Overview & Intelligence Cycle

Part 1
What is OSINT?

OSINT stands for Open Source Intelligence // the practice of collecting and analyzing information from publicly available sources to generate actionable intelligence. It is systematic, lawful, and applicable across security, investigation, journalism, and business contexts.

Top Sources
  • People Identifiers // Names, aliases, email addresses, phone numbers, employment and education history.
  • Social Media // Facebook, X (Twitter), Instagram, LinkedIn, TikTok, Telegram, and others.
  • News & Publications // Websites, newspapers, government reports, white papers, statistical data.
  • Web Content // Text, images, video, documents, metadata, multimedia.
  • Forums & Blogs // Community discussions, opinions, and user-generated content.
  • Dark Web // .onion services, leak sites, threat actor forums (use with OPSEC).
OSINT Use Cases
  • Security & Threat Intel // Identifying risks through analysis of publicly available data.
  • Investigations // Gathering evidence and building intelligence pictures.
  • Competitive Intelligence // Market trends, competitor activity, and consumer patterns.
  • Reputation Management // Monitoring brand and personal exposure online.
  • Journalism & Research // Fact verification, source corroboration, investigative reporting.
  • Disaster & Crisis Response // Situational awareness and impact assessment.
The Intelligence Cycle
1 Planning & Direction 2 Collection 3 Processing 4 Analysis & Production 5 Dissemination
Define objectives, identify requirements, select sources, develop a plan. Gather data overtly and covertly using diverse technological resources. Organize data, remove redundancies, normalize formats, document sources. Identify patterns, assess reliability, contextualize data, generate insights. Create reports, tailor to audience, solicit feedback, update methods.
Best Practices
Strive for precisionCross-check with multiple sources. Accuracy is the foundation of good intelligence.
Maintain urgencyDeliver intelligence products in a timely manner using credible sources.
Adhere to legal and ethical guidelinesComply with applicable laws and ethical standards at all times.
Stay flexiblePivot quickly when new information emerges or leads change direction.
Ensure OPSEC throughoutProtect your identity, methods, and sources in all phases.
Main Users of OSINT
GovernmentsCommunity sentiment • Risk and threat analysis • Natural disaster response • Trending activities • Critical information monitoring
CorporationsPersonnel protection and screening • Due diligence • Fraud investigations • Supply chain risk • Asset and brand protection
Law EnforcementCrisis response • Counter violent extremism • Public safety • Deep investigations
Investigators & JournalistsVerification • Investigative journalism • Private investigations • Uncovering facts

Foundations

Intelligence Analyst Skills
Intelligence Analyst Key Skills
1 Critical Thinking 2 Research & Analysis 3 Technical Skills 4 Problem-Solving 5 Communication
Evaluate information critically for reliability, relevance, and implication. Gather from diverse sources and analyze datasets to draw conclusions. Proficiency with analytical tools, databases, and data collection software. Provide creative and strategic solutions to complex investigative problems. Convey findings clearly in both written reports and oral briefings.
Intelligence Disciplines
OSINT // Open Source Intelligence
Printed materials, electronic platforms, broadcast media, and publicly accessible online sources.
SOCMINT // Social Media Intelligence
Branch of OSINT focused on gathering and analyzing intelligence from social media platforms.
HUMINT // Human Intelligence
Direct interaction with individuals to collect valuable knowledge or access sensitive information.
GEOINT // Geospatial Intelligence
Analysis of geospatial data combining imagery, mapping, and GIS to understand Earth-surface activities.
IMINT // Imagery Intelligence
Collection and analysis of visual imagery from satellites, aircraft, drones, and other imaging systems.
SIGINT // Signals Intelligence
Interception and analysis of electronic signals, radio transmissions, radar emissions, and telecom data.
Internet Categories
Surface Web
Normal web visible to all users • Indexed by search engines • Approx. 4% of the internet
Deep Web
Not indexed by search engines • Access restricted to authorized users • Databases, cloud storage, sensitive data
Dark Web
Accessed through Tor Browser and similar tools • Anonymous browsing • High-risk environment requiring OPSEC
Investigator Setup Essentials
  • Antivirus / EDR // Windows Defender, ClamAV, Malwarebytes
  • VPN // Mullvad, ProtonVPN (no-log providers preferred)
  • Virtual Machines // Kali Linux, Tails, Trace Labs OSINT VM, CSI Linux
  • Browsers // Brave, Firefox hardened, Tor Browser
  • Sock Puppets // Fake identity for investigative use: FakeNameGenerator, ThisPersonDoesNotExist
Key Browser Extensions
uBlock Origin
RevEye
Exif Viewer Pro
User-Agent Switcher
Wayback Machine
FireShot
Shodan
Privacy Badger
Vortimo
Cookie AutoDelete
Sputnik
Hunchly
Google Translate
Hive AI Detector

