Know about OSINT and how it is used

Know about OSINT and how it is used

Know about OSINT and how it is used :

  • Open Source Intelligence Tools "OSINT" is the process of collecting information from already published information or publicly available on the Internet. Most of the IT security professionals, malicious hackers, or state-owned intelligence agencies, use advanced techniques to search through the vast amounts of visible/available data to find what they're looking for to achieve their goals and learn information that many don't even realise is public.
  • Data gathering is done in three methods, (1) Passive - Collecting data via publicly available resources (2) Semi Passive - Sending internet traffic to target in order to acquire information. (3) Active - Using advanced techniques to harvest technical data of the target.
  • In simple terms, many OSINT tools are open source in nature used to analyse and gather from almost anywhere and even the most unlikely of places that may provide you with valuable intelligence on the subject of your investigation.

Open Source information includes :

  • The Internet, including forums, blogs, social networking sites, video-sharing sites like, wikis, Who is records of registered domain names, metadata and digital files, dark web resources, location data, IP addresses and everything that is found online.
  • Also information from online, newspapers, books, magazines, specialised journals, academic publications, dissertations, conference proceedings, company profiles, annual reports, company news, employee profiles, resumes, metadata in photos and videos as well.

Advantages of Using OSINT :

    Using OSINT really does depend on your goals and the kind of intelligence that you want to gather, and below are few benefits listed.

  • OSINT process is “less expensive” to other intelligence sources
  • OSINT data/intelligence is of” lesser risk” as it is collected from publicly available platforms.
  • OSINT is ”easily accessible” almost available everywhere, no matter who you are.
  • OSINT collected data may not have a “copyright license” as these resources are already publicly published.
  • OSINT allows government agencies in “investigations” to detect tax evaders, and criminals by monitoring the target's social media accounts, vacations, lifestyle, people they are meeting, and traveling.
  • OSINT can be used to find "counterfeit / impersonating" products and direct police to close such websites.
  • OSINT helps governments/organisations to understand their people’s "attitudes/expectations" to act accordingly.

Disadvantages of Using OSINT :

  • An adversary can also use it to collect information about you and your business.
  • Finding information is not enough, putting it to use in a meaningful way consumes time and effort.
  • Filtering out junk data can be challenging based on the volume of the data we discover.
  • Validating the information is reliable usable data consumes time and effort.
  • Some may deliberately post false information to mislead those who are tracking them.

Few Important OSINT Links :

  • Check How Apps Access Your Data -- https://reports.exodus-privacy.eu.org/en/
  • Use Light Beam Plugin on Browsers (How Corporate's Share Data) -- https://myshadow.org/resources/lightbeam?locale=en
  • Check for data breaches of your email ID -- https://amibeingpwned.com
  • Data collected from publicly available sources -- https://osintframework.com
  • Open Source Intelligent Techniques -- https://inteltechniques.com/
  • Open Source data collections by security professionals and forensic investigators -- https://www.maltego.com/
  • Shodan is the search engine for ethical hackers - https://www.shodan.io/
  • To Quickly Check the Availability of Name or a Brand Availability -- https://namechk.com/
  • Fact-Checking an Image (Reverse Image Check) - www.tineye.com
  • For Image Verification (Date / Camera / Location etc, Where it is taken) --  http://exifdata.com/
  • Un Shorten Short Web Links -- www.unshorten.it
  • Check if the Website is doing Phishing Activity -- https://isitphishing.org/
  • Check the Complete Email Header -- https://mxtoolbox.com/EmailHeaders.aspx
  • Check Domain Tools - http://whois.domaintools.com/
  • Check the old version of the target website -- https://archive.org/web
  • Open Source Information System -- https://attack.mitre.org/

Conclusion :

  • The majority of netizens treat social media platforms as though they’re actually whispering in their best friend’s ears, Seemingly unaware of the negative outcomes of sharing both personal and professional details in the virtual world.
  • Social media gave voice to voiceless people, but at the same time, we are creating a surveillance society where the smartest way to survive this society is to go voiceless.

Reach us at: support@endnowfoundation.org