Published in


OSINT: The What, The Why and The How

Sites where you can find Overt Data

The What

OSINT or Open Source Intelligence is the collection and analysis of public or overtly available data of a Person, Group, or Organization. It was first introduced during World War II and was actively used by many agencies. At present, OSINT is the combination of overt digital data as well as physical data. OSINT is actively used by Governmental Departments, Law Enforcement, Business Corporations. Another term that is more commonly known in the Cyber Security field is Reconnaissance.

Information to Intelligence

The Why

The need for OSINT has increased significantly over the years. People’s Activities have increased 10 times and more data is being poured into the Internet everyday. National and International Law Agencies use OSINT to gather Intel on Criminals and their Activities, monitoring Terrorist activities and passive mapping of the Intelligence. Companies do OSINT to understand their “Attack Surface” and will work towards minimizing it and also used to determine the posture of other Organisations. Attackers and Penetration Testers do OSINT to understand the Organization and if they have any exploitable weaknesses.

There are also Organizations like Tracelabs or NCPTF (National Child Protection Task Force) that actively use OSINT to help Law Enforcement collect Intelligence on Missing Persons.

The Collection Methodology

The How

OSINT does not follow a linear methodology, but it depends on a multitude of factors like, your purpose of research, your target, your goal, and what exactly are you trying to find. Information Gathering can be categorized as

  • Passive
  • Semi-Passive
  • Active.

Our initial priority would be to collect overt data of our Target and convert it into Information. It should include all the basic details such as:

  • Who is our Target?
  • What does our Target Do?
  • Any Aliases?
  • Any Website? Etc.

This collected data is the Information of the Target.

This information can actively be used to narrow down to intelligence by pivoting to a new source of information, to build a deeper intelligence profile while connecting the dots. Any assumptions made should be validated for Intelligence.

All collected information should be made into a report with screenshots if you’re doing it as a part of a Penetration Test and should include the Five W’s: Who conducted the analysis/ Who was it about. What was found? Why was it Conducted? Where was the object found? And When? Date and Time.

The General Process:

  • Creating a Keyword list with the following Attributes: Name, Photos, Bio, Geolocations, Education, Employment, Interests, etc.
  • Advance Search and Paste Bin Search these keywords
  • Geolocation Search through Platforms
  • Government Records, Court Hearings, Yellow/White Papers
  • Media Outlets
  • Expansive Searching through different Search Engines
  • People specific search engines
  • Social Media Searches
  • Auxillary Searching
  • Employment Searching
  • Deep Web Searching

Final Thoughts

OSINT is a great start when getting into Cyber Security as it allows for that Analytical thinking that is needed for Penetration Testing. It is also a much-needed part of the Intelligence Cycle. One of the key benefits of OSINT is that it involves minimal to no financial investments, so anyone can OSINT.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


OSINT | Red Team | Threat Hunter | Malware Analyst. Member of AX1AL. Website-