Search Engines

General & Specialized
General Search Engines
Google
Bing
Yandex
Baidu
Yahoo
Brave Search
Qwant
DuckDuckGo
Google Dork Operators
" " Exact Match
Search for an exact word or phrase.
Ex: "John Doe" "Ubuntu Guard"
AND / OR
Combine or alternate search terms.
Ex: "OSINT" AND "Training" / "Apple" OR "Microsoft"
- Exclude
Exclude specific words from results.
Ex: Jaguar speed -car
* Wildcard
Matches any word or phrase.
Ex: OSINT * cheat sheet
.. Range
Search between two values.
Ex: crime rate "2020..2025"
site:
Restrict to a specific domain.
Ex: site:linkedin.com
filetype:
Search for specific file extensions.
Ex: "OSINT" filetype:pdf
related:
Find pages related to a domain.
Ex: related:osintframework.com
inurl: / intitle: / intext:
Target specific URL, title, or body content.
Ex: inurl:admin intitle:login
cache:
View cached version of a page.
Ex: cache:example.com
Effective Search Principles
  • 1Use multiple search engines // Google, Yandex, and Bing return different results.
  • 2Use Advanced Search and operators to narrow scope.
  • 3Use regional engines // Baidu for China, Yandex for Russia.
  • 4Try name variations // nicknames, abbreviations, transliterations.
  • 5Search in multiple languages relevant to the subject.
  • 6Combine multiple data types // names, phones, emails, handles.
  • 7Check cached and archived versions of removed pages.
Useful Filetypes
PDF · DOC · DOCX · XLS · XLSX · PPT · PPTX · TXT · RTF · CSV · KML · KMZ · ZIP · JPG · PNG
Dark Web Search Engines
Ahmia.fi
Torch
Haystack
NotEvil
DuckDuckGo (Tor)
Onion.live
The Hidden Wiki
Tor66
Specialized Search Engines
Shodan
Censys
FOFA
Academia.edu
OCCRP Aleph
Internet Archive
Intelx.io
grep.app

Email OSINT Tools

Email Intelligence
ToolPurposeToolPurposeToolPurpose
GHuntGoogle account OSINT EPIEOSEmail reverse lookup OSINT IndustriesEmail & phone reverse lookup
Castrick CluesEmail reverse lookup HoleheCheck email across sites MailcatFind email by nickname
EmailRep.ioEmail reputation scoring HaveIBeenPwnedData breach search DeHashedCredential breach search
BreachDirectoryData breach search WhoxyWHOIS reverse lookup Reverse WhoisDomain WHOIS search
ScamSearch.ioScammer database ThatsThemPeople search engine osint.rocksEmail tools aggregator
SkymemFind company emails SignalHireProfessional email finder Hunter.ioDomain email finder
ProtonMailSecure investigation email Addy.ioEmail aliasing / masking SimpleLoginEmail alias service

Phone Number OSINT Tools

Phone Intelligence
ToolPurposeToolPurposeToolPurpose
Free Carrier LookupCarrier identification CarrierLookupCarrier identification TruecallerNumber lookup and ID
EPIEOSPhone reverse lookup OSINT IndustriesPhone reverse lookup Castrick CluesPhone reverse lookup
PhoneInfogaPhone info gathering framework NumLookupReverse phone lookup osint.rocksMulti-tool OSINT suite
GoogleGeneral search engine BingGeneral search engine UniversalSearchBotTelegram search bot
WhitePagesPhone numbers database DeHashedData breach search SpyDialerFree reverse lookup
IgnorantCheck phones across sites DetectdeeCheck phone on platforms HaveIBeenZuckeredFacebook data breach check

