In today’s digital age, information is power. Open Source Intelligence (OSINT) is the practice of collecting and analyzing information that is publicly available and can be used in an intelligence context. From cybersecurity professionals to journalists and researchers, OSINT plays a crucial role in understanding the world around us. This cheat sheet provides a comprehensive list of OSINT tools, tips, and resources to enhance your information gathering and analysis skills.
Just as some might look for shortcuts or “hacks” in online games, OSINT professionals seek efficient methods and tools to uncover valuable insights from the vast ocean of publicly available data. However, unlike game hacks, OSINT operates within legal and ethical boundaries, focusing on publicly accessible information for legitimate purposes.
This guide is intended for educational purposes and knowledge sharing. Always use these tools responsibly and ethically, respecting terms of service and privacy regulations. The creators of this resource are not responsible for misuse of these tools. Please be aware that the availability and functionality of online resources can change, and this list may contain outdated information. Contributions and updates are welcome to keep this resource current and valuable. For deeper dives into OSINT techniques and methodologies, explore our Wiki page on OSINT techniques.
Safe Practices for Using OSINT Resources
Navigating the world of online information requires caution. Protect your digital footprint and personal information by adhering to these safety guidelines when using OSINT resources:
- Utilize Virtual Machines: Isolate your OSINT activities within a virtual machine environment. This prevents potential risks from affecting your primary system.
- Employ Privacy Networks: Enhance your anonymity and security by using Virtual Private Networks (VPNs), Tor, or Peer-to-Peer (P2P) networks to mask your IP address and encrypt your internet traffic.
- Use Secondary Accounts: Avoid using your personal accounts for OSINT research. Create dedicated, separate accounts to minimize the risk of exposing your personal information or activities.
- Review Terms of Service (ToS): Always carefully read the Terms of Service and privacy policies of any resource or tool you intend to use. Understand the terms of data collection, usage, and privacy implications.
- Activate Security Measures: Ensure your host machine or virtual machine has a robust firewall, antivirus (AV), and Intrusion Detection System (IDS) enabled and up-to-date.
- Harden Your Browser: Strengthen your browser’s privacy settings by installing privacy extensions and disabling JavaScript, ads, and trackers.
- Maintain Clean Files: Avoid uploading personal or sensitive files during your research. Keep a separate, clean folder for OSINT-related files.
- Scan Downloaded Files: Always scan downloaded files with antivirus software before opening them to protect against malware.
- Encrypt Communications and Data: Encrypt your network traffic, messages, and local storage disks to protect sensitive information.
- Exercise Caution with Attachments: Be wary of email attachments, especially document formats like DOCX or XLSM, which may contain macros. Disable macros by default and carefully inspect file properties before enabling them if necessary.
Target Audience for OSINT Resources
This resource compilation is beneficial for a wide range of professionals and individuals, including:
- IT Security Professionals: For threat intelligence, vulnerability research, and security assessments.
- CTF (Capture The Flag) Players: To gather clues and solve challenges in cybersecurity competitions.
- Journalists: For investigative reporting, fact-checking, and background research.
- Investigators: For legal investigations, due diligence, and background checks.
- Cyber Crime Analysts: To track cybercriminals, analyze attack patterns, and gather evidence.
- Researchers & Analysts: For academic research, market analysis, and competitive intelligence.
- Law Enforcement: For criminal investigations, digital forensics, and intelligence gathering.
- General Users: Anyone interested in enhancing their online research skills and understanding open source information.
Linux Distributions for OSINT
Consider utilizing a dedicated Linux distribution specifically designed for OSINT and penetration testing. These distributions come pre-loaded with many useful tools. You can run them in a Virtual Machine (VM) or as a Live USB for a sandboxed environment.
EXIF Data Extraction and Manipulation with ExifTool
ExifTool is a powerful command-line utility for reading, writing, and manipulating image, audio, video, and PDF metadata. Understanding and using ExifTool is crucial for OSINT investigations involving media files.
Common EXIF Tags and Data Types
Metadata tags provide valuable information embedded within files. Here are some common EXIF tags:
Artist : Text string indicating the creator of the content.
Author : Text string for the author of the file.
Caption : Text string providing a description of the image or content.
Categories : Text string for categorizing the content.
Collections : Text string for collection information.
DateTime : Date and time information associated with the file.
DPP (Digital Print Properties) : Language-alternate values related to digital printing.
EditStatus : Text string indicating the editing status.
FixtureIdentifier : Text string for fixture identification.
Keywords : Text string containing keywords associated with the content.
