OSINT is a technology for searching, accumulating and analyzing data collected from available sources on the Internet. It sounds too general, so we will try to reveal the essence of the term in a more human language.

Back in 1947, one of the CIA analysts, Ken Sherman, said that about 80% of the information the country collects from open sources on the Internet. A little later, the head of the United States DIA, Samuel Wilson, said that 90% of intelligence data is also obtained from open sources, and only the remaining 10% comes from the professional work of agents and spies. Here is such a modern “James Bond”, enclosed in an Internet search line.

OSINT allows you to complete about 90% of the tasks facing private detective agencies. So, the network contains the most valuable data sources: ad sites, marketplaces, blogs, forums of interest, government projects, online banking systems, social networks. It is only important from the total “sum” to be able to isolate really important and useful information, which can sometimes be compared to sifting a mountain of earth through a sieve to filter gold rocks. It is necessary to understand that sometimes information is much more valuable and essential than a pile of precious metal. Some data can drag on for millions and billions.

So what is OSINT anyway?

The technology allows you to collect maximum information from open sources for a complete professional analysis. At the same time, the data can be placed in various forms: articles, discussion posts on forums, video and audio files, documents, pictures, animations, gifs, etc.

Before finding an answer to a question or satisfying a need for knowledge, users search for information and subject it to high-quality analysis, which sometimes takes too much time. But getting accurate results for the layman becomes a difficult task at all. Open source tools can help with this and can be run concurrently. They will gather data for you from available sources, leaving you with only the work of comparison and analytics.


1. Shodan

While everyone is actively using Google to answer the simplest everyday questions, the unrealistically cool Shodan search engine allows hackers to view the exposed assets. So, the service will immediately show you a selection of results that most fully meet your request in terms of meaning. Most often, the system is used to find assets connected to the network.

The tool has an open source code, allows you to conduct high-quality analytics on security issues, check the vulnerabilities of a specific target (openness of personal data, available passwords and ports, IP address, etc.). Shodan also provides the most responsive community search.

2. Google Dorks

The service has actually been launched since 2002, but admit it, have you heard of it? It demonstrates remarkable performance and is a truly intelligent query-driven tool. The service is open source, helping users to quickly navigate the results or search index.

3. Maltego 

Built into Kali Linux, Paterva’s powerful and intelligent tool is open source and designed for serious goal research through transformation. It is written in the Java programming language. To use, you will need free registration on the manufacturer’s website, after which you can proceed to creating digital prints of the selected target on the network. The tool allows you to convert IP, find and determine AS number, network blocks. With little bother, you can discover specific phrases and target locations.

4. TheHarvester

A narrowly focused, but no less useful tool for finding subdomains, emails, IP addresses and other useful things from a huge array of publicly available information.

5. Recon-Ng

A useful tool for conducting field surveys using a modular approach. It will come in handy for users who are familiar with Metasploit firsthand. The tool has built-in modules that allow you to get information in accordance with the request and needs. Its modules can be used by marking up domains in the workspace. The latter are created to perform special operations, such as searches for domains associated with the original or target.

6. SpiderFoot

Another useful exploration tool, also open source for Windows and Linux. It is written on the basis of the Python language, has a very convenient configuration, works great on almost any platform, and is built into graphical interfaces.

A useful feature is the ability to use requests from more than a hundred OSINT resources. Collect email data, logins, IPs, domain names, and more faster and better. You can also learn about network blocks, web servers and much more that is not available to the average user.

7. Creepy

A special tool for conducting geolocation exploration, collecting data mainly from social networks, image and photo publishing hosting sites. Based on the results of the work, the service publishes reports on the map using a special search filter. Reports can be downloaded in CSV or KML format in order to export them to special analytical programs.


The algorithm of work in the system is very simple and assumes the following sequence of steps. The latter has been developed and tested for its effectiveness over many years.

1. Collect all the initial information about the target that is publicly available (personal data, email addresses, photos, contacts, etc.).

2. Define tasks for yourself: what questions need to be solved, what information is not enough to form a complete picture.

3. Decide on OSINT tools that work effectively for your specific needs.

4. Set up your search and then analyze all the collected data.

5. Start a new search based on the new information received.

6. Confirm or disprove your guesses.

We can conclude that OSINT is the technology of our present and future. Those who figured out its tools and principles of work will always be one step ahead in the competition and personal safety issues.