21 Social Media OSINT Tools and Scripts

Open Source Intelligence (OSINT) for social media involves collecting and analyzing public data from platforms like Facebook, Twitter, and Instagram.

It’s valuable in cybercrime investigation, market research, brand management, personal safety, online reputation, journalism, disaster management, and security and defense.

1- SpyScrap

SpyScrap is an OSINT tool designed to gather information from various sources such as Google, Tinder, and Twitter. It uses facial recognition and natural language processing to filter results and identify key entities.

The tool calculates a score indicating a user’s public exposure on the internet. It has two independent modules, CLI and Web Interface, both built using Docker and easy to deploy.

Supported Web Scrapping Modules

• Tinder
• Instagram
• Yandex
• Google
• Facebook
• BOE
• Twitter

GitHub – RuthGnz/SpyScrap: CLI and GUI for OSINT. Are you very exhibited on the Internet? Check it! Twitter, Tinder, Facebook, Google, Yandex, BOE. It uses facial recognition to provide more accurate results.

CLI and GUI for OSINT. Are you very exhibited on the Internet? Check it! Twitter, Tinder, Facebook, Google, Yandex, BOE. It uses facial recognition to provide more accurate results. – RuthGnz/Spy…

2- Sherlock

Sherlock is an open-source free tool that hunts down social media accounts by username across social networks.

GitHub – sherlock-project/sherlock: 🔎 Hunt down social media accounts by username across social networks

🔎 Hunt down social media accounts by username across social networks – sherlock-project/sherlock

3- Seekr

Seekr is a multi-purpose OSINT-data toolkit that integrates various tools into a single interface. It uses a Go and BadgerDB backend for data collection, organization, and analysis, making it ideal for researchers and investigators. It simplifies data management and streamlines OSINT workflows.

Seekr is an application that combines note-taking and Open Source Intelligence (OSINT), designed for real-world use cases and can be used alongside existing tools.

Key Features

• NO api keys required for all features.
• Desktop interface.
• Database for OSINT targets.
• Integration / adaptation of many popular OSINT-tools (e.g. phoneinfoga)
• GitHub to email
• Guide (Enter information you have and get web-tools recommended to help you)
• Account cards for each person in the database
• Account discovery integrating with the account cards
• Pre defined commonly used fields in the database
• Themes & Plugins

GitHub – seekr-osint/seekr: A multi-purpose OSINT toolkit with a neat web-interface.

A multi-purpose OSINT toolkit with a neat web-interface. – seekr-osint/seekr

4- Holehe OSINT

Holehe is a tool that checks if an email is attached to accounts on various sites, including Twitter, Instagram, and Imgur, among 120 others. It retrieves information using the forgotten password function without alerting the target email and runs on Python 3.

GitHub – megadose/holehe: holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function. – megadose/holehe

5- DaProfiler

DaProfiler is an OSINT tool that helps you gather personal information that may be available online, such as addresses, social media accounts, email addresses, phone numbers, and job details. This information can be used to make GDPR requests to remove your digital footprint.

GitHub – daprofiler/DaProfiler: DaProfiler is an OSINT tool allowing you to collect certain information about yourself in order to rectify by rgpd requests the traces you may have left on the net. DaProfiler is indeed able to recover: Addresses, Social media accounts, e-mail addresses, mobile / landline number, jobs.

DaProfiler is an OSINT tool allowing you to collect certain information about yourself in order to rectify by rgpd requests the traces you may have left on the net. DaProfiler is indeed able to rec…

6- OWASP Maryam

OWASP Maryam is an open-source, modular framework designed for OSINT and data gathering. It facilitates rapid and comprehensive data harvesting from open sources and search engines. The framework supports Linux, FreeBSD, Darwin, and OSX operating systems.

GitHub – saeeddhqan/Maryam: Maryam: Open-source Intelligence(OSINT) Framework

Maryam: Open-source Intelligence(OSINT) Framework. Contribute to saeeddhqan/Maryam development by creating an account on GitHub.

7- Maigret

Maigret is a powerful tool that collects comprehensive information on a person using only a username. It checks accounts across thousands of sites without requiring API keys.

It supports searching on over 3000 sites, including Tor and I2P sites, and domains via DNS resolving. Features include profile pages parsing, recursive search by new usernames, search by tags, and censorship and captcha detection.

GitHub – soxoj/maigret: 🕵️‍♂️ Collect a dossier on a person by username from thousands of sites

🕵️‍♂️ Collect a dossier on a person by username from thousands of sites – soxoj/maigret

8- Toutatis

Toutatis is a free, open-source OSINT Python script that enables the extraction of information from Instagram accounts, including emails, phone numbers, and more.

