What is Open-source Intelligence (OSINT) and its its advantages for Ethical-Hackers?

written by Amine Amhoume is a freelance writer and Ethical-Hacker

What is Open-source Intelligence?

Open-source Intelligence or OSINT is a part of the reconnaissance process that consists of using any online public intelligence that can provide information about a company, organization, or individuals. As an ethical hacker, you can use the data when performing target reconnaissance. In this article, you will gain a clear overview of OSINT by understanding some concepts of it, tools used to perform basic researchers, as well as its advantages for hackers and non-hackers.

What kind of information can you get from the OSINT sources?

OSINT can be very informative if you use it properly, it gives you a general idea of what you are trying to get through. The following list contains some helpful interests you can obtain with OSINT:

  • An overview of the Headquarter of the target company and its branches and their specializations ( some branches might have sensitive information than others).
  • Associated companies and partners whom might have some kind of partnership with the target.
  • What type of technology the target utilize to provide its services. For example, the vendor that provides the company with network devices and operating systems.
  • The target’s official website and its sub-domains.
  • Social media accounts (Facebook, Twitter, Linkedin…) of the company and its employees or for other individuals too, you can use those data in social engineering attacks.
  • Posts and questions the company employees post in different forums, Q&A websites, and
  • newsgroups, to see if there was an issue in the company infrastructure.
  • Unsecured devices used by the company
  • Domain name server (DNS), IP addresses, metadata, and Statistics.

By the same token, it is awesome how all those significant information you can find just by using search engines (like Google, Bing, DuckDuckGo, and Yahoo) are available to public, you can use those  search engines in a specific way (Google’s Dorks for example), this will guarantee you fetching  more efficacious results  (a list of other search engines will be available for you later in this article). the expected effect of this is to make it easy for you to find your way into the target’s privacy.

Keep in mind that the number of results you can collect depends on the aim of the search. For example, some sensitive information like a military database or government documents…etc cannot be found easily (unless this information was leaked to the public).

OSINT Advantages

As can be seen, OSINT has a lot of advantages to help you discover some powerful information, it can determine the success of any hacking or pentesting mission. But how can this be possible? The answer is, the more information you get, the easiest the next hacking steps will be, and more attacks you can perform.

Also, it saves time for you to do other duties. On the positive side, when performing an information gathering process about a target using OSINT, it will be impossible for the target to notice that, for this reason, you will avoid troubles, because the alarm systems will not track you. For examples, when collecting information about a company’s services or individual’s social media accounts, no one will notice, because this is what most normal users do.

Besides that, amassing information from public resources is a legal process, no authority can interrupt your operation. Moreover, the whole process consists of using free recourses and this can reduce the cost of the operation, not only that but, you can do it from anywhere and anytime.


There are various tools you can use when trying to access to public information. This list contains some of the major tools and websites used to collect different information:

  • Maltego: is a platform you can use to form a graphic map of relationships and links between people (a group of people for example), websites, companies or organizations, domains, IP addresses, and DNS, along with anything related to these things.
  • Theharvester: is a great tool to look for emails, subdomains, hosts, employee names, open ports using search engines, so you can keep tracking the target’s footprints. if you are using Kali Linux the tool is already installed all you have to do is to open the terminal and type “theharvestar –help”, then a list of options will be shown with examples of how to use the tool.
  • Metagoofil: This tool can search for metadata using Google search engine and extract usernames, a software version, path storage names, and a server. The tool is easy to use, and very informative as well.
  • Shodan: This search engine was developed to search for unsecured devices, you can achieve that by entering device’s type (Tenda routers for example) and a list of address IP with their location will show up, together with other important parameters.
  • Yandex: This Russian search engine is the fourth largest search engine in the world, it allows you to perform some effective researches.
  • Soovle: This is a graphical serial search engine you can use to search for topics in different websites like Youtube, eBay, Wikipedia and much more at the same time, so you don’t have to re-enter the query every time in the search bar.
  • Dogpile: website to look for metadata in the major search engines it was developed to save time for its users by providing best results.

Other Websites

For Documents and Slides Shares

  • authorstream.com
  • freefullpdf.com
  • slidesearchengine.com
  • pdfsr.com
  • ppthunter.com
  • scribd.com
  • sopdf.com

Code Searching

  • earch.nerdydata.com
  • searchcode.com
  • Reddit’s Tools
  • metareddit.com
  • redditarchive.com
  • redditinvestigator.com

Websites to look for companies

  • allstocks.com/links
  • avention.com
  • bizeurope.com
  • ceebd.co.uk/ceebd

Websites for job positions

  • glassdoor.com
  • indeed.com
  • monster.com
  • reed.co.uk
  • headhunter.com
  • dice.com
  • simplyhired.com

Q&As Websites

  • quora.com
  • answers.com
  • ask.com
  • wiselike.com
  • answers.yahoo.com

OSINT is for everyone

Open-source Intelligence is not only for hackers, normal people from other industries can use it too. For example, when a person is trying to look for the best place to spend a vacation by checking each place with its features, that person is using the data that was granted publicly and this is what OSINT is all about. Another example, job seekers can use OSINT to look for jobs, emails of H.Rs, and contact names of Managers to send them their resumes. Journalists/writers can use it too to look for evidence, references, and proofs about what they are writing about. Another key point, the military, and governments can use all the usable recourses to track events and to detect local and global threats.


Finally, due to the lack of resources, people used to find it difficult to discover valuable information in the past.  As has been noted, in today’s world, most of the information you may need is accessible. In the same way, Open-source Intelligence is a deep ocean to dive in, it will help you save time and gain more knowledge about your objectives, as well as increasing chances for your hacking operation to be successful.

About the author:

Amine Amhoume is a freelance writer and Ethical-Hacker, who just started his writing career.  He graduated from Caddi Ayyad university in English literature. Also, he participated in many CTF competitions.

Social media: