TOP 20 Open-Source Intelligence (OSINT) Tools You Should Know in 2020 Â " Chiheb Chebbi

10/08/2020 TOP 20 Open-Source Intelligence (OSINT) tools you should know in 2020 – Chiheb Chebbi
Chiheb Chebbi
Independent Security Consultant at Indepedent
Feb 9, 2020last reply July 27, 20208.6K views
Follow Sponsor this post
TOP 20 Open-Source Intelligence (OSINT) tools you should know in 2020

Hi Peerlysters,
This is another part from my "TOP 2020 tools in 2020" series. You can find the previously written
ones here:
TOP 20 tools every security professional should have in 2020

TOP 20 tools every Blue Teamer should have in 2020
Wikipedia defines OSINT as follows:
"Open-source intelligence is data collected from publicly available sources to be used in an

intelligence context. In the intelligence community, the term "open" refers to overt, publicly
available sources. It is not related to open-source software or collective intelligence"
Image Courtesy
In this post, we are going to explore the TOP 20 Open-Source Intelligence (OSINT) tools you
should know in 2020.
Let’s start exploring them:
Shodan
Shodan is a search engine that lets the user find specific types of computers (webcams, routers,
servers, etc.) connected to the internet using a variety of filters. Some have also described it as a
search engine of service banners, which are metadata that the server sends back to the client. This
https://www.peerlyst.com/posts/top-20-open-source-intelligence-osint-tools-you-should-know-in-2020-chiheb-chebbi 1/20
can be information about the server software, what options the service supports, a welcome mes-
sage or anything else that the client can find out before interacting with the server.
You can use it by visiting the official website: www.shodan.io
To learn more about it:
The how to use Shodan wiki
Recon-NG
Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an
intelligence context. Recon-ng is a must-have OSINT tool. It was written
in Python by lanmaster53 with many integrated modules and features. It contains 4 different cat-
egories of modules: Reconnaissance, Discovery, Reporting and experimental modules.
You can download it from here: https://github.com/lanmaster53/recon-ng
OSINT with Recon-ng | Open Source Intelligence [4]
The Harvester
The Harvester is a tool for gathering email accounts, subdomain names, virtual hosts, open ports/
banners, and employee names from different public sources (search engines, pgp keyservers). It is
a really simple tool, but very effective for the early stages of a penetration test or just to know
the visibility of your company on the Internet.
Image Courtesy
How I use theHarvester for Recon - [Video]
Maltego
Maltego is another OSINT tool. It is an interactive data mining tool that renders directed graphs for
link analysis. The tool is used in online investigations for finding relationships between pieces of in-
formation from various sources located on the Internet. Maltego uses the idea of transforms
to automate the process of querying different data sources. It was developed by Paterva. It
provides you with transforms to help you gather information and visualize them. You can download
the free edition from here: https://www.paterva.com/downloads.php
Image Courtesy
How to use Maltego - part 1

