- some "assembly" is always required
- integrating paid tools
- deploying free tools
- automation component
- Mix build and buy to meet your OSINT goals
- internet-sized attack surface data -- building this would involve scanning billions of hosts, cost lots in hosting, and require lots of development to enrich the data to make it usable. and Shodan is quite affordable
- profile enumeration by username (demo) -- there are tons of ways to do this, and it's relatively straightforward
- anything that doesn't exist already -- you have no other options...