OSINT & Security Resource Library
A practical collection of free and freemium tools for checking IPs, domains, URLs, breaches, privacy exposure, website hygiene, and everyday online security questions.
These resources are provided only for lawful, ethical, defensive, educational, and personal security purposes. They do not give you permission to investigate, contact, probe, target, or collect information about systems, accounts, people, or organizations without proper authorization.
- Do not use these tools for stalking, harassment, doxxing, credential theft, unlawful surveillance, unauthorized probing, bypassing security, or abuse.
- Third-party data may be inaccurate, incomplete, outdated, unavailable, or interpreted incorrectly. Results are signals, not guarantees of security, attribution, location, identity, or threat determination.
- Native tool and member breach lookup usage may be logged for abuse prevention, safety, compliance, and troubleshooting, including IP address, browser details, timestamps, submitted queries where appropriate, redacted or hashed query previews, and acknowledgement timing.
- Breach Lookup is member-only and redacts returned data. It is for checking your own information or information you are authorized to review, not for people searching, profiling, scraping, or targeting others.
Quick checks you can run here
These lightweight tools validate inputs, rate-limit requests, and keep private API keys on the server.
IP Reputation Lookup
Check a public IP against AbuseIPDB when an API key is configured.
For safety and abuse prevention, WrightsMind logs security tool usage, including IP address, browser details, timestamps, and submitted queries where appropriate. VPNs, proxies, or privacy tools do not grant permission to misuse these resources. Use these tools only for lawful, ethical, defensive purposes.
We detected that you may be using a VPN, proxy, Tor, or anonymizing service. You may continue only if your use is lawful, ethical, and defensive. Tool activity may be logged for abuse prevention and compliance.
DNS Lookup
Review common DNS records for a domain without leaving the page.
For safety and abuse prevention, WrightsMind logs security tool usage, including IP address, browser details, timestamps, and submitted queries where appropriate. VPNs, proxies, or privacy tools do not grant permission to misuse these resources. Use these tools only for lawful, ethical, defensive purposes.
We detected that you may be using a VPN, proxy, Tor, or anonymizing service. You may continue only if your use is lawful, ethical, and defensive. Tool activity may be logged for abuse prevention and compliance.
WHOIS/RDAP Lookup
Get a plain-language RDAP summary for a domain or public IP.
For safety and abuse prevention, WrightsMind logs security tool usage, including IP address, browser details, timestamps, and submitted queries where appropriate. VPNs, proxies, or privacy tools do not grant permission to misuse these resources. Use these tools only for lawful, ethical, defensive purposes.
We detected that you may be using a VPN, proxy, Tor, or anonymizing service. You may continue only if your use is lawful, ethical, and defensive. Tool activity may be logged for abuse prevention and compliance.
Security Headers Check
Check whether a website sends common browser security headers.
For safety and abuse prevention, WrightsMind logs security tool usage, including IP address, browser details, timestamps, and submitted queries where appropriate. VPNs, proxies, or privacy tools do not grant permission to misuse these resources. Use these tools only for lawful, ethical, defensive purposes.
We detected that you may be using a VPN, proxy, Tor, or anonymizing service. You may continue only if your use is lawful, ethical, and defensive. Tool activity may be logged for abuse prevention and compliance.
SSL Certificate Check
Check basic certificate issuer, date, and expiration details.
For safety and abuse prevention, WrightsMind logs security tool usage, including IP address, browser details, timestamps, and submitted queries where appropriate. VPNs, proxies, or privacy tools do not grant permission to misuse these resources. Use these tools only for lawful, ethical, defensive purposes.
We detected that you may be using a VPN, proxy, Tor, or anonymizing service. You may continue only if your use is lawful, ethical, and defensive. Tool activity may be logged for abuse prevention and compliance.
URL Safety Checklist
Break down common phishing and fake-login warning signs.
For safety and abuse prevention, WrightsMind logs security tool usage, including IP address, browser details, timestamps, and submitted queries where appropriate. VPNs, proxies, or privacy tools do not grant permission to misuse these resources. Use these tools only for lawful, ethical, defensive purposes.
We detected that you may be using a VPN, proxy, Tor, or anonymizing service. You may continue only if your use is lawful, ethical, and defensive. Tool activity may be logged for abuse prevention and compliance.
Password Strength Check
Estimate password strength in your browser. The password is not sent to WrightsMind or any third party.
Search free OSINT and security resources
Filter by category or search for a tool, use case, tag, or keyword.
