Open-source intelligence (OSINT) has evolved from a niche practice used primarily by intelligence agencies and law enforcement into a sprawling industry that touches everything from corporate security to financial fraud prevention. Today, the OSINT ecosystem encompasses dozens of specialized companies, each focusing on different aspects of gathering, analyzing, and acting on publicly available information.

This market map breaks down the major players across 17 distinct categories—from investigation workbenches and dark web monitoring to internet-wide scanning and blockchain analytics. Whether you're a security analyst researching potential threats, a compliance officer conducting due diligence, or a fraud investigator tracking down bad actors, understanding this landscape helps you choose the right tools for your specific use case.

Casework & Evidence

The foundation of any investigation is proper methodology and documentation. These platforms help investigators organize their work and preserve evidence in legally defensible ways.

Investigation Workbenches & Link Analysis

At the heart of complex investigations are platforms that help analysts visualize connections and manage case data.

Maltego pioneered the visual link analysis approach, allowing investigators to map relationships between people, companies, domains, and infrastructure. Its transform-based architecture lets users pull data from hundreds of sources and automatically discover connections that would be difficult to spot manually.

ShadowDragon provides social media intelligence and digital footprint analysis, helping investigators understand a person's online presence across multiple platforms. The company focuses on law enforcement and national security use cases.

Babel Street combines data analytics with AI-powered insights, offering multilingual capabilities for analyzing global threats and entity relationships. Their platform aggregates data from diverse sources, including social media, news, and the dark web.

Social Links specializes in automated OSINT collection from social networks, messaging apps, and other online sources. The platform is designed to speed up investigations by automating the tedious parts of data gathering.

Palantir Gotham represents the enterprise end of the spectrum, providing a comprehensive data integration and analysis platform used primarily by government agencies and large corporations for complex investigations involving massive datasets.

Quantexa applies network analytics and entity resolution to help organizations understand hidden relationships in their data, with particular strength in financial crime and fraud investigation use cases.

Evidence Capture / Web Archiving

Documenting digital evidence properly is critical for investigations that might lead to legal proceedings or regulatory action.

Hunchly automatically captures and indexes web browsing during investigations, creating a tamper-proof record of discovered evidence. The tool has become essential for investigators who need to document their online research in a legally defensible way.

Pagefreezer and MirrorWeb focus on web and social media archiving for compliance and litigation purposes, capturing snapshots that preserve content exactly as it appeared at a specific point in time.

OSIRT III and Forensic OSINT provide specialized evidence collection capabilities for open-source investigations, helping investigators maintain a chain of custody for digital findings.

Records & Open-Source Collection

This category encompasses the traditional world of public records, media monitoring, and the newer discipline of geospatial intelligence.

People/Entity Intelligence (Records + ID Resolution)

When you need to verify someone's identity or understand entity relationships, these platforms aggregate public records and proprietary data.

Thomson Reuters CLEAR is widely used by law enforcement, legal professionals, and investigators for comprehensive public records searches, including property records, criminal history, and business affiliations.

TransUnion TLOxp provides similar capabilities with a focus on linking different data points to resolve identities accurately—critical when someone has multiple aliases or addresses.

LexisNexis offers one of the most comprehensive collections of public records and business information, serving legal, corporate, and government customers.

Pipl focuses on identity resolution across the internet, helping organizations connect online identities to real people and understand digital footprints.

Due Diligence (Adverse Media/Sanctions/Entity Risk)

Regulatory compliance and risk assessment depend on screening entities against sanctions lists, adverse media, and other risk indicators.

LSEG World-Check (formerly Refinitiv) is the dominant platform for sanctions and PEP (politically exposed persons) screening in financial services, providing continuously updated risk intelligence.

Dow Jones Risk & Compliance offers similar capabilities with deep coverage of global regulatory lists and adverse media monitoring.

ComplyAdvantage uses AI to screen entities in real-time, helping financial institutions meet AML and KYC obligations while reducing false positives.

Sayari specializes in corporate ownership and supply chain intelligence, helping organizations understand complex entity relationships and hidden ownership structures.

OpenSanctions provides an open-source consolidation of international sanctions lists and entities of interest, making compliance data more accessible.

Media & Social Monitoring (Collection Layer)

Media monitoring platforms track mentions across news, social media, and other public channels.

Meltwater provides media intelligence across news outlets, social media, and broadcast, helping PR and communications teams track brand mentions and industry trends.

Brandwatch focuses on social listening and consumer intelligence, using AI to analyze sentiment and trends across social platforms at scale.

Talkwalker offers similar capabilities with particular strength in image recognition and visual social listening.

GEOINT / Satellite & Geospatial (Collection + Analysis)

Geospatial intelligence combines satellite imagery, mapping data, and analysis tools.

