Credited to the compiler: Xox /
@Medium
Open Source Intelligence (OSINT) you can think of it as a detective work on the internet. Itās about gathering information from publicly available sources ā like social media, websites, LinkedIn, or news to understand or investigate something or we can say someone more accurately.
I am going to share some OSINT resources that can help you to better organize, look into deeper information, and make use of some resources that can effectively help your OSINT investigation.
Effective note-keeping is the backbone of successful OSINT investigations. In this section, we will explore the tools used for note-keeping. Discover how these tools work, how can they help to organize the collected data in an efficient way which can be later used for analysis, and a lot more.
KeepNote: http://keepnote.org/ 58
CherryTree: https://www.giuspen.com/cherrytree/ 27
Joplin: https://joplinapp.org/ 17
Notion: https://www.notion.so/ 7
Greenshot: https://getgreenshot.org/ 7
Flameshot: https://github.com/flameshot-org/flameshot 10
Section 2: Sock Puppets and Anonymity
Explore the concept of sock puppets and anonymity in online investigations. This is an Alternate Identity used for OSINT so that we do not draw attention to ourselves. These accounts on social media look legitimate and have some posts and data of their own that should not tie back to us and keep us anonymous from any kind of trackback.
Sock Puppets
Intro to Creating an Effective Sock Puppet: https://web.archive.org/web/20210125191016/https://jakecreps.com/2018/11/02/sock-puppets/ 23
The Art Of The Sock: https://www.secjuice.com/the-art-of-the-sock-osint-humint/ 11
My Process for Setting up Anonymous Sock Puppet Accounts(reddit): https://www.reddit.com/r/OSINT/comments/dp70jr/my_process_for_setting_up_anonymous_sockpuppet/ 4
Anonymity
Fake Name Generator: https://www.fakenamegenerator.com/ 15
This Person Does not Exist: https://www.thispersondoesnotexist.com/ 18
Privacy.com 1: https://privacy.com/ 9
Section 3: Search Engine and Image OSINT
Use different search engines like Google, Bing, Yandex, and DuckDuckGo for gathering information. Each search engine has its capabilities Yandex is better than Google in terms of image searching as I have used it and gives better results than Google. Also, TinEye works great for reverse image searching.
Search Engines
Google: https://www.google.com/
Google Advanced Search: https://www.google.com/advanced_search 19
Bing: https://www.bing.com/
Bing Search Guide: https://www.bruceclay.com/blog/bing-google-advanced-search-operators/ 7
DuckDuckGo: https://duckduckgo.com/ 3
DuckDuckGo Search Guide: https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/ 5
Image
Google Image Search: https://images.google.com 2
Yandex: https://yandex.com 2
TinEye: https://tineye.com 10
Section 4: Email, Password, and Username OSINT
Tools like
Hunter.io 3, Dehashed, NameChk, and Email Hippo can be used for email and username investigation, along with password-checking resources. Some of them are paid services but they are worth it like Dehashed giving them a try can be very useful if you are investigating a large group of people and the company they work for.
Email
Hunter.io 3: https://hunter.io/ 24
Phonebook.cz: https://phonebook.cz/ 19
VoilaNorbert: https://www.voilanorbert.com/ 6
Email Hippo: https://tools.verifyemailaddress.io/ 3
Email Checker: https://email-checker.net/validate 6
Clearbit Connect: https://chrome.google.com/webstore/detail/clearbit-connect-supercha/pmnhcgfcafcnkbengdcanjablaabjplo?hl=en 2
Password
Dehashed: https://dehashed.com/ 21
WeLeakInfo: https://weleakinfo.io/ 16
LeakCheck: https://leakcheck.io/ 9
SnusBase: https://snusbase.com/ 4
Scylla.sh: https://scylla.so/ 5
HaveIBeenPwned: https://haveibeenpwned.com/ 1
Username
NameChk: https://namechk.com/ 10
WhatsMyName: https://whatsmyname.app/ 10
NameCheckup: https://namecheckup.com/ 4
Social media is a goldmine of publicly available information. This focuses on harnessing data from various platforms like Twitter, Facebook, and LinkedIn, providing insights into individualsā online presence. These resources allow investigators, researchers, and analysts to track digital footprints, behavioral patterns, and connections, forming a critical aspect of understanding an individualās or entityās digital identity and activities.
