OSINT Cheatsheet

This site is a reference for Open Source Intelligence (OSINT)

Last updated on 14 June, 2021 at 09:50:16 Optimized for

Open Source Intelligence deals with information gathered from publicly available sources that can be used in an intelligence context. This can vary widely and be anything from hashes, emails, newspaper articles or geo-locations.

For the full experience we recommend viewing this website on a desktop or tablet.

OpSec OSINT Git Python Bash Linux CLI Package Management Regular Expressions Nano Vim HTML5 Markdown Bootstrap 4 JQuery Flask ASCII IP HTTP Port Numbers

Use the compass to jump to a specific section of the selected cheatsheet

Tools

Tools used for OSINT investigations

Command	Description
`Maltego`	Powerfull tool to network topology mapping and much more
`SpiderFoot`	A tool that automates OSINT collection
`twint`	An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations
`Photon`	Incredibly fast crawler designed for OSINT
`HaveIbeenPwned`	Search email addresses that has been subject to a data breach and get information about the data breach
`Pipl`
`Google Hacking Databse`	Dorks for querying sensitive information or vulnerable content

Terms

Terms used in relation to OSINT

Command	Description
`Dorking`	Using search parameters to narrow down results in a Google search for information which is otherwise difficult to locate (see tools for a database of dorks)

Archived Information

Search through cached and archived content

Command	Description
`The Wayback Machine`	Archive of webpages throughout time as they change
`Archive Today`	Another timecapsule for webpages
`Google and Bing`	Both offer cached versions of webpages

Search Operators

Google and Bing

Also known as Google Dorking

Command	Description
`"Search Term"`	Search for the exact phase
`TermA OR TermB`	Search for TermA or TermB
`site:www.example.com`	Return results only from www.example.com
`filetype:pdf`	Return results that are of filetype pdf
`intitle:`	Search for sites with the given words in their title
`inurl:`	Search for sites with the given words in their URL
`intext:`	Search for sites with the given words in the text of the page
`inanchor:`	Search for sites that have the given words in links pointing to them
`cache:`	Show most recent cache of a webpage

Online Resources & Books

OSINT Framework

A huge collection of resources to use when doing OSINT investigations

Intel Techniques

A truly exceptional resource for OSINT investigators

Shodan

Discover various online devices (IoT, thermostats, printers, cameras)

Have I Been Pwned

Search email addresses to see if they have been involved in any known data breaches

Social Analyzer

API, CLI & Web App for analyzing & finding a person's profile across 350+ social media websites