OSINT Tools

Passive reconnaissance tools and techniques for target profiling.

Published: May 10, 2026
Read time: 1 min read
Topics: osintreconpassive

Identity & People

theHarvester — emails, names, IPs from public sources
Maltego — graph-based relationship mapping
sherlock — username across platforms

Infrastructure

shodan — internet-connected device search
censys — certificate and host enumeration
FOFA — Chinese alternative to Shodan

Documents & Metadata

exiftool document.pdf          # author, GPS, software
metagoofil -d target.com -t pdf,doc -l 20

Google Dorks

site:target.com filetype:pdf
intitle:"index of" site:target.com
inurl:admin site:target.com