OSINT (Open-Source Intelligence) Cheatsheet ๐


๐ What is OSINT?
OSINT (Open-Source Intelligence) refers to collecting and analyzing publicly available information from various sources, including social media, websites, government records, and dark web marketplaces. It is widely used in cybersecurity, penetration testing, law enforcement, and threat intelligence.
This cheatsheet covers the best tools, techniques, and methodologies for conducting OSINT investigations effectively.
1๏ธโฃ OSINT Data Sources
๐น Search Engines: Google, Bing, DuckDuckGo
๐น Social Media: Twitter, Facebook, LinkedIn, Reddit
๐น Domain & IP Information: WHOIS, Shodan, VirusTotal
๐น Leaks & Breach Data: Have I Been Pwned, Dehashed
๐น Metadata Analysis: ExifTool, FOCA, Metagoofil
๐น Dark Web: Onion search engines, Tor services
๐น Public Records: Government databases, court records
2๏ธโฃ Search Engine Dorking (Google Hacking)
Google Dorks are advanced search queries that help find exposed databases, sensitive files, and misconfigurations.
๐ Common Google Dorks:
๐น Find exposed login pages:
inurl:login
๐น Find files with sensitive data (PDF, XLS, DOC, etc.):
filetype:pdf OR filetype:xls OR filetype:doc site:example.com
๐น Find cameras and IoT devices:
inurl:"view/view.shtml"
๐น Discover indexed directories:
intitle:"index of" site:example.com
๐น Find emails from a domain:
site:example.com intext:"@example.com"
๐ More Google Dorks: Exploit-DB Google Hacking Database
3๏ธโฃ Social Media OSINT
๐ Tracking Social Media Footprints:
๐น Twitter OSINT: TweetDeck, Twint
๐น Facebook OSINT: Facebook Graph Search
๐น LinkedIn OSINT: Search for employee leaks using:
site:linkedin.com "@company.com"
๐น Reddit Investigations: Find discussions related to a target:
site:reddit.com "keyword"
๐ Tool: Sherlock โ Finds social media accounts across platforms
4๏ธโฃ WHOIS & Domain Reconnaissance
๐ Find details about a domain:
๐น WHOIS Lookup:
whois example.com
๐น Find subdomains:
sublist3r -d example.com
๐น Reverse DNS lookup:
nslookup example.com
๐น Scan ports for vulnerabilities:
nmap -A example.com
๐ Tools:
๐น Shodan โ IoT search engine
๐น VirusTotal โ Check for malicious domains
5๏ธโฃ OSINT on Leaks & Breaches
๐น Find leaked passwords & credentials:
site:pastebin.com OR site:throwbin.io "email@example.com"
๐น Check if your email is part of a data breach:
Have I Been Pwned
๐ Tool: Dehashed โ Search leaked databases
6๏ธโฃ Image & Metadata Analysis
๐ Find metadata in images & documents:
๐น Extract metadata from an image:
exiftool image.jpg
๐น Find GPS coordinates in images:
exiftool -gps image.jpg
๐น Reverse Image Search: Google Images, Yandex
๐ Tool: FOCA โ Extracts metadata from documents
7๏ธโฃ OSINT Dark Web Investigations
๐น Access dark web safely with Tor Browser
๐น Use dark web search engines:
๐ Tool: OnionScan โ Analyzes dark web services for vulnerabilities
8๏ธโฃ OSINT Investigation Automation
๐ Best OSINT Frameworks & Tools:
๐น SpiderFoot โ Automated OSINT recon
๐น theHarvester โ Gathers emails, subdomains, and names
๐น Maltego โ Graphical link analysis tool
๐น Recon-ng โ Python-based reconnaissance framework
9๏ธโฃ OSINT Best Practices & Ethics
โ
Always use legitimate & legal sources
โ
Protect your own identity during OSINT research (use VPNs, Tor)
โ
Avoid unauthorized access to systems (stick to public data)
โ
Document findings with proper evidence collection
๐ Learn More: OSINT Framework
๐ Conclusion
Mastering OSINT gives you an edge in threat intelligence, cybersecurity, and investigations. Whether youโre tracking hackers, gathering intel on vulnerabilities, or investigating leaks, these tools and techniques will help you navigate the world of open-source intelligence.
Subscribe to my newsletter
Read articles from Dheelep directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
