🔏
s0cm0nkey's Security Reference Guide
  • All of the Best Links and Resources on Cyber Security.
  • Cyber Intelligence
    • OSINT
      • Search Engines
        • Goohak.sh Code
        • Google Dorking
      • Cyber Search Engines
      • Dark-Web Search
      • IP Address
      • Domain
      • Username/Email
      • Name, Phone, Gov Record
      • SOCMINT - Social Media
      • Files/Media/Breach/Paste/Code
      • Misc OSINT
    • Intel Feeds and Sources
    • Threat Data
  • Red - Offensive Operations
    • Reconnaissance and Scanning
      • Recon Frameworks
      • NMAP
      • Burp Suite
      • Web App Testing Frameworks
      • Web App Scanning Utilities
    • Exploitation and Targets
      • Offensive Frameworks
      • Shells
      • MSFVenom Commands
      • Exploitation by Port
      • Web App Vulnerabilities
        • Broken Authentication
        • Business Logic Flaws
        • Clickjacking
        • Command Injection
        • CSRF
        • Deserialization
        • HTTP Host Header Attacks
        • HTTP Request Smuggling
        • Insecure Direct Object Reference
        • SQL Injection
          • SQL Tips and Tricks
          • SQL Basics
          • Manual Injection Methodology
        • Web Cache Poisoning
        • Web Sockets
        • XXE - XML External Entity Attacks
        • XSS Cross-Site Scripting
      • Web Technologies
        • SSL/TLS and Certificates
        • OAuth 2.0
        • Web Application Firewall
      • Special Targets
      • Exploit Dev/Buffer Overflow
    • Post Exploitation
      • C2 Frameworks
      • Persistence
      • Defense Evasion
      • Enumeration and Harvesting
      • File Transfer
      • Network Attacks /Harvesting/MITM
      • Privilege Escalation
      • Meterpreter Post-Auth Runbook
    • Attacking Active Directory
    • Lateral Movement
    • Password Attacks
    • Web App Hacking
    • Red/Purple Teaming
    • Physical Security Testing
    • Wireless Hacking
    • Social Engineering
    • Offensive Toolbox
      • Utility Commands
  • Blue - Defensive Operations
    • Standards, Frameworks, and Benchmarks
    • Query Languages
    • Event and Log analysis
    • Event Detection
      • SIEM and Enrichment
      • Sysmon
      • IDS/IPS
      • Detection Use Cases
        • DNS
        • HTTP(S)
        • Email
        • Endpoint
        • Command Line
        • Authentication/Logon
        • General Network Traffic
        • User Behavior monitoring
        • Detection Use Cases - Book Reference
        • Windows Event ID logging list
    • Packet Analysis
    • Threat Hunting
    • Active Defense
    • Device Auditing and Hardening
      • Windows Hardening Commands
      • AD Security Checks
    • Stegonography
    • Asset and Vulnerability Management.
    • Blue ToolBox
  • Blue - DFIR: Digital Forensics and Incident Response
    • Interact with remote machine
    • Windows System Enumeration
    • Windows Process Information
    • Windows DFIR Checks
    • Windows DFIR Check by MITRE Tactic
    • Windows Event Logs
    • Windows Remediation Commands
    • IR Event Log Cheatsheet
    • Linux DFIR Commands
    • MacOS DFIR Commands
    • YARA
    • Memory Forensics
      • Volatility
    • Sandboxing
    • File/Binary Analysis
    • Malware
    • Reverse Engineering
  • Yellow - NetEng/SysAdmin
  • Yellow - Logging and Security Architecture
    • How create a logging strategy
    • Logging - Network Services
    • Logging - Endpoint Logs
    • Logging - User Behavior Monitoring
    • Logging - Cloud
    • Device Discovery and Asset Monitoring
    • Log Source Evaluation
  • Yellow - Cloud
  • Yellow - Containers
  • Yellow - Code and CLI
    • Bash
      • CLI Components
      • Common Commands
      • Install Scripts
      • NMAP Diffing
      • Heartbleed Vuln Check
    • Powershell
      • Common Commands
    • Regex
    • Learn to Code
  • Yellow - AI, Machine Learning, and FOSS
  • Grey - Privacy/TOR/OPSEC
    • Jolly Roger's Security for Beginners
    • PGP Guide
    • TOR
  • Training and Resources
    • Cyber Security Certifications
      • OSCP
    • Books and Reading
    • The Awesome Lists
    • Practice Lab
    • CTF
Powered by GitBook
On this page
  • Intro
  • OSINT Resources
  • OSINT Tools
  • Tools by Category