Dark Web OSINT Tools

Dark Web Intelligence
ToolPurposeToolPurposeToolPurpose
Tor BrowserDark web access browser Ahmia.fiDark web search engine Onion.liveOnion site directory
Tor.linkTor-to-web gateway Telemetr.ioTelegram channel search HaveIBeenPwnedData breach checker
DeHashedCredential breach search LeakOSINTTelegram leak search bot UniversalSearchBotTelegram search bot
DeepDarkCTIDark web CTI sources OCCRP AlephFinancial and leak data search PGP ToolEncrypt, decrypt, verify PGP
Intelligence XPaste, leak, and dark web search Library of LeaksLeaks & breach database TorCrawl.pyCrawl and extract .onion pages
6 Key OSINT Steps for Investigating the Dark Web
1. Define Clear Objectives
Before diving into dark web research, define specific objectives // tracking illegal activity, identifying cyber threats, or gathering intelligence on a group or individual. Know exactly what you are looking for before you start.
3. Identify Relevant Marketplaces & Forums
Use dark web search engines like Ahmia.fi. Use OSINT databases that collect and track known dark web sites. Join relevant forums or communities where users exchange information.
5. Monitor Threat Actors
Observe chatter in forums, marketplaces, and social media. Use automated crawlers and monitoring tools. Track threat actors and criminal activity over time.
2. Maintain Strict OPSEC
Use virtual machines to minimize malware and tracking risk. Use Tor Browser for anonymous browsing. Layer with a no-log VPN. Enable strong firewalls and MFA.
4. Gather and Analyze Metadata
Analyze site uptime, traffic, and server details. Review timestamps, file formats, and server responses. Collect crypto transaction metadata where relevant. Identify patterns revealing vulnerabilities.
6. Analyze Cryptocurrency
Use blockchain explorers // Blockchair, OXT, Breadcrumbs.app. Trace wallet addresses linked to dark web markets. Look for laundering patterns. Link wallets to known marketplaces or suspects.

SOCMINT // Social Media Intelligence

Social Media Tools
Facebook
  • Instant Data Scraper // Extract data from pages, export as CSV/Excel
  • HaveIBeenZuckered // Check if your phone was in the Facebook breach
  • Facebook Advanced Search // Search posts, photos, videos, places by filter
  • Who Posted What // keyword + date search for historical Facebook posts
Instagram
  • Instaloader // Scrape public profiles, hashtags, stories (CLI tool)
  • StorySaver.net // Download and archive stories
  • Osintgram // Extract info from public Instagram profiles (CLI)
  • Picuki // Browse Instagram profiles without an account
X (Twitter)
  • X Advanced Search // twitter.com/search-advanced // date, location, user filters
  • Twayback Machine // Recover deleted tweets via Wayback archive
  • SocialBlade // Track follower growth and activity metrics
  • Bot Sentinel // Detect bot accounts and inauthentic behavior
TikTok & LinkedIn
  • TikTok Quick Search // OSINT Combine tool for username and hashtag lookups
  • TikTok Scraper // Scrape followers from any public TikTok profile
  • LinkedIn Sales Navigator // Advanced people and company search
  • Recruit'em // X-ray search LinkedIn profiles via Google dorking
Telegram
  • TGStat // Channel and group statistics
  • Telemetr.io // Channel search and analytics
  • IntelligenceX Telegram // Search Telegram channels for leaked data
  • UniversalSearchBot // Telegram bot for phone and username search
Username / Cross-Platform
  • Sherlock // Hunt usernames across 300+ social media platforms (CLI)
  • Maigret // Collect profile info from username across sites
  • WhatsMyName // Check username availability across services
  • Namechk // Check username across major platforms

Browser Extensions for OSINT

Browser Tools
ExtensionPurposeExtensionPurposeExtensionPurpose
uBlock OriginBlock ads and trackers Cookie AutoDeleteAutomatic cookie control Google TranslateIn-page text translation
RevEyeReverse image search Privacy BadgerBlock tracking scripts Exif Viewer ProView image metadata / EXIF
Wayback MachineAccess archived snapshots FireShotFull-page screen capture User-Agent SwitcherModify browser user-agent
ShodanSite tech & exposure info SputnikSearch digital identifiers VortimoWeb content analysis
HunchlyCapture and log web pages Bot SentinelDetect bots on X/Twitter Hive AI DetectorDetect AI-generated media
Instant Data ScraperExtract table data from pages Context SearchQuick search selected text Video DownloadHelperDownload embedded video