Notes : Text string for additional notes or comments.
ObjectCycle : Text string defining the object cycle.
OriginatingProgram : Text string identifying the software used to create the file.
Rating : Real number representing a rating value.
Rawrppused : Boolean value indicating if raw rapid photo processing was used.
ReleaseDate : Text string for the release date.
ReleaseTime : Text string for the release time.
RPP (Raw Processing Program) : Language-alternate values related to raw processing programs.
Snapshots : Text string for snapshot information.
Tagged : Boolean value indicating if the file is tagged.
For a comprehensive list and usage instructions, consult the ExifTool manual by running man exiftool in your terminal or visit the official documentation at exiftool.org.
Writing Metadata
To add or modify metadata, use the following command structure:
exiftool -tagname="string" fileExample:
exiftool -Author="John Doe" image.jpgThis command would add “John Doe” as the author metadata to the file “image.jpg”. You can add multiple tags and process multiple files in a single command.
Deleting Metadata
To remove specific metadata tags, use an empty string value:
exiftool -tagname="" fileExample:
exiftool -Author="" image.jpgThis command removes the “Author” metadata tag from “image.jpg”.
Mass Metadata Deletion
To remove all writable metadata from a file, use the -all= tag:
exiftool -all="" fileExample:
exiftool -all="" image.jpgThis command will strip all editable metadata from “image.jpg”.
Important Note: Not all metadata tags are writable. Ensure the tag you intend to modify is writable by consulting the ExifTool documentation. For more advanced metadata manipulation, especially with edited or compressed files, explore using the XMP format.
Automated tools, like those demonstrated by David Bombal, can further streamline metadata analysis and manipulation.
Important Note on Metadata
Remember that if a file has been compressed or its metadata has been edited previously, you might encounter default metadata values. For comprehensive metadata control, consider using the XMP format for editing, writing, and deleting metadata. Always consult the ExifTool documentation for detailed information and advanced usage.
SOCMINT (Social Media Intelligence)
Social media platforms are rich sources of OSINT. SOCMINT involves gathering intelligence from social media to understand public sentiment, track individuals, and identify trends.
Collection Datasets
Curated datasets can be invaluable for OSINT research. These datasets may contain aggregated information from various sources, saving you time and effort in data collection.
Forums & Sites for OSINT Communities
Engage with the global OSINT community through online forums and websites. These platforms offer valuable insights, tool recommendations, and collaborative learning opportunities.
Meta Search Engines
Meta search engines aggregate results from multiple search engines, providing a broader and more comprehensive search coverage than relying on a single search engine.
Code Search Engines
Code search engines are specialized search engines that index source code repositories. They are useful for finding code snippets, identifying software vulnerabilities, and analyzing software projects.
Competitive Programming Platforms
While seemingly unrelated, competitive programming platforms can hone your problem-solving and algorithmic thinking skills, which are valuable assets in OSINT research and analysis.
File & FTP Search Engines
File search engines specialize in finding publicly accessible files on the internet, including documents, spreadsheets, and presentations. FTP search engines focus on files available on File Transfer Protocol (FTP) servers.
Social Media Search and Monitoring Tools
Numerous tools are designed for searching and monitoring social media platforms. These tools can help you track keywords, hashtags, mentions, and trends across various social networks.
Social Media Management and Content Discovery Platforms
Social media management platforms offer features for scheduling posts, managing multiple accounts, and analyzing social media engagement. Content discovery platforms help identify trending topics and viral content.
Hashtag & Keyword Analysis Tools
Analyze the usage and trends of hashtags and keywords across search engines and social media platforms. These tools provide insights into public discourse and trending topics.
Web Intelligence Techniques
Web Cache Exploration
Utilize web caches to access archived versions of web pages, even if they are no longer live or have been removed from the current web.
Tip for accessing Google Cache (if available):
https[:]//www[.]google[.]com/search?q=cache:yourwebsite.comReplace yourwebsite.com with the URL you want to check in the cache.
URL Analysis Tools
Analyze URLs to extract information about the website, its structure, and potential security risks. URL analysis tools can reveal redirection paths, associated domains, and security vulnerabilities.
Cyber Threat Research Resources
Stay informed about emerging cyber threats by utilizing dedicated threat intelligence resources. These resources provide up-to-date information on malware, vulnerabilities, and attack vectors.
IoT (Internet of Things) Search Engines
IoT search engines allow you to discover and analyze internet-connected devices. This can be useful for identifying vulnerable devices and understanding the landscape of connected technologies.
