Open-source intelligence

O.S.INT. refers to Open-source intelligence (OSINT), which is the major factor to understand about cybersecurity. It is about data collection from individuals or entities from publicly available sources whether it is TV, radio, websites or social media. Data can be collected in any form like text, image, audio, and video formats. The internet boom was the next frontier for OSINT. 

Information from the open-source was limited in the past, but now with the beginning of the rapid information transfer system, OSINT has become the requirement of every hour. The global market for OSINT was $2,866 million in 2017 and is expected to cross a valuation of $7K million by 2023. OSINT is also becoming popular due to the rapid expansion of publicly available databases. 




OSINT sources can be divided into the following categories of information flow: 

  • Media: Newspapers, magazines, TV, and radio. 
  • Internet: Websites, blogs, discussion forums, and social media. 
  • Public data: Government reports, budgets, conferences, and speeches. 
  • Publications: Journals, symposia, research papers, dissertations, and theses. 
  • Commercial data: Imagery, financial and industrial assessments, and databases.
  • Grey literature: Technical reports, patents, business documents, unpublished works, and newsletters.


OSINT process has four key elements: 

  • Uncovering: Understanding the data and knowing where the data is available in the key process.
  • Discriminating: Discrimination is required between good and bad sources, current and outdated sources, and relevant and irrelevant sources.
  • Refining: The final research report is prepared by refining the available data. 
  • Delivering: The delivery needs to be done to the client in a timely fashion. 


OSINT reconnaissance can be divided into the following five phases: 

  • Identifying source: In the first phase, potential sources are identified from where information can be gathered
  • Harvesting data: In the second phase, information is collected and harvested from different sources.
  • Processing data: In the third phase, the harvested information is processed for actionable intelligence.
  • Analyzing data: In the fourth phase, data analysis of the processed information is done using OSINT analysis tools.
  • Delivering results: In the final phase, findings are compiled and shared with the other members of the team.


OSINT can be used in the following areas: 

  • Business Intelligence: Employee background checks, due diligence on clients and competitors, and competitor analysis.
  • Government Intelligence: Products required for military and non-military applications.
  • Individual intelligence: Finding people by name, email, address, and phone number.


Some of the most popular OSINT techniques used in cybersecurity are as follows: 

  • Collecting employee information like name, job role, and software they use; 
  • Reviewing and monitoring search engines like Google, Bing, and Yahoo, etc.; 
  • Monitoring blogs and reviewing user activities on digital forums; 
  • Identifying social media platforms used by the user or company; 
  • Reviewing the content on social media networks like Facebook, Twitter, or 

Linkedin, etc.; 

  • Using data collection tools to unravel information about individuals; 
  • Accessing cached data from Google to reveal information; 
  • Exploring old versions of websites to reveal imperative information; 
  • Identifying email addresses and mobile phone numbers; 
  • Searching for photographs and videos on websites like Flickr and Google Photos; 
  • Using Google Maps and other imagery sources to retrieve images of the location; 
  • Using tools like GeoCreepy to track down geographic location information; 
  • Using automated tools such as Spiderfoot to retrieve information; 
  • Using popular extensions that include useful sources like the OSINT browser; 
  • Exploring DNS Services, domains, subdomains, and IP addresses; 
  • Running port scanners against the target company server infrastructure; 
  • Using tools to search for internet-connected devices like Shodan; 

Some of the tools to gather information about the specified target are as follows: – 

  • Maltego: It is an inbuilt tool that helps to perform a significant reconnaissance against targets with built-in transforms. There are several built-in footprints inside Maltego, expected results might include identification of netblock, AS number, locations, and phrases. It is a great tool to track the footprints of a single entity.
  • Recon-ng: It is a useful tool to accomplish reconnaissance on the target. It has multiple modules inbuilt. Workspaces can be created inside where users can be redirected. The domain can be specified using the domain name. There are some great modules like bing_domain_Web and google_site_web. With the use of different modules, we can get extra information regarding targets. Recon-ng is a great tool for researchers.
  • Harvester: It is an outstanding instrument for collecting information from the specified target. It is very fast and easy to use. It can fetch results from search engines like Google, Bing, etc. Results of hosts and virtual hosts can be found in search engines. It is also useful to extract information from the specified targets.
  • Shodan: It is most popular as like search engine for hackers as it provides a footprint of devices that are connected online. It helps the researchers to see the exposed assets. Through Shodan, one can see the connected webcams, traffic lights, etc. It is a great tool for finding the fingerprint of connected assets and their details and vulnerabilities.
  • Google Dorks: They provide us information about a target through the operators that are difficult to extract using simple searches. Intitle, Inurl, Filetype, and Ext are some of the operators used in Google Dorking. Google Dorks provide good results and can prove handy in performing reconnaissance.

We have looked at some of the most common OSINT tools. These tools are powerful when used alone but become even more powerful when used together with each other. 

Framework: The OSINT framework is a cybersecurity framework. It is a collection of OSINT tools that makes data collection tasks easier. It is mostly used by security researchers. It provides a simple web-based interface through which you can browse different OSINT tools classified by categories. It is a great resource for knowing what areas you are missing to explore or what should be the next step for your investigation. It is classified on the basis of different topics and goals. 

Advantages: There are several advantages to using OSINT. The biggest advantage is its cost. It is less expensive compared to other information collecting devices. The return on investment is comparatively higher in OSINT. Updated information can be shared legally and easily by using OSINT. Social media websites like Twitter and Facebook etc., are open and easily accessible. Information gathered from publicly available sources support long-term strategies for different business goals. 

Disadvantages: OSINT has certain disadvantages as well. There is a potential information overload and filtering useful information can be difficult. Getting the right information can also be difficult at times. OSINT is not ready to use as it needs a large amount of analytical work to differentiate between valid and false or misleading information. OSINT needs to be validated and it needs an understanding of the requirements for using it. 

Limitations: There are certain major limitations of OSINT are as follows: – 

  • Information overload: Information provided by OSINT tools is huge and filtering or harvesting of data can be quite time-consuming.
  • False Positive: Result provided by OSINT tools may be correct or incorrect. 

There is no guarantee that the result is completely right. 

Thus, it can be concluded that with the advancement in technology, the need for OSINT increases to gather fast and specific information. OSINT will be the need of every private and government organization in the coming years. Through OSINT, we are able to get important and accurate information instantly by the deep analysis of different sources.