Skip to content

Latest commit

 

History

History
276 lines (147 loc) · 11.1 KB

File metadata and controls

276 lines (147 loc) · 11.1 KB

OSINTech Timeline

OSINTech’s Timeline #155

Scar


Week of 20 — 26 March 2026

Every week, I manually curate tools, research, and services that are genuinely useful for OSINT, digital investigations, security research, and adjacent fields.

No hype. No SEO noise. No "AI startups that change everything".
Only things you can open, verify, and actually use.


🧭 Featured Project

Tesari — OSINT Copilot

A first step for investigations into organized crime, corruption, trafficking, and global risk networks.

Tesari is designed as an entry point into complex investigations: structure, context, and navigable intelligence instead of chaotic searching.

🔗 https://www.tesari.ai


🌍 Regional & Thematic OSINT

Kali Linux 2026.1 Released (2026 Theme & BackTrack Mode)

🔗 https://www.kali.org/blog/kali-linux-2026-1-release/

OSINT of Greece by Unishka Research Service

🔗 https://substack.com/home/post/p-191554481

Hungarian OSINT start.me Collection

🔗 https://start.me/p/AD45Qk/start

AERIS. Flight Tracking, but 3D

🔗 https://aeris.edbn.me/

WarHeatMap. Visualize global conflicts and events in real time. WarHeatMap is a tool that combines an interactive map and a news feed to track current events and conflicts around the world. It also offers detailed statistics (7d/30d/90d/all time) on event types, most active regions, and most affected countries, providing a clear and analytical view of the global situation. An interesting resource for OSINT, geopolitical, and threat intelligence analysts who need real-time context and data

🔗 https://warheatmap.app/

Amazing data visualisation of historical FIMI operations. Great way to take a step back and look at some of the larger influence operations that have been reported on

🔗 https://euvsdisinfo.eu/fimi-explorer/

GeoSentinel is a geospatial monitoring platform that tracks global movement in real time. It aggregates ship and flight routes, live coordinates, and geodata into a unified system, providing clear geographic and geopolitical awareness for analysis, visualization, and decision-making

🔗 https://github.com/h9zdev/GeoSentinel

Agentic Pentesting. The Complete Guide to Get Started in 2026

🔗 https://escape.tech/blog/agentic-pentesting/


🛠 OSINT Tools, Services & Investigations

Cryptomator for Windows, macOS, and Linux. Secure client-side encryption for your cloud storage, ensuring privacy and control over your data

🔗 https://github.com/cryptomator/cryptomator

ciao HTTP checks & tests (private & public) monitoring - check the status of your URL

🔗 https://github.com/brotandgames/ciao

OceanScrape. Scraper for marine traffic data - amass AIS data fast & for free without being detected; ready for AI pipeline integration

🔗 https://github.com/theSchaefer/OceanScrape

SubScraper. Subdomain and target enumeration tool built for offensive security testing

🔗 https://github.com/m8sec/subscraper

FreeCut is a professional-grade video editor that runs entirely in your browser. Professional video editing, zero installation. Create stunning videos with multi-track editing, keyframe animations, real-time preview, and high-quality exports

🔗 https://github.com/walterlow/freecut

AutoSwagger is a command-line tool designed to discover, parse, and test for unauthenticated endpoints using Swagger/OpenAPI documentation. It helps identify potential security issues in unprotected endpoints of APIs, such as PII leaks and common secret exposures

🔗 https://github.com/intruder-io/autoswagger/

Eye of Web. State of the art OSINT tool. | A powerful open-source alternative to other face search engines

🔗 https://github.com/MehmetYukselSekeroglu/eye_of_web/

Just The Browser. Remove AI features, telemetry data reporting, sponsored content, product integrations, and other annoyances from web browsers

🔗 https://github.com/corbindavenport/just-the-browser

Telegago is a Google Custom Search Engine tailored for searching public Telegram content for OSINT purposes

🔗 https://bellingcat.gitbook.io/toolkit/more/all-tools/telegago

Kraken is a powerful, Python-based tool designed to centralize and streamline various brute-forcing tasks. Kraken provides a suite of tools for cybersecurity professionals to efficiently perform brute-force attacks across a range of protocols and services

🔗 https://github.com/jasonxtn/kraken

Netryx is a powerful, locally-hosted geolocation tool that uses state-of-the-art computer vision to identify the exact coordinates of a street-level image. It replicates the core pipeline of high-end geolocation SaaS platforms but runs entirely on your local hardware

🔗 https://github.com/sparkyniner/Netryx-OpenSource-Next-Gen-Street-Level-Geolocation

MetasploitMCP. MCP Server for Metasploit

🔗 https://github.com/GH05TCREW/MetasploitMCP

Deep Eye. An advanced AI-driven vulnerability scanner and penetration testing tool that integrates multiple AI providers (OpenAI, Grok, OLLAMA, Claude) with comprehensive security testing modules for automated bug hunting, intelligent payload generation, and professional reporting

🔗 https://github.com/zakirkun/deep-eye

TraceIntel. An asynchronous OSINT tool for IP address intelligence that aggregates data from multiple APIs to provide accurate geolocation, network, VPN, paste, and service‑related insights

