The 10 best OSINT tools for 2023

Analyze threat data with OSINT
The 10 best OSINT tools for 2023

providers on the topic

With open source intelligence tools, there are various tools that can be used to use publicly accessible information sources to identify weak points in your own network. In this article we show 10 interesting tools for 2023.

We present ten OSINT tools that can also be of valuable help for the challenges of 2023.
We present ten OSINT tools that can also be of valuable help for the challenges of 2023.

(Image: Who is Danny –

We have already explained some interesting tools in the field of Open Source Intelligence (OSINT) in the article “Security with Open Source – Part 1”. In the article “Security with Open Source – Part 2” we show even more tools from this area, with which admins can obtain comprehensive information and actively improve security in their network. In the following article we show other tools that can also be of valuable help for the challenges in 2023.

At OSINT, open source stands for open data sources that are also evaluated by intelligence services.  (Image: Vogel IT media)

1. IBM X-Force Exchange: Explore threat intelligence and leverage early warning feeds

With the IBM platform X-Force Exchange in the IBM cloud, files, applications, IP addresses, URLs, indicators of compromise (IOC) and security gaps can be examined more closely. The service can also be integrated into SIEMS. APIs are available for this, which are displayed as part of the online investigation of certain threats.

IBM X-Force Exchange can be used without registration, but also with a free IBM ID via the IBM Cloud. Here IBM also provides a free subscription with various options. Our sister site CloudComputing-Insider covered the possibilities in detail in the article “IBM Cloud Free Tier – Storage, Clusters and Databases”. The OSINT tool can also examine files for relevant content that is of interest for security. In addition to examining files and other objects, IBM X-Force Exchange offers various early warning feeds for threats and current vulnerabilities.

2. MISP – The Free Malware Information Sharing Platform

MISP is an open source project that allows companies, organizations, researchers and users to collect and share information about malware. The site is ideal for analyzing malware attacks and preparing for such attacks. The site allows Indicator of Compromise (IOC) to be shared and analyzed.

picture gallery

READ:  What is CEO Fraud?

Picture gallery with 10 pictures

With the MISP project, correlation, automated exports for IDS or SIEM, in STIX or OpenIOC can be used and synchronized with other MISPs. The platform for the automated analysis of threats and malware is interesting. Often, similar organizations are targeted by the same threat actor in the same or different campaigns. Participants in MISP can thus detect and prevent such attacks very early on in a community. Sharing enables collaborative analysis. In addition, MISP offers metadata tagging, feeds, visualization and, through open protocols and data formats, enables integration with other tools for further analysis.

3. Project Honey Pot – Analyze suspicious IP addresses

With the Project Honey Pot, companies and researchers can participate in a community that documents suspicious IP addresses and statistics on suspicious attacks from those IP addresses. The project also makes various feeds available for this purpose, and the dashboard of the free service provides comprehensive information on where most of the attacks are currently coming from. The tool also displays suspicious IP addresses worldwide and in your own country. IP addresses can also be analyzed to determine if they are already known for suspicious behavior. In addition to IP addresses, the service can also be used to analyze known spam servers and read out their IP addresses.

4. Botscout – Detect and block suspicious bots on the internet

Botscout helps to detect scripts and bots from the internet that try to attack your own web services and cloud infrastructures or register automatically. Bots can be reliably blocked with the service, at least some of the known bots. The service stores IP addresses, names, behavior, email addresses and signatures of the bots. There is also an API for Botscout, which can be integrated into your own web services to block bots.

At OSINT, open source stands for open data sources that are also evaluated by intelligence services.  (Image: Vogel IT media)

5. Blueliv Threat Exchange Network – Protection against the latest threats

The Blueliv Threat Exchange Network is a network for exchanging information on current threats. Community participants share the threat data in their network with other participants and in turn receive the information of the other participants. This makes it possible to improve your own actions against known threats and to prepare for unknown attacks. The service also displays maps showing countries and IP addresses where current attacks are coming from.

READ:  No cyber insurance without transparency

6. APTnotes – Collection of public sources on malware and cyber attacks

APTnotes is a project available on GitHub. The task of the solution is to read information from publicly accessible sources and make it available centrally. The data is stored in cloud storage. Here the sources can be downloaded as CSV or JSON data and thus imported into your own SIEMS or other solutions.

7. Pulsedive: Simple threat intelligence

Data on websites or IP addresses can be called up via the Pulsedive web service. The service can be integrated in parallel with Shodan, VirusTotal or AbuseIPDB. With the service, comprehensive information can be displayed quickly. This allows attackers to be quickly identified.

picture gallery

Picture gallery with 10 pictures

8. Mr. Looquer IOC Feed – Dual-stack feed for IPv4 and IPv6 attacks

The Mr. Looquer IOC Feed service provides a threat feed focused on dual-stack systems. The service therefore provides feeds for IPv6 and for IPv4. Here you can download IOCs that show which attacks run over the two protocols. There is also a threat database that can be downloaded for your own systems. IOCs can be downloaded based on different countries. The data is available as JSON or CSV for this purpose.

9. ThreatIngestor – Aggregating IOCs from different feeds

With the ThreatIngestor tool, data from different IOC feeds can be aggregated and thus used more effectively from different sources. The tool can also use RSS feeds and sources such as Twitter or other information.

10. Detect phishing attacks with PhishTank

Admins and users can use the PhishTank service to analyze current phishing attacks and their sources. The websites and information on the phishing attacks can be found here. Community participants can also submit information and websites related to phishing attacks themselves.

With OSINT tools, security experts can find systems and data accessible from the Internet that should not actually be publicly accessible in order to then secure them.  (Image: Kurhan -

Many OSINT tools run directly in the web browser and help to find vulnerabilities and security gaps and to check websites.  (Image: Imillian -