“Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context.” – Wikipedia
This is a page for me to track particularly cool OSINT resources that have an impact on personal security and privacy. This page will be updated.
General OSINT Resources:
Awesome OSINT: Awesome OSINT is a open-source effort at curating OSINT resources. This list is an exhausting list, but awesome nonetheless.
Another Awesome OSINT: Similar to the last mentioned OSINT list, but some different resources.
OSINT Framework: An open-source “framework” of OSINT resources. Similar to Awesome OSINT, but more personal and organized with a breakdown tree menu. I wanted this resource to also be available as a text list, so I made this.
Technisette: An archive of resources put together by Technisette. This page has a wealth of useful tools and resources (Addons, databases, search engines, tools, tutorials)
Clearnet (World Wide Web)
GreySec Hacking Forums: GreySec is a general hacking and information security forum, but some of the community members are well-rounded in OSINT and OPSEC topics, especially on the Anonymity & Privacy Forum.
Darknet (.onion, requires Tor Browser)
Intel Cutout: “A Forum for open source intelligence sharing and discussion. Share database dumps, government documents, doxes, and anything else related to the gathering of underground intelligence.”
OSINT Is A State Of Mind: The OSINT field is filled with fancy tools and services, but these are only an aid to one thing: the OSINT practitioners mindset. Read this blog to gain a brief understanding of the mindset required for OSINT analysis.
This is a collection of flowcharts created by Intel Techniques. These are great for navigating Web OSINT investigations and self-doxing.
OSINT Web Tools:
Google Hacking & Dorking: manipulate Google searches to find very specific results and general web enumeration. This is a very useful OSINT skill to have.
- Return specified filetypes: filetype:<extension>
- Return specified website: site:<domain>
- Return specified web directory: site:<domain>/<path>
This is a collection of web tools created by Intel Techniques. They are easy to use and automate the relevant OSINT tasks.
Database Intelligence Gathering:
In recent years, data breaches have become very popular. Subsequently, hacked data search engines have been created and account data is being traded and hoarded. I recommend this guide. This is a grey legal area, be ethical.
Vigilante.pw: breached database directory has information regarding # of entries, database, hashing algorithm, category, dump date, and acknowledgement of breach
Hacked data search engines:
- Have I Been Pwned: query for username, email, password in hacked datasets, free checks, no info returned
- LeakedSource: query for username and email in hacked datasets, free checks, paid info results
- Snusbase: query for username and email in hacked datasets, free checks, paid info results
- Hacked-Emails: query for email in hacked datasets, free checks
Public domain datasets: https://cdn.databases.today
OSINT Tools for Linux
Much of OSINT is done right in the web-browser using Web tools, services and search engines. However, we may find ourselves needing to do system enumeration from our local system, probably Linux.
Buscador: investigative operating system, deployed as a VM
IntRec-Pack: bash script to download, install and deploy OSINT tools, by Vector
- QuickScan: port scanner, WHOIS lookup, domain resolver
- DNSRecon: advanced DNS enumeration, domain utility
- Sublist3r: subdomain enumeration
- TekDefense-Automator: IP, URL and hash analyzer
- TheHarvester: email, vhost, domain and PII enumeration
- IOC-Parser: threat intel, parses IOC data from reports
- PyParser-CVE: multi-source exploit parser, CVE lookup
- Mimir: HoneyDB CLI, threat intelligence utility
- Harbinger: Cymon.io, Virus Total, threat feed parser
- Inquisitor: data visualization utility
- BirdWatch: SOCMINT utility, focused on Twitter
- Spiderfoot: advanced OSINT/Recon framework
DataSploit: an OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats
Maltego: create graphs to track OSINT relationships: people, names, email addresses, aliases, social networks, companies, organizations, infrastructure, etc. Apparently great for documentation.
System Enumeration guides (not really OSINT):
- OSCP Survival Guide: resources for “external” system enumeration: DNS, NMap port scanning, NFS, RPC, SMB, SMTP, POP3, MS SQL, HTTP, etc.
- Basic Linux Privilege Escalation: local system resources for “internal” enumeration: OS, applications, services, user information, file systems
Educational OSINT Videos:
- Speaker: Micah Hoffman
- Speaker: Kirby Plessas