OSINT — Ultimate Resources
“OSINT is like having a superpower. It’s the ability to see the world through the eyes of others.”
Open-source intelligence (OSINT) is the practice of collecting information from published or otherwise publicly available sources — like social media, websites, LinkedIn. OSINT operations, whether practiced by IT security pros, malicious hackers, or state-sanctioned intelligence operatives, use advanced techniques to search through the vast haystack of visible data to find the needles they’re looking for to achieve their goals.
In this blog post, I am going to share some OSINT resources that can help you to better organize, look into deeper information, and make use of some resources that can effectively help your OSINT investigation.
1. Note Keeping Tools for OSINT
Effective note-keeping is the backbone of successful OSINT investigations. In this section, we will explore the tools used for note-keeping. Discover how these tools work, how can they help to organize the collected data in an efficient way which can be later used for analysis, and a lot more.
- KeepNote: http://keepnote.org/
- CherryTree: https://www.giuspen.com/cherrytree/
- Joplin: https://joplinapp.org/
- Notion: https://www.notion.so/
- Greenshot: https://getgreenshot.org/
- Flameshot: https://github.com/flameshot-org/flameshot
- Obsidain: https://obsidian.md/
2. Sock Puppets and Anonymity
Explore the concept of sock puppets and anonymity in online investigations. This is an Alternate Identity used for OSINT so that we do not draw attention to ourselves. These accounts on social media look legitimate and have some posts and data of their own that should not tie back to us and keep us anonymous from any kind of trackback.
Sock Puppets
- Intro to Creating an Effective Sock Puppet: https://web.archive.org/web/20210125191016/https://jakecreps.com/2018/11/02/sock-puppets/
- The Art Of The Sock: https://www.secjuice.com/the-art-of-the-sock-osint-humint/
- My Process for Setting up Anonymous Sock Puppet Accounts(reddit): https://www.reddit.com/r/OSINT/comments/dp70jr/my_process_for_setting_up_anonymous_sockpuppet/
Anonymity
- Fake Name Generator: https://www.fakenamegenerator.com/
- This Person Does not Exist: https://www.thispersondoesnotexist.com/
- Privacy.com: https://privacy.com/
3. Search Engine and Image OSINT
Use different search engines like Google, Bing, Yandex, and DuckDuckGo for gathering information. Each search engine has its capabilities Yandex is better than Google in terms of image searching as I have used it and gives better results than Google. Also, TinEye works great for reverse image searching.
Search Engines
- Google: https://www.google.com/
- Google Advanced Search: https://www.google.com/advanced_search
- Bing: https://www.bing.com/
- Bing Search Guide: https://www.bruceclay.com/blog/bing-google-advanced-search-operators/
- DuckDuckGo: https://duckduckgo.com/
- DuckDuckGo Search Guide: https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/
- Mojeek: https://www.mojeek.com/
Image
- Google Image Search: https://images.google.com
- Yandex: https://yandex.com
- TinEye: https://tineye.com
4. Email, Password, and Username OSINT
Tools like Hunter.io, Dehashed, NameChk, and Email Hippo can be used for email and username investigation, along with password-checking resources. Some of them are paid services but they are worth it like Dehashed giving them a try can be very useful if you are investigating a large group of people and the company they work for.
- Hunter.io: https://hunter.io/
- Phonebook.cz: https://phonebook.cz/
- VoilaNorbert: https://www.voilanorbert.com/
- Email Hippo: https://tools.verifyemailaddress.io/
- Email Checker: https://email-checker.net/validate
- Clearbit Connect: https://chrome.google.com/webstore/detail/clearbit-connect-supercha/pmnhcgfcafcnkbengdcanjablaabjplo?hl=en
- Ghunt: https://github.com/mxrch/GHunt
Password
- Dehashed: https://dehashed.com/
- WeLeakInfo: https://weleakinfo.io/
- LeakCheck: https://leakcheck.io/
- SnusBase: https://snusbase.com/
- Scylla.sh: https://scylla.so/
- HaveIBeenPwned: https://haveibeenpwned.com/
Username
- NameChk: https://namechk.com/
- WhatsMyName: https://whatsmyname.app/
- NameCheckup: https://namecheckup.com/
- Seeker: https://github.com/seekr-osint/seekr
- User Searcher: https://www.user-searcher.com/
5. People and Social Media OSINT
Social media is a goldmine of publicly available information. This focuses on harnessing data from various platforms like Twitter, Facebook, and LinkedIn, providing insights into individuals’ online presence. These resources allow investigators, researchers, and analysts to track digital footprints, behavioral patterns, and connections, forming a critical aspect of understanding an individual’s or entity’s digital identity and activities.
