{"id":1241,"date":"2020-07-17T14:26:00","date_gmt":"2020-07-17T14:26:00","guid":{"rendered":"https:\/\/sectigostore.com\/blog\/?p=1241"},"modified":"2020-11-13T15:59:42","modified_gmt":"2020-11-13T15:59:42","slug":"open-source-intelligence-what-is-osint-how-does-it-work","status":"publish","type":"post","link":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/","title":{"rendered":"Open Source Intelligence: What Is OSINT &#038; How Does It Work?"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Juniper Research estimates that there will be <a aria-label=\"undefined (opens in a new tab)\" href=\"https:\/\/www.juniperresearch.com\/document-library\/white-papers\/iot-the-internet-of-transformation-2020\" target=\"_blank\" rel=\"noreferrer noopener\">83 billion<\/a> IoT connections by 2024 \u2014 that\u2019s 10 times more IoT devices that will be generating data than the estimated number of people who will be alive on Earth at that time<\/h2>\n\n\n\n<p>Wondering \u201cwhat is OSINT?\u201d The term, which stands for open source intelligence, refers to a system of gathering data from freely available public resources. (So, if you\u2019re also wondering \u201cwhat is open source information,\u201d this article will answer that question, too.) But what makes the process of using open source intelligence different from general data collection is that it goes beyond querying search engines using different permutations of the same phrase.<\/p>\n\n\n\n<p>OSINT is a term that originated with the U.S. military in the 1980s. They needed to find a way to keep up with dynamic information to keep a tactical frontline advantage. Nowadays, professionals across various industries use OSINT data to achieve different functions. For example, marketing and sales teams use it to increase conversions, whereas cybersecurity teams use it to conduct investigations and mitigate threats.<\/p>\n\n\n\n<p>Today we\u2019re going to discuss what OSINT is, cover some of the most popular OSINT tools and techniques, the OSINT framework, and much more. But before we dive into that, let\u2019s start by defining open source intelligence and open source information.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What Is Open Source Intelligence (OSINT) &amp; How Does It Relate to Open Source Information?<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignright size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/paste-bin-leaked-credentials-osint-example.png\" alt=\"\" class=\"wp-image-1243 addshadow\" width=\"343\" height=\"403\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/paste-bin-leaked-credentials-osint-example.png 770w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/paste-bin-leaked-credentials-osint-example-255x300.png 255w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/paste-bin-leaked-credentials-osint-example-560x658.png 560w\" sizes=\"auto, (max-width: 343px) 100vw, 343px\" \/><figcaption>Image source: Pastebin. The screenshot above is an example of leaked credentials. Using OSINT, your organization can uncover disclosed sensitive information.<\/figcaption><\/figure><\/div>\n\n\n\n<p>OSINT is a term that refers to a framework of processes, tools, and techniques for collecting data passively from open or publicly available resources (not to be confused with open-source software). Open source intelligence historically referred to open source information gathering via conventional channels such as newspapers, radio, TV, etc. Nowadays, to extract specific intelligence, we use:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Blogs,<\/li><li>Discussion boards,<\/li><li>Social media,<\/li><li>The dark web (accessible through TOR), and<\/li><li>Deep web (pages not indexed by Google like a people search database).<\/li><\/ul>\n\n\n\n<p>In some cases, such as with social media, OSINT has developed into a prominent subset of its own called SOCMINT, which is short for \u201csocial media intelligence.\u201d<\/p>\n\n\n\n<p>Examples of open source intelligence gathering include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Searching for information about a competitor\u2019s employees or services,<\/li><li>Law enforcement agencies gathering intelligence using online public resources to prevent crimes,<\/li><li>Identifying <a href=\"https:\/\/sectigostore.com\/blog\/what-is-owasp-what-are-the-owasp-top-10-vulnerabilities\/\">vulnerabilities<\/a> to exploit at a later stage on a target system or network, and<\/li><li>Collecting information to conduct a <a aria-label=\"undefined (opens in a new tab)\" href=\"https:\/\/www.thesslstore.com\/blog\/social-engineering-attacks-a-look-at-social-engineering-examples-in-action\/\" target=\"_blank\" rel=\"noreferrer noopener\">social engineering attack<\/a>.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Advantages of Using OSINT<\/strong><\/h2>\n\n\n\n<p>Open source intelligence gathering comes with several benefits. Let\u2019s take a look at some of them:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>If you\u2019re on a budget, conventional information collecting techniques and tools may not be an economically viable solution. One of the main benefits of employing OSINT to gather intelligence is that it involves a minimal level of financial investments.<\/li><li>The information obtained is not classified and has been divulged freely, hence it is legal to obtain any such information.