GitHub – megadose/toutatis: Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails, phone numbers and more

Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails, phone numbers and more – megadose/toutatis

9- Mr.Holmes

Mr.Holmes is an OSINT tool designed to extract valuable details about domains, usernames, and phone numbers from public sources on the internet. It uses Google dorks attack for specific research needs and ensures anonymity by using proxies for all requests. It also integrates a WhoIS API for a richer dataset about a domain.

GitHub – Lucksi/Mr.Holmes: A Complete Osint Tool :mag:

A Complete Osint Tool :mag:. Contribute to Lucksi/Mr.Holmes development by creating an account on GitHub.

10- Alfred

Alfred is a user-friendly tool designed to discover usernames across various websites, similar to Sherlock.

It is successful about 80% of the time and is intended to help new programmers or pentesters enter the world of OSINT. Alfred is built using Python 3.12.

GitHub – Alfredredbird/alfred: Alfred is a advanced OSINT information gathering tool that finds social media accounts based on inputs.

Alfred is a advanced OSINT information gathering tool that finds social media accounts based on inputs. – Alfredredbird/alfred

11- Zehef

Zehef is an OSINT tool for studying emails without alerting the target. It allows users to check if their personal or corporate emails have been leaked and on which popular sites the email is registered. It supports dozens of OSINT modules that allows you to search many services and databases.

Features

Zehef’s Feature list includes: asynchronous scraping, a command-line interface menu, and modules for website scraping, breach checking, API scraping for target email information, possible account checking on Snapchat & TikTok, and checking all Pastebin links related to the email.

GitHub – N0rz3/Zehef: Zehef is an osint tool to track emails

Zehef is an osint tool to track emails. Contribute to N0rz3/Zehef development by creating an account on GitHub.

12- YesItsMe

Yesitsme is a Python script that leverages dumpor.com‘s indexing to find Instagram accounts associated with a specific name, email, and phone number. It compares the retrieved Toutatis obfuscated email/phone with the input, aiding in online investigations.

GitHub – 0x0be/yesitsme: Simple OSINT script to find Instagram profiles by name and e-mail/phone

Simple OSINT script to find Instagram profiles by name and e-mail/phone – GitHub – 0x0be/yesitsme: Simple OSINT script to find Instagram profiles by name and e-mail/phone

13- Eyes

“Eyes” is an OSINT tool that identifies existing accounts linked to an email address. It can detect accounts on various sites, even if the profile doesn’t directly relate to the email, without alerting the target. The tool features asynchronous scraping and a command-line interface.

GitHub – N0rz3/Eyes: 🕵️ Email osint tool

🕵️ Email osint tool . Contribute to N0rz3/Eyes development by creating an account on GitHub.

QueryTool is an OSINT framework integrated within Google Sheets, designed to simplify the process of generating queries for various search engines. It aids in conducting sophisticated searches for terms, usernames, email addresses, files, and more, supporting the cyber investigation process.

The tool is categorized into sections, including Recon & SOCMINT, which features search engines for general research and social media search tools.

GitHub – oryon-osint/querytool: Querytool is an OSINT framework based on Google Spreadsheet. With this tool you can perform complex search of terms, people, email addresses, files and many more.

Querytool is an OSINT framework based on Google Spreadsheet. With this tool you can perform complex search of terms, people, email addresses, files and many more. – oryon-osint/querytool

15- SocialOSINT

SocialOSINT is a powerful open-source Python OSINT tool. It’s designed for extracting emails from targets published on social networks such as Instagram, Linkedin, and Twitter. Moreover, it’s an effective means for identifying potential credential leaks in PwnDB.

GitHub – krishpranav/socialosint: A python osint tool for getting emails, from a target, published in social networks like Instagram, Linkedin and Twitter for finding the possible credential leaks in PwnDB

A python osint tool for getting emails, from a target, published in social networks like Instagram, Linkedin and Twitter for finding the possible credential leaks in PwnDB – krishpranav/socialosint

16- Twint

Twint is a Python-based Twitter scraping tool that bypasses Twitter’s API, allowing for the extraction of Tweets from specific users, topics, hashtags, and trends.

It can also scrape sensitive information from Tweets and special queries such as a user’s followers, liked Tweets, and who they follow. Benefits include fetching almost all Tweets, fast setup, anonymous use, no sign-up requirement, and no rate limitations.

GitHub – twintproject/twint: An advanced Twitter scraping & OSINT tool written in Python that doesn’t use Twitter’s API, allowing you to scrape a user’s followers, following, Tweets and more while evading most API limitations.

An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most…

17- Ghunt

GHunt (v2) is an offensive Google framework designed for efficient evolution, primarily focused on OSINT. It features CLI usage and modules, Python library usage, full asynchrony, JSON export, and a browser extension to facilitate login.

GitHub – mxrch/GHunt: 🕵️‍♂️ Offensive Google framework.

🕵️‍♂️ Offensive Google framework. Contribute to mxrch/GHunt development by creating an account on GitHub.