OSINT Resources

Books, Blogs, VMs & Tools
Recommended Books
  • 1
    OSINT Techniques // Michael Bazzell (updated annually)
  • 2
    Deep Dive // Rae Baker
  • 3
    Hunting Cyber Criminals // Vinny Troia
  • 4
    We Are Bellingcat // Eliot Higgins
  • 5
    OSINT Methods and Tools // Nihad A. Hassan & Rami Hijazi
  • 6
    Operator Handbook // Joshua Picolet
  • 7
    How to Find Out Anything // Don MacLeod
Podcasts
Security Now
NeedleStack
The OSINT Bunker
The Pivot
Layer 8
The World of Intelligence
ShadowDragon
Darknet Diaries
OSINT Virtual Machines
Kali Linux VM
Trace Labs OSINT VM
CSI Linux VM
Tsurugi VM
OSINTUX VM
Sherlock Linux VM
Privacy OS
Tails OS
Whonix
Blogs & News
Bellingcat
Intel Techniques
Sector035
Nixintel
Secjuice
hatless1der
Maltego Blog
Offensive OSINT
OSINT Combine
TraceLabs Blog
OH SHINT!
Cyber Detective
Tool Collections & Frameworks
OSINT Framework
IntelligenceX Tools
OSINT Essentials
OSINT Map
Bellingcat Toolkit
Meta OSINT
OSINT Dojo
OSINT Combine Free
GitHub Repositories
Awesome OSINT
OSINT Encyclopedia
Cyber Detective
Ph055a OSINT
Soxoj Namecheckers
OSINT For Countries
Social Engineering
Offensive OSINT Tools

AI-Powered OSINT

AI Intelligence
Key AI Concepts for OSINT
Artificial Intelligence (AI)Technology enabling machines to perform tasks that normally require human cognition.
Natural Language Processing (NLP)Technology that helps computers understand, interpret, and work with human language.
Machine Learning (ML)Systems that learn from data and improve performance over time without explicit programming.
Generative AIAI that creates new content // text, images, code // based on training data.
Computer VisionTechnology that enables computers to interpret and analyze visual information from images and video.
AI Strategies in OSINT
Data Collection
AI algorithms automate large-scale data gathering. NLP extracts intelligence from unstructured text.
Data Analysis
ML identifies patterns, trends, anomalies, and correlations across large datasets rapidly.
Image & Video Analysis
Detect and analyze objects, faces, logos, text, and geolocation within multimedia.
Sentiment Analysis
Analyze tone and sentiment in social media, forums, and public sources.
Risk Assessment
Assess source credibility, flag anomalies, and prioritize high-risk indicators automatically.
AI OSINT Tools (2025)
ChatGPT / GPT-4o
Analyze data, summarize findings, generate queries, assist in pattern recognition.
Geospy.ai
AI geolocates images // analyzes visual content to determine the location where a photo was taken.
FaceCheck.id
Reverse image search focused on facial recognition. Upload a photo to find matching images online.
AskNews
Compare global news perspectives across 50,000+ sources. Track event development over time.
Microsoft Copilot
Rapidly interpret complex data and generate clear intelligence summaries.
AI Considerations for OSINT
  • 1Never submit sensitive subject data to public AI tools // data may be logged or used for training.
  • 2Choose AI tools that fit the specific needs of your investigation.
  • 3Double-check all AI-generated outputs against primary sources.
  • 4Always confirm AI findings with human review before acting on them.
  • 5Use AI to accelerate, not replace, human analytical judgment.
  • 6Watch for hallucinations // AI can fabricate plausible but false information.
  • 7Watch for inherent bias in AI-generated insights and recommendations.
  • 8Regularly evaluate the quality impact of AI on your investigations.

Operational Security

OPSEC for Investigators
What is OPSEC?

Operational Security (OPSEC) is a systematic process that identifies and protects sensitive information from adversaries to prevent exploitation, maintain anonymity, and keep activities undetected.

OPSEC = software + hardware + deliberate practices
Key OPSEC Principles
  • 1Always practice OPSEC regardless of how trivial an investigation seems.
  • 2Tailor OPSEC to the specific activity or investigation.
  • 3Assume all online activities are being monitored.
  • 4OPSEC is a continuous practice // it must become second nature.
  • 5Continuously adapt as new threats and techniques emerge.
  • 6Assess risks before sharing any information online or offline.
  • 7Keep research separate from personal and professional accounts.
  • 8Research OSINT tools thoroughly before using them // some tools alert targets.
Recommended OPSEC Tools
Web Browsers
Brave • Firefox (hardened) • Tor Browser
Browser Addons
uBlock Origin • Privacy Badger • User-Agent Switcher • Canvas Blocker • Cookie AutoDelete
VPNs
Mullvad VPN • ProtonVPN • IVPN (no-log, audited providers)
Password Management
Bitwarden (cloud) • KeePassXC (local) // unique credentials per account, encrypted vault
Secure Communications
ProtonMail • Tutanota • Signal (messaging)
Sock Puppets
FakeNameGenerator • ThisPersonDoesNotExist // Separate devices or VMs recommended
OSINT Best Practices
OPSEC is Your Shield
  • Reduce adversary exploitation risk
  • Stay anonymous // hide who you are
  • Keep activities hard to trace
The Golden Rule of Verification
  • Accuracy of information is paramount
  • Not all sources are trustworthy or reliable
  • Verified data drives effective decisions
Build Technical Skills
  • Master essential OSINT tools and platforms
  • Learn advanced search strategies and dorks
  • Practice regularly across different contexts
Stay Focused on Objectives
  • Understand the goals and priorities upfront
  • Gather the most valuable intelligence first
  • Tailor intelligence output to the audience
Pivot, Pivot, Pivot
  • Transition flexibly between data points
  • Gather extensive, confirmed data
  • Follow leads wherever they take you
Stay Current
  • Join an OSINT community or forum
  • Monitor social media, read blogs, attend workshops
  • Tools and platforms change // so must your skills
Think Creatively
  • Consider unconventional sources and methods
  • Challenge assumptions about data location
  • Apply lateral thinking to complex investigations
Document Everything
  • Keep thorough notes of all findings
  • Record sources used and methodologies applied
  • Ensures transparency, reproducibility, and legal use