<\/li><li>Because it relies on public resources, users frequently share and update the information regularly.<\/li><li>Business owners and decision makers can gain perceptivity through OSINT data that can facilitate building long-term strategies for a variety of business goals.<\/li><li>OSINT can also be an invaluable tool in matters of national security.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Disadvantages of OSINT<\/strong><\/h2>\n\n\n\n<p>Now that we understand the convenience of using OSINT, what are its drawbacks? Like you\u2019ve probably guessed, as easily as you can utilize OSINT to gather intelligence, an adversary can also use it to collect information about you or your business. Besides that, here\u2019s a list of a few other disadvantages you may run into while using OSINT:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Finding information means very little unless you can put it to use in some meaningful way. Filtering out junk data from valuable information can be challenging based on the volume of data you find.<\/li><li>Once you have filtered out usable data, you need to validate that the information is reliable. Organizations and individuals may deliberately post false information to mislead potential attackers.<\/li><li>The information gleaned is not consumable as it is, and there is a considerable amount of <a href=\"https:\/\/sectigostore.com\/blog\/malware-analysis-what-it-is-how-it-works\/\">analysis work<\/a> involved.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How OSINT Relates to Cybersecurity<\/strong><\/h3>\n\n\n\n<p>In cybersecurity, OSINT techniques aren\u2019t a one-size-fits-all approach. Depending on the purpose of your research, your end goal, and what you\u2019re trying to find, the techniques you deploy will vary as will the tools used. Once you determine who your target is and the steps you\u2019ll take to conduct your research, then you can choose the appropriate tool and approach.<\/p>\n\n\n\n<p>While gathering INT data, the basic idea is to:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Connect the dots,<\/li><li>Pivot to a new source of information as needed to build a deeper intelligence profile, and<\/li><li>Validate every assumption that\u2019s made along the way.<\/li><\/ul>\n\n\n\n<p>If you\u2019re conducting OSINT as a part of an engagement, generating a report at the end with screenshots attached is an indispensable part of the process.<\/p>\n\n\n\n<p>OSINT is frequently used to profile a target, and it\u2019s done by conducting passive reconnaissance to glean information without actively engaging with the individual or corporation. However, there are some obstacles to gathering intelligence. An account created specifically to conduct OSINT on, for example, Facebook, might end up looking like a fake account. Some websites actively delete such accounts that don\u2019t look legitimate. Moreover, the sheer volume of available data that you need to analyze and process to gain useful insights can be overwhelming.<\/p>\n\n\n\n<p>OSINT data is valuable in the later stages of an attack because it adds credibility if and when there\u2019s direct contact with the target. It allows virtually anyone to craft a customized attack that exploits weaknesses in people, processes, or technologies.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><a href=\"https:\/\/greynoise.io\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"547\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/Greynoise-1024x547.jpg\" alt=\"A screenshot of OSINT data from Greynoise.io\" class=\"wp-image-1244 addshadow\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/Greynoise-1024x547.jpg 1024w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/Greynoise-300x160.jpg 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/Greynoise-560x299.jpg 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/Greynoise-1536x821.jpg 1536w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/Greynoise-940x502.jpg 940w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/Greynoise.jpg 1811w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><figcaption>Image source: <a href=\"https:\/\/greynoise.io\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Greynoise.io<\/a>. This graphic shows compromised devices running on Windows XP from a specific country.<\/figcaption><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Using OSINT as Counterintelligence in Organizations<\/strong><\/h2>\n\n\n\n<p>Counterintelligence refers to activities concerned with detecting and neutralizing threats to an organization\u2019s security against any opposition&#8217;s intelligence service. The first move any hacker makes when planning an attack is to gather as much information as possible. This can be information about the target organization, specific employees, and any other available data that\u2019s useful. The next step is to take all of this information they gather from various sources and turn it into intelligence through analysis and correlation.<\/p>\n\n\n\n<p>By utilizing OSINT capabilities, your organization can take steps to identify all publicly disclosed information. You can use this intelligence to scrub the data to prevent disclosure of sensitive information or to train your employees to be aware of it. Having a dedicated team that identifies correlatable data to form intelligence is invaluable. They can help you avoid reputational damage by identifying and then attempting to obscure or censor any publicly disclosed information of a sensitive nature where possible. Additionally, these insights may also prevent or buy you time to mitigate the risk of any potential data breach due to such exposure.