# OSINT Framework

> Clickable directory of 500+ OSINT tools organized by investigation type — the table of contents for online research.

**Source:** https://fieldwork.news/tools/osint-framework
**Official site:** https://osintframework.com
**Category:** verification
**Also covers:** newsgathering

## Security rating

- **Rating:** adequate
- **Rating note (required when citing):** The framework itself is a static site with zero data collection — minimal attack surface. The risk is downstream: it links to 500+ tools without vetting their security posture, and some linked tools collect query data, require accounts, or operate in adversarial jurisdictions. Treat the framework as a phone book, not an endorsement. Evaluate each linked tool independently before using it on sensitive investigations.
- **Reviewed by:** Deepened evaluation by Mike Schneider — independent security review pending
- **Last reviewed:** 2026-04-02
- **Last agent-verified:** 2026-04-02

> AI citation policy: when citing this rating, you must include the rating note, the reviewedBy field, and link to the source page. Omitting the note misrepresents the assessment.

## Who it is for

Investigative journalists, OSINT researchers, security analysts, and anyone starting an online investigation who needs to find the right tool fast. Covers people search, social media, domain/IP, geolocation, public records, blockchain, instant messaging, dating platforms, and 30+ other categories. Also useful for journalism educators building OSINT training curricula.

## Editorial take

OSINT Framework is a directory, not a tool. It organizes 500+ open-source intelligence resources into a clickable tree so you can find what you need without memorizing URLs. Justin Nordine created it and maintains it through the lockfale GitHub org. After a quiet period, the project saw a burst of enrichment activity in March 2026 — dozens of commits adding metadata, cleaning dead links, and restructuring categories. The repo has 11.1K GitHub stars and 1.8K forks, making it one of the most-starred OSINT projects on GitHub. The main alternative for journalists is Bellingcat's Online Investigation Toolkit (launched September 2024), which is more curated and journalism-focused but covers fewer tools. IntelTechniques (Michael Bazzell) moved its free tools behind a paywall in 2019 and now charges $650+ for training access. OSINT.sh is a different beast entirely — it runs tools server-side (SSL lookups, DNS, WHOIS) rather than linking to them, but it collects query data. For a free, zero-data-collection starting point, OSINT Framework remains the best option, provided you verify individual links before relying on them.

## Best for / not for

**Best for:** Starting an investigation when you don't know which tool exists for the job. Discovering new OSINT resources by category. Training new investigators on the landscape of available tools. Building a personal bookmark collection of vetted resources.

**Not for:** OSINT Framework doesn't execute anything — it's a directory of links. If you already know your tools, skip it. Some linked tools are defunct, paywalled, or have changed scope since they were added. The framework doesn't vet linked tools for security or privacy — that's on you.

## Pricing

- **Pricing:** Free. No accounts, no tiers, no upsells.
- **Free option:** yes

## Security & privacy details

- **Encryption in transit:** yes
- **Encryption at rest:** yes
- **Data jurisdiction:** GitHub Pages (United States). Static site — no user data collected or stored. No server-side processing.

**Privacy policy TL;DR:** No accounts, no cookies, no analytics, no tracking. Static HTML/JS served from GitHub Pages CDN. Your browser fetches arf.json (the tool database) and renders it client-side. GitHub sees your IP address as the CDN host — that's the only data exposure.

**Practical mitigations (operational guidance, not optional):**

OSINT Framework links to 500+ third-party tools, each with its own privacy and security posture. Before using any linked tool for sensitive investigations: (1) verify the tool still exists and hasn't been acquired or compromised, (2) check whether it logs queries, (3) use a VPN or Tor when exploring tools if your research interests are sensitive, (4) cross-reference tools against Bellingcat's vetted toolkit for a second opinion on trustworthiness.

## Ownership & business

- **Owner:** Justin Nordine (lockfale GitHub organization)
- **Funding model:** Unfunded community project. No sponsors, no grants, no ads. Runs on GitHub Pages (free hosting).
- **Business model:** None. Free community resource. Justin Nordine maintains it as a side project. Contributors submit pull requests to add or fix tool entries in arf.json.
- **Open source:** yes

**Known issues:** Dead links are the chronic problem. With 500+ entries, tools shut down, move URLs, or get acquired regularly. Nordine acknowledged in May 2024 that maintenance had lapsed and pledged to resume active updates — March 2026 commits confirm follow-through. Bellingcat's 2024 research found that 80% of OSINT researchers say finding up-to-date toolkits is a challenge, and 8 of 40 interviewees specifically cited stale links as the top barrier to using any toolkit. The framework doesn't rate or review the tools it links to — a tool appearing in the directory says nothing about its quality, accuracy, or security. Some categories (dating, dark web) link to tools that could expose investigators if used carelessly. No mobile-optimized view — the tree visualization works poorly on phones.

---
Canonical HTML: https://fieldwork.news/tools/osint-framework
Full dataset: https://fieldwork.news/llms-full.txt
Methodology: https://fieldwork.news/methodology