OSINT (Open-Source Intelligence) Cheatsheet ๐Ÿ”

DheelepDheelep
3 min read

๐Ÿ“Œ What is OSINT?

OSINT (Open-Source Intelligence) refers to collecting and analyzing publicly available information from various sources, including social media, websites, government records, and dark web marketplaces. It is widely used in cybersecurity, penetration testing, law enforcement, and threat intelligence.

This cheatsheet covers the best tools, techniques, and methodologies for conducting OSINT investigations effectively.


1๏ธโƒฃ OSINT Data Sources

๐Ÿ”น Search Engines: Google, Bing, DuckDuckGo
๐Ÿ”น Social Media: Twitter, Facebook, LinkedIn, Reddit
๐Ÿ”น Domain & IP Information: WHOIS, Shodan, VirusTotal
๐Ÿ”น Leaks & Breach Data: Have I Been Pwned, Dehashed
๐Ÿ”น Metadata Analysis: ExifTool, FOCA, Metagoofil
๐Ÿ”น Dark Web: Onion search engines, Tor services
๐Ÿ”น Public Records: Government databases, court records


2๏ธโƒฃ Search Engine Dorking (Google Hacking)

Google Dorks are advanced search queries that help find exposed databases, sensitive files, and misconfigurations.

๐Ÿš€ Common Google Dorks:
๐Ÿ”น Find exposed login pages:

inurl:login

๐Ÿ”น Find files with sensitive data (PDF, XLS, DOC, etc.):

filetype:pdf OR filetype:xls OR filetype:doc site:example.com

๐Ÿ”น Find cameras and IoT devices:

inurl:"view/view.shtml"

๐Ÿ”น Discover indexed directories:

intitle:"index of" site:example.com

๐Ÿ”น Find emails from a domain:

site:example.com intext:"@example.com"

๐Ÿ“Œ More Google Dorks: Exploit-DB Google Hacking Database


3๏ธโƒฃ Social Media OSINT

๐Ÿ” Tracking Social Media Footprints:
๐Ÿ”น Twitter OSINT: TweetDeck, Twint
๐Ÿ”น Facebook OSINT: Facebook Graph Search
๐Ÿ”น LinkedIn OSINT: Search for employee leaks using:

site:linkedin.com "@company.com"

๐Ÿ”น Reddit Investigations: Find discussions related to a target:

site:reddit.com "keyword"

๐Ÿ“Œ Tool: Sherlock โ€“ Finds social media accounts across platforms


4๏ธโƒฃ WHOIS & Domain Reconnaissance

๐Ÿš€ Find details about a domain:
๐Ÿ”น WHOIS Lookup:

whois example.com

๐Ÿ”น Find subdomains:

sublist3r -d example.com

๐Ÿ”น Reverse DNS lookup:

nslookup example.com

๐Ÿ”น Scan ports for vulnerabilities:

nmap -A example.com

๐Ÿ“Œ Tools:
๐Ÿ”น Shodan โ€“ IoT search engine
๐Ÿ”น VirusTotal โ€“ Check for malicious domains


5๏ธโƒฃ OSINT on Leaks & Breaches

๐Ÿ”น Find leaked passwords & credentials:

site:pastebin.com OR site:throwbin.io "email@example.com"

๐Ÿ”น Check if your email is part of a data breach:
Have I Been Pwned

๐Ÿ“Œ Tool: Dehashed โ€“ Search leaked databases


6๏ธโƒฃ Image & Metadata Analysis

๐Ÿš€ Find metadata in images & documents:
๐Ÿ”น Extract metadata from an image:

exiftool image.jpg

๐Ÿ”น Find GPS coordinates in images:

exiftool -gps image.jpg

๐Ÿ”น Reverse Image Search: Google Images, Yandex

๐Ÿ“Œ Tool: FOCA โ€“ Extracts metadata from documents


7๏ธโƒฃ OSINT Dark Web Investigations

๐Ÿ”น Access dark web safely with Tor Browser
๐Ÿ”น Use dark web search engines:

๐Ÿ“Œ Tool: OnionScan โ€“ Analyzes dark web services for vulnerabilities


8๏ธโƒฃ OSINT Investigation Automation

๐Ÿš€ Best OSINT Frameworks & Tools:
๐Ÿ”น SpiderFoot โ€“ Automated OSINT recon
๐Ÿ”น theHarvester โ€“ Gathers emails, subdomains, and names
๐Ÿ”น Maltego โ€“ Graphical link analysis tool
๐Ÿ”น Recon-ng โ€“ Python-based reconnaissance framework


9๏ธโƒฃ OSINT Best Practices & Ethics

โœ… Always use legitimate & legal sources
โœ… Protect your own identity during OSINT research (use VPNs, Tor)
โœ… Avoid unauthorized access to systems (stick to public data)
โœ… Document findings with proper evidence collection

๐Ÿ“Œ Learn More: OSINT Framework


๐Ÿš€ Conclusion

Mastering OSINT gives you an edge in threat intelligence, cybersecurity, and investigations. Whether youโ€™re tracking hackers, gathering intel on vulnerabilities, or investigating leaks, these tools and techniques will help you navigate the world of open-source intelligence.

0
Subscribe to my newsletter

Read articles from Dheelep directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Dheelep
Dheelep