You might hear of the term “OSINT” and ascribe it to cybersecurity professionals, investigative journalists, and law enforcement agents. Sure, these professionals use OSINT to gain valuable open-source knowledge about people, systems, and organizations, but you can perform OSINT too.
The internet has so much information available to the public; you just have to know how to find it. But what tools can you use for OSINT? You’ll find out below, but first, we’ll briefly discuss OSINT.
What Is OSINT?
OSINT stands for open-source intelligence. Open source refers to information or programs made readily available and distributable by the public. And intelligence is the ability to acquire and apply knowledge.
Open-source intelligence (OSINT) is the process of sourcing, collecting, and analyzing information from publicly available sources to produce valuable intelligence. Open-source intelligence sources include the internet, social media, academic and professional journals, newspapers, television, and even breaches.
Carrying out open-source intelligence manually is no doubt a Herculean task. There are just too many records and data to go through. Thankfully, many tools have been created to automate and speed up the OSINT process. With these tools, you can get a lot of information about a particular organization and person in seconds. Many OSINT tools are free, but a few require subscriptions.
Here are 12 free OSINT tools you can use from the comfort of your home:
1. OSINT Framework
The OSINT Framework is a website containing different tools that you can use to carry out open-source intelligence in different sections or knowledge bases. It includes sections like email addresses, social media, domain names, search engines, public records, documentation, and even phone numbers.
Say you choose a section like social media; it leads to a list of subsections like Facebook, Twitter, Instagram, Reddit, LinkedIn, etc. For example, if you click on Twitter, it also leads to another section that lists search, analytics, pictures, location, and archived/deleted tweets. Opening analytics leads to Twitter OSINT tools like tweet metadata, Birdwatcher, Tinfoleak, etc.
So, you have an idea of how in-depth the OSINT Framework is. It is your go-to website for your OSINT tools and resources.
2. Wayback Machine
The Wayback Machine is a digital archive of the world wide web and the internet. It is used to manage, capture, and archive snapshots of websites over a period of time. It crawls through various websites and takes screenshots of them to preserve internet history. You can even contribute to the archive by saving a snapshot of a website for future citation.
The Wayback Machine is very easy to use and free. You simply enter the URL of the website you want to search and then choose a date from the timeline, calendar, and time stamps provided. This OSINT tool has over 699 billion web pages saved. Here is an image of the MakeUseOf website on the 6th of April 2007.
Maltego is an OSINT tool filled with lots and lots of data. It helps researchers to analyze their searches and findings graphically. Most importantly, Maltego uses graphs and charts to create connections between people, organizations, aliases, documents, email addresses, IP addresses, etc. It can be downloaded on Windows, Linux, and Mac, and it comes pre-installed in Kali Linux.
Have I Been Pwned is a free website resource created by Troy Hunt to enable people to check if their emails or phone numbers have leaked in a data breach. The website is straightforward; you just have to input your name or phone number into the search box, and it will search through breaches to see if your credentials have been compromised.
Shodan is a search engine that lets you search the internet and different web server connected to it. This means that using Shodan, you can explore its database for devices connected to the internet like routers, internet of things (IoT) devices, monitors, security cameras, traffic lights, etc., all of which are publicly available on the internet.
TinEye is a reverse image search and image recognition website that uses computer vision, pattern recognition, neural networks, and machine learning to provide fast and accurate search solutions. To use TinEye, just upload the image you want the information from to the website. The site will fetch information on the picture’s location, origin, use, and even higher resolutions.
ZoomEye is a search engine created by a Chinese security company, Knownsec Inc. It is used to search not just for people and organizations but also IP addresses, files, and even icons. Like Maltego, it gives a graphical analysis of the intelligence produced, using chats, graphs, and pictures.
8. Censys Search
Censys Search is a web-based search engine used for open-source intelligence and research. Just like Shodan, it searches the internet for servers and internet-connected devices. It also identifies internet-connected industrial control systems and platforms.
BuiltWith is a service that scans a website to see the technology and programming languages used to build it. It is a website profiler, business intelligence, lead generation, and competitive analysis tool. Just search for the website, and it brings up all you need to know about the technology it runs.
Nmap stands for network mapper. Nmap is a free network and port scanner used to discover services operating systems, hosts, and open ports running on a network or website. It is available on the web and supported on all operating systems.
Recon-ng is a web reconnaissance tool used for open-source intelligence. It is used to gather information about websites, IP addresses, and their subdomains.
TheHarvester is an OSINT tool for gathering information about emails, websites, subdomains, employee names, open ports, virtual hosts, and banners.
There are tons of tools on the internet to make your open-source intelligence journey easier. If you do not know what tool to use, be sure to check the OSINT framework for free OSINT tools and resources. Remember that OSINT isn’t just for information security experts. Anyone can perform OSINT—including you.