IP Address Intelligence Tools
IP address intelligence tools provide information about IP addresses, including geolocation, ownership, and associated domain names. This is crucial for tracing the origin of online activities.
Wireless Network Analysis Tools
Tools for analyzing wireless networks can be used to identify nearby Wi-Fi networks, assess their security, and gather information about network configurations.
SOC (Security Operations Center) & Threat Hunting Resources
Enhance your threat hunting capabilities with resources designed for Security Operations Centers. These resources provide techniques and tools for proactive threat detection and incident response.
Tip for Threat Hunting:
Leverage file hashes and other threat indicators to identify malicious files and activities.
Automation Dorking Tools
Automate the process of Google dorking (advanced search queries) to efficiently find specific information online. Automation tools can save time and improve the efficiency of dorking activities.
GitHub for OSINT
GitHub, a code hosting platform, is also a valuable OSINT resource. You can use GitHub dorks (search queries tailored for GitHub) to find sensitive information, code vulnerabilities, and developer activity.
Dorking Techniques and Examples
Dorking, also known as Google hacking, involves using advanced search operators to refine search queries and uncover hidden information on the internet. Here are some common dorking operators:
intitle:: Search for specific words in the title of a web page.inurl:: Search for specific words in the URL or path of a web page.intext:: Search for specific words within the content of a web page.filetype:: Search for specific file types (e.g.,filetype:pdf).site:: Restrict search results to a specific website (e.g.,site:example.com).- *`Wildcard ()
**: Use the asterisk as a wildcard to match any characters (e.g.,seccodeid*`). define:term: Search for definitions of a specific term (e.g.,define:OSINT).cache:URL: Access Google’s cached version of a web page (e.g.,cache:example.com).allintext:: Search for all specified words within the text of a web page.allinurl:: Find pages containing all specified keywords in the URL.allintitle:: Restrict results to pages containing all specified terms in the title.link:URL: List web pages that link to a specific URL (e.g.,link:example.com).OR (|): Logical OR operator to search for pages containing either or both of the specified words (e.g.,security | privacy).(+): Concatenate words, useful for finding pages containing multiple specific keywords.(-): Exclusion operator to exclude results containing a specific word (e.g.,security -vulnerability).
Example Dorking Resources:
Explore curated lists of dorking queries for various purposes: Dorking Lists on GitHub
Dorking for Other Search Engines
Dorking techniques are not limited to Google. Many other search engines support advanced search operators that can be used for targeted information retrieval.
Bash Dorking Scripts
Automate dorking tasks by creating Bash scripts. These scripts can streamline repetitive dorking processes and enhance efficiency.
Example Bash Dorking Script Resource:
Find example scripts and templates for Bash-based dorking: Bash Dorking Scripts on GitHub
Google Advanced Search Tools
Utilize Google’s Advanced Search interface for a user-friendly way to build complex search queries using various filters and operators.
Alternative Search Engines
Explore search engines beyond Google to diversify your search results and potentially uncover information not indexed by Google.
Internet Archive (Wayback Machine)
The Internet Archive’s Wayback Machine allows you to access archived versions of websites, providing historical snapshots of web content.
Data Breach OSINT Resources
Explore resources that aggregate information from data breaches. These resources can help you identify compromised credentials and potential security vulnerabilities.
Crack Journals and Search Journals
Access academic and research journals through open access or institutional subscriptions. Crack journals (use ethically and legally) and search journals provide valuable scholarly content.
Blog Search Engines
Specialized blog search engines can help you find relevant blog posts and articles on specific topics. You can also use Google dorks to search for blogger profiles and content.
Website Change Tracking Tools
Monitor websites for changes and updates. Website change tracking tools notify you when content on a webpage is modified, which can be useful for tracking updates and detecting changes.
Company Reconnaissance Sites (Passive)
Gather information about companies passively using company reconnaissance websites. These sites provide publicly available information about businesses, their structure, and operations.
People Search Engines
People search engines aggregate publicly available information about individuals, such as contact details, addresses, and social media profiles.
Family People Search Resources
Specialized people search resources focus on family history and genealogy research, helping you find information about relatives and family connections.
Phone Number Intelligence
Phone number intelligence tools provide information associated with phone numbers, such as carrier details, location, and potential fraud indicators.
Pro Tip for Phone Number OSINT:
If you obtain a phone number, check it against data breach databases, e-wallet services, social media platforms (using password reset options), GetContact, Truecaller, IPQS, fraud checkers, and perform social media searches to gather further information.
