Best current OSINT search engines/indexes
Best current OSINT search engines/indexes
| Use case | Best options | Why they matter |
| General web OSINT | Google, Bing, Brave Search, Yandex | Use multiple engines because indexing, ranking, caching behaviour, regional coverage and image results differ across engines. Google is still strongest for operators/dorks; Bing and Yandex often surface different images and regional results. |
| OSINT tool discovery | Bellingcat Online Investigation Toolkit, OSINT Framework, IntelTechniques Search Tools | Best starting points when you need the right specialist source, rather than a single search box. Bellingcat’s toolkit is actively maintained and categorised for investigations; OSINT Framework focuses on free/open resources; IntelTechniques provides targeted search forms for names, emails, usernames, maps, documents, domains, IPs, vehicles, crypto and more. |
| Internet-facing assets/devices | Shodan, Censys, FOFA, ZoomEye, LeakIX | Best for domains, IPs, banners, exposed services, certs, ports, misconfigurations and attack-surface mapping. Shodan describes itself as a search engine for Internet-connected devices; Censys is strong for global internet infrastructure mapping; LeakIX combines public information indexing with open reporting. |
| IP reputation/scan context | GreyNoise, AbuseIPDB, VirusTotal, URLScan.io | Best for deciding whether an IP/domain/URL is benign background scanning, malicious infrastructure, or worth deeper triage. GreyNoise is specifically useful for filtering internet “noise” from targeted signals. |
| Domains, DNS, certs | crt.sh, Censys, SecurityTrails, DNSDumpster, ViewDNS.info, BuiltWith | Best for subdomains, historical DNS, certificate transparency, hosting relationships, tech stack and infrastructure pivots. |
| Code and exposed secrets | GitHub Search, GitLab Search, Sourcegraph and grep.app, PublicWWW, NerdyData | Best for finding code references, API keys accidentally committed, website source patterns, tracking pixels, analytics IDs and reused snippets. Recorded Future notes code search engines, such as grep.app, NerdyData and PublicWWW as useful OSINT resources for implementation and pattern discovery. |
| People/usernames/emails | WhatsMyName, Sherlock, Maigret, IntelTechniques, Hunter.io, Epieos | Best for username enumeration, email-to-platform pivots, breach-adjacent clues and identity correlation. Use carefully: results are often probabilistic. |
| Social media/communities | Native search on X, Reddit, TikTok, Instagram, Facebook, LinkedIn, plus Google/Bing site: searches | Platform search is inconsistent, so combine native search with external engines and archived pages. |
| Images/video verification | Google Lens, Yandex Images, Bing Visual Search, TinEye, InVID-WeVerify | Best for reverse image search, older image appearances, thumbnails, edited media and geolocation leads. |
| Archives / deleted content | Internet Archive Wayback Machine, archive.today/archive.ph, Common Crawl, cached search results where available | Essential for removed pages, historical websites, changed bios, old press releases, deleted docs and timeline reconstruction. |
| Maps/geolocation | Google Maps/Earth, Bing Maps, Yandex Maps, OpenStreetMap, Sentinel Hub EO Browser, NASA Worldview | Best for terrain, street-view, satellite comparisons, route validation, and time-based environmental checks. Bellingcat’s toolkit explicitly includes satellite imagery, mapping, photo/video verification, and archiving resources. |
My practical shortlist
For most OSINT work, I would start with:
- Google + Bing + Yandex/Brave for broad discovery and cross-engine comparison.
- Bellingcat Toolkit to find specialist tools by category.
- IntelTechniques Search Tools for structured person, username, email, phone, domain, document, map and social searches.
- Shodan + Censys + LeakIX for infrastructure and exposed services.
- crt.sh + SecurityTrails/DNSDumpster for domains and subdomains.
- URLScan.io + VirusTotal + GreyNoise for URL/IP/domain triage and malicious-infrastructure context.
- Wayback Machine + archive. Today, for historical or deleted content.
- Google Lens + Yandex Images + TinEye for image provenance and visual pivots.
Best “one-stop” starting points
Use these when you are not sure where to search next:
- Bellingcat Online Investigation Toolkit — best curated toolkit for journalists, researchers, verification, maps, social, archiving and media analysis.
- OSINT Framework — broad free-resource directory, useful as a checklist.
- IntelTechniques Search Tools — excellent for fast structured queries across many OSINT categories.
Rule of thumb
Use Google/Bing/Yandex to find pages, Shodan/Censys/LeakIX to find infrastructure, crt.sh/SecurityTrails to pivot on domains, Wayback/archive.today to recover history, Lens/Yandex/TinEye for images and Bellingcat/IntelTechniques/OSINT Framework to decide what specialist tool to use next.
Also: stay on the legal/ethical side. OSINT means publicly accessible information; avoid bypassing access controls, scraping against terms where prohibited, doxxing, or using the data for harassment.