OSINT Toolkit – Tools & Workflow Overview

This document summarizes all OSINT tools used across the investigation workflow. It covers every major part of modern open-source intelligence: blockchain tracing, infrastructure lookups, metadata extraction, credential reconnaissance, dark-web analysis and automation.

The list is structured to match the real investigative workflow.

1. Blockchain Analysis Tools

Tools used for tracing transactions, visualizing flows and identifying exchanges or mixers.

Multi-chain explorers

Blockchair – multi-chain explorer, analytics, entity mapping
OKLink – excellent for clustering & risk scores
BTC.com – Bitcoin explorer
Blockchain.com Explorer
Blockscan – EVM-focused multi-chain explorer

Chain-specific explorers

Mempool.space – Bitcoin mempool & on-chain analytics
Etherscan, BscScan, Polygonscan, Arbiscan
Solscan / Solana Explorer
TronScan

Graph analysis / attribution

Breadcrumbs – easy-to-use visual tracing
GraphSense – open-source chain analysis
OXT.me – Bitcoin graph analytics
Crystal Blockchain – professional platform
Chainalysis Reactor / TRM Labs – enterprise-grade

Risk scoring / off-ramp identification

Elliptic – entity attribution, risk scoring
AMLBot – wallet risk assessments
XTblock – multi-chain risk indicators

2. Infrastructure OSINT

Tools for mapping servers, domains, IPs, DNS history and backend infrastructure.

DNS / IP Intelligence

SecurityTrails – historical DNS, subdomains, WHOIS
Shodan – exposed services, banners, CVEs
Censys – certificates, hosts, fingerprints
FOFA – Chinese alternative to Shodan
ViewDNS.info – quick multi-lookup
DNSDumpster – subdomain discovery

Certificates

crt.sh – certificate transparency logs
CertSpotter – domain monitoring

Routing & Netblocks

Hurricane Electric BGP Toolkit
RIPEstat – IP allocations, ASN info

3. Metadata & File Intelligence

Tools for extracting EXIF data, document metadata, file hashes and digital footprints.

Metadata extraction

ExifTool – best tool for EXIF and file metadata
FOCA – scanning public documents for metadata
mat2 – metadata anonymization (Linux)

File and hash lookup

VirusTotal – malware scans, hash intelligence
Hybrid Analysis – behavioral malware analysis
Malshare / Malpedia

4. Social & Human OSINT

Tools used for researching online profiles, usernames, email addresses and identities.

Person search

OSINT Framework (index)
SpiderFoot – automated recon
Pipl (limited)
Truecaller (phone lookup)

Username & handle investigation

WhatsMyName – search username across platforms
NameCheckup
Maigret – OSINT username scanner

Email intelligence

HaveIBeenPwned – breach data
Epieos – email footprint
Holehe – checks if email exists on major services

5. Dark Web & Deep Web Tools

Ahmia – Tor search
OnionSearch – OSINT CLI tool
DarkSearch.io
Tor Browser (mandatory for verification)

6. Recon Automation & Intelligence Platforms

Automation & scanning

SpiderFoot HX
Maltego – graph intelligence
Recon-ng – modular recon
theHarvester – email & domain harvesting

Containers & scripting

Dockerized OSINT environments
Python notebooks for OSINT automation

7. Visualisation & Reporting

Maltego – graph analysis
Obsidian – investigation documentation
Hugo (SystemLog) – publishing results
draw.io / Excalidraw – mapping infrastructure
Gephi – network graph visualization

8. Workflow Summary

A typical OSINT investigation follows this structure:

Initial scoping

identify entity, wallet, domain, username, server

Infrastructure OSINT

DNS, IP, netblocks, certificates, subdomains

Blockchain tracing (if crypto is involved)

explorer → graphing → entity attribution

Human OSINT

usernames, emails, social profiles

Threat attribution

clustering, intersection of data sources

Report generation

structured, visual, reproducible

Conclusion

This toolkit provides a unified set of tools suitable for:

cybercrime investigation
blockchain tracing
digital forensics
OSINT automation
intelligence reporting

It forms the backbone of the SystemLog OSINT workflow, supporting both field work and analytical investigations.