Open-source intelligence (OSINT) is information gathered from publicly available
•Web-based communities and user-generated content: social-networking sites, video sharing sites,
wikis and blogs.
•Traditional mass media: newspapers, magazines, radio, television, and computer-based
•Geospatial information (e.g. maps and commercial imagery products)
•Public data: government reports, official data such as budgets, demographics, hearings, legislative
debates, press conferences, speeches, marine and aeronautical safety warnings, environmental
impact statements and contract awards.
•Professional and academic: conferences, professional associations, academic papers, and subject
Information collected from Web communities,
mass media & etc.,
•Executive and Employee Background Checks
•Due Diligence on Potential Clients and
•Corporate Self Analysis
•Products needed for Military Applications and
Media and Other intelligence
•For finding people by name, email, address,
Maltego is a forensics and data mining
application. It is capable of querying various
public data sources and graphically depicting
the relationships between entities such as
people, companies, web sites, and documents.
GOOGLE HACKING DATABASE
• The Google Hacking Database (GHDB) is an
authoritative source for querying the ever-
widening reach of the Google search engine.
• Google hacking involves using advanced
operators in the Google search engine to
locate specific strings of text within search
Can be used
Web Images Groups News
yes yes yes yes yes yes
no yes yes yes yes yes
inurl Search URL yes yes yes yes not really like intitle
allinurl Search URL no yes yes yes yes like intitle
filetype specific files yes no yes yes no not really
Search text of
not really yes yes yes yes yes
yes yes yes yes no not really
Search for links
no yes yes no no not really
yes yes yes yes not really yes
numrange Locate number yes yes yes no no not really
Search in data
yes no yes not really not really not really
yes yes no no yes not really
not really yes no no yes not really
yes yes like intitle like intitle yes like intitle
no yes not really not really yes not really
Metagoofil is an information gathering tool
designed for extracting metadata of public
belonging to a target company.
Sentient Hyper Optimized Data Access
Network (Shodan) is a search engine that lets
the user find specific types of computers
devices (routers, servers, etc.) connected to the
internet using a variety of filters.
SpiderFoot is an open source intelligence
automation tool, that is used to automate the
process of gathering intelligence about a given
target, which may be an IP address, domain
name, hostname or network subnet and more.
• TheHarvester is used to gather emails,
subdomains, hosts, employee names, open
ports and banners from different public
sources like search engines, PGP key servers
and SHODAN computer database.
• This tool is intended to help Penetration
testers in the early stages of the penetration
test in order to understand the customer
footprint on the Internet.
• It is also useful for anyone that wants to know
what an attacker can see about their
• FOCA (Fingerprinting Organizations with
Collected Archives) is a tool used mainly to
find metadata and hidden information in the
documents its scans.
• FOCA includes a server discovery module,
whose purpose is to automate the servers
search process (web search, DNS search, IP
resolution, PTR scanning, Network analysis,
DNS snooping, juicy files, proxies search &
etc) using recursively interconnected
• Information overload- Information provided by OSINT Tools is huge in
amount, filtering or harvesting of data is quit time consuming.
• False Positive- Result given by OSINT tools may be right or may be
wrong. There is no guarantee that the result provided by OSINT tools
is totally right.
As technology increases day by day the need of fast and specific
information gathering arises. OSINT has always been an integral
component in intelligence. An organization with an appreciation for
OSINT’s value and potential will be the most effective in the future.