OSINT or "Open Source Intelligence" means "Renseignement de Source Ouverte". It is intelligence obtained from a public source of information. The investigator who collects this type of source is called an osinteur.
It is a set of techniques for finding information from data that is open to all. It is not an illegal technique, because it is in fact using data made public by Internet users and organizations, on social networks for example.
What are the sources of public information?
OSINT sources can be divided into six different categories:
- The media, printed newspapers, magazines, radios, television channels in the different countries;
- Internet, online publications, blogs, discussion groups, citizen media, YouTube and other social networks;
- Government data, reports, budgets, hearings, directories, press conferences, official websites and speeches. This information comes from official sources, but it is publicly available and can be used freely;
- Professional and academic publications, from academic journals, conferences, publications and theses;
- Commercial data, satellite imagery, financial and industrial evaluations and databases;
- Grey literature, technical reports, pre-publications, patents, working papers, commercial documents, unpublished works and newsletters.
Who uses OSINT?
This type of information is used by investigators as well as journalists, security and IT professionals. It allows to detect and fight against many digital threats such as phising, frauds or scams.
This technique can also be used by hackers to collect as much information about their targets as possible before going on the attack.
How to make OSINT?
There are many tools to access this information: social networks, websites, etc. With a few clicks, it is possible to bring up a multitude of results via search engines like Google.
Here are some tools:
- Maltego : Maltego specializes in discovering relationships between people, companies, domains and public information on the Internet.
- Recon-ng : Recon-ng does not claim to perform all OSINT collection, but it can be used to automate most popular collections, freeing up time for tasks that can only be done manually.
- theHarvester : Designed to collect existing public information outside the corporate network, theHarvester is one of the easiest tools in this series to use.
- Shodan : This specialized search engine is used to find information about the billions of devices in the Internet of Things (IoT).
- Metagoofil : This other tool available for free on GitHub is optimized to extract metadata from public documents.
- Searchcode : This powerful and highly specialized search engine searches for useful information inside the source code.
- SpiderFoot : This tool is the equivalent of Metasploit but for OSINT. SpiderFoot can fetch an IP address, a domain name, an e-mail address, a user name, a subnet or an ASN (Autonomous System Number).
If you want to learn more about this discipline, there are communities that are getting bigger and bigger and that propose to practice on challenges.
In October, the OZINT platform was launched, offering discussion groups and challenges to be solved by teams: https://ozint.eu