OSINT Workbench New Beta Free

Build investigation profiles. Entirely offline. Entirely yours.

Tom's OSINT Workbench is a Windows desktop tool for structured open-source investigations. Track people, companies, domains, social profiles, emails, phones, addresses, usernames, and IP addresses as connected entities. Visualise the relationships. Snapshot and diff over time. Export clean HTML reports. No accounts, no cloud, no subscriptions.

Download v1.0.0 Read the user guide Send feedback
Single portable EXE Zero dependencies SQLite per-case storage Dark & light themes
OSINT Workbench connection graph showing entities and relationships in a hierarchical layout
9
Investigation tabs
7
Public APIs integrated
94
Curated OSINT resources
0
Cloud accounts required

What it does

Built for analysts, journalists, security researchers, and anyone who needs to organise an investigation without handing the data to a SaaS vendor.

Entity-centric model

Track 9 entity types — people, companies, domains, social profiles, emails, phones, addresses, usernames, IPs — with typed relationships and three confidence levels (confirmed, probable, unverified).

Interactive connection graph

Force-directed or hierarchical layouts rendered with GDI+. Drag, zoom, pan, click to inspect. Nodes coloured by entity type. Edges styled by confidence. Pop out to a floating window.

Paste & extract

Drop a URL — or up to 10 — and the app pulls structured data. Domains return RDAP, DNS, IP geolocation, Shodan open ports, crt.sh subdomains, tech stack, and meta tags. Social URLs are recognised across X, LinkedIn, GitHub, Reddit, and more.

Snapshots & diffing

Take a point-in-time snapshot of any entity or the whole case. Compare any two snapshots to see additions, removals, and changes — colour-coded green, amber, and red.

Advanced search

Ctrl+F finds anything across entities, properties, notes, and relationships. Real-time filtering. Double-click any result to jump straight to the entity and the right tab.

Self-contained HTML reports

One click exports a complete case report — cover page, executive summary, key findings, embedded graph PNG, entity tables, domain cards, timeline, and an AI analysis prompt. Dark theme with print stylesheet. No CDN dependencies.

Built-in OSINT directory

94 curated investigation tools and websites across 16 categories. Searchable, sortable, user-expandable. Add your own resources without touching the data file.

Notes & evidence

Write tagged notes, link them to entities, and attach files as evidence. Screenshots, documents, exports — anything. Searchable across the case.

Private by design

All case data lives in a portable SQLite file on your machine. No telemetry. No analytics. No accounts. The only network traffic is the public API calls you explicitly trigger.

A tour through the workbench

Every tab, every feature — from case dashboard to snapshot diffing.

OSINT Workbench dashboard tab
Dashboard. Case overview with entity and relationship counts, entity breakdown by type, and a chronological recent activity log.
OSINT Workbench profile tab showing domain properties
Profile. Every property for the selected entity — values, sources, and confidence badges. Double-click any value to edit inline. Relationships listed below with colour-coded type dots.
OSINT Workbench connections graph with hierarchical layout
Connections. Interactive graph with force-directed or hierarchical layouts. Nodes coloured by entity type, edges styled by confidence. Right-click any node for context actions.
OSINT Workbench relationships tab with context menu
Relationships. Sortable list of every relationship across the case. Right-click to set confidence (confirmed, probable, unverified), navigate to source or target, or delete.
OSINT Workbench timeline tab with date filter
Timeline. Chronological event view — extractions, relationships, snapshots — filterable by type and date range.
OSINT Workbench social tab with Reddit profile and Add Info dialog
Social. Platform-coloured profile cards with the Add Info dialog for manually entering bio, followers, location, and other fields when API enrichment isn't available.
OSINT Workbench domains tab with full intelligence card
Domains. Full intelligence card — RDAP registration, DNS records, IP geolocation, Shodan open ports and CVEs, hostnames, content meta, and schema.org data. One-click enrichment via 5 public APIs.
OSINT Workbench notes tab with Add Note dialog
Notes & Evidence. Tagged notes linked to entities. Attach files as evidence. Tag presets include Research, Analysis, Todo, Lead, Evidence, and Key.
OSINT Workbench built-in directory of 94 investigation resources
OSINT Directory. 94 curated tools and websites across 16 categories — people search, username lookup, domain intel, image analysis, business records, and more. Add your own resources.
OSINT Workbench snapshot history with colour-coded diff
Snapshot & Diff. Compare any two snapshots to see what changed — additions in green, changes in amber, removals in red. Track how an entity evolves over time.

How a case comes together

A typical investigation moves through four loose stages. Skip any of them, repeat any of them.

01

Seed

Start a new case and add a primary target — a domain, a person, a company name. Add the first relationships from what you already know.

02

Collect

Paste URLs into the extract dialog and let the parsers do the typing. Enrich domains with RDAP, DNS, geolocation, Shodan, and crt.sh in one click.

03

Connect

Open the Connections tab and watch the graph form itself. Link entities with typed relationships and set confidence levels as you go.

04

Report

Take a snapshot, write up findings in the Notes tab, then export the whole case as a single self-contained HTML report ready to share.

Public APIs used

Seven free, public endpoints. No keys to manage. No paid tiers required. All calls are explicit — you decide when to make them.

Service Used for Auth Rate limit
RDAP Domain registration data (modern WHOIS) None Unlimited
Google DNS A, AAAA, MX, NS, TXT records None Unlimited
ip-api.com IP geolocation (country, city, ASN, ISP) None 45 req/min
Shodan InternetDB Open ports, CVEs, vulnerabilities by IP None Unlimited
crt.sh Certificate transparency subdomain discovery None Unlimited (often slow)
GitHub Profile, bio, location, top repositories None 60 req/hr
Reddit Profile, karma, account age, verification None Undocumented

The technical bit

Built to the same rules as every other tool on this site: portable, offline-first, zero dependencies.

Platform

Windows 10 and 11, x64. Built with C++17 and the Win32 API. No MFC, no Qt, no frameworks.

Storage

SQLite compiled in. Each case is a single portable .case file. Move it between machines, back it up, version it.

Network

WinHTTP for the seven public APIs. No third-party HTTP libraries. No telemetry of any kind.

Rendering

GDI+ for the connection graph with anti-aliasing. Owner-drawn panels throughout for a consistent look across dark and light themes.

Install

None. Unzip and run. Settings live in an INI file next to the EXE. Delete the folder to uninstall.

Licence

Free for personal and commercial use. Source not distributed. No warranties.

Try it on your next investigation

Single ZIP download. No installer. No account. No subscription. Read the guide first if you'd like a walk-through.

Download v1.0.0 Read the user guide Send feedback