OSINT: Open Source Intelligence

Open Source Intelligence (OSINT) is the practice of gathering and analyzing publicly available information to extract valuable insights. By tapping into various sources such as social media, news articles, and public records, OSINT enables individuals and organizations to uncover intelligence and make informed decisions. In this brief overview, we explore the power and applications of OSINT in today's information-driven world.

Andrés Jimenez
May 13, 2024

What is OSINT?

OSINT, "open source intelligence" refers to techniques and tools used to collect public information, analyze data and relate them to turn them into practical knowledge.

Traditionally, OSINT was a technique used by the homeland security and law enforcement communities. However, it has become a fundamental capability within cybersecurity in recent years. It is also used in numerous fields. It allows access to information about a company, person, or anything we want to investigate.


How is it done?

OSINT approaches differ from case to case, but there are core techniques for generating actionable intelligence at the data collection and analysis stages. At times you learn by applying each of the phases that make it up, and your research work is significantly streamlined.


The different phases of the process are


The preparation: This is when the application's needs and requirements are evaluated, such as determining the task's objectives and identifying the best sources to find the information. 

Compiling is the primary and most important step in collecting data and information from as many relevant sources as possible.

The process is when the collected data and information are organized or collated.

Analysis and production: it is the interpretation of the information collected to make sense of what was collected, that is, to identify patterns or a timeline of travel history. Produce a report to answer the intelligence question, draw conclusions, and recommend the next steps.

Diffusion: is the presentation and delivery of open source findings, i.e., written reports, schedules, recommendations, etc. Answer the intelligence question for stakeholders.


Find information about a person

With people living so many aspects of their lives online. , its easy to obtain public information from people. Given that Users have a digital footprint that is used to verify identities, find people, and gather evidence.

Among the information we may collect using OSINT tools, we can mention

  • Information about a person from their data. Tastes, personal preferences, opinions, location of the person, place of work, and contact lists.
  • Photos of users' activities and their inner circle. The date and time the photo was taken. Geographical location where an image was taken.
  • Establish an idea of ​​a person's socioeconomic background, even in markets where financial information is scarce.
  • Monitoring of personal and corporate blogs, as well as a review of user activity in digital forums.
  • Verification of social networks used by the target user.
  • Analysis of content available on social networks such as Facebook, Instagram, Twitter, Google Plus, or Linkedin.
  • Accessing old Google cached data: Often reveals exciting information.
  • Identify mobile phone numbers, email addresses from social networks or Google results.
  • Search for photos and videos on common social photo-sharing sites like Flickr, Google Photos, etc.
  • Use of Google Maps and other open sources of satellite images to retrieve images of users' geographic location.
  • OSINTs are also used to identify suspicious emails and maliciously created fake accounts and can track people in the real world behind people online.

It is important to note that criminal investigators use OSINT to find information about their subjects and to detect illegal activities online.

OSINT tools allow investigators to quickly map and analyze crime syndicate composition, structure, and activities, including affiliations, member profiles, financial transactions, and connections to illegal operations.


Find information about a business

The data to which one has access today can be practically infinite; therefore, its interpretation can significantly help simplify processes and optimize results within a company. Companies, businesses, and organizations use the OSINT tool since it is a system that can help them have an advantage over their competition, have information about an employee or candidate, or get to know potential customers better.

As well as reduce the risks in companies' decision-making and save costs, among many other advantages.

  • Know the online reputation of a company or a specific user.
  • It can improve cybersecurity by helping to uncover information about your company, employees, IT assets, and other confidential or sensitive data that an attacker could exploit. Discovering that information first and then hiding or removing it could cut down on everything from phishing to denial-of-service attacks.
  • Audit companies and organizations to assess their level of privacy and security.
  • It also helps uncover compromised and exposed credentials, publicly available business records, personal and background information of individuals or organizations, documents, image-focused searches, email and domain knowledge, interconnected device or application information, potential exploits, and deleted data. , but indexed, geolocation information, darknet resources, blogs, news, content or social network profiles, etc.
  • In marketing, they follow social data to understand how customers respond to campaigns, promotions, and other advertising media, through the monitoring of campaigns, user segmentation, market trend analysis, or the collection of information on the objectives of an investigation.
  • Consumer product companies and retail organizations monitor social media, such as Facebook or Twitter, to gain unprecedented insight into customer behavior, preferences, and perception of their products.
  • Generating Intelligence that allows strategic decisions can help in business expansions, the purchase of assets, etc.


Find information available on Facebook


OSINT tools allow you to use search engines and social networks to collect information about a target.

Due to the increase in the use of electronic devices, we can find more and more information using this type of research. Facebook offers a lot of possibilities to collect data: demographics, age, gender, location, education, economy, significant events in the user's life, whether or not they have children and marital status.

Work, specific interests or crossing them, business and industries, entertainment, behavior, digital activities, expatriates, device and operating system, type of device (omnichannel), connections, and applications used by the user.


Data that may be collected on Facebook

  • From photos of yourself to where you work, who you interact with, or where you live.
  • We are detecting fake accounts.
  • Look up the full name and other relevant details of the person you're investigating to find their profile on the social network and see their public activity, such as their posts and shared photos.
  • Use relevant hashtags to find posts related to the person under investigation. For example, suppose you're looking for information about an event. In that case, you can search for the hashtag associated with that event and see if the person has shared information about that event.
  • Check if the person you are investigating is a member of any social network group, as they can provide additional information about their interests and activities.
  • Search for mentions of the person you're researching on the social network to see if other people are talking about them and learn more about their online reputation and relationships.
  • Profile bio: A brief description of the person can uncover a data trail, especially if they mention a job site.

Tools that are used for OSINT (Open Source Intelligence)

 OSINT Framework: The OSINT framework is an online directory listing open-source tools for OSINT gathering, sorted by source type.

Shodan: it's an internet-connected device search engine. It allows you to search for devices like web cameras, servers, and routers and provides information about the devices, including IP addresses, locations, and vulnerabilities.


Maltese: is an information gathering and data visualization tool that allows you to collect information about entities, such as organizations, people, and IP addresses. It provides a visual representation of information and will enable you to see the connections between entities. It can run on Linux, Windows, and macOS.


Whois: is a tool that allows you to collect information about domain names, including information about the domain owner, registrar, and contact information. This tool helps gather information about websites and web services.


TinEye: this reverse search engine uses image identification instead of keywords or metadata. It is a simple, browser-based tool.



In the Information Age, of social networks, of mass digitization, whoever knows how to obtain information from open sources has a significant advantage on a personal and professional level.

It is a valuable tool allowing real-time updates, significantly benefiting organizations and individuals seeking information from publicly available sources.

It will nourish our organization or clients with intelligence since it is used at strategic, operational, and tactical levels; it provides alerts, information, and support for decision-making.