Introduction to OSINT

Anany sharma
4 min readJun 14, 2022


Open Source Intelligence (OSINT) is a collective term used to describe all techniques and tools used to harvest information from publicly available resources in a timely manner to support a specific intelligence requirement. There was no particular date when the term OSINT was first coined; however, the act of gathering intelligence from publicly available information was used for hundreds of years by different nations and various purposes.

In modern times, OSINT was introduced during World War II as an intelligence tool when the United States established the Foreign Broadcast Information Service (FBIS) to publicly monitor publicly available information related . . .

By gathering publicly available sources of information about a particular target an attacker — or friendly penetration tester — can profile a potential victim to better understand its characteristics and narrow down the search area for possible vulnerabilities. Without actively engaging the target, the attacker can use the intelligence produced to build a threat model and develop a plan of attack. Targeted cyber attacks, like military attacks, begin with reconnaissance, and the first stage of digital reconnaissance is passively acquiring intelligence without alerting the target.

Gathering OSINT on yourself or your business is also a great way to understand what information you are gifting potential attackers. Once you are aware of what kind of intel can be gathered about you from public sources, you can use this to help you or your security team develop better defensive strategies. What vulnerabilities does your public information expose? What can an attacker learn that they might leverage in a social engineering or phishing attack?

What is the OSINT Framework?

Gathering information from a vast range of sources is a time-consuming job, but there are many tools to make intelligence gathering simpler. While you may have heard of tools like Shodan and port scanners like Nmap and Zenmap, the full range of tools is vast. Fortunately, security researchers themselves have begun to document the tools available.

A great place to start is the OSINT Framework put together by Justin Nordine. The framework provides links to a large collection of resources for a huge variety of tasks from harvesting email addresses to searching social media or the dark web.

Different tools of OSINT


1- Maltego

Maltego is developed by Paterva and is used by security professionals and forensic investigators for collecting and analyzing open source intelligence. It can easily collect Information from various sources and use various transforms to generate graphical results. The transforms are inbuilt and can also be customized based on the requirement. Maltego is written in Java and comes pre-packaged in Kali Linux. To use Maltego, user registration is required, the registration is free. Once registered users can use this tool to create the digital footprint of the target on the internet.

2- Threatool

The threat tool is currently being used by various law enforcement agencies from different states of India, Mr. Saumay Srivasatava sir the developer of the threatcops aims to provide the best experience to its users by filtering and choosing the best resources of OSINT.

For any hacker, it is a centralized platform where they can easily find the latest OSINT tools for information gathering, It includes Username OSINT, Email OSINT, IP/Domain Tools, Crime investigations ,Sock puppet category etc

3- The Harvester

A harvester is an excellent tool for getting email and domain-related information. This one is pre-bundled in Kali and can be very useful in fetching information. Below is an example of the output when we try to search for emails for Microsoft in the PGP server. You can explore more as per requirement.

E.g the harvester –d –b pgp

4- Shodan

Google is the search engine for all but shodan is the search engine for hackers. Instead of presenting the result like other search engines it will show the result that will make more sense to security professionals. As a certified information security professional one of the important entity is digital asset and network. Shodan provides you a lot of information about the assets that have been connected to the network. The devices can vary from computers, laptops, webcams, traffic signals, and various IOT devices. This can help security analysts to identify the target and test it for various vulnerabilities, default settings or passwords, available ports, banners, and services etc.

Thank you for visit — Anany Sharma



Anany sharma

Security used to be an inconvenience sometimes, but now it’s a necessity all the time. — Martina Navratilova.