How to use Maltego - part 1
Exiftool
Sometimes files contain many juicy pieces of information. Many users are not aware of them.
These pieces of information are represented as Metadata that can be extracted using many tools.
One of the most popular tools to extract metadata from images is Exiftool. This tool is free and
open-source. It was developed by Phil Harvey and it supports many operating
systems including Windows, Mac OS and Linux
Image Courtesy
You can download it from here: https://exiftool.org
Extracting Juicy info from an Image using Exif-Metadata
Global Terrorism Database
During many OSINT missions, you will be dealing with terrorism threats. Thus, it is essential to col-
lect many pieces of information about terrorism online. One of the most used services is the “Global
Terrorism Database”. The project is managed by the National Consortium for the Study of Terrorism
and Responses to Terrorism (START) and it contains information about more than
190,000 terrorist attacks.
Its official website is: https://www.start.umd.edu/gtd/access/
OnionScan
The deep web, invisible web, or hidden web are parts of the World Wide Web whose contents are
not indexed by standard web search engines for any reason. The opposite term to the deep web is
the surface web, which is accessible to anyone using the Internet. Computer scientist Michael K.
Bergman is credited with coining the term deep web in 2001 as a search indexing term. OnionScan
is a free and open-source tool that is used in investigating the Darkweb.
Image Courtesy
Its official website is: https://onionscan.org
DataSploit
Another powerful OSINT tool is DataSploit. This tool is a free and open-source. It gives you the
ability to search for information about Companies, People, Phone Number, Bitcoin Addresses and
so on. Once it collects the data it will generate reports as different formats such as HTML and
JSON. It was written in python and It runs from the command line.
Image Courtesy
Its official Github repository is: https://github.com/DataSploit/datasploit
Openphish
Social engineering is a set of techniques (technical and nontechnical) used to get useful and sensit-
ive information from others using psychological manipulation. Phishing is a Computer-based social
engineering attack. To get information about active phishing links and URLs you can use “OpenPh-
ish”. It provides a free phishing threat intelligence feed to track phishing URLs.
Its official website is: https://openphish.com
Malware Information Sharing Platform (MISP)
Malware Information Sharing Platform or simply MISP is an open-source threat

sharing platform where analysts collaborate and share information about the latest threats between
them. The project was developed by Christophe Vandeplas and it is under GPL v3 license.
Image Courtesy
Its official website:https://www.misp-project.org
Google Dorks
If you are using Google as a search engine you can use what we call “Google Dorks”.A Google
dork query, sometimes just referred to as a dork, is a search string that uses advanced search op-
erators to find information that is not readily available on a website. Google dorking, also known
as Google hacking, can return information that is difficult to locate through simple search queries.
For more information about Google dorks you can visit the Google Hacking Database:https://www.-
exploit-db.com/google-hacking-database/
Image Courtesy
Spiderfoot
Spiderfoot is a powerful OSINT tool with more than 200 modules to perform many operationsinclud-
ing scanning, monitoring and analysis. It is free and open-source. It can
perform TORinvestigation too thanks to its built-in Tor integration. You can generate many different
report formats including JSON, CSV and GEXF format
Image Courtesy
Its official website is: https://www.spiderfoot.net
Investigating an Online Scam with Spiderfoot Hx
Lampyre
Lampyre.io is an OSINT tool that gives you the ability to Obtain, visualize and analyze data in one
place. You can import your own data to analyse it offline. It is widely used by Law enforcement, cy-
bersecurity experts and financial analysts for many reasons including having updated data sources
and the ability to use its Python API to customize your projects based on your needs and goals.
Image Courtesy
Its official website is: https://lampyre.io
Using Lampyre for Basic Email and Phone Number OSINT
Social Media
When performing open-source intelligence (OSINT), you usually try to find information about
people from different publicly available social media platforms including: Facebook, Linkedin, Ins-
tagram and so on… To do so, you can use these powerful tools and websites:
An Instagram Open Source Intelligence Tool: https://github.com/sc1341/InstagramOSINT

