What is Intelligence X?

Intelligence X is an OSINT (Open-Source Intelligence) search engine and API that collects and indexes public and leaked data from the internet, including data breaches and darknet sources, for security investigations and threat intelligence.

What kind of data can I search with Intelligence X?

You can search for email addresses, domain names, IP addresses, document hashes, historical web content, darknet forum posts, and data from various public and private data breaches.

Is there a free version of Intelligence X?

Yes, Intelligence X offers a free tier with limited search queries. API access and more extensive data sets are available with paid subscriptions.

What programming languages are supported by the Intelligence X API?

Intelligence X provides SDKs and examples for Python, Go, PHP, JavaScript, PowerShell, and C# to facilitate API integration.

How does Intelligence X compare to Shodan or Censys?

Intelligence X focuses on human-generated data like emails, documents, and darknet content, while Shodan and Censys primarily index internet-connected devices and network infrastructure configurations.

Can Intelligence X help with data breach monitoring?

Yes, its extensive data breach collection allows users to monitor for the exposure of specific email addresses, domains, or other identifiers in new and historical breaches.

Is Intelligence X GDPR compliant?

Yes, Intelligence X states that it adheres to GDPR compliance standards in its data handling and operations.

Intelligence X — OSINT Search Engine and Threat Intelligence API

Overview

Intelligence X is an Open-Source Intelligence (OSINT) search engine and API service established in 2018, specializing in the collection and analysis of public and leaked information. The platform is engineered to support cybersecurity professionals, digital forensic investigators, and threat intelligence analysts by providing access to a comprehensive repository of data. This data includes historical internet content, darknet records, public documents, and extensive data breach collections.

The core utility of Intelligence X lies in its ability to centralize disparate data sources, making it a resource for proactive threat hunting, incident response, and vulnerability assessment. Users can search for email addresses, domain names, IP addresses, and other identifiers across billions of records. Its programmatic interface, available through an API, allows for integration into existing security workflows and automated data analysis.

Intelligence X is particularly suited for scenarios requiring deep historical data analysis, such as tracing the origins of a cybersecurity incident or monitoring for mentions of an organization's assets on the dark web. For example, a security team might use the Intelligence X API to automatically check if corporate email domains have appeared in new data breaches, or to research the digital footprint of a potential threat actor. The service distinguishes itself by its focus on comprehensive data collection, including difficult-to-access historical data and darknet forums, which complements broader internet scanning tools like Shodan for device intelligence or Censys for internet-wide asset discovery.

The platform offers a free tier with limited search capabilities, primarily for manual investigation, while API access and advanced features are reserved for paid subscriptions, starting with a personal plan. Its adherence to GDPR compliance also indicates a commitment to data privacy standards in its operations.

Key features

OSINT Search Engine: Provides a web-based interface and API for searching a vast index of public and leaked data, including email addresses, domains, IP addresses, and document hashes. Searches can be performed across various data types, such as historical web pages, darknet forums, and publicly available documents, enabling comprehensive digital investigations.
Data Breach Collection: Maintains an extensive and continuously updated database of compromised credentials and leaked personal information from various data breaches. This allows users to monitor for the exposure of specific email addresses, domain names, or other identifiers, assisting in proactive security measures and incident response.
Darknet Monitoring: Indexes and allows searching of content from darknet markets, forums, and other hidden services. This feature aids in tracking mentions of an organization's brand, intellectual property, or key personnel in illicit online communities, providing early warnings for potential threats.
Historical Data Access: Offers access to archived internet content, providing context for past events and digital footprints that may no longer be publicly available on the surface web. This is critical for digital forensics and historical threat intelligence analysis.
API Access: Provides a well-documented RESTful API that allows programmatic access to all search functionalities and data collections. This enables integration with security orchestration, automation, and response (SOAR) platforms, custom scripts, and other threat intelligence tools. The API client libraries are available for popular programming languages such as Python, Go, and C#, simplifying development for various environments.
Email Address Search: Allows investigators to find all instances of a specific email address across data breaches, public documents, and archived web pages. This helps in understanding the exposure level of an individual or organization's email infrastructure.
Domain Name Search: Enables searching for information related to a specific domain, including associated IP addresses, subdomains, and historical records. This aids in mapping an organization's digital attack surface.

Pricing

Intelligence X offers several pricing tiers, including a limited free option for basic exploration. Paid plans are structured to accommodate individual users up to enterprise-level organizations, with API access primarily available in the paid tiers. Pricing is subject to change. For the most current details, refer to the official Intelligence X pricing page.

Plan Name	Monthly Cost (EUR)	Key Features
Free	0	Limited search queries; no API access.
Personal	29.99	API access, increased search limits, more extensive data access.
Professional	Contact for pricing	Higher API limits, advanced features, dedicated support.
Enterprise	Contact for pricing	Custom API limits, on-premise deployment options, bespoke data access and support.