🔗 https://github.com/karndeepbaror/traceintel

Grype. A vulnerability scanner for container images and filesystems

🔗 https://github.com/anchore/grype

RapidScan v1.2. The Multi-Tool Web Vulnerability Scanner

🔗 https://github.com/skavngr/rapidscan


🤖 Universal Search & AI

mgrep. A calm, CLI-native way to semantically grep everything, like code, images, pdfs and more

🔗 https://github.com/mixedbread-ai/mgrep

ClawdINT. Agentic intelligence and analytical platform for structured analysis of events, risks, and signals. AI agents like OpenClaw connect to the platform to contribute assessments alongside human analysts, producing traceable intelligence threads

🔗 https://clawdint.com/

AIRecon is an autonomous cybersecurity agent that combines a self-hosted Large Language Model (Ollama) with a Kali Linux Docker sandbox and a Textual TUI. It is designed to automate security assessments, penetration testing, and bug bounty reconnaissance — without any API keys or cloud dependency

🔗 https://github.com/pikpikcu/airecon/tree/main

Claude Bug Bounty. Claude Code skill for AI-assisted bug bounty hunting - recon, IDOR, XSS, SSRF, OAuth, GraphQL, LLM injection, and report generation

🔗 https://github.com/shuvonsec/claude-bug-bounty

xURL is a client for AI agent URLs.

  • Read an agent conversation as markdown.
  • Query recent threads and keyword matches for a provider.
  • Query role-scoped threads with agents://<provider>/<role>.
  • Discover subagent/branch navigation targets.
  • Start a new conversation with agents.
  • Continue an existing conversation with follow-up prompts

🔗 https://github.com/Xuanwo/xurl


👨‍💻 Software Development & APIs

Extractous. Fast and efficient unstructured data extraction. Written in Rust with bindings for many languages

🔗 https://github.com/yobix-ai/extractous

PlutoPrint. A Python Library for Generating PDFs and Images from HTML, powered by PlutoBook

🔗 https://github.com/plutoprint/plutoprint

Evidence. Business intelligence as code. Build fast, interactive data visualizations in SQL and markdown

🔗 https://github.com/evidence-dev/evidence

zerobrew brings uv-style architecture to Homebrew packages on macOS and Linux

🔗 https://github.com/lucasgelfond/zerobrew

Malimite. iOS and macOS Decompiler

🔗 https://github.com/LaurieWired/Malimite

ReDyne. A Production-Grade iOS Decompiler & Reverse Engineering Suite

🔗 https://github.com/speedyfriend433/ReDyne

Cutter. Free and Open Source Reverse Engineering Platform powered by rizin

🔗 https://github.com/rizinorg/cutter

Mapr is a Bun-native CLI/TUI designed for deep frontend reverse-engineering. It crawls target sites to collect artifacts, processes chunked code through a multi-agent AI pipeline, and generates comprehensive Markdown reports—mapping initialization flows, restoring names, and inferring call graphs to simplify complex build outputs

🔗 https://github.com/redstone-md/Mapr


🐧 Linux & DevOps

SealOS is an AI-native Cloud Operating System built on Kubernetes that unifies the entire application lifecycle, from development in cloud IDEs to production deployment and management. It is perfect for building and scaling modern AI applications, managed databases (MySQL, PostgreSQL, Redis, MongoDB) and complex microservice architectures

🔗 https://github.com/labring/sealos

ZeroByte. Backup automation for self-hosters. Built on top of restic

🔗 https://github.com/nicotsx/zerobyte

Nerdlog. Fast, remote-first, multi-host TUI log viewer with timeline histogram and no central server

🔗 https://github.com/dimonomid/nerdlog


🔌 Hardware & Devices

SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks against PBX systems especially through identification, scanning, extension enumeration and password cracking

🔗 https://github.com/EnableSecurity/sipvicious


🚨 From CyberDetective

RECOX. Free, simple and quick online tool to find subdomains and endpoints. Data sources: HackerTarget, URLScanIO, RapidDNS, CertSpotter, JLDC, DNSRepo, crtSH, WayBack, CommonCrawl, AlienWault OTX

🔗 https://recox.hackerz.space/

Open Source Intelligence (OSINT): Is Tsurugi Linux The Best Operating System For OSINT Investigations?

What is Tsurugi Linux
The Three Flavors of Tsurugi
How to Install Tsurugi Linux
First Look
The Tsurugi Browser
Additional Features of Tsurugi Linux

🔗 https://hackers-arise.com/open-source-intelligence-osint-is-tsurugi-linux-the-best-operating-system-for-osint-investigations/

🔗 https://tsurugi-linux.org/


📌 Where to Follow

If this timeline saves you time, it’s doing its job.
Free to read. Manually curated. Minimal noise.


📌 Donates

Buy Me a Coffee


📌 Legal and ethical note

All tools and techniques documented in the dataset are presented for informational,
educational and information security purposes only.

The dataset does not promote or endorse illegal activities.
Users are responsible for complying with applicable laws and ethical standards.


📌 About future updates

The dataset is updated on a regular basis.
Future posts will document changes, notable additions and emerging trends observed within the dataset.

This post serves as an introduction and reference point for those updates.