Public Records Search
Access public records databases to retrieve official documents and information, such as property records, court records, and business filings.
Username Discovery Tools
Username discovery tools help you find accounts associated with a specific username across various online platforms.
Social Network Specific OSINT
General Social Network Search
Utilize general social network search engines to find profiles and content across multiple social media platforms.
Google Queries for Facebook
Leverage Google dorks to search for specific content on Facebook:
Group Search:
site:facebook.com inurl:groupGroup Wall Posts Search:
site:facebook.com inurl:wallPages Search:
site:facebook.com inurl:pagesPublic Profiles:
allinurl: people "name" site:facebook.com
Facebook Query Language (FQL) (Potentially Deprecated)
While Facebook Query Language (FQL) may be deprecated or limited, certain direct URLs might still offer some search functionality:
Photos By: https://www.facebook.com/search/taget_id/photos-by
Photos Liked: https://www.facebook.com/search/taget_id/photos-liked
Photos Of: https://www.facebook.com/search/taget_id/photos-of
Comments: https://www.facebook.com/search/taget_id/photos-commented
Friends: https://www.facebook.com/search/taget_id/friends
Videos Tagged: https://www.facebook.com/search/taget_id/videos
Videos By: https://www.facebook.com/search/taget_id/videos-by
Videos Liked: https://www.facebook.com/search/taget_id/videos-liked
Videos Commented: https://www.facebook.com/search/taget_id/videos-commented
Events Attended: https://www.facebook.com/search/taget_id/events-joined
Relatives: https://www.facebook.com/search/taget_id/relatives
Dorking Examples for Facebook:
id site:facebook.com
page site: facebook.com
id site:facebook.com *
page site: facebook.com *
The Ultimate Facebook Investigation Tool (Potentially Deprecated)
Note that tools like “The Ultimate Facebook Investigation Tool” may become outdated due to changes in Facebook’s API and privacy policies. Always verify the functionality and ethical implications of such tools.
OSINT Resources for Other Social Media Platforms
Explore dedicated OSINT resources and techniques for platforms like:
- OnlyFans
- Steam
- Slack
- Office365
- Keybase
- VK
- Bluesky
- Microsoft OneDrive
- YouTube
- Mastodon
- Snapchat
- MySpace
- TikTok
- Parler
Google Queries for LinkedIn
Utilize Google dorks to search for specific content on LinkedIn:
Public Profiles:
site:linkedin.com inurl:pubUpdated Profiles:
site:linkedin.com inurl:updatesCompany Profiles:
site:linkedin.com inurl:companies
Google Queries for MySpace
Utilize Google dorks to search for specific content on MySpace (note: MySpace’s relevance has diminished significantly):
Profiles:
site: myspace.com inurl:profileBlogs:
site:myspace.com inurl:blogsVideos:
site:myspace.com inurl:vidsJobs:
site:myspace.com inurl:jobsVideos (Targeted):
site:myspace.com "TARGET NAME" "videos"Comments (Targeted):
site:myspace.com "TARGET NAME" "comments"Friends (Targeted):
site:myspace.com "TARGET NAME" "friends"
Monitoring & Alerting Tools
Set up monitoring and alerting tools to track specific keywords, mentions, or changes in online information. This allows you to stay informed about relevant updates in real-time.
EXIF Analysis Tools (Beyond ExifTool)
Explore graphical user interface (GUI) based EXIF analysis tools for easier metadata examination and manipulation, especially for users less comfortable with command-line tools.
Email Tracking Tools
Email tracking tools can provide insights into email delivery, open rates, and recipient locations. Use these tools ethically and with appropriate consent.
PGP (Pretty Good Privacy) or GPG (GNU Privacy Guard) Keybase
PGP/GPG and Keybase are tools for secure communication and encryption. Understanding these technologies is important for secure OSINT operations and protecting sensitive information.
Shodan Query Options for IoT and Device Discovery
Shodan is a specialized search engine for internet-connected devices. Utilize advanced Shodan query options to find specific types of devices, vulnerabilities, and open ports.
Shodan Query Resources:
Information Capturing Tools
Utilize tools for capturing and archiving web pages, social media posts, and other online content. This ensures you have a record of information that might be changed or removed later.
Online OSINT Tool Platforms
Explore online platforms that aggregate various OSINT tools into a single interface, providing convenience and efficiency.
Telegram OSINT Tools
Telegram, a messaging app, can also be a source of OSINT. Explore tools designed for searching Telegram channels, usernames, and public groups.
