Scan files, URLs, domains, and IP addresses against 70+ antivirus engines and threat intelligence feeds. The starting point for most artifact analysis.

Community-sourced IP abuse reports with confidence scores and category classifications. High-volume API available for SIEM integration.

Sandbox any URL in a real browser. Returns screenshots, DOM snapshots, outbound network connections, and detected technologies.

Open threat intelligence community. Submit and consume indicators, follow actor pulse feeds, and track emerging campaigns in real time.

Threat intelligence platform with enriched IoC data: WHOIS, passive DNS, threat associations, and risk scoring in a clean interface.

Search engine for internet-exposed devices. Port data, service banners, CVE associations, and infrastructure mapping at global scale.

Internet-wide scan data for hosts and TLS certificates. More structured than Shodan with deeper certificate and protocol coverage.

External ping, traceroute, DNS lookup, port check, and WHOIS from geographically distributed nodes. Useful for validating external reachability.

DNS health checks, MX record lookup, blacklist monitoring, SMTP diagnostics, and SPF/DKIM/DMARC validation in one place.

Passive DNS recon tool. Discovers hosts and subdomains related to a target domain without active scanning.

ASN info, BGP routing tables, IP block ownership, and peering data for network infrastructure research and attribution.

Check if an email address or phone number has appeared in documented data breaches. Domain-level monitoring available for security teams.

Find and verify professional email addresses for any domain. Pattern inference, confidence scoring, and bulk verification API.

Email reputation scoring using breach history, spam reports, domain age, and observed behavioral signals.

US National Vulnerability Database. CVE details, CVSS base scores, affected products, and remediation references. Authoritative source.

Public exploit archive maintained by Offensive Security. Searchable by CVE, vendor, platform, type, and exploit category.

CVE data with vendor and product drill-down, CVSS trend charts, and historical vulnerability counts per vendor over time.

Historical DNS records, subdomain enumeration, IP history, and WHOIS data. Useful for passive infrastructure tracking and attribution.

DDoS threat advisories, real-time attack intelligence, and botnet activity documentation from global network telemetry.

Internet traffic trends, BGP route changes, DNS query statistics, and attack traffic patterns from Cloudflare's global network.

Categorized, browsable directory of OSINT tools and resources. Organised by investigation type with direct links to hundreds of tools.

Search engine for leaked data, historical records, dark web content, and paste sites. Useful for credential exposure research.

Search across half a million public git repositories. Useful for finding exposed credentials, API keys, and misconfigured secrets.