People OSINT
WhitePages: https://www.whitepages.com/ 12
TruePeopleSearch: https://www.truepeoplesearch.com/ 13
FastPeopleSearch: https://www.fastpeoplesearch.com/ 9
FastBackgroundCheck: https://www.fastbackgroundcheck.com/ 11
WebMii: https://webmii.com/ 5
PeekYou: https://peekyou.com/ 5
411: https://www.411.com/ 4
Spokeo: https://www.spokeo.com/ 2
Thatās Then: https://thatsthem.com/ 2
Voter Records: https://www.voterrecords.com 3
TrueCaller: https://www.truecaller.com/ 8
Twitter Advanced Search: https://twitter.com/search-advanced 2
Social Bearing: https://socialbearing.com/ 9
Twitonomy: https://www.twitonomy.com/ 4
Tinfoleak: https://tinfoleak.com/ 7
TweetDeck: https://tweetdeck.com/ 2
IntelligenceX Facebook Search: https://intelx.io/tools?tab=facebook 14
Code of a Ninja: https://codeofaninja.com/tools/find-instagram-user-id/ 3
InstaDP: https://instadp.io/ 12
ImgInn: https://imginn.com/ 5
Snapchat Maps: https://map.snapchat.com 3
Section 6: Website and Business OSINT
Here are some detailed resources like BuiltWith, Shodan, and OpenCorporates for investigating websites and businesses, along with their technological footprint. My personal favorites are BuiltWith, Shodan, Wayback Machine, also the Wappalyzer a chrome extension is also great you should give all of them a try!
Website OSINT
BuiltWith: https://builtwith.com/ 10
Domain Dossier: https://centralops.net/co/ 2
DNSlytics: https://dnslytics.com/reverse-ip
SpyOnWeb: https://spyonweb.com/ 5
Virus Total: https://www.virustotal.com/ 2
Visual Ping: https://visualping.io/ 1
View DNS: https://viewdns.info/ 1
Pentest-Tools Subdomain Finder: https://pentest-tools.com/information-gathering/find-subdomains-of-domain# 1
Spyse: https://spyse.com/ 4
crt.sh: https://crt.sh/
Shodan: https://shodan.io 3
Wayback Machine: https://web.archive.org/ 1
Business OSINT
Open Corporates: https://opencorporates.com/ 3
AI HIT: https://www.aihitdata.com/ 4
Finding more information about a website, business, etc. can be more useful so here are some tools like Subfinder, Amass, and httprobe, offering guidance on their usage for OSINT purposes which can save a lot of time, we can even run these tools simultaneously while we are investigating something else.
breach-parse: https://github.com/hmaverickadams/breach-parse 7
httprobe: https://github.com/tomnomnom/httprobe 3
Subfinder: https://github.com/projectdiscovery/subfinder 4
Assetfinder: https://github.com/tomnomnom/assetfinder 2
Amass: https://github.com/OWASP/Amass 1
GoWitness: https://github.com/sensepost/gowitness/wiki/Installation 4
Conclusion:
Exploring the expansive landscape of Open-Source Intelligence (OSINT) demands the right tools and ethical methodologies. This guide has navigated various OSINT tools, from note-keeping apps to search engines and social media analytics, for uncovering digital insights.
Ethical Use and Paid Resources:
Ethical considerations are paramount. While many resources are free, some tools, like Clearbit Connect or
Hunter.io 3, offer premium features for enhanced investigations. Always balance the value against your requirements.
Paid Resources and Their Worth:
Investing in these services can often unlock advanced features, improved data accuracy, and enhanced capabilities for a more efficient investigation process. Balancing Free and Paid Services, However, itās important to underscore that a multitude of valuable insights can be derived from freely available tools and platforms. The decision to opt for paid services should be made judiciously, considering the specific needs of your investigation or research.