Document and Slides Search Engines for OSINT
Specialized search engines focus on indexing documents and presentations (e.g., PDF, DOCX, PPTX) available online.
Real-Time Search, Social Media Search, and General Social Media Tools (Aggregated Platforms)
Platforms that combine real-time search, social media search, and general social media monitoring into a unified dashboard.
Image Search Engines (Reverse Image Search)
Reverse image search engines allow you to upload an image and find visually similar images online. This is useful for verifying image authenticity, identifying locations, and finding related content.
Image Analysis Tools
Image analysis tools go beyond reverse image search and offer features like facial recognition, object detection, and metadata extraction from images.
Stock Image Resources
Access stock image libraries for high-quality images for presentations, reports, and visualizations in your OSINT work.
Video Search and Other Video Tools
Video search engines and analysis tools help you find and analyze videos online. This includes video platforms, content analysis, and metadata extraction from video files.
Geospatial Research and Mapping Tools
Geospatial tools are essential for location-based OSINT investigations. These tools include mapping platforms, geographic information systems (GIS), and tools for analyzing location data.
Converter Tools for Geospatial Data
Convert between different geospatial data formats (e.g., SHP, KML, GeoJSON) to ensure compatibility with various mapping and analysis tools.
GeoJSON Viewer
Visualize GeoJSON data directly in your browser using online GeoJSON viewers.
3D Map & Building Viewers
Explore 3D maps and building models for enhanced geospatial understanding.
Geospatial Guides and Tutorials
Learn the fundamentals of geospatial analysis and utilize guides and tutorials to improve your skills.
Nearby Map Tools from Geospatial Data
Generate nearby maps based on geospatial data to visualize locations of interest and surrounding areas.
Fact-Checking Resources
Verify information and combat misinformation by utilizing fact-checking websites and resources.
Server Information Gathering Tools (Web-Based)
Gather information about web servers and websites using online server information gathering tools. This includes IP address lookup, DNS records, and website technology detection.
CTF (Capture The Flag) Analysis & Exploit Resources
Resources for analyzing and exploiting vulnerabilities in Capture The Flag competitions. These resources can enhance your cybersecurity skills relevant to OSINT.
Zero-Day Vulnerability Resources
Stay informed about zero-day vulnerabilities (newly discovered vulnerabilities with no patch available) through dedicated security news and vulnerability databases.
Cryptocurrency Investigation Tools
Tools for tracking and analyzing cryptocurrency transactions. This is relevant for OSINT investigations involving financial crimes and illicit activities.
Crypto Market & Analysis Platforms
Monitor cryptocurrency markets and analyze trends using specialized platforms.
Transaction Analysis Tools for Cryptocurrencies
Delve deeper into cryptocurrency transactions using blockchain explorers and transaction analysis tools.
Cell Investigation Resources
Resources and techniques for investigating cell phone data, including call logs, SMS messages, and location information (within legal and ethical boundaries).
Pro Tip for Cell Investigation:
Similar to phone number OSINT, if you have a phone number, explore data breach databases, e-wallet services, social media, email reset attempts, GetContact, Truecaller, IPQS, fraud checkers, and social media searches.
IMEI (International Mobile Equipment Identity) Investigation Tools
Tools for investigating IMEI numbers, which are unique identifiers for mobile devices. IMEI analysis can reveal device information and potentially track stolen devices.
Chat App Investigation Resources
Explore resources and techniques for investigating chat applications like WhatsApp and Telegram (within legal and ethical boundaries).
Building Sockpuppet Accounts for OSINT
Learn how to create and manage sockpuppet accounts (fake online personas) for OSINT research while protecting your privacy.
Deepfake Generation for Sockpuppet Profiles
(Use ethically and responsibly) Explore deepfake technology to generate realistic profile pictures for sockpuppet accounts.
Virtual Camera Tools for Sockpuppet Profiles
Utilize virtual camera tools to enhance the realism of sockpuppet accounts in video conferencing or online interactions.
Social Network and Blogging Platforms for Sockpuppet Deployment
Platforms for creating and deploying sockpuppet accounts, including:
- WordPress
- Blogger
- Medium
- Rocket Reach
- etc.
Image Quality Enhancement Tools
Improve the quality of images for analysis using image enhancement tools. This can be useful for clarifying details in low-resolution images or improving image clarity.
Location Data Mapping Tools
Tools for mapping and visualizing location data extracted from various sources.
Discord Server Search Tools
Find and explore Discord servers related to specific topics of interest for OSINT research.