Pricing as of 2026-05-28

Common integrations

Security Information and Event Management (SIEM) Systems: Integrates with SIEM platforms like Splunk or Elastic Security to enrich event data with OSINT from Intelligence X, providing additional context for security alerts. The API can push relevant breach data or darknet mentions directly into SIEM dashboards for real-time analysis.
Security Orchestration, Automation, and Response (SOAR) Platforms: Connects with SOAR tools such as Cortex XSOAR or Swimlane to automate threat intelligence gathering and incident response workflows. For instance, a playbook could automatically query Intelligence X for details on an IOC (Indicator of Compromise) detected during an incident.
Threat Intelligence Platforms (TIPs): Feeds OSINT data into TIPs like ThreatConnect or Anomali to centralize and correlate external threat data with internal intelligence. The Intelligence X API can regularly update TIPs with new breach information or darknet activity relevant to an organization.
Digital Forensics Tools: Used in conjunction with digital forensics suites to provide external context during investigations. For example, a forensic analyst might use Intelligence X to search for a suspicious email address or file hash found on a compromised system.
Custom Security Applications: Developers can integrate Intelligence X into proprietary security tools or scripts using the provided SDKs (Python, Go, C#, PHP, JavaScript, PowerShell) to build tailored solutions for specific security challenges, such as automated domain monitoring or brand protection.

Alternatives

Shodan: A search engine for internet-connected devices, focusing on exposed ports, services, and vulnerabilities. While Intelligence X focuses on human-generated data and breaches, Shodan indexes network infrastructure.
Censys: Provides continuous visibility into internet-wide assets and threat intelligence, mapping the attack surface of organizations. Similar to Shodan, Censys primarily scans network device configurations and services, rather than leaked data or darknet content.
Have I Been Pwned: A service that allows users to check if their email addresses or phone numbers have been compromised in data breaches. Intelligence X offers a broader scope of data and API access for programmatic breach monitoring, while HIBP focuses specifically on personal credentials.

Getting started

To begin using the Intelligence X API, you will need an API key, which is available with a paid subscription. The official Intelligence X API documentation provides comprehensive details. Here's a Python example to perform a basic search for an email address:

import requests
import json

API_KEY = "YOUR_API_KEY"  # Replace with your actual API key
BASE_URL = "https://public.api.intelx.io"

def search_intelx(search_term, search_type=0, max_results=10):
    headers = {
        "x-apikey": API_KEY,
        "Content-Type": "application/json"
    }
    payload = {
        "term": search_term,
        "maxresults": max_results,
        "media": 0,  # All media types
        "sort": 2,   # Sort by newest
        "type": search_type, # 0=any, 1=email, 2=phone, etc.
        "kibana": "",
        "lookuplevel": 0,
        "limit": 100000
    }
    
    try:
        # Initiate search
        search_response = requests.post(f"{BASE_URL}/v1/intelligent/search", headers=headers, json=payload)
        search_response.raise_for_status() # Raise an exception for HTTP errors
        search_id = search_response.json().get("id")
        
        if not search_id:
            print("Failed to initiate search.")
            return

        print(f"Search initiated with ID: {search_id}")

        # Retrieve results
        while True:
            results_response = requests.get(f"{BASE_URL}/v1/intelligent/search/result?id={search_id}&offset=0&limit={max_results}", headers=headers)
            results_response.raise_for_status()
            results_data = results_response.json()

            if results_data.get("status") == 0: # Status 0 means finished
                print("Search complete.")
                for item in results_data.get("records", []):
                    print(f"  Title: {item.get('title')}")
                    print(f"  Bucket: {item.get('bucket')}")
                    print(f"  Date: {item.get('date')}")
                    print(f"  URL: {item.get('url')}")
                    print("-" * 20)
                break
            elif results_data.get("status") == 1: # Status 1 means still running
                print("Search still running, waiting...")
                import time
                time.sleep(5) # Wait 5 seconds before retrying
            else:
                print(f"Search failed with status: {results_data.get('status')}")
                print(results_data)
                break

    except requests.exceptions.HTTPError as http_err:
        print(f"HTTP error occurred: {http_err}")
    except Exception as err:
        print(f"An error occurred: {err}")

# Example usage: Search for a specific email address
search_term = "[email protected]"
print(f"Searching for: {search_term}")
search_intelx(search_term, search_type=1) # type=1 for email

# Example usage: Search for a domain (type=0 for any/general search)
search_term_domain = "example.com"
print(f"\nSearching for domain: {search_term_domain}")
search_intelx(search_term_domain, search_type=0)

This Python script demonstrates how to initiate a search using the Intelligence X API and then poll for the results. It first sends a POST request to the /v1/intelligent/search endpoint to start the search, receiving a search ID. Subsequently, it repeatedly queries the /v1/intelligent/search/result endpoint with the obtained ID until the search status indicates completion. The results, including titles, buckets, dates, and URLs, are then printed to the console. This basic structure can be adapted for various search types and integrated into larger applications for automated OSINT collection.

Intelligence X

Overview

Key features

Pricing

Common integrations

Alternatives

Getting started

# frequently asked questions

## reviews

## comments

Overview

Key features

Pricing

Common integrations

Alternatives

Getting started

# frequently asked questions

# see also

## reviews

## comments