anything from a simple telephone number, IP address, or email addresses. There are even options for venturing into the Dark Web or the ability to analyze malicious files. So, proceed with caution.

There are tutorials and games included to get beginners started with the digging-for-information game. Need a VM for a research campaign? You can find a list of software solutions under “Virtual Machines.”

Almost all of the tools that are linked to an OSINT Framework are free while the few remaining ones might ask for a small subscription fee.

 Google Dorks

Anyone who takes Google’s search capability for granted, or underestimates the power that lies behind this search engine’s capability to dig deep and come up with some interesting information, is a fool.

With the right arguments, anyone can find files or documents that may seem securely stored. In fact, one of the first things to do during a penetration test is to use Google Dorks to see what can already be accessed without any data mining tools.

As you may have understood, Google Dorks is not a tool, per se. It is a data querying method that involves querying for information using advanced – and clever – search arguments in Google Search.

Here’s how it works: websites are automatically indexed when Google bots crawl them. Now, unless sites with sensitive data or folders specifically block the bots (using noindex meta tags), their contents will be made available as search results for specific Google queries.

The concept here is to enable any user to delve deep into a server’s annals to come up with data corresponding to various arguments. The beauty of it is that Google has a large list of arguments that can address queries for almost any type of data including usernames and passwords.

There is no one website to go for the ultimate compilation of clever Google syntaxes; that means you will need to do a Google search for that too. But, for your reference, we have one of the most popular Google Dorks sites: Google Hacking Database on Exploit Database. Enthusiasts from all over the world update this registry daily.

Again, be aware that this is a powerful OSINT tool that can uncover sensitive information that could get you in trouble simply because you downloaded, or even looked at it.


Social media has become an effective and popular tool for tracking, monitoring and analysing trends to provide the best possible information for decision makers. This is a huge market and growing market worldwide.

Leave a Reply

Your email address will not be published.

Exit mobile version