Darkweb Search Engines
Access darkweb search engines (Tor-based) to explore content on the dark web. Exercise extreme caution and understand the risks associated with dark web exploration.
Darkweb Intelligence Resources
Resources and guides for conducting intelligence gathering on the dark web.
Digital Forensics Tools (Basic OSINT Applications)
Basic digital forensics tools can be applied to OSINT for analyzing files, metadata, and digital artifacts.
Pro Tip for Digital Forensics in OSINT:
Utilize basic forensic techniques for hash analysis, header analysis, signature analysis, EVTX log analysis, IP address analysis, byte analysis, file format identification, memory dumping analysis (basic), network analysis (basic), system process analysis (basic), startup app analysis, and background app analysis.
Report Writing and Investigation Documentation Tools
Tools and templates for writing clear and comprehensive OSINT investigation reports and documenting your findings.
Privacy and Security Enhancement for OSINT Operations
Payment Methods for Anonymity
Explore privacy-focused payment methods for online transactions related to OSINT, such as prepaid cards or cryptocurrencies.
Password Managers
Utilize password managers to securely store and manage passwords for various OSINT accounts and tools.
Fraud Detection and Checker Tools
Fraud detection tools can help identify potentially fraudulent online activities and actors.
Content Removal & Strict Media Content Resources
Resources for content removal requests and handling strict media content encountered during OSINT investigations.
Note on Content Removal:
Carefully review the Terms of Service and privacy statements of platforms when requesting content removal. Understand that complete data removal online is often not guaranteed, but these efforts can minimize data spread and mitigate data breaches.
Vehicle OSINT Resources
OSINT techniques and resources specific to vehicle information:
- VIN (Vehicle Identification Number) Checkers: Tools for decoding VINs and retrieving vehicle history and specifications.
- Public Transport Data: Access publicly available data on public transportation systems for location tracking and analysis.
Aircraft Tracking Resources
Track aircraft movements and gather flight information using online aircraft tracking platforms.
Ship Tracking & Maritime Resources
Monitor ship movements and maritime traffic using ship tracking platforms and maritime databases.
Railways Data Resources
Access publicly available data on railway systems for location tracking and infrastructure analysis.
GPT (Generative Pre-trained Transformer) OSINT (AI-Powered OSINT)
Explore the use of AI-powered tools like GPT models for OSINT tasks, such as text analysis, content generation, and information summarization.
OSINT for Red Teaming and Penetration Testing
Apply OSINT techniques in red teaming and penetration testing engagements to gather reconnaissance, identify targets, and simulate real-world attacks.
Red Teaming OSINT Techniques
- Social Engineering Reconnaissance
- Active Directory Information Gathering
- Webshell Bypass Discovery
- Credential Access Techniques
- Post-Exploitation Information Gathering
- Credential Dumping Techniques
- Password Cracking Resources
- Wordlists for Password Cracking
- Web Fuzzing Wordlists
- Subdomain and Wordlist Generation Tools
- Private Deployment of OSINT Tools
- Offline Subdomain and Wordlist Generation
- Kali Linux and Windows OSINT Tools
- Default Credentials Databases
- Local Enumeration Techniques
- Privilege Escalation Cheat Sheets
- Hacking Playgrounds and Practice Labs
- Awesome Burp Suite Extensions for OSINT
- C2 (Command and Control) & C4 (Command, Control, Communications, and Computers) Resources
- Linux Distribution Tool Lists for Penetration Testing
- Hardware Pentesting Resources
- Lateral Movement & Pivoting Techniques
Pro Tip for Red Teaming OSINT:
If you encounter connectivity issues with a target, verify port configurations and software versions. Adjust your approach based on the target’s specific setup.
Audio OSINT Tools
Tools for analyzing and enhancing audio files for OSINT purposes, such as audio quality enhancement and speech analysis.
OSINT Network Analysis Tools
Tools for network analysis in OSINT, including:
- Fake Network Detection
- ASN (Autonomous System Number) Lookup
- IP Geolocation
- Mobile Carrier Identification
- WHOIS IP Lookup
- Network Traffic Analysis (basic)
- VPN Detection
Medical OSINT Resources
OSINT resources and techniques relevant to the medical field, such as healthcare data analysis and medical device security.
Military OSINT Resources
OSINT resources and techniques relevant to military intelligence and defense analysis.
Military Simulators and Games for OSINT Training
Utilize military simulators and games for tactical learning and firearms knowledge development, which can be indirectly relevant to certain OSINT contexts.
