OSINT Framework

Clickable directory of 500+ OSINT tools organized by investigation type — the table of contents for online research.

Open source

Adequate

https://osintframework.com · Reviewed 2026-04-02 · Editorial assessment by Mike Schneider — not an independent security audit

What should journalists know about OSINT Framework?

OSINT Framework is a directory, not a tool. It organizes 500+ open-source intelligence resources into a clickable tree so you can find what you need without memorizing URLs. Justin Nordine created it and maintains it through the lockfale GitHub org. After a quiet period, the project saw a burst of enrichment activity in March 2026 — dozens of commits adding metadata, cleaning dead links, and restructuring categories. The repo has 11.1K GitHub stars and 1.8K forks, making it one of the most-starred OSINT projects on GitHub. The main alternative for journalists is Bellingcat's Online Investigation Toolkit (launched September 2024), which is more curated and journalism-focused but covers fewer tools. IntelTechniques (Michael Bazzell) moved its free tools behind a paywall in 2019 and now charges $650+ for training access. OSINT.sh is a different beast entirely — it runs tools server-side (SSL lookups, DNS, WHOIS) rather than linking to them, but it collects query data. For a free, zero-data-collection starting point, OSINT Framework remains the best option, provided you verify individual links before relying on them.

Best for

Starting an investigation when you don't know which tool exists for the job. Discovering new OSINT resources by category. Training new investigators on the landscape of available tools. Building a personal bookmark collection of vetted resources.

Not for

OSINT Framework doesn't execute anything — it's a directory of links. If you already know your tools, skip it. Some linked tools are defunct, paywalled, or have changed scope since they were added. The framework doesn't vet linked tools for security or privacy — that's on you.

Security & Privacy

Encryption in transit Yes

Data is scrambled while being sent to their servers

Encryption at rest Yes

Data is scrambled when stored on their servers

Data jurisdiction GitHub Pages (United States). Static site — no user data collected or stored. No server-side processing.

Where servers are located — affects which governments can request your data

Security rating Adequate

No accounts, no cookies, no analytics, no tracking. Static HTML/JS served from GitHub Pages CDN. Your browser fetches arf.json (the tool database) and renders it client-side. GitHub sees your IP address as the CDN host — that's the only data exposure.

How to protect yourself:

OSINT Framework links to 500+ third-party tools, each with its own privacy and security posture. Before using any linked tool for sensitive investigations: (1) verify the tool still exists and hasn't been acquired or compromised, (2) check whether it logs queries, (3) use a VPN or Tor when exploring tools if your research interests are sensitive, (4) cross-reference tools against Bellingcat's vetted toolkit for a second opinion on trustworthiness.

The framework itself is a static site with zero data collection — minimal attack surface. The risk is downstream: it links to 500+ tools without vetting their security posture, and some linked tools collect query data, require accounts, or operate in adversarial jurisdictions. Treat the framework as a phone book, not an endorsement. Evaluate each linked tool independently before using it on sensitive investigations.

Who Owns This

Owner Justin Nordine (lockfale GitHub organization)

Funding Unfunded community project. No sponsors, no grants, no ads. Runs on GitHub Pages (free hosting).

Business model None. Free community resource. Justin Nordine maintains it as a side project. Contributors submit pull requests to add or fix tool entries in arf.json.

Known issues

Dead links are the chronic problem. With 500+ entries, tools shut down, move URLs, or get acquired regularly. Nordine acknowledged in May 2024 that maintenance had lapsed and pledged to resume active updates — March 2026 commits confirm follow-through. Bellingcat's 2024 research found that 80% of OSINT researchers say finding up-to-date toolkits is a challenge, and 8 of 40 interviewees specifically cited stale links as the top barrier to using any toolkit. The framework doesn't rate or review the tools it links to — a tool appearing in the directory says nothing about its quality, accuracy, or security. Some categories (dating, dark web) link to tools that could expose investigators if used carelessly. No mobile-optimized view — the tree visualization works poorly on phones.

Pricing

Free. No accounts, no tiers, no upsells.

This is an editorial assessment based on publicly available information as of 2026-04-02, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.

Something wrong or outdated? Report it.