Was this helpful?

  1. Cyber Intelligence

OSINT

Open Source Intelligence

PreviousCyber IntelligenceNextSearch Engines

Last updated 3 months ago

Was this helpful?

Intro

The focus of this section is to provide helpful resources for OSINT and Passive reconnaissance on a given target. There will be certain tools and sites you might be familiar with that could be applicable in this section, that I have omitted and with good reason.

  1. This section is "Passive" recon, which does not entail touching or interacting with your target in any way. For offensive operations, staying off radar is key. But can we check with other sources that may have already scanned out target? You bet.

  2. There are many research tools that provide similar output to the ones listed in the later sections. The ones that I have specifically omitted (and will document in another section) are tailored more to defensive operations and contain information like reputation data and historical activity.

OSINT Resources

OSINT Guides and Methodology

Specific for what you need to look for and how to find it, during the passive recon phase of a penetration test, or the proper way to OSINT.

  • - One of the best resources for OSINT has been Michael Bazzell's OSINT book and his website. I highly recommend you order his book. The HTML search tools I reference here come from his collection, available on his website for free. He also runs the Privacy and Security Podcast which is a highly recommended resource for both OSINT techniques and personal privacy.

  • - One of the most detailed OSINT resources available. Chocked full of search tools.

  • - This write up is a great guide to Passive recon when preparing for a penetration test. For building up your own workflow, start with this.

  • - Great guides for every step of a penetration test, but the recon section is especially useful as a reference here.

  • - OSINT Tools and Techniques by I-Intelligence

  • - Great guide of some newer tools and techniques.

  • - Great article on investigation methodology to hasten your OSINT research.

  • Methodology of how to investigate a website -

  • - Slide deck from a workshop by Miaoski, one of the Senior Intel Analysts for Trend Micro.

  • - Great video presentation on Dark Web OSINT techniques

  • - Designed for journalists but still quite useful, the Verification handbook provides a wealth of resources on investigative procedure

OSINT training courses.

OSINT CTFs and Modules

  • - Intel101

Youtube Channels and Web Casts
OSINT communities and thier resources
OSINTer Blogs

All of these are fantastic resource. Check them regularly for new tools and techniques.

Forums/Groups/Chatrooms

Forums

  • https://reddit.com

    • r/InfoSecNews

    • r/OSINT

    • r/RBI

Discord/Slack

Volunteer OSINT

There are a few interesting organizations out there that take OSINT researchers and have them help with certain public good tasks like finding missing children or stopping pedophiles. It can be a heavy ask but can really do some good in the world with the skills that we have. Please check out and If you can donate some time to help, please do!

OSINT Tools

OSINT Tool and Resource Collections

These are misc tools and collections out there. Many overlap, but there are fantastic things in each.

OSINT Virtual Machines
Frameworks

Tools by Category

0x4rkØ OSINT videos -

OSINTCurious -

OSINTCurious 10 minute tips -

OSINTCurious Webcasts -

Adrian Crenshaw OSINT videos -

Authentic8 -

ConInt -

Toddington - Drop in and Learn -

Drop in and Learn Web casts -

Using Kali OSINT Tools -

Ben Strick - OSINT at Home -

OSINT Dojo -

SCSP OSINT Series -

Tracelabs Youtube -

- Great community and training for those who are interested in OSINT skills and tools.

- Fantastic site with tool lists, video guides, and blog on the latest techniques.

