How to use OSINT framework

Open Source Intelligence (OSINT) framework is a boon to the digital world as it assists one in crystallizing the large chunk of data online and mining information that’s more relevant and valuable. OSINT tools simplify life with their segregation phenomenon. No wonder, it’s employed by various industries for optimum results.


Using the apt tools for your OSINT investigation can be effective if you combine it with critical thinking & have a set OSINT strategy, especially when it comes to its use in the cybersecurity field.

Whether you are on the opposite side working to recognize and mitigate future threats, running a cybersecurity investigation against a company/person, having pre-standard OSINT techniques and crystal-clear goals can save you a lot of time.

So, what are the various techniques and resources associated with OSINT on how it can be effectively used?

It’s important to keep in mind that there are many OSINT mechanisms & techniques, not all of them shall work for your target. First, you will have to solve a couple of questions:

● What are you looking for?
● What is your main research goal?
● What or who is your target?
● How are you planning to run your research?

Try to find the answer to the above-listed questions, and that will be the first step in your OSINT investigation.


By usage, several OSINT techniques are used by government & military agencies, however, they can also be applied to your own company, as well. Some may work, some may not, but that’s part of the OSINT strategy – you will have to identify which sources are good & relevant for your research.

Let’s look into the most popular OSINT techniques used in cyber security:

● Gather employee full names, job roles, as well as the software they use.
● Assess and monitor search engine information from Google (especially using Google Dorks), Bing, Yahoo, and others.
● Monitoring personal and corporate blogs, as well as evaluating user activity on digital forums.
● Identify various social networks used by the potential user or organization.
● Evaluate content available on social networks like Facebook, Google Plus, Linkedin, or Twitter.
● Utilize people data collection tools like Pipl, who will help you to reveal a lot of information about individuals in one place, all together.
● Accessing old cached data from Google – often reveals fascinating information.
● Exploring old versions of websites to reveal the most important information using sites like the Wayback Machine.
● Recognize mail addresses, mobile phone numbers from social media networks, or Google results.
● Look for photographs & videos on common social photo-sharing sites, like Flickr, Google Photos, & more.
● Utilize Google Maps and other open satellite imagery sources to retrieve images of users’ geographic location.
● Utilize tools like GeoCreepy to track down geographic location information to have a clear picture of the users’ current locations.
● Utilize automated OSINT tools to retrieve information, such as Sunartek’s OSINT Tools.
● Utilize popular OSINT extensions that include useful sources like OSINT Browser.
● Exploring of DNS Services, as well as domains, subdomains, and IP addresses utilizing our own SecurityTrails toolkit.
● Run port scanners against the target company server infrastructure to discover running services.
● Utilize tools to search for internet-connected devices like Shodan used by your target.


So, these were some of the most popular techniques you will find. However, after you’ve taken action towards carrying out OSINT research, you’ll have plenty of data to analyze. That’s when you will have to refine your results and carry a detailed search for all the necessary things you need & discard the rest.


The language of the data gathered might be too technical to comprehend; hence post the data is gathered, the technology does its last bit – translates it into a format that’s easy for humans to understand, especially for those people who rank higher in the hierarchy of a company.