About OSINT Lab

OSINT Lab is a public catalogue of small, explainable tools for technical reconnaissance of the public web. Each tool answers a narrow question — "which security headers are set?", "what does this redirect chain look like?", "what does DNS say about this domain?" — and each one comes with documentation that is honest about what it does not do.

What we are

• A tool catalogue — focused, passive, safe to run on any public URL.
• A writing project — short articles that teach you how to interpret technical signals responsibly.
• A practice, not a product. We publish what works, in the open.

What we are not

• A security scanner, a penetration-testing platform, or a hacker toolkit.
• A credential-harvesting service — none of our tools need credentials.
• A substitute for a real security audit, a real DPO, or a real lawyer.

Our rules

1. Public surfaces only. If it would require a login or a bypass, we don't build it.
2. Honest confidence labels. Every finding comes with a plain-language level: high, medium, low.
3. Documented methods. If you can't see how we reached a conclusion, we consider the tool unfinished.