Passive OSINT — intelligence gathered without touching the target — is the foundation of responsible reconnaissance. Ghost Recon, TLZSOFT’s free browser-based OSINT engine, fires 12 intelligence sources simultaneously against any domain, IP, or email address. Here’s how it works and what it reveals.
Drop any domain into Ghost Recon and it immediately queries: DNS records (A, MX, TXT, NS, CNAME, SOA), WHOIS/RDAP registration data, SSL/TLS certificate history via certificate transparency logs, subdomain enumeration, IP geolocation, Shodan InternetDB port and vulnerability data, ARIN IP registry, URLscan.io scan history, Wayback Machine archive history, AlienVault OTX threat intelligence pulses, ASN/BGP routing information, and technology fingerprinting.
Active reconnaissance — port scanning, directory brute-forcing, sending packets to the target — leaves traces. Passive OSINT uses only publicly available data sources. Ghost Recon never sends a single packet to the target. Every data point comes from third-party registries, certificate logs, and threat intel databases.
After all 12 sources return data, Ghost Recon computes a 0–100 risk score. Factors that push the score up: missing DMARC records (email spoofing risk), expired SSL certificates, dangerous ports exposed (MongoDB 27017, Redis 6379, RDP 3389, VNC 5900), known CVEs from Shodan, and presence in AlienVault OTX threat pulses. The result is a CLEAN / LOW / MEDIUM / HIGH / CRITICAL threat level.
Try it now at tlzsoft.com/ghost-recon — no registration, no API keys, completely free.