README.md

description
Open Source Intelligence

OSINT

Intro

The focus of this section is to provide helpful resources for OSINT and Passive reconnaissance on a given target. There will be certain tools and sites you might be familiar with that could be applicable in this section, that I have omitted and with good reason.

1. This section is "Passive" recon, which does not entail touching or interacting with your target in any way. For offensive operations, staying off radar is key. But can we check with other sources that may have already scanned out target? You bet.
2. There are many research tools that provide similar output to the ones listed in the later sections. The ones that I have specifically omitted (and will document in another section) are tailored more to defensive operations and contain information like reputation data and historical activity.

OSINT Resources

OSINT Guides and Methodology

Specific for what you need to look for and how to find it, during the passive recon phase of a penetration test, or the proper way to OSINT.

• IntelTechniques - One of the best resources for OSINT has been Michael Bazzell's OSINT book and his website. I highly recommend you order his book. The HTML search tools I reference here come from his collection, available on his website for free. He also runs the Privacy and Security Podcast which is a highly recommended resource for both OSINT techniques and personal privacy.
• https://ohshint.gitbook.io/ - One of the most detailed OSINT resources available. Chocked full of search tools.
• Security Sift - This write up is a great guide to Passive recon when preparing for a penetration test. For building up your own workflow, start with this.
• Pen Test Standard - Great guides for every step of a penetration test, but the recon section is especially useful as a reference here.
• OSINT_Handbook_2020.pdf - OSINT Tools and Techniques by I-Intelligence
• https://www.randhome.io/blog/2019/01/05/2019-osint-guide/ - Great guide of some newer tools and techniques.
• https://nixintel.info/osint/using-gap-analysis-to-keep-osint-investigations-on-track/ - Great article on investigation methodology to hasten your OSINT research.
• Methodology of how to investigate a website - https://twitter.com/aware_online/status/1308312883248467975
• OSINT x UCCU Workshop on Open Source Intelligence - Slide deck from a workshop by Miaoski, one of the Senior Intel Analysts for Trend Micro.
• 102 Deep Dive in the Dark Web OSINT - Great video presentation on Dark Web OSINT techniques
• Verification handbook - Designed for journalists but still quite useful, the Verification handbook provides a wealth of resources on investigative procedure

OSINT training courses.

• https://courses.thecyberinst.org/courses/osint-challenge
• https://courses.thecyberinst.org/courses/osintmini
• https://www.tracelabs.org/initiatives/search-party
• https://www.geoguessr.com/
• https://kit.exposingtheinvisible.org/en/
• https://advocacyassembly.org/en/courses/

OSINT CTFs and Modules

• https://cyberdefenders.org/labs/38 - Intel101
• https://ctf.cybersoc.wales/
• https://www.geoguessr.com/
• https://ictf.io/
• https://hacktoria.com/
• https://investigator.cybersoc.wales/
• https://tryhackme.com/room/ohsint
• https://tryhackme.com/room/sakura
• https://tryhackme.com/room/searchlightosint
• https://tryhackme.com/room/googledorking
• https://tryhackme.com/room/geolocatingimages
• https://tryhackme.com/room/webosint
• https://sourcing.games/game-1/

Youtube Channels and Web Casts

• 0x4rkØ OSINT videos - https://www.youtube.com/c/0x4rk%C3%98/videos
• OSINTCurious - https://www.youtube.com/channel/UCjzceWf-OT3ImIKztzGkipA/videos
  • OSINTCurious 10 minute tips - https://www.youtube.com/playlist?list=PL423I_gHbWUUOs09899rex4t2l5py9YIk
  • OSINTCurious Webcasts - https://osintcurio.us/osintvideosandpodcasts/
• Adrian Crenshaw OSINT videos - https://www.youtube.com/user/irongeek/search?query=OSINT
• Authentic8 - https://www.youtube.com/user/Authentic8TV
• ConInt - https://www.youtube.com/channel/UCBtSOceclpKcvunVNw82tFQ/videos
• Toddington - Drop in and Learn - https://www.youtube.com/channel/UCAqnnQkeSVTC3ZJ7urNiD8Q
  • Drop in and Learn Web casts - https://www.toddington.com/drop-in-and-learn-webcasts/
• Using Kali OSINT Tools - https://www.youtube.com/playlist?list=PL0A5SH4w3NaIBKahXMaO29uToGLn3dARF
• Ben Strick - OSINT at Home - https://www.youtube.com/playlist?list=PLrFPX1Vfqk3ehZKSFeb9pVIHqxqrNW8Sy
• OSINT Dojo - https://www.youtube.com/osintdojo
• SCSP OSINT Series - https://www.youtube.com/playlist?list=PL7yUP1guJz7fZNfZM-zkUieKSeA1TCG2S
• Tracelabs Youtube - https://www.youtube.com/channel/UCezKbcbnYtrwRXfGzgQMI3w