OSINT Shadow Analysis (IMINT – Imagery Intelligence)
Shadow analysis techniques for Imagery Intelligence (IMINT), used to determine geolocation, azimuth, and other details from images.
Academic Search Tools
Specialized search engines for academic research and scholarly literature.
Web Directories (Curated Website Lists)
Explore curated web directories that categorize websites by topic, providing a structured way to discover relevant online resources.
Torrent Search Engines for OSINT Data
(Use ethically and legally) Torrent search engines can sometimes be used to find publicly shared datasets or information relevant to OSINT.
SDR (Software Defined Radio) OSINT
Explore the use of Software Defined Radio (SDR) for intercepting and analyzing radio signals as part of OSINT activities (requires specialized hardware and knowledge, and must be conducted legally).
API (Application Programming Interface) Resources for OSINT Tool Development
Resources and collections of APIs for developing custom OSINT tools and automating data retrieval from various online services.
Data Visualization Tools for OSINT
Visualize OSINT data using data visualization tools to identify patterns, trends, and insights.
Emoji Investigation Techniques
Explore the use of emoji analysis in OSINT, such as tracking emoji usage trends and understanding sentiment associated with emojis.
OSINT Branding & Verification Tools
Tools for brand monitoring and online verification, ensuring brand reputation and identifying potential impersonation attempts.
NEWS OSINT Resources
Resources for news-related OSINT, including:
- Search Engines for News, Journalists, and Documentary Sites
- Social Media Analytics for News Monitoring
- TikTok
- YouTube
- Quora
- Old Forums
- Local Forums
Threat Actor & Criminal Intelligence Resources
Resources for gathering intelligence on threat actors and criminal activities online.
OSINT for Politics and Geopolitics
OSINT techniques and resources relevant to political and geopolitical analysis, including risk and crisis monitoring.
Terrorism & Radicalism Intelligence
Specialized OSINT resources for monitoring terrorism and radicalism online.
Maltego Transform Lists
Maltego is a powerful OSINT tool that utilizes transforms to gather and visualize data. Explore curated lists of Maltego transforms to expand its functionality.
OSINT for Wildlife Conservation
Apply OSINT techniques to wildlife conservation efforts, such as tracking poaching activities and monitoring endangered species.
OSINT Satellite Imagery Resources
Satellite imagery is a valuable source of OSINT data. Explore satellite imagery platforms and resources.
Satellite Imagery Information:
| Satellite | Resolution | Overpass Frequency |
|---|---|---|
| Planet Satellite | 3 M | Daily |
| Sentinel-2 Satellite | 10 M | Every 5 days |
| Landsat 8/9 Satellite | 30 M | Every 16 days |
| Sentinel-3 Satellite | 300 M | Daily |
| MODIS Satellite | 250-1000 M | Daily |
| Google Maps Sat | 15 – 30 CM | 1 – 6 Years |
| Bing Maps | 30 CM | 1 – 3 Years |
| Apple Maps | 15 – 30 CM | 1 – 3 Years |
Source: Bellingcat & GIJN
Tips for Satellite Imagery OSINT:
Understand the characteristics of different satellite types, such as thermal, enterprise, and live satellites. Each type has unique capabilities and applications. Thermal satellites, for example, are useful for:
- Forest Fire Monitoring: Detecting heat signatures and tracking fire extent.
- Agriculture: Measuring soil moisture and crop temperature.
- Climate Change Monitoring: Tracking global temperature changes and phenomena like El Niño.
- Environmental Quality Monitoring: Observing ocean and land temperatures for ecosystem changes.
- Natural Resource Mapping: Monitoring surface temperatures for geological and groundwater mapping.
Example Guides and Tutorials: Explore resources like Bellingcat and GIJN (Global Investigative Journalism Network) for guides on using satellite imagery in investigations.
OSINT for Web Scraping and Data Collection
Web scraping techniques and tools for automating data collection from websites for OSINT purposes.
OSINT IRC (Internet Relay Chat) Channels
Explore IRC channels related to OSINT and cybersecurity communities for real-time discussions and information sharing.
OSINT Historical Research
Utilize historical archives and resources for OSINT research, including:
- Academic Literature Archives
- Book Archives
- People Name Archives
- Old Archives and Historical Records
OSINT for Art Collection Investigation
Apply OSINT techniques to investigate art collections, provenance, and authenticity.
OSINT for Artist Research
Research artists and their backgrounds using OSINT techniques for art-related investigations.
