Authorized OSINT field guide授权 OSINT 资料库 · 2026-06-21
Choose the right OSINT tool and run your first safe task选对 OSINT 工具,完成第一个安全任务
Compare SpiderFoot, theHarvester, Recon-ng, Maltego, Shodan and Censys by job, cost and safety boundary — then pick a task and start with a narrow authorized scope.按任务、成本和安全边界对比 SpiderFoot、theHarvester、Recon-ng、Maltego、Shodan 和 Censys —— 然后选一个任务,从窄范围授权扫描开始。
What do you need to do?你需要做什么?
Choose a task — we recommend a tool and the safest starting point.选择一个任务 — 我们会推荐工具和最安全的起点。
Check my own domain exposure检查自有域名暴露面
Censys + Shodan + SpiderFoot
Start with Censys/Shodan passive lookup, then use SpiderFoot on a narrow authorized domain.先用 Censys/Shodan 做被动查询,再对明确授权的单个域名运行 SpiderFoot。
Full guide →完整指南 →Find public email or host footprint查找公开邮箱或主机足迹
theHarvester
Use theHarvester for a light pass; verify every result before reporting.用 theHarvester 做轻量初筛;报告前逐条验证结果。
Full guide →完整指南 →Run a first SpiderFoot scan safely安全跑第一次 SpiderFoot 扫描
SpiderFoot
Use a local web UI, a single owned test domain, conservative modules, and a written scope note.使用本地 Web UI、单个自有测试域名、保守模块和书面范围记录。
Full guide →完整指南 →Map investigation relationships绘制调查关系图
Maltego
Use Maltego when links and entities matter more than raw collection volume.当实体关系比收集量更重要时,用 Maltego。
Full guide →完整指南 →Build a repeatable recon checklist建立可复用侦察清单
Recon-ng
Use Recon-ng only after the scope and data sources are well defined.只有范围和数据源清楚后,再用 Recon-ng。
Full guide →完整指南 →All tools at a glance所有工具一览
| Tool | Best for适合任务 | Self-hosted自托管 | Cost成本 | Setup难度 | Risk风险 |
|---|---|---|---|---|---|
| SpiderFootautomation framework | broad authorized asset inventory宽范围授权资产盘点 | yes | open source / commercial HX | medium | medium |
| theHarvesterCLI collector | domain, email and host discovery域名、邮箱和主机发现 | yes | open source | low-medium | medium |
| Recon-ngrecon framework | repeatable modular reconnaissance workflows可复用模块化侦察工作流 | yes | open source | high | medium |
| Maltegograph platform | relationship mapping and investigation graphs关系图谱和调查分析 | partial | freemium / paid | medium | medium |
| Shodansearch engine | internet exposure lookup互联网暴露面查询 | no | limited free / paid | low | medium |
| Censyssearch engine | host and certificate exposure research主机和证书暴露面研究 | no | limited free / paid | low | medium |
Before you run any collection运行任何收集前
- Confirm the asset, account, domain or investigation scope is yours or explicitly authorized.确认资产、账号、域名或调查范围属于你,或已有明确授权。
- Prefer passive lookup first. Move to active checks only when permission and rate limits are clear.优先做被动查询。只有授权和频率边界明确后,才进入主动检查。
- Record sources and checked dates. Do not turn weak public signals into proof.记录来源和检查日期。不要把弱公开信号当成定论。