- OSINT and Social Engineering master Joe Grey's website. Resources, OSINT Courses, and consultation services.

- A project that provides those new to OSINT a number of free resources and simple challenges that build on one another to provide a simple road map for learning more about the field and polishing up related skills while also earning badges to show off your hard work.

- Bellingcat is a collective of researchers and journalists that use OSINT tools and techniques for a variety of purposes and that have come together to share thier latest and greatest tools and techniques. They have a slow of guides for researching specific things with OSINT.

- Aware Online is a Netherlands based training institute specialized in providing training in the field of Open Source intelligence (OSINT) and Social Media Intelligence (SOCMINT).

- Exposing the Invisible is a project of , an international NGO that engages with citizens and civil-society organizations to explore and mitigate the impacts of technology on society.

Bellingcat Discord -

conInt Discord -

Defcon Discord -

Hack South Discord -

Imaginary CTF Discord -

OSINT Editor Discord -

OSINT-FR Discord -

Project Owl Discord -

SANS Blue Team Discord -

DeadpixelSec Discord -

OSINT Curious Discord -

OSINTion Discord -

Tracelabs Slack -

- specialized OSINT VM specifically to bring together the most effective OSINT tools and customized scripts

- 64 bit Linux version to perform digital forensics analysis and OSINT research.

- Detailed OSINT framework with dozens of tools grouped by purpose.

- This package contains a set of libraries developed by i3visio to perform Open Source Intelligence tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regular expressions extraction and many others.

— Ultimate OSINT and Threat Hunting Framework

— osint toolkit for gathering information about domains, phone numbers and social media accounts