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What is the OSINT Framework?<\/strong><\/h2>\n\n\n\n<p>The <a aria-label=\"undefined (opens in a new tab)\" href=\"https:\/\/osintframework.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">OSINT framework<\/a> provides a collection of OSINT tools, classified into various categories, that pentesters and hackers alike can use for reconnaissance. The OSINT framework has a web-based interface and is primarily focused on listing free resources.<\/p>\n\n\n\n<p>For instance, the first entry \u201cusername\u201d can be explored in our OSINT research if we focus on discovering usernames utilized by a target across various accounts on the internet. On clicking the entry, it\u2019ll display a list of all the tools that can be employed to accomplish this goal.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/osint-framework-1024x576.png\" alt=\"A screenshot of the OSINT Framework website\" class=\"wp-image-1245 addshadow\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/osint-framework-1024x576.png 1024w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/osint-framework-300x169.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/osint-framework-560x315.png 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/osint-framework-1536x864.png 1536w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/osint-framework-940x529.png 940w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/osint-framework.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Image source: <a aria-label=\"undefined (opens in a new tab)\" href=\"https:\/\/osintframework.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">OSINT Framework<\/a>. <\/figcaption><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>6 OSINT Tools That Can Enhance Your Cyber Security Efforts<\/strong><\/h2>\n\n\n\n<p>Scouring the internet manually to profile your target organization or individual can be time consuming. Thankfully, the new generation of \u201cOSINT-ware\u201d removes this obstacle for attackers and pentesters alike. These tools help them to quickly determine, with very little effort, the finer details about a target\u2019s network.<\/p>\n\n\n\n<p>DuckDuckGo, Google Maps, Pastebin, and social media sites are good places to start and are commonly used. However, there are several additional tools that might help you gather intelligence more efficiently:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>1. Shodan<\/strong><\/h3>\n\n\n\n<p>The first OSINT tool we\u2019ll discuss is <a href=\"https:\/\/www.sans.org\/blog\/getting-the-most-out-of-shodan-searches\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Shodan<\/a>, which stands for Sentient Hyper Optimized Data Access Network. This search engine for interconnected devices allows you to search for IoT\/SCADA devices, routers, traffic cameras, and more.<\/p>\n\n\n\n<p>Shodan search attempts to grab data such as the service, software, version number, or other information from the ports it scans. The tool comes with filters such as country, port, operating system, product, version, hostnames, etc. that helps narrow down the results. It displays a vast amount of insecure information that\u2019s freely available and access to web interfaces of IoT devices with weak or default passwords, devices like webcams at people\u2019s homes, and other unsecured appliances.<\/p>\n\n\n\n<p>Pentester can use Shodan to find insecure web services while conducting vulnerability assessments. The tool comes with a free plan that offers a limited number of scans, or you have the option of using a paid version. However, organizations can request to block Shodan from crawling their network.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>2. Maltego<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.maltego.com\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Maltego<\/a> is an aggregator of interfaces to several OSINT databases and covers infrastructural reconnaissance. This tool can harvest a wealth of sensitive information about any target organization, such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Email addresses of employees,<\/li><li>Confidential files that have carelessly been made publicly accessible,<\/li><li>DNS records, and<\/li><li>IP address information.<\/li><\/ul>\n\n\n\n<p>You can also use Maltego for personal reconnaissance to collect individual-specific data. Maltego communicates with search engines on the internet to gather all this information in one convenient location.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>3. Metagoofil<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/github.com\/laramies\/metagoofil\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Metagoofil<\/a> is another OSINT tool that utilizes the Google search engine to extract metadata from publicly available files (.pdf, .doc, .xls, .ppt, etc.) belonging to any target company. After downloading the documents onto the local disk, it pulls out the metadata using various libraries like Hachoir, PdfMiner, etc. and generates a report.