You don’t have to be the CIA to gather intelligence on the web

You don’t have to be the CIA to gather intelligence on the web

A Comprehensive Guide to Open Source Intelligence (OSINT) Sources

Open Source Intelligence (OSINT) is a distinct intelligence discipline that focuses on collecting, analyzing, and utilizing publicly available information. The main challenge is sifting through the vast amount of information to find relevant, reliable sources. However, for those skilled in accessing local knowledge and leveraging human experts, OSINT can be an extremely powerful tool for gathering tailored intelligence on the fly. In this blog, we will provide you with a list of basic OSINT sources that are widely used for gathering intelligence on the web.

While many of these resources are free, some may require subscriptions or payments to unlock their full capabilities.

People Search and Public Data

  • Spokeo – A people search engine that helps you find phone numbers, addresses, emails, and more. It offers a free basic service and paid options for detailed information.
  • LittleSis – A free database for tracking relationships between influential people and organizations.
  • EntityCube – A tool that summarizes web data for entities like people, organizations, and locations.

OSINT and Penetration Testing Tools

  • theHarvester – A tool for penetration testers to discover an organization's online footprint, including emails, subdomains, and IPs.
  • Foca – FOCA analyzes metadata from public documents to identify potential data leaks, server configurations, and more.
  • Shodan – A search engine that locates computers and devices based on criteria like geography, software, and IP address.
  • Maltego – A tool that maps out relationships between entities, like domains and people, to identify potential vulnerabilities.
  • FoxOne Scanner – A reconnaissance tool for identifying information about web servers.

Business and Professional Search Tools

  • Jigsaw (now Data.com) – Used by sales professionals to gather contact information and business leads.
  • Hoovers – Offers detailed company reports, including competitor analysis and executive profiles.
  • Market Visual – A search tool to find professionals by name, company, or title.

Image and Social Media Intelligence

  • TinEye – A reverse image search engine that allows you to track where an image has appeared on the web.
  • Social Mention – A social media search engine that searches blogs, comments, videos, and other user-generated content.
  • NameCHK – A service to check the availability of a username or vanity URL across multiple social media platforms.
  • Scythe – Tests email addresses or account names across different websites to identify active accounts.

Job and Company Research

  • Glassdoor – A website for company reviews, salaries, and job interview insights, all posted anonymously by employees.
  • Google Hacking Database (GHDB) – A resource for using advanced Google search techniques to find hidden information online.

E-Commerce and Classifieds for OSINT

  • eBay – A global e-commerce platform useful for identifying trends and buyer behaviors.
  • Craigslist – A classifieds site that can provide useful intelligence for investigative purposes.
  • Backpage – Although now defunct, historical references to Backpage can offer insights into illicit activities related to human trafficking and more.

Social Networks

DNS and Network Intelligence

  • Deep Magic – A tool for searching DNS records and uncovering other hidden details about networks.

Additional Tools for Law Enforcement & OSINT Professionals

  • SpiderFoot – An OSINT automation tool that scours the web for detailed information on domains, IPs, names, and more.
  • Creepy – A geolocation tool for extracting location data from social media platforms.
  • OSINT Framework – A collection of OSINT tools and resources, categorized by use cases such as social media, usernames, IPs, and email.

If you have other tools or resources that you use regularly, feel free to comment below, and we’ll add them to a follow-up blog post.

If you would like to learn more about OSINT you can explore our Certified in Open Source Intelligence (COSINT) program today.

Thanks for visiting, and stay tuned for more OSINT tips and resources!