pwnHACKER // OSINT

The search engine for Internet-connected devices. Continuously crawls and indexes open ports, banners, and services across billions of IPs — from routers to industrial systems.

Query domain registration records — owner, registrar, registration dates, name servers, and contact data from public WHOIS databases.

Suite of DNS investigation tools: reverse IP, reverse whois, DNS history, traceroute, port scanner, and IP geolocation — all in one free interface.

Scans the entire Internet to index every reachable host and certificate. Provides structured data on TLS certs, open services, and device metadata. Research-grade internet-wide scanning.

Analyze URLs, domains, IPs, and files against 70+ antivirus engines and reputation services simultaneously. Essential for quick threat assessment and IOC validation.

Query ASN, BGP routing, IP ranges, and DNS records for any organization. Invaluable for mapping an organisation's full internet-facing infrastructure.

Free domain research tool that discovers hosts related to a domain — subdomains, MX records, name servers — and visualises the DNS map. No API key required.

Identify the technology stack behind any website — CMS, frameworks, analytics, CDN, hosting provider, and more. Invaluable for fingerprinting targets and understanding their infrastructure before engagement.

Submit a URL to scan and analyse it in a sandboxed browser. Returns a screenshot, DOM content, outbound requests, redirects, and threat indicators — all without visiting the page yourself. Essential for safely analysing suspicious links.

Hunt for a username across 300+ social networks simultaneously via CLI. Written in Python — one of the most-starred OSINT tools on GitHub.

Real-time social media search engine monitoring public posts across Twitter, Facebook, Instagram, Reddit, and more. Track keywords, hashtags, and mentions.

Advanced Twitter scraping tool that requires no API key. Scrape tweets, followers, following lists, likes, and profile data without rate limits.

Download Instagram profiles, photos, stories, reels, hashtags, and metadata including geotags and timestamps. Powerful CLI tool for Instagram OSINT.

Advanced Reddit search and user history archive. Find deleted posts, search by user, subreddit, keywords, and date ranges — deeper than native Reddit search.

Interactive Instagram OSINT CLI tool — extract followers, following, tagged locations, photos, comments, and captions from any public Instagram profile.

Upload or paste an image to find where it appears across the web, discover the original source, identify people and objects, and expose fake or stolen profile photos.

Dedicated reverse image search engine with 62+ billion indexed images. Tracks how images are used, finds earlier versions, and identifies modified or cropped copies.

Read and write metadata (EXIF, IPTC, XMP) from images, PDFs, and audio files. Extracts GPS coordinates, camera make/model, timestamps, and software used — often revealing far more than the subject intended.

Geolocate images and videos by matching terrain, buildings, and landmarks against satellite and street-level imagery. Essential for open-source geolocation and confirmation.

Yandex reverse image search is often significantly more powerful than Google for facial recognition and finding Eastern European / Russian-language sources. Frequently surfaces results that Google and TinEye miss entirely — a critical tool in any facial OSINT workflow.

Crowdsourced street-level imagery platform covering areas Google Street View doesn't reach. Use it for geolocation confirmation, verifying photo locations, and mapping obscure areas from user-submitted photos.

The gold standard for network discovery and port scanning. Identifies hosts, services, OS versions, and open ports. The recon phase staple for 25+ years.

The world's foremost network protocol analyser. Capture and examine network traffic at packet level across hundreds of protocols. Spot anomalies, extract credentials, and study behaviour.

Passive wireless network detector, sniffer, and IDS. Works without transmitting packets — ideal for covert wireless OSINT, wardriving, and Bluetooth / RF device discovery.

Global wireless network geolocation database with 1+ billion networks mapped. Search networks by SSID, BSSID, or location. The definitive wardriving archive — and the mobile app is the best wardriving tool on Android.

Combines traceroute and ping into a real-time network diagnostic tool. Maps every hop between source and destination — revealing routing paths, latency, and packet loss.

The fastest Internet port scanner — capable of scanning the entire IPv4 space in under 6 minutes. Transmits 10 million packets per second. Perfect for large-scale network discovery and complement to Nmap's deeper service analysis.

Python tool that extracts metadata from public Google Documents — owner name, Gmail address, Google ID, creation date. Works with Docs, Sheets, Slides, Drawings, and more. Non-intrusive: no login required.

Extracts hidden metadata from Office and PDF documents — author names, software versions, internal paths, printer names, and more. Automates Google dork searches to find documents to analyse.

Access historical snapshots of any website going back to 1996. Recover deleted pages, track site evolution, and find content that was intentionally removed.

Search paste sites (Pastebin, Ghostbin, etc.) for leaked credentials, source code, API keys, and sensitive data dumps. Often the first place breach data surfaces publicly.

Uses Google dorking to harvest documents (PDF, DOC, XLS, PPT) from a target domain, then automatically extracts metadata from every file found — author names, software, internal paths, and server names.

Global reverse phone lookup and caller ID database with 300M+ users contributing number-to-name mappings. Identify unknown callers, detect spam, and look up numbers from almost any country.

API and web tool for phone number validation and carrier lookup. Returns carrier, line type (mobile/landline), location, and country for any global number.

Reference for international dialling codes and country prefixes. Reverse-lookup phone prefixes to identify country of origin for unknown international numbers.

Advanced phone number OSINT scanner written in Go. Gathers standard information (country, carrier, line type) then searches Google, Numverify, and other sources for social media profiles and online footprints associated with the number.

Access .onion sites and the dark web anonymously via the Tor network. Essential for investigators monitoring dark web forums, marketplaces, and leak sites — use only for lawful research.

Search engine for Tor hidden services. Indexes publicly accessible .onion sites and allows keyword searching without navigating manually — usable from the clearnet or via Tor.

Search the largest database of leaked credentials and breached data. Query by email, username, IP, password hash, name, phone, or domain to surface exposure across known data breaches.

Python script that scrapes multiple dark web search engines simultaneously — Ahmia, Candle, Dark Search, Torch, and others — combining results into a unified report. Ideal for keyword-based dark web monitoring without manual browsing.