What is Open Source Intelligence (OSINT)?
Open Source Intelligence, often abbreviated as OSINT, is data and information collected legally from open and publicly available resources. Obtaining the information doesn’t require any clandestine effort, and it is retrieved in a manner that is legal and meets copyright requirements. Then, the raw data and info are collected and then analyzed to help understand something more clearly. The OSINT framework supports decision-making, assesses public perceptions, forecasts changes, and more.
Who Engages in Open Source Intelligence gathering and analysis?
Technically, anyone who knows how to use the tools and techniques to access the information uses the process. However, the process is used formally by the United States intelligence community, the military, law enforcement, IT security professionals, private businesses, and private investigators.
Initially, the Central Intelligence Agency (CIA) created the Open Source Center, which builds on the established expertise of the CIA’s Foreign Broadcast Information Service (FBIS). The Open Source Center collects, produces, and promotes OSINT.
What types of data and information are considered to be Open Source?
Open-source data and information are available in various places, most of which are accessible via the internet. Examples include:
- Public records databases like BeenVerified, Spokeo, and Intelius.
- Government reports, documents, and websites
- The Internet
- Mass media (e.g., newspapers, TV, radio, magazines, and websites)
- Social networks, social media sites, user account profiles, posts, and tags
- Maps and commercial imagery
- Photos, images, videos
- The dark web
List of Open Source Intelligence Tools
The tools and techniques used in Open Source Intelligence searching go much further than a simple Google search. Following is a list of helpful, time-saving open-source intelligence tools. Note that most of the resources are free, although some have advanced features for a fee.
Email Breach Lookup
This is one of my favorite open-source intelligence tools because anyone can use it. Have I Been Pawned? allows you to find out if a particular email address was affected by one of the many data breaches that have occurred over the years. Just enter an email address, which will tell you which breaches the email was affected by. In addition, it gives a brief overview of the breach.
Hoaxy – Hoaxy is an open-source search tool that visualizes the spread of articles online (no longer active).
Media Bugs – A media bug is something in the media (e.g., newspaper, magazine, radio, etc.) that is wrong and correctable. Mediabugs.org allows anyone to report a bug, and they will work with the media outlet to correct it. Use the site to help identify fake or incorrect news and look for correct versions.
PolitiFact – Politifact focuses on fact-checking journalism. Politifact uses a helpful rating scale to rate statements made by journalists, political figures, and others. The rating scale runs from “True” to “Full Flop.” It is a helpful way to know who is telling the truth and who is lying. For example, just read through some of the statements Politifact makes. Then, you’ll quickly realize that much of what we hear from politicians isn’t true. The company won a Pulitzer Prize for its work.
SciCheck – SciCheck is a feature of FactCheck.org that focuses on evaluating false and misleading scientific claims made to influence public policy. For example, when a political figure says that “global warming isn’t real,” they make a false claim to sway public opinion. SciCheck evaluates such claims and explains whether or not they are true.
Snopes – Snopes.com is one of the oldest, best, and most well-known fact-checking sites. The free site researches everything from urban legends, rumors, myths, questionable photos and videos, articles, and claims made by public figures. Note: Snopes was recently caught posting copyrighted material from other news sites.
Verification Junkie – Verification Junkie, is a collection of tools to help verify and fact-check information and assess the validity of eyewitness reports. This site has a collection of very cool tools worth digging into.
Hacking and Threat Assessment
Norse – Norse maintains the world’s largest dedicated threat intelligence network. With over eight million sensors that emulate over six thousand applications. Their network gathers data on who the attackers are and what they’re after. Their home page shows a live attack map with real-time information on attacks.
Spyse – Spyse is a cyber security search engine that helps you find technical information about internet-based assets. They have a broad range of helpful tools. Examples include a subdomain finder, reverse IP lookup, port scanner, DNS lookup, and more.
OSINT Image Search
The following tools go beyond most major search engines’ typical Image Search options.