AbuseIPDB
Checks reported abusive activity for public IP addresses and supports defensive reputation review.
urlscan.io
Safely scans and records public details about URLs, pages, redirects, and network requests.
CentralOps
Classic browser-based network utilities for DNS, domain, email, and connectivity checks.
OSINT Framework
A curated map of OSINT categories and tools for ethical research and learning paths.
Have I Been Pwned
Checks whether an email or password hash prefix appears in known public breach datasets.
VirusTotal
Aggregates file, URL, domain, and IP analysis from many security engines and datasets.
Shodan
Searches internet-exposed services and banners, useful for asset awareness and defensive checks.
Censys Search
Searches hosts, certificates, and internet-exposed infrastructure for defensive visibility.
SecurityTrails
DNS, domain, subdomain, and historical infrastructure intelligence for site owners.
GreyNoise
Adds context around internet scanner noise and suspicious IP activity.
AlienVault OTX
Community threat intelligence pulses and indicators for defensive research.
MXToolbox
Checks DNS, MX, SPF, DKIM, DMARC, blacklists, and email delivery signals.
DNSDumpster
Maps public DNS records and visible infrastructure for a domain.
ICANN Lookup
Public domain registration lookup with modern privacy redactions where applicable.
RDAP.org
Public RDAP lookup endpoint for domains and IP registration summaries.
crt.sh
Certificate Transparency search for public certificates and related domain names.
Wayback Machine
Reviews archived web pages and historical content changes.
BuiltWith
Identifies public website technologies, analytics, scripts, and platform signals.
Wappalyzer
Detects visible web technologies and software signals on public sites.
Hunter.io
Finds and verifies professional email patterns from public web sources.
EmailRep
Email reputation context based on public and private signals.
DeHashed
Exposure search service that should be used carefully, legally, and only for authorized defensive review.
Google Advanced Search
Uses search operators defensively to find your own exposed pages, files, and public mentions.
Social Searcher
Searches public social posts and mentions for awareness and brand monitoring.
TinEye
Reverse image search that helps find where an image appears online.
ExifTool
Local metadata inspection utility for files and images. Best used locally to avoid uploading sensitive files.
Metadata2Go
Browser-based file metadata viewer. Avoid uploading sensitive files unless you understand the privacy tradeoff.
IPinfo
IP geolocation, ASN, and network context for public IP addresses.
ip-api
Simple public IP geolocation and network lookup service.
ipwhois.io
IP geolocation and ASN context with a documented API.
SSL Labs
Deep TLS/SSL configuration testing for public websites.
Mozilla Observatory
HTTP security header and site hygiene checks from Mozilla/MDN.
SecurityHeaders.com
Quick public check for common browser security headers.
Google Safe Browsing Transparency Report
Checks Google Safe Browsing status for a URL or site.
PhishTank
Community phishing verification and reporting database.
OpenPhish
Phishing intelligence feeds and lookup options for security teams.
URLhaus
abuse.ch project for malware URL intelligence and defensive blocklist research.
EFF Cover Your Tracks
Shows how trackable your browser may be through fingerprinting and tracking signals.
BrowserLeaks
Browser privacy and fingerprinting tests for IP, WebRTC, canvas, DNS, and more.
Privacy Guides
Community-reviewed privacy recommendations for browsers, devices, accounts, and services.
FTC IdentityTheft.gov
U.S. government recovery plans for identity theft and personal data misuse.
CISA Secure Our World
Plain-language online safety guidance for passwords, MFA, updates, and phishing.
No resources match that search yet.
Need help understanding a result?
Contact Chris for practical online security guidance around accounts, passwords, breach cleanup, privacy settings, and small website hygiene.
Contact ChrisUsing OSINT tools responsibly
Can these OSINT tools tell me if something is completely safe?
No. OSINT and reputation tools provide context, not guarantees. Use results as signals alongside your own judgment, account activity, logs, and trusted security guidance.
Should I enter passwords into these tools?
Do not enter real passwords into third-party tools. The password strength checker on this page runs locally in your browser and does not send the password to WrightsMind or any external service.
Why do some native tools require API keys?
Some providers require keys to control abuse, rate limits, billing, or account terms. WrightsMind stores keys server-side in WordPress options and does not expose them in frontend code.
Can Chris help me understand a result?
Yes. Use the contact page if you need help interpreting a result or applying practical security steps to your accounts, devices, or small website.