OSINT communities and thier resources

• OSINTCurious - Great community and training for those who are interested in OSINT skills and tools.
  • Osint Curious OSINT Resource List
• OSINT Techniques Blog - Fantastic site with tool lists, video guides, and blog on the latest techniques.
  • osinttechniques.com Tool List
• Osintion - OSINT and Social Engineering master Joe Grey's website. Resources, OSINT Courses, and consultation services.
• OSINT Dojo - A project that provides those new to OSINT a number of free resources and simple challenges that build on one another to provide a simple road map for learning more about the field and polishing up related skills while also earning badges to show off your hard work.
  • OSINT Dojo Resources
• Bellingcat's OSINT How-To - Bellingcat is a collective of researchers and journalists that use OSINT tools and techniques for a variety of purposes and that have come together to share thier latest and greatest tools and techniques. They have a slow of guides for researching specific things with OSINT.
  • Bellingcat's Tool Collection
• Aware-Online - Aware Online is a Netherlands based training institute specialized in providing training in the field of Open Source intelligence (OSINT) and Social Media Intelligence (SOCMINT).
• https://exposingtheinvisible.org/ - Exposing the Invisible is a project of Tactical Tech, an international NGO that engages with citizens and civil-society organizations to explore and mitigate the impacts of technology on society.
  • https://kit.exposingtheinvisible.org/en/

OSINTer Blogs

All of these are fantastic resource. Check them regularly for new tools and techniques.

• https://benjaminstrick.com/blog/
• https://blog.bushidotoken.net/
• https://threadreaderapp.com/user/cyb_detective
• https://dutchosintguy.com/events-and-blogs/
• https://www.intelligencewithsteve.com/blog
• https://inteltechniques.com/blog/
• https://keyfindings.blog/
• https://www.lorandbodo.com/
• https://www.offensiveosint.io/
• https://www.osintcombine.com/blog
• https://www.osinteditor.com/
• https://www.osintme.com/
• http://www.theosintjournal.org/
• https://www.bellingcat.com/
• https://www.cqcore.uk/blog-posts/
• https://keyfindings.blog/
• https://www.offensiveosint.io/
• https://sector035.nl/

Forums/Groups/Chatrooms

Forums

• https://app.element.io/#/room/#osint-chat:matrix.org
• https://osint.team/home
• https://www.websleuths.com/forums/
• https://reddit.com
  • r/InfoSecNews
  • r/OSINT
  • r/RBI

Discord/Slack

• Bellingcat Discord - https://discord.gg/nTaNPmz
• conInt Discord - https://discord.gg/AJYUV7S
• Defcon Discord - https://discord.gg.defcon
• Hack South Discord - https://discord.gg/nTJFJrUwwT
• Imaginary CTF Discord - https://discord.gg/sjVcTTXg6a
• OSINT Editor Discord - https://discord.gg/M5pk9rE
• OSINT-FR Discord - https://discord.osintfr.com
• Project Owl Discord - https://discord.gg/projectowl
• SANS Blue Team Discord - https://discord.gg/ZvgwPtuusE
• DeadpixelSec Discord - https://discord.gg/infosec
• OSINT Curious Discord - https://discord.gg/eaz5AqHDfK
• OSINTion Discord - https://discord.gg/p78TTGa
• Tracelabs Slack - https://tracelabs.slack.com

Volunteer OSINT

There are a few interesting organizations out there that take OSINT researchers and have them help with certain public good tasks like finding missing children or stopping pedophiles. It can be a heavy ask but can really do some good in the world with the skills that we have. Please check out and If you can donate some time to help, please do!

