“Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context.” – Wikipedia

This is a page for me to track particularly cool OSINT resources that have an impact on personal security and privacy. This page will be updated.

General OSINT Resources:

Awesome OSINT: Awesome OSINT is a open-source effort at curating OSINT resources. This list is an exhausting list, but awesome nonetheless.

Another Awesome OSINT: Similar to the last mentioned OSINT list, but some different resources.

Intel Techniques: IntelTechniques is a website that offers a variety of resources and tools. They are also the creator of Buscador, an investigative operating system (VM).

OSINT Framework: An open-source “framework” of OSINT resources. Similar to Awesome OSINT, but more personal and organized with a breakdown tree menu. I wanted this resource to also be available as a text list, so I made this.

Technisette: An archive of resources put together by Technisette. This page has a wealth of useful tools and resources (Addons, databases, search engines, tools, tutorials)

OSINT Community:

Clearnet (World Wide Web)

OSINT Team: OSINT Team is a community for sharing OSINT resources and general discussion. Resourceful, notable folks. Built on Rocket.Chat.

GreySec Hacking Forums: GreySec is a general hacking and information security forum, but some of the community members are well-rounded in OSINT and OPSEC topics, especially on the Anonymity & Privacy Forum.

Darknet (.onion, requires Tor Browser)

Intel Cutout: “A Forum for open source intelligence sharing and discussion. Share database dumps, government documents, doxes, and anything else related to the gathering of underground intelligence.”

OSINT Analysis:

OSINT Is A State Of Mind: The OSINT field is filled with fancy tools and services, but these are only an aid to one thing: the OSINT practitioners mindset. Read this blog to gain a brief understanding of the mindset required for OSINT analysis.

OSINT Flowcharts:

This is a collection of flowcharts created by Intel Techniques. These are great for navigating Web OSINT investigations and self-doxing.

Email Flowchart 
Domain Flowchart
Real Name Flowchart
Telephone Flowchart
Location Flowchart
Username Flowchart

OSINT Web Tools:

Google Hacking & Dorking: manipulate Google searches to find very specific results and general web enumeration. This is a very useful OSINT skill to have.

  • Return specified filetypes: filetype:<extension>
  • Return specified website: site:<domain>
  • Return specified web directory: site:<domain>/<path>

This is a collection of web tools created by Intel Techniques. They are easy to use and automate the relevant OSINT tasks.

OSINT Links
Search Engines
Facebook
Twitter
Instagram
User Name
Real Name
Email Address
Telephone Number
Domain Name
IP Address
YouTube
Reverse Image
Reverse Video
Documents
Pastebins
LinkedIn
Mapping
Communities
Social Traffic

Database Intelligence Gathering:

In recent years, data breaches have become very popular. Subsequently, hacked data search engines have been created and account data is being traded and hoarded. I recommend this guide. This is a grey legal area, be ethical.

Vigilante.pw: breached database directory has information regarding # of entries, database, hashing algorithm, category, dump date, and acknowledgement of breach

Hacked data search engines:

  • Have I Been Pwned: query for username, email, password in hacked datasets, free checks, no info returned
  • LeakedSource: query for username and email in hacked datasets, free checks, paid info results
  • Snusbase: query for username and email in hacked datasets, free checks, paid info results
  • Hacked-Emails: query for email in hacked datasets, free checks

Public domain datasets: https://cdn.databases.today

OSINT Tools for Linux

Much of OSINT is done right in the web-browser using Web tools, services and search engines. However, we may find ourselves needing to do system enumeration from our local system, probably Linux.

Buscador: investigative operating system, deployed as a VM

IntRec-Pack: bash script to download, install and deploy OSINT tools, by Vector

  • QuickScan: port scanner, WHOIS lookup, domain resolver
  • DNSRecon: advanced DNS enumeration, domain utility
  • Sublist3r: subdomain enumeration
  • TekDefense-Automator: IP, URL and hash analyzer
  • TheHarvester: email, vhost, domain and PII enumeration
  • IOC-Parser: threat intel, parses IOC data from reports
  • PyParser-CVE: multi-source exploit parser, CVE lookup
  • Mimir: HoneyDB CLI, threat intelligence utility
  • Harbinger: Cymon.io, Virus Total, threat feed parser
  • Inquisitor: data visualization utility
  • BirdWatch: SOCMINT utility, focused on Twitter
  • Spiderfoot: advanced OSINT/Recon framework

DataSploit: an OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats

Maltego: create graphs to track OSINT relationships: people, names, email addresses, aliases, social networks, companies, organizations, infrastructure, etc. Apparently great for documentation.

System Enumeration guides (not really OSINT):

  • OSCP Survival Guide: resources for “external” system enumeration: DNS, NMap port scanning, NFS, RPC, SMB, SMTP, POP3, MS SQL, HTTP, etc.
  • Basic Linux Privilege Escalation: local system resources for “internal” enumeration: OS, applications, services, user information, file systems

Educational OSINT Videos:

Profiling Online Personas – Are We Sharing Too Much?

  • Speaker: Micah Hoffman

102 Deep Dive in the Dark Web (OSINT Style)

  • Speaker: Kirby Plessas