Recon-ng
This tool is basically MSF for OSINT. It is very powerful.
Usage is similar to metasploit: Many of the modules in recon-ng require API keys with their respective service providers. Take some time to check out recon-ng and its various modules.
Example
Getting usernames and emails at Cisco:
Search for persisting reported vulns:
This particular module looks for reported xss vulns that have not yet been patched by cisco.
Search for Subdomians:
Last updated