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>4. GHDB<\/strong><\/h3>\n\n\n\n<p>Hacker and cybersecurity Expert Johnny Long developed the <a aria-label=\"undefined (opens in a new tab)\" href=\"https:\/\/www.exploit-db.com\/google-hacking-database\" target=\"_blank\" rel=\"noreferrer noopener\">Google Hacking Database<\/a> (GHDB) for pentesters in 2000. It\u2019s a list of search queries that reveal interesting information that was, in all probability, made public unintentionally. An example of unintended disclosure could be a search engine crawling a web document that contains a link that holds sensitive data. The search engine may subsequently follow it and index any information on it.<\/p>\n\n\n\n<p>Some of the information that you can query using GHDB includes verbose error messages that contain sensitive information like:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Directory paths,<\/li><li>Files with sensitive data, passwords, or usernames; and<\/li><li>Information about web servers.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>5. SpiderFoot<\/strong><\/h3>\n\n\n\n<p><a aria-label=\"undefined (opens in a new tab)\" href=\"https:\/\/www.spiderfoot.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">SpiderFoot<\/a> automates collecting information about IP addresses, domain names, e-mail addresses, usernames, names, subnets, etc. and comes with an opensource version. This tool allows you to examine any suspicious IPs, phishing scam e-mail addresses, and HTTP headers (which can be parsed to reveal OS and software version numbers, etc.). It&#8217;s also useful to organizations for monitoring any information that\u2019s been made public inadvertently.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>6. Foca<\/strong><\/h3>\n\n\n\n<p>A network infrastructure mapping tool, Foca, can extract and analyze metadata from different types of files (pdf, doc, etc.) fed at a time or given together. It also can enumerate users, e-mail addresses, software being used, and other useful information.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Need Additional OSINT Tools and Resources? Look No Further\u2026<\/strong><\/h3>\n\n\n\n<p>We\u2019ve put together a list of other resources that may assist you in carrying out any OSINT research includes (but is not limited to) the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Plugins <\/strong>\u2014 Passive Recon is a Firefox plugin that searches through several public databases and look-up services. It passively gathers information about a domain so long as you\u2019re on the page or one linking to it.<\/li><li><strong>Search engines<\/strong> \u2014 Apart from Shodan, attackers and pentesters frequently rely on search engines like <a href=\"https:\/\/censys.io\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Censys<\/a>, <a href=\"https:\/\/www.zoomeye.org\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">ZoomEye<\/a>, <a href=\"https:\/\/viz.greynoise.io\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Greynoise<\/a>, <a href=\"https:\/\/www.binaryedge.io\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">BinaryEdge<\/a>, among others.<\/li><li><strong>E-mail harvester<\/strong> \u2014 Some tools like the <a href=\"https:\/\/hunter.io\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">hunter<\/a>, <a href=\"https:\/\/github.com\/laramies\/theHarvester\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">theHarvester<\/a>, <a href=\"https:\/\/github.com\/nettitude\/prowl\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Prowl<\/a>, and a few others can help you detect email information for a target organization\u2019s employees.<\/li><li><strong>DNS Enumeration<\/strong> \u2014 Tools like <a href=\"https:\/\/dnsdumpster.com\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">DNS dumpster<\/a>, <a href=\"https:\/\/github.com\/aboul3la\/Sublist3r\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Sublister<\/a>, etc. are useful for enumerating valid subdomains.<\/li><\/ul>\n\n\n\n<p>Additional resources include <a href=\"https:\/\/haveibeenpwned.com\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">haveibeenpwned<\/a>, <a href=\"https:\/\/github.com\/lanmaster53\/recon-ng\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Recon-ng<\/a>, <a href=\"http:\/\/checkusernames.com\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">CheckUserNames<\/a>, <a href=\"https:\/\/www.geocreepy.com\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Creepy<\/a>, <a href=\"https:\/\/github.com\/wereallfeds\/webshag\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Nmap<\/a>, etc.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Final Thoughts on Open Source Intelligence Gathering<\/strong><\/h2>\n\n\n\n<p>Frankly, there\u2019s a lot to know when it comes to answering the question, \u201cwhat is OSINT?\u201d As such, I hope this article provides clarity about open source information, open source intelligence, the OSINT framework, and showcases the types of OSINT tools that are available to you.<\/p>\n\n\n\n<p>Although you can use OSINT techniques to cyberstalk or conduct other nefarious deeds, you can also use them for good purposes like fuddling information and misleading attacks to protect privacy.  