Planet operates the largest constellation of Earth-imaging satellites, providing daily imagery of the entire Earth's landmass for applications ranging from agriculture to national security.

Vantor (ex Maxar) provides high-resolution satellite imagery and geospatial analysis, serving government and commercial customers with intelligence and monitoring needs.

Esri (ArcGIS) dominates the geographic information system (GIS) market, providing the mapping and spatial analysis tools that underpin countless government and commercial applications.

Threat & Situational Awareness (Monitoring for Exec/Physical Risk)

Physical security teams need real-time awareness of events that could threaten facilities, executives, or operations.

Dataminr uses AI to detect high-impact events and emerging risks in real-time by analyzing public data sources. The platform is particularly known for its speed in alerting organizations to breaking events that could affect their operations.

Ontic focuses on protective intelligence for corporate security teams, helping them identify and assess threats to people and facilities.

LifeRaft provides social media threat detection and monitoring, with particular focus on threats to physical locations or individuals.

Samdesk delivers real-time alerts about critical events worldwide, sourcing information from social media, news, and other public channels.

Adarga applies AI to transform unstructured information into actionable intelligence for security and defense applications.

Skopenow offers tools for online investigations and threat assessment, helping security teams understand digital threats to their organizations.

People & Business Data Providers

Beyond the major public records aggregators, specialized data providers serve specific markets or geographies.

Simunix Orbis provides business intelligence and company information globally, with particular depth in corporate structure and ownership data.

192.com focuses on UK people and address data, serving the British investigation and verification market.

Public Insights, GBG Investigate, and Blackdot Videris offer data services tailored to UK compliance and investigation needs.

Chorus and SeekerXR provide specialized data aggregation and search capabilities for investigation workflows.

LexisNexis Trace IQ focuses specifically on tracing and locating individuals, particularly for debt collection and legal service purposes.

Underground & Digital Risk

As cyber threats proliferate, understanding the underground economy and digital risk landscape has become essential.

Threat Intel / Digital Risk (CTI/TIP)

As organizations face increasingly sophisticated cyber threats, threat intelligence platforms have become essential for understanding the risk landscape.

Recorded Future analyzes data from across the internet in real-time, using machine learning to identify emerging threats before they materialize. The platform processes millions of sources daily, from technical indicators to dark web mentions.

Flashpoint focuses on illicit communities and threat actor behavior, providing context around cybercriminal activity that helps security teams understand not just what threats exist, but who's behind them and what their capabilities are.

Anomali provides threat intelligence management, helping security teams collect, normalize, and operationalize threat data from multiple sources. The platform integrates with existing security infrastructure to make threat intelligence actionable.

ThreatConnect combines threat intelligence with security orchestration, allowing teams to not just identify threats but also coordinate their response across tools and teams.

Dark Web Investigations

The dark web remains a critical source of intelligence about data breaches, cybercriminal planning, and illicit markets.

KELA monitors dark web forums, marketplaces, and chat channels to identify threats targeting specific organizations. The company focuses on actionable intelligence that security teams can use to prevent attacks.

DarkOwl provides comprehensive dark web search capabilities, indexing content from Tor services, encrypted chat platforms, and invite-only forums. Their Vision platform makes dark web content searchable in ways that would otherwise require extensive manual exploration.

Searchlight Cyber specializes in monitoring cybercriminal communities to understand threat actor behavior and capabilities. The platform helps organizations identify when they're being discussed or targeted in underground forums.

Intel 471 combines technical intelligence from the dark web with human intelligence from its network of sources, providing context around cybercriminal operations and planned attacks.

Cybersixgill uses automated collection and AI analysis to monitor the deep and dark web at scale, identifying potential threats, data leaks, and compromised credentials.

CACI DarkBlue provides dark web intelligence with a particular focus on national security and law enforcement applications.

Breach & Credential Intelligence

Data breaches expose billions of credentials annually. These companies help organizations understand when their data has been compromised.

SpyCloud specializes in recapturing darknet data, analyzing breached databases to identify exposed credentials and personally identifiable information. Their data helps organizations proactively reset compromised passwords before they're used in account takeover attacks.

Constella Intelligence maintains one of the world's largest collections of breach data, providing identity risk intelligence for fraud prevention, cybersecurity, and physical security use cases.

Intelligence X offers a search engine for the darknet and other data sources, allowing security teams to search for compromised credentials, leaked documents, and other sensitive information that might indicate a security incident.

Hudson Rock provides breach intelligence with a focus on infostealer malware, tracking credentials and session tokens stolen by malware and sold on underground forums.

Internet Telemetry & Risk Signals

Understanding the internet's infrastructure and identifying risk signals in network traffic has become critical for security and fraud prevention.

