A Skill Everyone Should Have
We are living in the age where data is everything, the ability to collect, analyze, and interpret publicly available information is an essential skill.
Whether you work in cybersecurity, journalism, private investigation or just planning to become one, OSINT is the starting point.
I am starting this guide for those who want to learn OSINT legally and ethically, using free and publicly available tools. We will go from what to how across multiple articles.
What is OSINT ?
OSINT is the process of gathering and analyzing publicly available data to gain actionable insights.
This data can come from a wide range of sources: the internet, government records, social media, academic papers, TV, and even physical maps.
OSINT is legal as long as you’re accessing the information which is publicly available and not protected by credentials, encryption, or laws.
Common OSINT Terms
Indicator of Compromise (IOC) — A technical piece of data like an IP address, email, or file hash that indicates malicious activity.
Footprinting — Mapping out a company’s public internet presence.
Metadata — Hidden data within files (e.g., camera model, GPS coordinates)
Pivoting — A technique where you use one piece of data to discover more like using an email address to find additional accounts tied to that email.
TTPs - Tactics, Techniques, and Procedures used by threat actors
Geospatial Intelligence — Analysis of maps, images, and coordinates
OPSEC Operational Security — Protecting your own identity during investigations
How to Start Finding Information
- Search Engines: Search engines are your most basic yet powerful OSINT tool. With the right search queries, you can uncover a lot more than what’s shown in regular search results. Here are a few examples:
site:linkedin.com "John Doe"– search within a specific domain."John Doe" AND "New York"– exact match + location.filetype:pdf resume "John Doe"– search for resume files
2. Metadata:
- Use Exiftools to inspect image data then look for Camera type, GPS, date/time, software used.
- Fotoforensics.com
Images and documents contains embedded metadata.
3. Check Domain & IP Info
- theHarvester — Gathers emails, subdomains, IPs
- Shodan — Search engine for internet connected device
- Censys — Network scanning and asset discovery
- VirusTotal — URL, file, and IP analysis
- WHOIS Lookup — Domain registration info
Find out who’s behind a website, what services it is running, and if it is linked to any shady activity.
4. People Search Tools
- BeenVerified — People search engines (some features paid)
- Sherlock — Finds usernames across social networks
- WhatsMyName — Similar to Sherlock, but more comprehensive
For deeper searches, use burner emails and sock puppet accounts to avoid detection.
5. Check Leaked Data for Security Research legally.
- HaveIBeenPwned — Checks if email accounts were exposed in breaches
- Dehased - Paid
Use with care and never misuse the data you find.
6. Anonymize Your Activity
- Use VPN
- Tor Browser for sensitive research
- Virtual Machines (e.g., using Tails OS or Kali Linux for security-focused tasks)
Always use protection.
7. Useful Browser Add-ons
- uBlock Origin — Blocks ads and trackers
- User-Agent Switcher — Spoofs browser/device identity
- Lightshot / GoFullPage — Capture full web pages or screenshots
- Google Translate — Useful when navigating non-English sites
Beginner Practice Projects
Find all public info on yourself — Google yourself, check people search tools.
Investigate a business — Find its owners, domain info, old versions of site, social links.
Stay Safe and Ethical
OSINT is powerful but with power comes responsibility.
Do’s:
- Use only publicly available data.
- Shadow your identity during investigations
- Double check your sources to avoid misinformation.
Don’ts:
- Attempt to hack or bypass paywalls.
- Stalk, harass, or violate privacy
- Use leaked credentials for exploitation
Just because you can, doesn’t mean you should.
Final Thoughts:
Learning OSINT is a necessity in today’s world and with the right tools, mindset, and ethical boundaries, you can uncover insights that protect, inform, and empower.
If we get 50 claps, we’ll dive deeper into tools, case studies, and real-world OSINT workflows.
Follow me for part 2.