OSINT for Language Analysis
Language analysis tools and techniques for OSINT, such as sentiment analysis, translation, and linguistic pattern detection.
OSINT OPSEC (Operational Security) Best Practices
Learn and implement OSINT OPSEC best practices to protect your identity, activities, and data during OSINT operations.
OSINT for Journalism Projects
OSINT resources and techniques specifically tailored for journalistic investigations:
- Expert and Journalist Search Tools
- Guides for Journalists on OSINT
OSINT for Deepfake Detection
Tools and techniques for detecting deepfakes (manipulated videos or images) and combating misinformation.
OSINT for Similarity Analysis (Plagiarism Detection)
Tools for checking content similarity and plagiarism across various media types:
- Text Analyzers
- Audio Analyzers
- Image and Video Analyzers
- Website Similarity Checkers
- Company Similarity Checkers
- Social Media Similarity Checkers
Secure Code & Application Development Resources
Resources for secure code development and application security, relevant for OSINT professionals who develop their own tools or scripts.
Linux Distribution Package Search Engines
Search engines for finding packages and software within various Linux distributions. Useful for identifying software versions and dependencies.
Fixing GRUB or Recovering Missing GRUB
Resources for troubleshooting and recovering GRUB bootloader issues in Linux systems, which can be relevant for setting up OSINT environments.
Shortlink Expansion Tools for OSINT
Expand short URLs to reveal the destination URL before visiting them. This is important for security and verifying the legitimacy of links in OSINT investigations.
Pro Tip for Shortlinks:
Shortlink expansion can be used in social engineering investigations and for creating custom OSINT tools.
OSINT Job Boards and Career Resources
Find OSINT-related job postings and career resources for professional development in the field.
IP CIDR (Classless Inter-Domain Routing) Converter Tools
Convert between IP address formats and CIDR notation, useful for network analysis and IP range identification in OSINT.
OSINT Data Broker Lists
Lists of data brokers that collect and sell personal information. These lists can be used to understand the data broker landscape and potentially opt-out of data collection (privacy considerations apply).
OSINT Software Repositories
Repositories and lists of OSINT software tools, categorized by function and platform.
OSINT Barcode Reader Tools
Barcode reader tools can be used to extract information from barcodes found in images or physical objects during OSINT investigations.
OSINT Measurement and Analysis Tools (MASINT – Measurement and Signature Intelligence)
Tools for Measurement and Signature Intelligence (MASINT), including analysis of:
- Images
- Videos
- Building Measurements
- Maps and Geospatial Data
- Simulations
- Satellite and Sensor Data
- Other Measurable Signatures
OSINT for Financial Intelligence (FININT)
OSINT techniques and resources specifically for Financial Intelligence (FININT), such as tracking financial transactions, investigating financial crimes, and analyzing financial data.
OSINT Cryptography (Cipher) Tools
Cryptography and cipher tools for decoding encrypted messages or analyzing cryptographic techniques used in OSINT contexts.
Cipher Identification Tools
Tools for identifying the type of cipher used in encrypted text.
Online Cipher Converters and Decoders
Online tools for converting between different cipher formats and decoding encrypted text.
OSINT for Gaming Research
OSINT techniques applied to gaming contexts, such as researching players, game communities, and in-game activities.
Player Search in Games
Tools and techniques for searching for players within online games using publicly available information.
OSINT Device Information Tools
Tools for gathering information about devices and hardware, including device identification and hardware specifications.
Emulator Resources for OSINT
Emulators can be used to simulate different devices or operating systems for OSINT testing and analysis.
OSINT for Cloud Storage Analysis
Techniques and tools for analyzing cloud storage platforms (e.g., Google Drive, OneDrive) for publicly accessible files and information.
OSINT for Property Research
Research property information, including property history, ownership records, and property values, using OSINT techniques and public records databases.
OSINT Technique Tips and Learning Resources
Tips and learning resources for improving your OSINT skills and techniques:
Browser Recommendations for OSINT
- Brave Browser: https://brave.com/ (Privacy-focused browser)
- I2P Browser: https://geti2p.net/en/ (Anonymous browsing)
- Tor Browser: https://www.torproject.org (Anonymous browsing)
- Whonix: https://www.whonix.org/ (Secure operating system for anonymity)
- ZeroNet: https://zeronet.io/ (Decentralized network)
This comprehensive OSINT cheat sheet provides a starting point for your journey into open source intelligence. Remember to use these tools responsibly, ethically, and legally. Continuously update your knowledge and adapt to the ever-evolving landscape of online information and OSINT techniques.