Current Location – Current Location is a neat map search tool that allows you to select a position on the map anywhere in the world. Then, you can view photos within a certain radius of your location. It checks photos posted to Instagram, Flickr, and 500px.
Image Identification Project – The Wolfman Image Identification Project is a search tool that uses algorithms to identify images. Drag and drop or upload an image into the search form, which will attempt to tell you what it is.
TinEye – TinEye is a reverse image search that allows you to search by image and find out where that image is online. You can upload a photo, drag and drop it to the search box, or search using a URL for an image. The index has over 30 billion images.
Public Records (Property)
I assume that everyone is familiar with the information you can get from sites like Zillow, Trulia, Realtor.com, etc. Those sites are always helpful and should be a part of your investigative toolbox. The following tools provide various twists on property records searching and are worth checking out.
Melissa Data Property Viewer – This open-source intelligence tool allows you to view property information for almost any property. Just enter a zip code to start. Then, you can zoom in using a map or satellite view down to a specific property. Click on a specific property to get public records such as the full address, owner name, resident’s name, value, year built, building and lot square footage and more. This can be helpful when you’re planning to do surveillance and want to ensure you have the right home.
Emporis Building Search – The Emporis site allows you to search for buildings, companies, and design/construction images worldwide. Their free building search engine allows you to search by building name to find the exact location of a building. This can be useful if all you have is the building name and you need to reverse-match it back to an address.
OSINT Search Engines
Google Correlate – Google Trends Correlate can help you identify search patterns that correlate with real-world trends. It can be used to identify search patterns that are similar to one another. For example, you could use the tool to find out if there is a link between new legislation and gun sales (at least in terms of the search volume related to the two topics).
Million Short – Million Short has an exciting approach to searching for information online. The interface is generally similar to a typical search engine. However, you can sort and filter the results in several ways. Examples include popularity, eCommerce, live chat, date, location, etc. Also, it automatically pulls out the top sites that usually occupy the top spots in any search result (e.g., Amazon.com, eBay, YouTube, etc.)
Shodan – Shodan is a search engine and network security tool for the internet of things. It finds devices on the internet like web servers, webcams, appliances, traffic lights, and even power plants.
TalkWalkerAlerts – TalkWalkerAlerts is an excellent alternative to Google Alerts because, in addition to monitoring the web for specific keywords, it monitors social media, blogs, and forums. This can be helpful if you need to find mentions of someone’s name or business across the web.
OSINT Social Media Search Tools
Facebook Search Tools – A collection of helpful links to Facebook online help resources and various open-source search forms. Learn how to run searches and queries that go far deeper than the standard website or app search.
TweetBeaver – If you’re doing research that involves a Twitter user, TweetBeaver is a great resource. Use it for things like downloading a user’s friends list, downloading a user’s followers list, checking to see if two accounts follow one another, and much more.
OSINT Tool Websites
Many websites are dedicated to aggregating tools and links similar to this page. Some are excellent resources worth bookmarking, while others are just dead links. Following are some of the better resources:
- IntelTechniques – This is probably the best site in the industry. It has many resources, links, and online search forms. In addition, the author Michael Bazzell, provides training, news, and industry information.
- OSINT Combine – Various free search tools for TikTok, Instagram, Reddit, Snapchat, etc. Also, has a reverse image analyzer, data visualization tool, and more.
Maltego – Maltego is a software tool developed by Paterva. Law enforcement, forensic investigators, and security professionals use it to analyze open-source intel. It runs on Windows, Linux, and OSX. Investigators use the software to collect data and information from various sources and display them graphically. This helps reduce analysis time, make connections and uncover leads.
Earth Cam – Earth Cam is the gold standard for aggregating the world’s public live-streaming webcams and surveillance cameras in a way that makes sense.
Insecam – Insecam aggregate access to hundreds of surveillance and public web cameras worldwide. The cams are not “hacked” and do not include cams on computers, laptops, tablets, etc. The site has cams organized by various categories, but it is tedious to find exactly the area you’re looking for.
