OSINT practitioners must manually hop between dozens of tools, figure out which are local vs online, and stitch outputs together — there's no orchestration layer
Visual workflow builder where users connect OSINT tools into pipelines (e.g., domain → WHOIS → reverse email → social profiles). Tags tools as local/online, handles data passing between them, and logs the investigation chain for compliance
Subscription — free for 3 workflows, paid tiers for teams with audit logs, collaboration, and premium tool integrations
Real pain exists — OSINT practitioners genuinely juggle dozens of tools and manually copy-paste outputs between them. The pain signals from osintradar confirm this. However, many practitioners have already built personal scripts/aliases to cope, and the most sophisticated teams use general automation platforms. The pain is acute for mid-tier users: too advanced for manual work, not technical enough to script their own solutions.
The total addressable market is meaningful but niche. Corporate security teams (~50k globally), PI firms (~60k in US alone), compliance departments at financial institutions, and law enforcement. Realistic SAM is probably $200-500M for investigation tooling. The buyer pool is smaller than it appears because many orgs bundle this need into broader security platform purchases (Recorded Future, Palantir, etc.).
Corporate security and compliance teams already pay $1k-50k/year for tools like Maltego, Palantir, Recorded Future. Fraud investigation teams have budgets. The compliance/audit logging angle specifically unlocks enterprise willingness to pay — audit trails are a hard requirement, not a nice-to-have. However, the OSINT community also has a strong free/open-source culture that will resist paying for orchestration of free tools.
A visual workflow builder with drag-and-drop is non-trivial but doable (react-flow or similar). The hard part is building reliable integrations with dozens of OSINT tools — many have no stable API, change frequently, have rate limits, or require local installation. Handling local tool execution vs cloud API calls adds real complexity (agent-based architecture needed for local tools). Data normalization between heterogeneous tool outputs is a significant engineering challenge. A solo dev could build a convincing MVP with 5-8 tool integrations in 8 weeks, but the integration maintenance burden grows fast.
Clear gap exists: Maltego is entity-centric not workflow-centric, SpiderFoot is scan-based not pipeline-based, general automation tools lack OSINT-specific primitives. Nobody has nailed the specific combination of: visual OSINT-specific workflow builder + local/cloud awareness + compliance logging + team collaboration. The local-vs-online tagging is a genuinely novel differentiator that practitioners care about (confirmed by pain signals).
Strong subscription fit. Investigations are ongoing, not one-time. Teams need persistent workflows, growing tool integrations, continuous monitoring capabilities, and accumulating audit logs. Usage-based pricing on workflow executions is natural. The compliance/audit log retention alone justifies recurring payment. Team collaboration and shared workflow libraries create organizational lock-in.
- +Clear gap in the market — nobody owns the OSINT orchestration layer between raw tools and expensive enterprise platforms
- +Local-vs-cloud tool awareness is a genuinely novel and valuable differentiator that resonates with practitioners
- +Compliance/audit logging creates enterprise willingness to pay and defensible recurring revenue
- +The workflow paradigm is proven in adjacent markets (Zapier, n8n, Tines) — applying it to OSINT is a strong wedge
- +Community validation via osintradar engagement suggests real demand
- !Integration maintenance is a treadmill — OSINT tools break, change APIs, get discontinued. You become a full-time integration maintainer
- !Maltego could add workflow features and crush you with their existing distribution and transform library
- !The OSINT community's open-source culture means many potential users will expect this to be free or will clone it
- !Enterprise sales cycles for security tooling are long (3-6 months) and require certifications, SOC2, and security reviews that are expensive for a solo founder
- !Legal liability risk — if your platform is used for stalking, doxxing, or unauthorized surveillance, you inherit reputational and legal exposure
Visual link analysis and OSINT platform with graph-based investigation UI. Chains transforms
Open-source OSINT automation tool that runs 200+ modules to collect intelligence on IPs, domains, emails, names, etc. Available as CLI, self-hosted web UI, or SpiderFoot HX
Open-source web reconnaissance framework written in Python. Modular architecture with marketplace for installing modules. CLI-based with a Metasploit-like interface.
Internet-connected device search engine with emerging workflow/monitor features. Primarily focused on network and infrastructure OSINT.
Visual workflow automation platforms
Web app with react-flow-based visual builder supporting 8-10 high-value OSINT tool integrations (WHOIS, DNS lookup, reverse email, social profile search, Shodan, VirusTotal, Have I Been Pwned, Google dorking). Each node tagged local/online. Simple data passing between nodes with JSON transformation. Basic execution engine that runs workflows sequentially. Investigation log that captures every step with timestamps for compliance. Free tier: 3 saved workflows, 50 executions/month. Skip team features for MVP.
Free tier (3 workflows, basic tools) → Pro $29-49/month (unlimited workflows, all integrations, audit export) → Team $99-199/seat/month (collaboration, shared workflow library, role-based access, API access) → Enterprise custom (SSO, on-prem agent for local tools, SLA, dedicated integrations, compliance certifications)
10-14 weeks. 8 weeks to build MVP, 2-4 weeks to get first paying users from OSINT communities (Twitter/X OSINT community, Reddit r/OSINT, OSINT Discord servers, osintradar itself). The OSINT community is tight-knit and vocal — a good tool spreads fast via word of mouth. First enterprise deal likely 4-6 months out.
- “it may be worthwhile to add a local tool vs online service”
- “wrappers/aggregators on other services”
- “descriptions are a little vague”