Any data that\u2019s made publicly available will be accessible in bits and pieces to anyone with or without the knowledge of OSINT. With it, an individual or an organization has the tools necessary to assess what\u2019s out there and, at the very least, obfuscate the narrative.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Juniper Research estimates that there will be 83 billion IoT connections by 2024 \u2014 that\u2019s 10 times more IoT devices that will be generating data than the estimated number of&#8230;<\/p>\n","protected":false},"author":9,"featured_media":1246,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[96,95],"class_list":["post-1241","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-open-source-data","tag-osint","post-with-tags"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Open Source Intelligence: What Is OSINT &amp; How Does It Work?<\/title>\n<meta name=\"description\" content=\"What is OSINT or open source intelligence? It&#039;s a framework of processes, tools and tecehniques for collecting open source information for various purposes.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Open Source Intelligence: What Is OSINT &amp; How Does It Work?\" \/>\n<meta property=\"og:description\" content=\"What is OSINT or open source intelligence? It&#039;s a framework of processes, tools and tecehniques for collecting open source information for various purposes.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/\" \/>\n<meta property=\"og:site_name\" content=\"InfoSec Insights\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-17T14:26:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-11-13T15:59:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/bigstock-Geometric-Abstract-Background-330064750.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lumena Mukherjee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lumena Mukherjee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/open-source-intelligence-what-is-osint-how-does-it-work\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/open-source-intelligence-what-is-osint-how-does-it-work\\\/\"},\"author\":{\"name\":\"Lumena Mukherjee\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/8fc401352fbdfcfdf08996099c088b1f\"},\"headline\":\"Open Source Intelligence: What Is OSINT &#038; How Does It Work?\",\"datePublished\":\"2020-07-17T14:26:00+00:00\",\"dateModified\":\"2020-11-13T15:59:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/open-source-intelligence-what-is-osint-how-does-it-work\\\/\"},\"wordCount\":2125,\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/open-source-intelligence-what-is-osint-how-does-it-work\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/bigstock-Geometric-Abstract-Background-330064750.jpg\",\"keywords\":[\"open source data\",\"OSINT\"],\"articleSection\":[\"Cyber Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/open-source-intelligence-what-is-osint-how-does-it-work\\\/\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/open-source-intelligence-what-is-osint-how-does-it-work\\\/\",\"name\":\"Open Source Intelligence: What Is OSINT & How Does It Work?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/open-source-intelligence-what-is-osint-how-does-it-work\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/open-source-intelligence-what-is-osint-how-does-it-work\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/bigstock-Geometric-Abstract-Background-330064750.jpg\",\"datePublished\":\"2020-07-17T14:26:00+00:00\",\"dateModified\":\"2020-11-13T15:59:42+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/8fc401352fbdfcfdf08996099c088b1f\"},\"description\":\"What is OSINT or open source intelligence? It's a framework of processes, tools and tecehniques for collecting open source information for various purposes.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/open-source-intelligence-what-is-osint-how-does-it-work\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sectigostore.com\\\/blog\\\/open-source-intelligence-what-is-osint-how-does-it-work\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/open-source-intelligence-what-is-osint-how-does-it-work\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/bigstock-Geometric-Abstract-Background-330064750.jpg\",\"contentUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/bigstock-Geometric-Abstract-Background-330064750.jpg\",\"width\":1600,\"height\":1000,\"caption\":\"Geometric abstract background with connected line and dots. Network and connection background for your presentation. Graphic polygonal background. Wave flow. Scientific vector illustration.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/open-source-intelligence-what-is-osint-how-does-it-work\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Open Source Intelligence: What Is OSINT &#038; How Does It Work?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\",\"name\":\"InfoSec Insights\",\"description\":\"SectigoStore.com Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/8fc401352fbdfcfdf08996099c088b1f\",\"name\":\"Lumena Mukherjee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8a52ef8468ca2c6184cc71ebfa0bcdbf4c16ab01d988415c1bc743cb16730db3?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8a52ef8468ca2c6184cc71ebfa0bcdbf4c16ab01d988415c1bc743cb16730db3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/8a52ef8468ca2c6184cc71ebfa0bcdbf4c16ab01d988415c1bc743cb16730db3?s=96&d=mm&r=g\",\"caption\":\"Lumena Mukherjee\"},\"description\":\"Lumena is a cybersecurity consultant, tech writer, and regular columnist for InfoSec Insights. She is currently pursuing her masters in cybersecurity and has a passion for helping companies implement better security programs to protect their customers' data.