Bellingcat Online Investigation Toolkit
Comprehensive dashboard of hundreds of OSINT tools organized by category. Maintained by Bellingcat investigators.
What should journalists know about Bellingcat Online Investigation Toolkit?
Bellingcat rebuilt this toolkit from scratch in September 2024, designed by Johanna Wild during her Nieman-Berkman Klein Fellowship at Harvard. The old version was a static Google Sheet. The new one is a GitBook-hosted directory covering 12 categories — geolocation, satellite imagery, social media, corporate records, transport, conflict documentation, archiving, and more — with in-depth descriptions, use cases, and honest limitations for each entry. The real differentiator is provenance: these are tools tested by investigators who identified the Skripal poisoning unit, geolocated MH17 evidence, and documented 2,500+ civilian harm incidents in Ukraine since February 2022. Compared to OSINT Framework (osintframework.com), which is a sprawling link tree with minimal context, Bellingcat's toolkit provides editorial judgment on each tool. The tradeoff: OSINT Framework lists more tools; Bellingcat's are better vetted. Community volunteers now maintain entries monthly, fixing the stale-links problem that plagues every OSINT directory. Over 1,000 daily visitors as of late 2024. This is the single best starting point for any OSINT investigation.
Finding the right OSINT tool for a specific investigation task. Learning investigation methodologies from practitioners. Discovering tools you didn't know existed across geolocation, social media, corporate research, and more.
A tool itself — it's a directory. Does not provide training (see Bellingcat's workshops for that). Not a substitute for understanding investigation methodology.
Security & Privacy
Data is scrambled while being sent to their servers
Data is scrambled when stored on their servers
Where servers are located — affects which governments can request your data
Privacy policy summary
The toolkit itself collects no user data — no accounts, no logins. GitBook's standard analytics track page views and referrers. The February 2026 incident showed Bellingcat's main WordPress site leaks author metadata through default sitemaps and REST API endpoints, but the GitBook-hosted toolkit is a separate platform with no user-facing data exposure. Individual tools linked from the toolkit have their own privacy policies — evaluate each one before uploading sensitive material.
How to protect yourself:
Use a VPN when browsing the toolkit if you're investigating hostile state actors — your ISP logs will show Bellingcat access. Before using any linked tool for sensitive work, check whether it requires uploading data, creating an account, or granting API access — several social media analysis tools in the directory collect uploaded content. Bookmark the GitBook URL (bellingcat.gitbook.io/toolkit), not bellingcat.com — the GitBook instance has no WordPress metadata leakage. For high-risk investigations, cross-reference toolkit recommendations with your own security assessment; tools that were safe in 2024 may have changed ownership or terms. If you're in a jurisdiction where Bellingcat is banned or surveilled (Russia, Belarus), access through Tor or a trusted VPN. The toolkit's GitHub mirror (github.com/bellingcat/toolkit) is an alternative access point.
The toolkit itself is a read-only GitBook directory — it doesn't process your data, store credentials, or require authentication. The security consideration is with the individual tools it links to, not the directory itself. One legitimate concern: Bellingcat's main WordPress site (bellingcat.com) leaked investigator metadata through default sitemaps in February 2026, exposing 89 email addresses and 32 full profiles. That's an OPSEC failure for the parent organization, but the GitBook-hosted toolkit runs on separate infrastructure with no user data exposure. Rating reflects that the directory itself is low-risk; users should independently assess each linked tool.
Who Owns This
Known issues
February 2026: Security researcher exposed 173 Gravatar email hashes from Bellingcat's WordPress sitemap; 89 were cracked into email addresses and 32 yielded full Gravatar profiles with real names and locations of investigators. Bellingcat did not publicly respond — ironic for an organization that teaches OPSEC. Toolkit is self-described as 'work-in-progress' — some categories have sparse entries and tool count is growing but not yet comprehensive across all 12 categories. Some linked tools have their own privacy or security issues (e.g., social media scrapers that require API keys or upload user data). The toolkit flags limitations but users must evaluate each tool independently. Bellingcat was designated a 'foreign agent' in Russia (October 2021) and banned entirely (July 2022). Accessing Bellingcat resources from Russia or allied states may attract attention. Investigator Christo Grozev was placed on Russia's most-wanted list in December 2022.
Pricing
Free
This is an editorial assessment based on publicly available information as of 2026-04-02, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.
Something wrong or outdated? Report it.