IntelTechniques
https://ohshint.gitbook.io/
Security Sift
Pen Test Standard
OSINT_Handbook_2020.pdf
https://www.randhome.io/blog/2019/01/05/2019-osint-guide/
https://nixintel.info/osint/using-gap-analysis-to-keep-osint-investigations-on-track/
https://twitter.com/aware_online/status/1308312883248467975
OSINT x UCCU Workshop on Open Source Intelligence
102 Deep Dive in the Dark Web OSINT
Verification handbook
https://courses.thecyberinst.org/courses/osint-challenge
https://courses.thecyberinst.org/courses/osintmini
https://www.tracelabs.org/initiatives/search-party
https://www.geoguessr.com/
https://kit.exposingtheinvisible.org/en/
https://advocacyassembly.org/en/courses/
https://cyberdefenders.org/labs/38
https://ctf.cybersoc.wales/
https://www.geoguessr.com/
https://ictf.io/
https://hacktoria.com/
https://investigator.cybersoc.wales/
https://tryhackme.com/room/ohsint
https://tryhackme.com/room/sakura
https://tryhackme.com/room/searchlightosint
https://tryhackme.com/room/googledorking
https://tryhackme.com/room/geolocatingimages
https://tryhackme.com/room/webosint
https://sourcing.games/game-1/
https://www.youtube.com/c/0x4rk%C3%98/videos
https://www.youtube.com/channel/UCjzceWf-OT3ImIKztzGkipA/videos
https://www.youtube.com/playlist?list=PL423I_gHbWUUOs09899rex4t2l5py9YIk
https://osintcurio.us/osintvideosandpodcasts/
https://www.youtube.com/user/irongeek/search?query=OSINT
https://www.youtube.com/user/Authentic8TV
https://www.youtube.com/channel/UCBtSOceclpKcvunVNw82tFQ/videos
https://www.youtube.com/channel/UCAqnnQkeSVTC3ZJ7urNiD8Q
https://www.toddington.com/drop-in-and-learn-webcasts/
https://www.youtube.com/playlist?list=PL0A5SH4w3NaIBKahXMaO29uToGLn3dARF
https://www.youtube.com/playlist?list=PLrFPX1Vfqk3ehZKSFeb9pVIHqxqrNW8Sy
https://www.youtube.com/osintdojo
https://www.youtube.com/playlist?list=PL7yUP1guJz7fZNfZM-zkUieKSeA1TCG2S
https://www.youtube.com/channel/UCezKbcbnYtrwRXfGzgQMI3w
OSINTCurious
Osint Curious OSINT Resource List
OSINT Techniques Blog
osinttechniques.com Tool List
Osintion
OSINT Dojo
OSINT Dojo Resources
Bellingcat's OSINT How-To
Bellingcat's Tool Collection
Aware-Online
https://exposingtheinvisible.org/
Tactical Tech
https://kit.exposingtheinvisible.org/en/
https://benjaminstrick.com/blog/
https://blog.bushidotoken.net/
https://threadreaderapp.com/user/cyb_detective
https://dutchosintguy.com/events-and-blogs/
https://www.intelligencewithsteve.com/blog
https://inteltechniques.com/blog/
https://keyfindings.blog/
https://www.lorandbodo.com/
https://www.offensiveosint.io/
https://www.osintcombine.com/blog
https://www.osinteditor.com/
https://www.osintme.com/
http://www.theosintjournal.org/
https://www.bellingcat.com/
https://www.cqcore.uk/blog-posts/
https://keyfindings.blog/
https://www.offensiveosint.io/
https://sector035.nl/
https://app.element.io/#/room/#osint-chat:matrix.org
https://osint.team/home
https://www.websleuths.com/forums/
https://discord.gg/nTaNPmz
https://discord.gg/AJYUV7S
https://discord.gg.defcon
https://discord.gg/nTJFJrUwwT
https://discord.gg/sjVcTTXg6a
https://discord.gg/M5pk9rE
https://discord.osintfr.com
https://discord.gg/projectowl
https://discord.gg/ZvgwPtuusE
https://discord.gg/infosec
https://discord.gg/eaz5AqHDfK
https://discord.gg/p78TTGa
https://tracelabs.slack.com
https://www.tracelabs.org/
https://www.innocentlivesfoundation.org/
https://badassarmy.org/
https://citizenevidence.org/
https://crisismapping.ning.com/
https://www.fbi.gov/wanted/ecap
https://informnapalm.org/en/
https://locate.international/
https://www.missingkids.org/
https://www.ncptf.org/
https://ourrescue.org/
https://www.europol.europa.eu/stopchildabuse
https://www.stopthetraffik.org/
Awesome Collection: OSINT
https://start.me/p/DPYPMz/the-ultimate-osint-collection
https://www.aware-online.com/en/osint-tools/
OSINT Framework
OpenOSINT Team Tools
Sector035 OSINT Links
Technisette OSINT Links
Trouble Fake - start.me
5nacks OSINT Bookmarks
OSINT Combine Bookmarks
Andy Black and Associates OSINT Toolkit
Palliscope OSINT Bookmarks
OSINT Stuff's Pile of OSINT links
Terrorism & Radicalisation Research Dashboard - start.me
OSINT_Encyclopedia
https://start.me/p/rxeRqr/aml-toolbox
https://www.aware-online.com/en/osint-tools/
https://start.me/p/rxRbpo/ti?locale=en
https://start.me/p/W1AXYo/toolkit
https://start.me/p/ZME8nR/osint
https://www.osinttechniques.com/osint-tools.html
https://start.me/p/4K0DXg/social-media
https://thecyberpost.com/open-source-intelligence-osint-tools/
https://start.me/p/ZGAzN7/verification-toolset
https://map.malfrats.industries/
https://github.com/cipher387/API-s-for-OSINT
https://github.com/cipher387/osint_stuff_tool_collection
https://www.tracelabs.org/initiatives/osint-vm
https://tsurugi-linux.org/
https://tsurugi-linux.org/documentation_tsurugi_linux_tools_listing_2021.php
https://nitinpandey.in/ihunt/#
osrframework
Scrummage
Mr.Holmes
Recon Frameworks
Search Engines
Cyber Search Engines
Dark-Web Search
IP Address
Domain
Username/Email
Name, Phone, Gov Record
SOCMINT - Social Media
Files/Media/Breach/Paste/Code
Misc OSINT