Brand Intelligence

Reputation & Brand Monitoring
Brand OSINT Strategies
  • 1
    Real-Time Monitoring
    Continuously scan social media, forums, news, and review platforms for brand mentions.
  • 2
    Sentiment Analysis
    Categorize mentions as positive, negative, or neutral using OSINT and AI tools.
  • 3
    Crisis Management
    Early detection of negative mentions allows brands to respond before escalation.
  • 4
    Competitor Insights
    Gather intelligence on competitor activities, strategies, and public perception.
  • 5
    Influencer Mapping
    Identify key influencers, bloggers, and thought leaders with significant audience reach.
  • 6
    Customer Feedback
    Collect and analyze open-source customer feedback for product and service improvement.
  • 7
    Market Trend Analysis
    Track emerging trends and predict market direction from open-source signals.
Why Brand Intelligence Matters
Customer Trust & Loyalty
A strong reputation builds trust and encourages repeat business.
Competitive Advantage
Reputation influences consumer decisions between similar products and services.
Crisis Resilience
Strong brands weather negative events more effectively with early OSINT monitoring.
Talent Attraction
Organisations with strong reputations attract better candidates.
Financial Performance
Brand equity directly impacts pricing power, market position, and investor confidence.
Risks of Poor Brand Reputation
Decreased Sales
Brand Devaluation
Social Media Backlash
Loss of Trust
Employee Turnover
Legal Scrutiny
Negative Media Coverage
Competitive Disadvantage

OSINT for Executive Protection

VIP Security Intelligence
VIP Individuals
Executives & CEOs Political Figures Celebrities High Net Worth Individuals
Dignitaries Professional Athletes Musicians & Actors Other VIPs
7 Essential OSINT Steps for Exec Protection
  • 1
    Personal Information & Media Analysis
    Identify exposed personal info, relatives, associates. Check for address, vehicle, email, phone, and credential exposure.
  • 2
    Threat Detection & Risk Monitoring
    Monitor online chatter, social media, and forums for any threats or hostile sentiment targeting the individual.
  • 3
    Social Media Vulnerability Assessment
    Explore executive and family social media profiles for habits, interests, routines, and potential vulnerabilities.
  • 4
    Travel & Accommodation Risk Assessment
    Assess security risks for travel destinations, transportation, and accommodation arrangements.
  • 5
    Reputation & Media Monitoring
    Monitor mentions, reviews, and news coverage related to the executive's reputation and activities.
  • 6
    Cybersecurity Threat Identification
    Identify compromised accounts, leaked credentials, or indicators of cyber threats targeting the individual.
  • 7
    Physical Security & Vulnerability Mapping
    Identify potential vulnerabilities, access points, and emergency routes for key locations.
Primary Risks to Detect
Personal Data Exposure
Social media containing photos, locations, daily activities, and network connections.
Exposed Home Address
Allows malicious individuals to locate and potentially harm the subject at their residence.
Exposed Email or Phone
Can lead to harassment, targeted phishing, or extortion campaigns.
Predictable Routine
Adversaries can anticipate movements and exploit predictable patterns for physical access.
Exposed Credentials
Unauthorized access to sensitive information, financial accounts, or critical systems.
Threat Categories
Physical: Assault, kidnapping, burglaries, harassment, corporate espionage.
Digital: Data breaches, cyber attacks, reputational damage from leaked information.
Indirect: Threats against family, business threats, mishandled crises.