Internet-Wide Scanning/Exposure Search

These platforms continuously scan the internet to identify exposed devices, services, and potential security vulnerabilities.

Shodan pioneered the concept of the "search engine for the Internet of Things," indexing billions of connected devices and services. Security researchers use Shodan to identify vulnerable systems, understand their internet footprint, and track emerging threats.

Censys provides similar capabilities with additional focus on certificate transparency and continuous monitoring. The platform helps organizations understand their external attack surface.

GreyNoise takes a different approach by identifying internet-wide scanning and attack traffic, helping security teams distinguish between targeted attacks and background noise.

BinaryEdge combines internet-wide scanning with data enrichment, providing context around discovered assets and their security posture.

ZoomEye and FOFA, both based in China, provide internet device search capabilities with strong coverage of Asian internet infrastructure.

Netlas offers comprehensive internet asset discovery and monitoring with a focus on security research applications.

ONYPHE provides internet scanning and data collection with particular strength in threat intelligence use cases.

Criminal IP combines internet asset discovery with threat intelligence, identifying malicious infrastructure and vulnerabilities.

Domain / DNS / WHOIS Intelligence

Understanding domain registration patterns and DNS infrastructure is crucial for threat intelligence and investigations.

DomainTools offers comprehensive domain and DNS intelligence, helping investigators connect domains to infrastructure and identify malicious registration patterns. Their Iris platform combines multiple data sources for investigation workflows.

SecurityTrails provides historical DNS data and domain intelligence, allowing analysts to trace how domain configurations have changed over time—crucial for understanding threat actor infrastructure.

WhoisXML API specializes in domain registration data at scale, providing APIs that enable automated enrichment and monitoring of domain-related information.

Routing / Outage / Internet Health Telemetry

These platforms monitor the underlying infrastructure of the internet itself—BGP routing, outages, and performance.

Cloudflare Radar provides freely accessible insights into internet traffic patterns, security threats, and outages globally, leveraging Cloudflare's massive network footprint.

ThousandEyes focuses on network performance monitoring and incident detection, helping enterprises understand how internet routing and performance issues affect their applications.

Kentik combines network observability with threat intelligence, using NetFlow and BGP data to detect anomalies and security incidents.

RouteViews is an academic project that archives internet routing data, providing researchers with historical views of internet topology.

RIPE RIS (Routing Information Service) collects and archives internet routing data from numerous locations worldwide, supporting network research and operational troubleshooting.

Packet Clearing House (PCH) operates internet exchange points and provides data and research on internet infrastructure, routing security, and traffic patterns.

IP Intelligence & Reputation (Geo/ASN + Abuse Signals)

IP intelligence platforms help organizations understand where internet traffic originates and whether it's likely to be malicious.

IPinfo provides accurate IP geolocation, ASN information, and privacy detection data at scale. Their database helps organizations understand the true origin and nature of internet traffic.

MaxMind is one of the oldest players in IP geolocation, providing both geolocation databases and fraud detection tools based on IP risk scoring.

Spamhaus maintains threat intelligence lists that identify sources of spam, malware, and other abusive traffic. Their blocklists are used by mail servers and security tools worldwide.

AbuseIPDB operates a community-driven database of reported malicious IP addresses, allowing organizations to check whether an IP has been associated with attacks or abuse.

Team Cymru provides threat intelligence derived from monitoring internet traffic patterns, helping organizations identify compromised systems and emerging threats.

ipdata, IP2Location, and DB-IP provide alternative IP geolocation and intelligence services with different pricing models and data coverage, serving organizations with various accuracy and budget requirements.

Bot Detection & Fraud Signals (Traffic Quality / Proxy-VPN Detection)

As fraud increasingly occurs online, these platforms help organizations distinguish legitimate users from bots and fraudsters.

HUMAN Security (formerly White Ops) focuses on bot detection and ad fraud prevention, protecting both digital advertising ecosystems and enterprise applications.

IPQualityScore (IPQS) provides fraud scoring for IP addresses, email addresses, phone numbers, and other data points, helping organizations identify high-risk transactions.

Arkose Labs combines bot detection with active deterrence through targeted friction, making it economically unviable for attackers to continue their operations.

DataDome offers real-time bot protection using machine learning to distinguish between legitimate users and automated threats without impacting user experience.

Kasada and Imperva provide similar bot management capabilities with different technical approaches, both focusing on protecting APIs and web applications from automated attacks.

Screening, Forensics & Financial Crime

This section covers employment verification, device forensics, and the specialized world of cryptocurrency investigations.

Employment Background Screening

Background check companies verify employment history, criminal records, and other information for hiring purposes.

