OSINT
Open Source Intelligence
Intro
The focus of this section is to provide helpful resources for OSINT and Passive reconnaissance on a given target. There will be certain tools and sites you might be familiar with that could be applicable in this section, that I have omitted and with good reason.
This section is "Passive" recon, which does not entail touching or interacting with your target in any way. For offensive operations, staying off radar is key. But can we check with other sources that may have already scanned out target? You bet.
There are many research tools that provide similar output to the ones listed in the later sections. The ones that I have specifically omitted (and will document in another section) are tailored more to defensive operations and contain information like reputation data and historical activity.
OSINT Resources
OSINT Guides and Methodology
Specific for what you need to look for and how to find it, during the passive recon phase of a penetration test, or the proper way to OSINT.
IntelTechniques - One of the best resources for OSINT has been Michael Bazzell's OSINT book and his website. I highly recommend you order his book. The HTML search tools I reference here come from his collection, available on his website for free. He also runs the Privacy and Security Podcast which is a highly recommended resource for both OSINT techniques and personal privacy.
https://ohshint.gitbook.io/ - One of the most detailed OSINT resources available. Chocked full of search tools.
Security Sift - This write up is a great guide to Passive recon when preparing for a penetration test. For building up your own workflow, start with this.
Pen Test Standard - Great guides for every step of a penetration test, but the recon section is especially useful as a reference here.
OSINT_Handbook_2020.pdf - OSINT Tools and Techniques by I-Intelligence
https://www.randhome.io/blog/2019/01/05/2019-osint-guide/ - Great guide of some newer tools and techniques.
https://nixintel.info/osint/using-gap-analysis-to-keep-osint-investigations-on-track/ - Great article on investigation methodology to hasten your OSINT research.
Methodology of how to investigate a website - https://twitter.com/aware_online/status/1308312883248467975
OSINT x UCCU Workshop on Open Source Intelligence - Slide deck from a workshop by Miaoski, one of the Senior Intel Analysts for Trend Micro.
102 Deep Dive in the Dark Web OSINT - Great video presentation on Dark Web OSINT techniques
Verification handbook - Designed for journalists but still quite useful, the Verification handbook provides a wealth of resources on investigative procedure
OSINT CTFs and Modules
https://cyberdefenders.org/labs/38 - Intel101
Youtube Channels and Web Casts
0x4rkØ OSINT videos - https://www.youtube.com/c/0x4rk%C3%98/videos
OSINTCurious - https://www.youtube.com/channel/UCjzceWf-OT3ImIKztzGkipA/videos
OSINTCurious 10 minute tips - https://www.youtube.com/playlist?list=PL423I_gHbWUUOs09899rex4t2l5py9YIk
OSINTCurious Webcasts - https://osintcurio.us/osintvideosandpodcasts/
Adrian Crenshaw OSINT videos - https://www.youtube.com/user/irongeek/search?query=OSINT
Authentic8 - https://www.youtube.com/user/Authentic8TV
Toddington - Drop in and Learn - https://www.youtube.com/channel/UCAqnnQkeSVTC3ZJ7urNiD8Q
Drop in and Learn Web casts - https://www.toddington.com/drop-in-and-learn-webcasts/
Using Kali OSINT Tools - https://www.youtube.com/playlist?list=PL0A5SH4w3NaIBKahXMaO29uToGLn3dARF
Ben Strick - OSINT at Home - https://www.youtube.com/playlist?list=PLrFPX1Vfqk3ehZKSFeb9pVIHqxqrNW8Sy
OSINT Dojo - https://www.youtube.com/osintdojo
SCSP OSINT Series - https://www.youtube.com/playlist?list=PL7yUP1guJz7fZNfZM-zkUieKSeA1TCG2S
Tracelabs Youtube - https://www.youtube.com/channel/UCezKbcbnYtrwRXfGzgQMI3w
OSINT communities and thier resources
OSINTCurious - Great community and training for those who are interested in OSINT skills and tools.
OSINT Techniques Blog - Fantastic site with tool lists, video guides, and blog on the latest techniques.
Osintion - OSINT and Social Engineering master Joe Grey's website. Resources, OSINT Courses, and consultation services.
OSINT Dojo - A project that provides those new to OSINT a number of free resources and simple challenges that build on one another to provide a simple road map for learning more about the field and polishing up related skills while also earning badges to show off your hard work.
Bellingcat's OSINT How-To - Bellingcat is a collective of researchers and journalists that use OSINT tools and techniques for a variety of purposes and that have come together to share thier latest and greatest tools and techniques. They have a slow of guides for researching specific things with OSINT.
Aware-Online - Aware Online is a Netherlands based training institute specialized in providing training in the field of Open Source intelligence (OSINT) and Social Media Intelligence (SOCMINT).
https://exposingtheinvisible.org/ - Exposing the Invisible is a project of Tactical Tech, an international NGO that engages with citizens and civil-society organizations to explore and mitigate the impacts of technology on society.
OSINTer Blogs
All of these are fantastic resource. Check them regularly for new tools and techniques.
Forums/Groups/Chatrooms
Forums
https://reddit.com
r/InfoSecNews
r/OSINT
r/RBI
Discord/Slack
Bellingcat Discord - https://discord.gg/nTaNPmz
conInt Discord - https://discord.gg/AJYUV7S
Defcon Discord - https://discord.gg.defcon
Hack South Discord - https://discord.gg/nTJFJrUwwT
Imaginary CTF Discord - https://discord.gg/sjVcTTXg6a
OSINT Editor Discord - https://discord.gg/M5pk9rE
OSINT-FR Discord - https://discord.osintfr.com
Project Owl Discord - https://discord.gg/projectowl
SANS Blue Team Discord - https://discord.gg/ZvgwPtuusE
DeadpixelSec Discord - https://discord.gg/infosec
OSINT Curious Discord - https://discord.gg/eaz5AqHDfK
OSINTion Discord - https://discord.gg/p78TTGa
Tracelabs Slack - https://tracelabs.slack.com
Volunteer OSINT
There are a few interesting organizations out there that take OSINT researchers and have them help with certain public good tasks like finding missing children or stopping pedophiles. It can be a heavy ask but can really do some good in the world with the skills that we have. Please check out and If you can donate some time to help, please do!
OSINT Tools
OSINT Tool and Resource Collections
These are misc tools and collections out there. Many overlap, but there are fantastic things in each.
OSINT Virtual Machines
https://www.tracelabs.org/initiatives/osint-vm - specialized OSINT VM specifically to bring together the most effective OSINT tools and customized scripts
https://tsurugi-linux.org/ - 64 bit Linux version to perform digital forensics analysis and OSINT research.
Frameworks
https://nitinpandey.in/ihunt/# - Detailed OSINT framework with dozens of tools grouped by purpose.
osrframework - This package contains a set of libraries developed by i3visio to perform Open Source Intelligence tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regular expressions extraction and many others.
Scrummage — Ultimate OSINT and Threat Hunting Framework
Mr.Holmes — osint toolkit for gathering information about domains, phone numbers and social media accounts
Tools by Category
Search EnginesCyber Search EnginesDark-Web SearchIP AddressDomainUsername/EmailName, Phone, Gov RecordSOCMINT - Social MediaFiles/Media/Breach/Paste/CodeMisc OSINTLast updated