OSINT: tools / Habr

OSINT: tools / Habr

Introduction

Originally, when I started writing this article, I wanted to write about how to work with every tool that I personally know and use. But then I decided: firstly, all the tools are very similar, secondly, most of them can be mastered even by a first-grader, which is why the article is written as it is now.

OSINT

OSINT – Open Source Intelligence or intelligence from open sources. This is a very effective way of learning information about a person.

Modern realities are such that those who want to learn more about you do not have to spend a long time collecting it from various material sources. You yourself write a dossier on yourself in social networks, comments under friends’ posts, etc. The scout only needs to analyze the entire amount of information you give him and structure it.

So, now we will talk specifically about OSINT methods and tools. I suggest not to delay and start right away.

How does it all work?

In fact, all of OSINT boils down to the fact that you simply analyze all the information available on the Internet about a person. Unexpectedly, but for this you also need to find it, there are two ways: manual search and automation.

Manually searching for information is really relevant very rarely, only when you need to search very specific sites or sites that are not analyzed by available tools (well, or you need to analyze one or two sources and there is no point in using the tools).

In automated search, there is an intermediary between you and the search process — your framework. It is he who searches hundreds of different sources, providing you with the received information. All you need to do is analyze and structure it, and draw conclusions (although now this function is gradually being taken over by programs).

In general, even a fool will understand that automation is much better. For example, one of the best nick search tools (it’s called snoop and will be covered later) searches at least 500 sources. It will take you an hour and a half to do it with your hands, and the program takes less than two minutes.

As we have already understood, all operations can be performed with a banal Google search, but tools for OSINT are much more convenient. I suggest you see what tools are available.

Tools for OSINT

The main open source search tools are tools for:

  • information gathering;

  • Analysis and visualization (especially useful if you conduct a full-fledged investigation);

  • Monitoring the appearance of new information somewhere (useful if you use social networks for intelligence, and the target actively leads them);

  • Analysis of sites and search for vulnerabilities on servers (this is a separate big topic, I will not consider it in this article);

Information search

So, let’s start with the simplest (but not always) – information search. In general, there are many different options for what we can be given. It can be anything, starting with a photo of the car, ending with some personal data.

In fact, if you know a target’s real name, you can easily find them on social media (with very rare exceptions), and then you will know everything about who the target hangs out with, where they live, etc. Even if the target doesn’t have a single photo on their profile, but has at least one friend, you can still find out at least their city of residence, and under certain good conditions, everything, down to the house and floor.

After you become known in at least one social network, you can try to find the same person in other social networks. Because people mostly tend to use similar usernames on different services.

Regarding search tools by name and nickname:

  • Maryam – like everything in this selection – is an open source tool. Basically, it’s one of the most functional search tools I’ve ever used. It is quite suitable for searching for a real name and for searching by nickname. Available on github.

  • Snoop – I’ve mentioned him before. Snoop is truly one of the fastest and most powerful name search tools out there. It uses about 500 sources of information collection. The tool is open source, but there is also a paid version, it just uses more sources to gather information.

  • Alfred is a utility for collecting information and identifying accounts in social networks. I learned about this program not too long ago and I don’t have much experience using it.

By name search tools – that’s all (from what I’ve used).

Now let’s talk a little about image search. As I said before, people not only wrote a dossier on themselves, but many also contributed a large volume of their photos. And we can use that to find a person, even if we don’t know their name yet, but we have at least one picture of them.

A tool that I have personally used and am quite happy with: search4face.com. It is relatively quick and convenient to search for people by photo (mostly from avatars) in VK, TikTok and classmates. Anyone can understand the interface. I can’t say anything more about him.

Note

* Here I wanted to write about some other tools, but I didn’t find any more as convenient (I mean those where you don’t need to register and/or pay). If you know of such, write to me in the LZ, I will add them here. Thank you.

Next is no less important search by area, i.e. when we have a couple or three photos and we need to know where it was taken. Here the choice of tools is very large, in fact you can use even the banal Google Maps, but there are also more convenient tools:

  • 2gis – well suited for finding some small business, because even the boundaries of the premises inside the building where the company sits are marked there.

  • DualMaps – in a nutshell: it’s just Google Maps from two different angles and Google Street Viewer. This can be useful, for example, if it is not possible to use a second monitor, and it is inconvenient to switch between windows.

  • demo.f4map – a well-detailed 3D map. It can be useful if you need to “peek” into some yard or look at the city in 3D. By the way, in some cases – a more detailed map than even Google Earth.

  • Free map tools – a very useful tool if you need to place dots, draw radii, measure distance, etc.

Now, a little about searching by email:

In addition, the same Maryam (we talked about him above) has some email search capabilities.

Also, let’s not forget about search by phone number, Everything is simple here: PhoneInfoga is one of the best programs for this. I will not dwell on it, I think Google knows how to use everything.

This is the end of the tools, if I forget something – write to me in PM, I will definitely add it.

Structuring and analysis of received information

After collecting information, it must be properly structured and analyzed. You can use several tools for this:

Personally, I like to present information in the form of a graph. So that it came out like in detective stories (a board with evidence). I like to use Obsidian for this. It is quite suitable for constructing graphs and presenting some knowledge, accordingly, it is also suitable for this.

And another program, which, unlike the previous one, is only available for Windows and Mac — TheBrain. I don’t like it as much as Obsidian, although I haven’t used it very much.

In addition, sometimes it is convenient to collect data in tables, but I think there is no need to write them down here.

Analysis and monitoring of social networks

A good social network analysis can be useful, for example, if you need to get a better idea of ​​anyone’s social circle and interests. Usual and simple tools that look for mentions of a person or any topic in social networks can help us here:

  • Social Searcher is a free tool for monitoring social networks. In fact, it is a special search engine that looks for mentions of what it will be told. The only problem is that it does not work in Russian social networks (such as VK).

  • Google Alerts – notifies you about the appearance of the specified information on the Internet. This tool can be applied both to yourself (monitor information about yourself) and to your target.

As for the search tools – that’s all I can say.

Practice

OSINT is largely hands-on. This skill must be practiced, and now I will tell you where and how.

  • Try to do your own investigation. You can try to find out information about one of your acquaintances, etc. It will be good training as it will actually be the real deal.

  • Codeby.games is a good service, where, in addition to other tasks, there is also an OSINT category. There are a wide variety of both complex and simple tasks.

  • Osint Tasks Bot – a telegram bot that issues and checks OSINT tasks, mainly maps and terrain searches (it works a little slow, but it has my favorite terrain search task).

These are the main methods I use for practice. I believe the first (investigate) is the most effective and realistic because it gives a full sense of OSINT.

This concludes our selection of open source intelligence tools, thank you to everyone who has read this far.


This concludes the article. If I forgot something or made a mistake somewhere – write in the comments or PM.

From the author:

Thank you for reading the article to the end, I hope it was useful and saved you time. If you want to influence the publication of further articles, you can subscribe to my Telegram channel, there will be polls about the publication of new articles and various interesting materials. If you want to contact me or suggest a topic for an article, my contacts are on the website.

Thanks again for reading this far!

Good luck!

If you look events in Mykolaiv – https://city-afisha.com/afisha/

Related posts