Open Source Intelligence
The focus of this section is to provide helpful resources for OSINT and Passive reconnaissance on a given target. There will be certain tools and sites you might be familiar with that could be applicable in this section, that I have omitted and with good reason.
- 1.This section is "Passive" recon, which does not entail touching or interacting with your target in any way. For offensive operations, staying off radar is key. But can we check with other sources that may have already scanned out target? You bet.
- 2.There are many research tools that provide similar output to the ones listed in the later sections. The ones that I have specifically omitted (and will document in another section) are tailored more to defensive operations and contain information like reputation data and historical activity.
Specific for what you need to look for and how to find it, during the passive recon phase of a penetration test, or the proper way to OSINT.
- IntelTechniques - One of the best resources for OSINT has been Michael Bazzell's OSINT book and his website. I highly recommend you order his book. The HTML search tools I reference here come from his collection, available on his website for free. He also runs the Privacy and Security Podcast which is a highly recommended resource for both OSINT techniques and personal privacy.
- https://ohshint.gitbook.io/ - One of the most detailed OSINT resources available. Chocked full of search tools.
- Security Sift - This write up is a great guide to Passive recon when preparing for a penetration test. For building up your own workflow, start with this.
- Pen Test Standard - Great guides for every step of a penetration test, but the recon section is especially useful as a reference here.
- https://www.randhome.io/blog/2019/01/05/2019-osint-guide/ - Great guide of some newer tools and techniques.
- https://nixintel.info/osint/using-gap-analysis-to-keep-osint-investigations-on-track/ - Great article on investigation methodology to hasten your OSINT research.
- Methodology of how to investigate a website - https://twitter.com/aware_online/status/1308312883248467975
- OSINT x UCCU Workshop on Open Source Intelligence - Slide deck from a workshop by Miaoski, one of the Senior Intel Analysts for Trend Micro.
- Verification handbook - Designed for journalists but still quite useful, the Verification handbook provides a wealth of resources on investigative procedure
- OSINTCurious - https://www.youtube.com/channel/UCjzceWf-OT3ImIKztzGkipA/videos
- OSINTCurious 10 minute tips - https://www.youtube.com/playlist?list=PL423I_gHbWUUOs09899rex4t2l5py9YIk
- Toddington - Drop in and Learn - https://www.youtube.com/channel/UCAqnnQkeSVTC3ZJ7urNiD8Q
- Ben Strick - OSINT at Home - https://www.youtube.com/playlist?list=PLrFPX1Vfqk3ehZKSFeb9pVIHqxqrNW8Sy
- OSINTCurious - Great community and training for those who are interested in OSINT skills and tools.
- OSINT Techniques Blog - Fantastic site with tool lists, video guides, and blog on the latest techniques.
- Osintion - OSINT and Social Engineering master Joe Grey's website. Resources, OSINT Courses, and consultation services.
- OSINT Dojo - A project that provides those new to OSINT a number of free resources and simple challenges that build on one another to provide a simple road map for learning more about the field and polishing up related skills while also earning badges to show off your hard work.
- Bellingcat's OSINT How-To - Bellingcat is a collective of researchers and journalists that use OSINT tools and techniques for a variety of purposes and that have come together to share thier latest and greatest tools and techniques. They have a slow of guides for researching specific things with OSINT.
- Aware-Online - Aware Online is a Netherlands based training institute specialized in providing training in the field of Open Source intelligence (OSINT) and Social Media Intelligence (SOCMINT).
- https://exposingtheinvisible.org/ - Exposing the Invisible is a project of Tactical Tech, an international NGO that engages with citizens and civil-society organizations to explore and mitigate the impacts of technology on society.
All of these are fantastic resource. Check them regularly for new tools and techniques.
There are a few interesting organizations out there that take OSINT researchers and have them help with certain public good tasks like finding missing children or stopping pedophiles. It can be a heavy ask but can really do some good in the world with the skills that we have. Please check out and If you can donate some time to help, please do!
These are misc tools and collections out there. Many overlap, but there are fantastic things in each.
- https://www.tracelabs.org/initiatives/osint-vm - specialized OSINT VM specifically to bring together the most effective OSINT tools and customized scripts
- https://tsurugi-linux.org/ - 64 bit Linux version to perform digital forensics analysis and OSINT research.
- osrframework - This package contains a set of libraries developed by i3visio to perform Open Source Intelligence tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regular expressions extraction and many others.
- Mr.Holmes — osint toolkit for gathering information about domains, phone numbers and social media accounts