Transportation – Vehicles, Aircraft, Boats
Flight Radar 24 – Created by two Swedish aviation experts, this OSINT site allows you to view live flight tracking information around the globe. The free service tracks over 180,000 flights per day. The graphical interface shows an interactive map with moving plane icons. Hover over an individual plane icon to see the flight number. Click on the plane icon to see flight information and details on the aircraft itself.
Marine Traffic – This website provides global ship tracking intelligence. It is another excellent example of the visualization of large amounts of data. Visit the site and see a world map with a million little arrows. Each arrow represents a marine vessel. Click on any individual arrow to see what type of boat it is, such as a tanker, cruise ship, etc. You can filter the map in several ways, such as by ship type, capacity, voyage, and more.
Nationwide Aircraft Registry – Search a registry of all planes registered with the Federal Aviation Administration (FAA). The registry contains information about the aircraft, the owner(s), airworthiness, and more. The only challenge is knowing the registration number (n-number) to run a query.
VINCheck – VINCheck is an online tool provided by the National Insurance Crime Bureau. The tool helps determine if a vehicle is reported as stolen but not recovered. Enter the whole VIN number and click on the Search VIN button to run a search.
CheckUserNames – CheckUserNames is a handy open-source intelligence tool that will check the availability of user names on more than 500 social networks. Their new site is Knowem.com, which adds additional services to the mix, including searching the USPTO trademark database.
Namech_k – This OSINT tool is a search engine that allows you to search domain names to see what is available and then go through the process of registering it or making an offer. In addition, it will check to see if a username is available on hundreds of social media networking sites. You can even have them signup for you.
VirusTotal – VirusTotal is an online tool that allows you to scan a file or URL to see if it has malware. VirusTotal uses virus scanners and URL/domain blacklisting services. The site allows users to upload a file or provide a URL. Then, it will run a scan and provide results to the user. In addition, VirusTotal shares the file/URL with the security community.
Visual / Clustering Search Engines
These search engines take searching a step further by sorting and organizing results. This helps users narrow down particular areas to focus on. And some allow users to use visualization tools to analyze data and information differently.
Carrot2.org – Carrot2 offers a unique search approach as it organizes search results into topics and visuals. They categorize results into topics in three ways. One is a series of folders by topic. Second, it displays the topics in a color-coded circle diagram (very cool). The size of the individual pieces indicates the number of results within each topic. The third method is “Foamtree,” which arranges the topics into a diagram by topic.
Yippy – Yippy searches multiple sources and provides a set of results similar to any search engine. However, it also groups the results by topic for easier sorting and viewing. It is not as visual as Carrot2, but still a helpful method of culling down the results. Note: The website redirects to DuckDuckGo.
BuiltWith.com – If you need to gather the technical details on a particular website, try BuiltWith.com. This OSINT tool is a website profiler, competitive analysis, and business intelligence tool. You can use their free search engine to analyze the technology profile of a website. Just enter a domain name and click search to find out which content management system (CMS) or content framework a site is using, including widgets and plugins.
Note: Most of these OSINT tools on this list will work on standard web browsers such as Google Chrome, Internet Explorer, Firefox, and Safari. However, they may have minor differences in how the site displays on the screen or your mobile device. Some of the solutions are designed specifically to search the dark web. You’ll need to download and install the TOR browser in those cases.
Questions / Suggestions
If you have any suggestions for this list of Open Source Intelligence tools, please post a comment below.
Yes, I’m trying to find someone that’s recently moved. I know the state and his name but am not 100% sure about the town but I also have his phone number but it is in his ex-wife’s name(or he says). Which one do you think I need to use to get answers on this guy?
Am surprised that you haven’t suggested using the Internet Archive – great tool for checking the content and status of a particular website in the past – its a very useful tool as it can provide access to information on people which appears to be no longer publicly available i.e. in the case of insurance fraud (my field) the archived websites of sports club websites have proven to be a fertile hunting ground to disprove or mitigate injury claims
Is there a particular site that provides this info or could you give an example of what you do