Beginner’s guide to start with OSINT

Vaibhavi Paliya
Cyversity
Published in
3 min readOct 8, 2022

OSINT is something one can get into irrespective of the fact that you know other aspects of hacking or not. Whether you have a working knowledge in cyber security or you don’t the fact remains the same that if you own a computer and have an internet connection you can do pretty much any task there is to perform in OSINT.

Let’s talk about some technicalities. OSINT is Open Source Intelligence which is a subdomain of RECONNAISSANCE which is again a subdomain of Ethical Hacking. gathering information about a given person or organization through the use of different resources is what Recon means.

There are two types of recons, namely, active reconnaissance and passive reconnaissance.
OSINT is categorized as passive reconnaissance. This means to gain more extract information about the target legally using resources like social media profiles, emails, geolocating images and videos, video sharing sites, Ip addresses, news articles, blogs or basically anything that can be found on the internet about the target etc.

There are many categories of OSINT according to different forums and different institutes. Each category has many tools that can be used to perform the OSINT in that type and gather information.

Here are some of the categories:

Social Media OSINT:

Reddit, Instagram, Facebook, Medium, LinkedIn etc. are some of the main platforms used for gathering information about the targets. In Social OSINT , the main objective is to analyze all of the social profiles of the target to obtain any substantial knowledge about it which could be used later for exploitation.

Image and Video OSINT:

Images are scanned for metadata and embedded data in this category. Images are also used for reverse searching of images on the internet for geolocating images and gathering the state or location of the target.

News OSINT:

The news articles are a major source of information about any target that is socially active or is a rather captivating site for the media. News articles, blogs and forums can disclosed a chunk of useful information about certain person or organization.

Web OSINT:

Assembling useful information about a target using websites like Maltego, Shodan.io, Wayback Machine, whois, nslookup, google dorking, ExpliotDB, epioes, etc. is categorized under Web OSINT. These websites can tell many things about the target which can be sensitive and useful in future for exploiting or taking advantage of the target.

Major tools used for different kinds of OSINT are listed below:

  1. Maltego (Paid)
  2. Shodan.io (Free trial available): Used for information like Ip addresses, subdomains, location, usage in different countries, top ports used, top products and many more like this.
  3. Yandex : Search engine mainly used for reverse searching images.
  4. Wayback Machine: Used to view earlier snapshots of webpages.
  5. TinEye : Reverse Searching images.
  6. Have I Been Pwned: To check if the target email id has been compromised or hacked ever before.
  7. WhoIs: Domain name lookup.
  8. ExifTool: Image metadata.
  9. theHarvester : Recon tool.
  10. ReconSpider : Social Media OSINT tools.

That’s all. Thank You for reading!
Do give it a clap!
Keep Reading, Keep Learning!

--

--