  ____                              _       _
 / __ \__   _____ _ ____      ____ _| |_ ___| |__
| |  | \ \ / / _ \ '__\ \ /\ / / _` | __/ __| '_ \
| |__| |\ V /  __/ |   \ V  V / (_| | || (__| | | |
 \____/  \_/ \___|_|    \_/\_/ \__,_|\__\___|_| |_|

Overwatch OSINT Arsenal

FusionDataCo // Security Platform

65 tools live · 16 categories · last built 2026-05-12 03:39 UTC · OPS → · FRAMEWORK →

👤 Username Recon [4/4]

Find every account a username has touched across the web.

maigret 3000+ sites, profile data extraction, JSON/HTML output /username-recon↗ link
sherlock smaller list than maigret, faster, classic /username-recon↗ link
WhatsMyName curated checks, no install ↗ link
Namechk username + domain availability across 100+ platforms ↗ link

📧 Email OSINT [6/6]

From an email address to: registered services, breach exposure, public profile.

holehe 120+ sites password-reset enumeration /email-osint↗ link
theHarvester email harvest from search engines + DBs /email-osint↗ link
Epieos Google profile / Calendar / Maps reviews ↗ link
HIBP breach exposure check ↗ link
HudsonRock infostealer breach data, free tier ↗ link
DeHashed commercial breach search (account needed) ↗ link

📞 Phone OSINT [2/3]

Carrier, region, line type, breach exposure for any phone number.

phoneinfoga carrier, region, line type, reputation links /phone-osint↗ link
NumLookup free carrier + region lookup ↗ link
Truecaller reverse phone lookup (account needed) ↗ link

🖼️ Image OSINT [4/5]

Reverse image search, EXIF metadata, face matching, geolocation from photos.

exiftool EXIF / metadata extraction (GPS, camera, software) /image-osint↗ link
Yandex Images best for face and landmark reverse search ↗ link
Google Lens reverse image + object detection ↗ link
TinEye reverse image, origin tracing ↗ link
PimEyes face-specific reverse search (paid) ↗ link

🐦 Social Media Archaeology [3/4]

Bulk profile scraping, post archives, friend networks, deleted-content recovery.

instaloader Instagram profile / post / story archive ↗ link
snscrape X/Twitter scraping (no API key needed) ↗ link
social-analyzer 1000+ social profile checks ↗ link
gallery-dl bulk media download from many social sites ↗ link

🌐 Domain / Network [5/7]

DNS, WHOIS, subdomain enumeration, tech fingerprinting.

whois registration metadata /recon
dig DNS records (any type) /dns-audit
dnsenum comprehensive DNS enumeration /dns-audit
dnsrecon DNS reconnaissance, zone transfers /dns-audit
whatweb tech fingerprint (CMS, framework, server) /recon
subfinder passive subdomain discovery
amass subdomain + asset map (active + passive)

🗺️ Geolocation [9/9]

Coordinates ↔ address, places near a point, Street View, static maps.

Google Geocode address → lat/lng + place_id /geocode
Google Reverse-Geo lat/lng → formatted address + components /reverse-geocode
Google Places text + nearby search for businesses/landmarks /places
Google Nearby typed nearby search (gym, bus_station, etc.) /nearby
Place Details full record by place_id (phone, hours, website) /place-details
Street View visual snapshot of any coords /streetview
Static Maps embeddable map image for case reports /static-map
Bellingcat shadow sun position → coarse location ↗ link
OpenStreetMap search by features ↗ link

🏛️ Public Records / Breach [7/7]

Court records, business filings, breach databases, paste sites.

Have I Been Pwned breach exposure check ↗ link
HudsonRock infostealer breach data ↗ link
DeHashed comprehensive breach (account) ↗ link
IntelX leak / paste search (freemium) ↗ link
OpenCorporates business filings worldwide ↗ link
CourtListener US federal + many state court records ↗ link
searchsploit exploit-db offline CVE/exploit search /cve-check

🔗 Aggregator Frameworks [1/3]

Heavy-weight OSINT orchestrators that chain many sources.

spiderfoot 400+ OSINT modules, web UI ↗ link
recon-ng modular OSINT framework
Maltego CE graph link-analysis (GUI) ↗ link

📚 Archives [2/2]

Capture and recover content before it disappears.

WayBack Machine historical snapshots ↗ link
archive.today preserve a URL on demand ↗ link

📂 Case Management [5/5]

Drive-backed evidence chain per investigation.

Case folder create Subject/Photos/Sources/Notes structure in Drive /case-folder
Save evidence archive a URL into the case /save-evidence
Upload file push local file into the case /case-upload
Evidence note timestamped append to evidence-log.md /case-note
List cases show all OSINT-Cases folders /case-list

📨 Self-Search (Gmail) [2/2]

Search your own inbox for prior contact with case subjects.

Gmail search full Gmail-syntax query /gmail-search
Gmail who recent traffic to/from a person /gmail-who

🛰️ Active Recon (Kali) [2/3]

Port scans, service version, banner grabbing.

nmap the standard. Service version, OS, scripts. /port-scan↗ link
masscan internet-scale port scanner ↗ link
naabu fast port scanner (ProjectDiscovery)

🕸️ Web Recon (Kali) [8/8]

Web app fingerprinting, directory brute, parameter discovery.

wfuzz web fuzzing for params/dirs/headers
dirsearch web path brute-force
gobuster dirs/DNS/vhosts brute (Go, fast)
ffuf fuzz Faster (Go)
wafw00f WAF fingerprinting
sslscan TLS configuration + cipher audit /ssl
wpscan WordPress vulnerability scan /wp-check
zaproxy OWASP ZAP proxy/scanner (GUI)

🎯 Vulnerability Scan [2/3]

Find known vulns + misconfigurations.

sqlmap SQL injection automation
nikto classic web server vulnerability scanner
nuclei template-driven vulnerability scanning (ProjectDiscovery)

📜 Wordlists [3/3]

Pre-installed lists for password / dir / DNS brute-force.

SecLists the canonical security testing wordlist collection ↗ link
wordlists (apt) Kali default wordlists including rockyou
exploit-db offline exploit + shellcode database