OSINT Tools

APKLeaks

Scan an Android APK for hardcoded URLs, endpoints and secrets

BeVigil

Mobile-app security search engine surfacing APK secrets, keys and subdomains

BucketLoot

Scan open cloud buckets for exposed files and secrets

CUPP

Generates a target-specific password wordlist from personal details

CheckLeaked

Aggregated breach search across Dehashed, Snusbase and LeakCheck

Cryptome

Archive of leaked and classified public documents

Cynic Ashley Madison Checker

Check if an email is in the Ashley Madison leak

DeHashed API Tool

CLI for querying the DeHashed breach API by email, username or domain

Elasticsearch Crawler

Crawls open Elasticsearch for breach data

Flare

Dark-web and Telegram monitoring for leaked corporate credentials

GhostProject

Search leaked credentials by email address

GitGuardian Public Monitoring

Monitors public GitHub for an org's leaked secrets and credentials

GrayHatWarfare

Search files in publicly exposed S3 and Azure buckets

HackCheck

Search 16B+ breach records by email, username or password

Hudson Rock Cybercrime Tools

Check emails and domains against infostealer data

IntelBase

Email-to-footprint with 40B+ breach and stealer-log records

JustPaste.it

Text and image paste site, searchable for leaks

KeyFinder

Browser extension that passively detects leaked API keys and secrets on pages

LeakRadar

449B+ stealer-log and breach credential search, EU-hosted

OSINTLeak

Breach and stealer-log search across surface, deep and dark web

Pastebin

Search public text pastes for leaks and credentials

SlackPirate

Mine a Slack workspace token for leaked credentials and secrets

TRACKED

Privacy-first OSINT aggregator over 37+ breach and dark-web sources

Venacus

Search leaked breach data by name, email, or phone