Facebook Search tool: https://netbootcamp.org/facebook.html
Image Courtesy
Metapicz
Previously, we explored a metadata extraction tool called “Exiftool”. If you want a ready-to-use on-
line tool you can simply use Metapicz. You just need to upload a picture and you will get all
metadata of it and later you can analyse these pieces of information later.
Its official website is: http://metapicz.com/#landing
Carrot2
Carrot2 is an online and free tool that uses Carot2’s algorithm to search and organize results. The
tool is free and it is under Apache v2 license. You can organize your search as folders, treemap or
pie charts.
Its official website is: https://search.carrot2.org/#/web
Censys
We already explored Shodan in this list. Censys is another great online tool that helps you to collect
technical information about a target. You can simply put an IP address and a domainand it will give
you a list of important and helpful pieces of information including running services, geographic loca-
tion, open ports and vulnerabilities and they are found.
Image Courtesy
Its official website is: https://censys.io
DNS Dumpster
DNS Dumpster is a powerful tool maintained by HackerTarget.com. This free tool lets you discover
hosts related to a specific domain. You can use it to visualize what attackers are seeing from the
outside. Collected information can be presented as different formats including texts and visual
maps. Also, it gives you the ability to build your own scripts thanks to its available API.
Image Courtesy
Its official website is: https://dnsdumpster.com
VirusTotal
To obtain many helpful pieces of information about a malicious file, we can use online virusscan-
ners and search for its signature in search engines. VirusTotal is a free malware and URLonline
scanning service. It will deliver a result from more than 40 antivirus solutions. In other words, it
gives you the ability to perform AV scanning using many AV solutions at the same time and later it
delivers a detailed report about the suspicious file
FOCA
FOCA is the abbreviation of Fingerprinting Organizations with Collected Archives. Like its name in-
dicates, this tool helps you collect metadata and information from documents. It can analyse many
different file formats including Microsoft Office, Open Office, and PDF files.
Image Credit: softpedia
Its official Github repository is: https://github.com/ElevenPaths/FOCA
Bonus: Buscador VM (OSINT OS)
If you are looking for a ready to use customized operating system you can simply use Buscador.
This virtual machine contains a huge collection of OSINT tools and scripts to help you gather in-
formation about the targets. The VM was developed and maintained by https://inteltechniques.com
Image Courtesy
The VM can be downloaded from here: https://inteltechniques.com/buscador/

TOP 20 Open-Source Intelligence (OSINT) Tools You Should Know in 2020 Â " Chiheb Chebbi

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

TOP 20 Open-Source Intelligence (OSINT) Tools You Should Know in 2020 Â " Chiheb Chebbi

Uploaded by

Copyright:

Available Formats

10/08/2020 TOP 20 Open-Source Intelligence (OSINT) tools you should know in 2020 – Chiheb Chebbi

Follow Sponsor this post

TOP 20 Open-Source Intelligence (OSINT) tools you should know in 2020

TOP 20 tools every security professional should have in 2020

Wikipedia defines OSINT as follows:

"Open-source intelligence is data collected from publicly available sources to be used in an

Let’s start exploring them:

You can use it by visiting the official website: www.shodan.io

To learn more about it:

The how to use Shodan wiki

You can download it from here: https://github.com/lanmaster53/recon-ng

To learn more about it:

OSINT with Recon-ng | Open Source Intelligence [4]

To learn more about it:

How I use theHarvester for Recon - [Video]

To learn more about it:

How to use Maltego - part 1

You can download it from here: https://exiftool.org

To learn more about it:

Extracting Juicy info from an Image using Exif-Metadata

Global Terrorism Database

Its official website is: https://www.start.umd.edu/gtd/access/

Its official website is: https://onionscan.org

Its official Github repository is: https://github.com/DataSploit/datasploit

Its official website is: https://openphish.com

Malware Information Sharing Platform (MISP)

Malware Information Sharing Platform or simply MISP is an open-source threat

Its official website:https://www.misp-project.org

Its official website is: https://www.spiderfoot.net

To learn more about it:

Investigating an Online Scam with Spiderfoot Hx

Its official website is: https://lampyre.io

To learn more about it:

Using Lampyre for Basic Email and Phone Number OSINT

An Instagram Open Source Intelligence Tool: https://github.com/sc1341/InstagramOSINT

Its official website is: http://metapicz.com/#landing

Its official website is: https://search.carrot2.org/#/web

Its official website is: https://censys.io

Its official website is: https://dnsdumpster.com

Image Credit: softpedia

Its official Github repository is: https://github.com/ElevenPaths/FOCA

Bonus: Buscador VM (OSINT OS)

The VM can be downloaded from here: https://inteltechniques.com/buscador/

You might also like