Checkr has become the leading background check platform for the gig economy, providing fast, automated screening that integrates with applicant tracking systems.

HireRight serves enterprise clients with comprehensive background screening, including international checks, drug testing coordination, and ongoing monitoring.

First Advantage (which acquired Sterling in a $2.2 billion deal) offers background screening globally with particular strength in industries like healthcare and financial services, where regulatory compliance is critical.

GoodHire focuses on the SMB market with transparent pricing and quick turnaround times for standard employment verification and criminal record checks.

DISA provides employment screening with a particular focus on regulated industries requiring drug testing and compliance verification.

Certn offers fast, technology-driven background checks with a strong presence in Canada and expanding US operations.

Digital Forensics (Device + Media)

When investigations require analyzing devices or digital media, these specialized tools are essential.

Cellebrite is the industry leader in mobile device forensics, providing tools that can extract and analyze data from locked phones and other mobile devices.

Magnet Forensics offers digital investigation tools for computers, smartphones, and cloud services, with a focus on law enforcement and corporate investigation use cases.

Amped Software specializes in forensic image and video analysis, providing tools that enhance and authenticate multimedia evidence.

MSAB (XRY) provides mobile forensics solutions competing with Cellebrite, particularly popular among European law enforcement agencies.

OpenText EnCase is one of the original computer forensics platforms, still widely used for disk imaging, evidence preservation, and forensic analysis of computer systems.

Crypto Investigations / Blockchain Analytics

As cryptocurrency adoption has grown, so has the need to investigate blockchain transactions.

Chainalysis is the dominant player in blockchain analytics, helping law enforcement, financial institutions, and crypto companies track illicit transactions and comply with regulations.

TRM Labs provides blockchain intelligence with a focus on DeFi and emerging chains, helping organizations understand crypto-related risk.

Elliptic offers crypto asset risk management and investigation tools, with particular strength in compliance and sanctions screening.

Merkle Science provides blockchain monitoring and compliance tools with a strong presence in Asian markets.

CipherTrace (acquired by Mastercard) specializes in cryptocurrency intelligence and anti-money laundering solutions for financial institutions.

Crystal Intelligence and Januus offer blockchain analytics focusing on specific niches or geographic markets within the crypto investigation space.

Adjacent Infrastructure: The Foundation Layer

While the platforms above provide interfaces and analysis capabilities, OSINT operations at scale depend on robust infrastructure that's often invisible to end users.

Access & OPSEC / Research Infrastructure

Conducting OSINT research at scale introduces both technical and operational security challenges. Investigators need to access the internet from multiple vantage points without revealing their identity or triggering rate limits and geographic restrictions.

Authentic8 Silo provides a cloud-based secure browsing environment that isolates investigators from threats and prevents websites from learning about the investigation or the investigator's true identity.

Kasm Workspaces offers containerized workspace streaming, allowing security teams to conduct investigations in isolated, ephemeral environments.

Massive provides ethically-sourced residential and ISP proxy infrastructure that enables intelligence platforms to collect data from diverse network perspectives. Many of the companies in this market map depend on reliable proxy networks to gather intelligence without triggering blocks or seeing geographically restricted content.

IPXO operates an IP address marketplace and leasing platform, helping organizations acquire clean IP resources for their collection infrastructure.

Oxylabs provides datacenter and residential proxies at scale, serving companies that need to collect public web data without interruption.

Security & Access Infrastructure

As OSINT platforms handle increasingly sensitive data and investigations, proper access control and secrets management become critical.

Okta dominates the identity and access management market, providing single sign-on and multi-factor authentication for enterprise applications.

CyberArk, Delinea, and Akeyless specialize in privileged access management and secrets management, helping organizations secure credentials and API keys.

SailPoint and Saviynt focus on identity governance, helping organizations manage who has access to what across their application ecosystem.

Teleport and Redaccess provide secure access to infrastructure and applications, particularly for teams operating in zero-trust environments.

E2B, Daytona, and Stacklok represent emerging infrastructure for secure development and operational environments, increasingly important as security and investigation tools become more code-driven.

The Evolving OSINT Ecosystem

This landscape will continue evolving as new data sources emerge, AI capabilities advance, and privacy regulations reshape what's possible. Organizations building OSINT capabilities need to understand not just which tools exist, but how they fit together into effective workflows—and what infrastructure makes those workflows possible at scale.

The companies mapping the internet, monitoring threats, and resolving identities all share common infrastructure needs: the ability to collect data from diverse network vantage points, maintain operational security during investigations, and handle the technical complexity of accessing the internet as it truly appears to users in different locations and contexts. As OSINT becomes more sophisticated, the infrastructure layer becomes increasingly critical to success.