SpiderFoot is an open source intelligence automation tool that integrates with numerous data sources and uses various methods for data analysis.

It includes an embedded web-server for a user-friendly web interface, but can also be operated entirely via the command-line. The tool is written in Python 3 and is MIT-licensed.

• Web based UI or CLI
• Over 200 modules (see below)
• Python 3.7+
• YAML-configurable correlation engine with 37 pre-defined rules
• CSV/JSON/GEXF export
• API key export/import
• SQLite back-end for custom querying
• Highly configurable
• Fully documented
• Visualisations
• TOR integration for dark web searching
• Dockerfile for Docker-based deployments
• Can call other tools like DNSTwist, Whatweb, Nmap and CMSeeK
• Actively developed since 2012!

GitHub – smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface. – smicallef/spiderfoot

19- Social Analyzer

Social Analyzer is an application that can analyze and locate a person’s profile across over 1000 social media platforms and websites. It uses various detection techniques to rate the likelihood of a match, aiming to reduce false positives.

The tool can assist in investigating profiles linked to suspicious or harmful activities like cyberbullying, cyber grooming, cyberstalking, and misinformation dissemination.

Features

• String & name analysis (Permutations and Combinations)
• Find a profile using multiple techniques (HTTPS library & Webdriver)
• Multi profile search (Used for correlation – any combination separated with “,” )
• Multilayers detections (OCR, normal, advanced & special)
• Visualized profile information using Ixora (Metadata & Patterns)
• Metadata & Patterns extraction (Added from Qeeqbox OSINT project)
• Force-directed Graph for Metadata (Needs ExtractPatterns)
• Search by top ranking or by country (Alexa Ranking)
• Search by type (adult, music, etc.. – automated websites stats)
• Profiles stats and static info (Category country)
• Cross Metadata stats (Added from Qeeqbox OSINT project)
• Auto-flirtation to unnecessary output (Enable javascript etc..)
• Search engine lookup (Google API – optional)
• Custom search queries (Google API & DuckDuckGo API – optional)
• Profile screenshot, title, info, and website description
• Find name origins, name similarity & common words by language
• Find possible profile\person age (Limited analysis)
• Custom user-agent, proxy, timeout & implicit wait
• Python CLI & NodeJS CLI (limited to FindUserProfilesFast option)
• Screenshots of detected profile (The latest version of Chrome must be installed)
• Grid option for faster checking (limited to docker-compose)
• Dump logs to folder or terminal (prettified)
• Adjust finding\getting profile workers (default 15)
• Re-checking option for failed profiles
• Filter profiles by good, maybe, and bad
• Save the analysis as a JSON file
• Simplified web interface and CLI
• And, more!!

GitHub – qeeqbox/social-analyzer: API, CLI, and Web App for analyzing and finding a person’s profile in 1000 social media \ websites

API, CLI, and Web App for analyzing and finding a person’s profile in 1000 social media \ websites – qeeqbox/social-analyzer

20- OWASP Amass

The OWASP Amass Project is an open-source tool that excels at network mapping and external asset discovery.

What does it collect?

It uses a variety of information gathering and active reconnaissance techniques, which include:

• APIs: Utilizes numerous data sources such as 360PassiveDNS, Ahrefs, AnubisDB, and more.
• Certificates: Actively pulls information, with optional sources including Censys, CertCentral, CertSpotter, and others.
• DNS: Employs techniques like brute forcing, reverse DNS sweeping, NSEC zone walking, and zone transfers.
• Routing: Uses data from ASNLookup, BGPTools, BGPView, BigDataCloud, and other sources.
• Scraping: Leverages sources such as AbuseIPDB, Ask, Baidu, Bing, and more.
• Web Archives: Extracts data from Arquivo, CommonCrawl, HAW, PublicWWW, UKWebArchive, and Wayback.
• WHOIS: Uses data from AlienVault, AskDNS, DNSlytics, ONYPHE, SecurityTrails, and others.

GitHub – owasp-amass/amass: In-depth attack surface mapping and asset discovery

In-depth attack surface mapping and asset discovery – owasp-amass/amass

21- SPY

SPY is a simple OSINT tool designed to scan social media accounts across various networks using a username.

GitHub – CYB3R-G0D/SPY: 🕵️‍♂️ An OSINT python tool to scan social media accounts by username across social networks

🕵️‍♂️ An OSINT python tool to scan social media accounts by username across social networks – CYB3R-G0D/SPY

31 Free OSINT Tools For Security Researchers

OSINT stands for Open Source Intelligence. It refers to the collection and analysis of information that is publicly available from open sources such as websites, social media, and news articles. OSINT is commonly used for gathering intelligence, conducting investigations, and supporting decision-making processes. Some benefits of using OSINT include: * Access