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Open Source Intelligence: What Is OSINT & How Does It Work?","description":"What is OSINT or open source intelligence? It's a framework of processes, tools and tecehniques for collecting open source information for various purposes.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/","og_locale":"en_US","og_type":"article","og_title":"Open Source Intelligence: What Is OSINT & How Does It Work?","og_description":"What is OSINT or open source intelligence? It's a framework of processes, tools and tecehniques for collecting open source information for various purposes.","og_url":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/","og_site_name":"InfoSec Insights","article_published_time":"2020-07-17T14:26:00+00:00","article_modified_time":"2020-11-13T15:59:42+00:00","og_image":[{"width":1600,"height":1000,"url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/bigstock-Geometric-Abstract-Background-330064750.jpg","type":"image\/jpeg"}],"author":"Lumena Mukherjee","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lumena Mukherjee","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/#article","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/"},"author":{"name":"Lumena Mukherjee","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/8fc401352fbdfcfdf08996099c088b1f"},"headline":"Open Source Intelligence: What Is OSINT &#038; How Does It Work?","datePublished":"2020-07-17T14:26:00+00:00","dateModified":"2020-11-13T15:59:42+00:00","mainEntityOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/"},"wordCount":2125,"image":{"@id":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/bigstock-Geometric-Abstract-Background-330064750.jpg","keywords":["open source data","OSINT"],"articleSection":["Cyber Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/","url":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/","name":"Open Source Intelligence: What Is OSINT & How Does It Work?","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/#primaryimage"},"image":{"@id":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/bigstock-Geometric-Abstract-Background-330064750.jpg","datePublished":"2020-07-17T14:26:00+00:00","dateModified":"2020-11-13T15:59:42+00:00","author":{"@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/8fc401352fbdfcfdf08996099c088b1f"},"description":"What is OSINT or open source intelligence? It's a framework of processes, tools and tecehniques for collecting open source information for various purposes.","breadcrumb":{"@id":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/#primaryimage","url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/bigstock-Geometric-Abstract-Background-330064750.jpg","contentUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/07\/bigstock-Geometric-Abstract-Background-330064750.jpg","width":1600,"height":1000,"caption":"Geometric abstract background with connected line and dots. Network and connection background for your presentation. Graphic polygonal background. Wave flow. Scientific vector illustration."},{"@type":"BreadcrumbList","@id":"https:\/\/sectigostore.com\/blog\/open-source-intelligence-what-is-osint-how-does-it-work\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sectigostore.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Open Source Intelligence: What Is OSINT &#038; How Does It Work?"}]},{"@type":"WebSite","@id":"https:\/\/sectigostore.com\/blog\/#website","url":"https:\/\/sectigostore.com\/blog\/","name":"InfoSec Insights","description":"SectigoStore.com Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sectigostore.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/8fc401352fbdfcfdf08996099c088b1f","name":"Lumena Mukherjee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/8a52ef8468ca2c6184cc71ebfa0bcdbf4c16ab01d988415c1bc743cb16730db3?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/8a52ef8468ca2c6184cc71ebfa0bcdbf4c16ab01d988415c1bc743cb16730db3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8a52ef8468ca2c6184cc71ebfa0bcdbf4c16ab01d988415c1bc743cb16730db3?s=96&d=mm&r=g","caption":"Lumena Mukherjee"},"description":"Lumena is a cybersecurity consultant, tech writer, and regular columnist for InfoSec Insights. She is currently pursuing her masters in cybersecurity and has a passion for helping companies implement better security programs to protect their customers' data."}]}},"_links":{"self":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/1241","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/comments?post=1241"}],"version-history":[{"count":8,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/1241\/revisions"}],"predecessor-version":[{"id":1766,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/1241\/revisions\/1766"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media\/1246"}],"wp:attachment":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media?parent=1241"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/categories?post=1241"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/tags?post=1241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}