People OSINT
- WhitePages: https://www.whitepages.com/
- TruePeopleSearch: https://www.truepeoplesearch.com/
- FastPeopleSearch: https://www.fastpeoplesearch.com/
- FastBackgroundCheck: https://www.fastbackgroundcheck.com/
- WebMii: https://webmii.com/
- PeekYou: https://peekyou.com/
- 411: https://www.411.com/
- Spokeo: https://www.spokeo.com/
- That’s Then: https://thatsthem.com/
- Voter Records: https://www.voterrecords.com
- TrueCaller: https://www.truecaller.com/
Social Media OSINT
- Twitter Advanced Search: https://twitter.com/search-advanced
- Social Bearing: https://socialbearing.com/
- Twitonomy: https://www.twitonomy.com/
- Tinfoleak: https://tinfoleak.com/
- TweetDeck: https://tweetdeck.com/
- IntelligenceX Facebook Search: https://intelx.io/tools?tab=facebook
- Code of a Ninja: https://codeofaninja.com/tools/find-instagram-user-id/
- InstaDP: https://instadp.io/
- ImgInn: https://imginn.com/
- Snapchat Maps: https://map.snapchat.com
6. Website and Business OSINT
Here are some detailed resources like BuiltWith, Shodan, and OpenCorporates for investigating websites and businesses, along with their technological footprint. My personal favorites are BuiltWith, Shodan, Wayback Machine, also the Wappalyzer a chrome extension is also great you should give all of them a try!
Website OSINT
- BuiltWith: https://builtwith.com/
- Domain Dossier: https://centralops.net/co/
- DNSlytics: https://dnslytics.com/reverse-ip
- SpyOnWeb: https://spyonweb.com/
- Virus Total: https://www.virustotal.com/
- Visual Ping: https://visualping.io/
- View DNS: https://viewdns.info/
- Pentest-Tools Subdomain Finder: https://pentest-tools.com/information-gathering/find-subdomains-of-domain#
- Spyse: https://spyse.com/
- crt.sh: https://crt.sh/
- Shodan: https://shodan.io
- Wayback Machine: https://web.archive.org/
Business OSINT
- Open Corporates: https://opencorporates.com/
- AI HIT: https://www.aihitdata.com/
Section 7: Working with OSINT Tools
Finding more information about a website, business, etc. can be more useful so here are some tools like Subfinder, Amass, and httprobe, offering guidance on their usage for OSINT purposes which can save a lot of time, we can even run these tools simultaneously while we are investigating something else.
- breach-parse: https://github.com/hmaverickadams/breach-parse
- httprobe: https://github.com/tomnomnom/httprobe
- Subfinder: https://github.com/projectdiscovery/subfinder
- Assetfinder: https://github.com/tomnomnom/assetfinder
- Amass: https://github.com/OWASP/Amass
- GoWitness: https://github.com/sensepost/gowitness/wiki/Installation
Conclusion:
Exploring the expansive landscape of Open-Source Intelligence (OSINT) demands the right tools and ethical methodologies. This guide has navigated various OSINT tools, from note-keeping apps to search engines and social media analytics, for uncovering digital insights.
Ethical Use and Paid Resources:
Ethical considerations are paramount. While many resources are free, some tools, like Clearbit Connect or Hunter.io, offer premium features for enhanced investigations. Always balance the value against your requirements.
Paid Resources and Their Worth:
Investing in these services can often unlock advanced features, improved data accuracy, and enhanced capabilities for a more efficient investigation process. Balancing Free and Paid Services, However, it’s important to underscore that a multitude of valuable insights can be derived from freely available tools and platforms. The decision to opt for paid services should be made judiciously, considering the specific needs of your investigation or research.
Responsible Exploration:
Prioritize ethical usage, respect privacy, and adhere to legal boundaries. Remember, the goal isn’t just data collection but also its responsible and ethical application.
Thank you for joining this journey through OSINT Resources.
EXTRA!!
I’ll leave you with this awsome OSINT Tool GitHub repository