• https://www.tracelabs.org/
• https://www.innocentlivesfoundation.org/
• https://badassarmy.org/
• https://citizenevidence.org/
• https://crisismapping.ning.com/
• https://www.fbi.gov/wanted/ecap
• https://informnapalm.org/en/
• https://locate.international/
• https://www.missingkids.org/
• https://www.ncptf.org/
• https://ourrescue.org/
• https://www.europol.europa.eu/stopchildabuse
• https://www.stopthetraffik.org/

OSINT Tools

OSINT Tool and Resource Collections

These are misc tools and collections out there. Many overlap, but there are fantastic things in each.

• Awesome Collection: OSINT
• https://start.me/p/DPYPMz/the-ultimate-osint-collection
• https://www.aware-online.com/en/osint-tools/
• OSINT Framework
• OpenOSINT Team Tools
• Sector035 OSINT Links
• Technisette OSINT Links
• Trouble Fake - start.me
• 5nacks OSINT Bookmarks
• OSINT Combine Bookmarks
• Andy Black and Associates OSINT Toolkit
• Palliscope OSINT Bookmarks
• OSINT Stuff's Pile of OSINT links
• Terrorism & Radicalisation Research Dashboard - start.me****
• OSINT_Encyclopedia
• https://start.me/p/rxeRqr/aml-toolbox
• https://www.aware-online.com/en/osint-tools/
• https://start.me/p/rxRbpo/ti?locale=en
• https://start.me/p/W1AXYo/toolkit
• https://start.me/p/ZME8nR/osint
• https://www.osinttechniques.com/osint-tools.html
• https://start.me/p/4K0DXg/social-media
• https://thecyberpost.com/open-source-intelligence-osint-tools/
• https://start.me/p/ZGAzN7/verification-toolset
• https://map.malfrats.industries/
• https://github.com/cipher387/API-s-for-OSINT
• https://github.com/cipher387/osint_stuff_tool_collection

OSINT Virtual Machines

• https://www.tracelabs.org/initiatives/osint-vm - specialized OSINT VM specifically to bring together the most effective OSINT tools and customized scripts

• https://tsurugi-linux.org/ - 64 bit Linux version to perform digital forensics analysis and OSINT research.
  • https://tsurugi-linux.org/documentation_tsurugi_linux_tools_listing_2021.php

Frameworks

• https://nitinpandey.in/ihunt/# - Detailed OSINT framework with dozens of tools grouped by purpose.
• osrframework - This package contains a set of libraries developed by i3visio to perform Open Source Intelligence tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regular expressions extraction and many others.
• Scrummage — Ultimate OSINT and Threat Hunting Framework
• Mr.Holmes — osint toolkit for gathering information about domains, phone numbers and social media accounts

{% content-ref url="../../red-offensive/scanning-active-recon/recon-frameworks.md" %} recon-frameworks.md {% endcontent-ref %}

Tools by Category

{% content-ref url="search-engines/" %} search-engines {% endcontent-ref %}

{% content-ref url="cyber-search.md" %} cyber-search.md {% endcontent-ref %}

{% content-ref url="dark-web-search.md" %} dark-web-search.md {% endcontent-ref %}

{% content-ref url="ip-address.md" %} ip-address.md {% endcontent-ref %}

{% content-ref url="domain.md" %} domain.md {% endcontent-ref %}

{% content-ref url="username-email.md" %} username-email.md {% endcontent-ref %}

{% content-ref url="name-phone-gov-record.md" %} name-phone-gov-record.md {% endcontent-ref %}

{% content-ref url="socmint-social-media.md" %} socmint-social-media.md {% endcontent-ref %}

{% content-ref url="files-media-breach-paste-code.md" %} files-media-breach-paste-code.md {% endcontent-ref %}

{% content-ref url="misc-osint.md" %} misc-osint.md {% endcontent-ref %}