Post

EP01: Modern OSINT Techniques - Overview

OSINT tutorial covering people investigation via social media (Instagram, Facebook, LinkedIn, Twitter), methods to find leaked PIIs like passwords, and sensitive data using various search engines and reverse image search techniques etc.

Posted
By Karan Chaudhary
1 min read
EP01: Modern OSINT Techniques - Overview

✅ What is OSINT?

OSINT (Open Source Intelligence) is collecting publicly available information from the internet to gather insights or investigate something — like finding someone’s email from their social profiles, tracking servers using domain data, or gathering info for hacking legally.

In the upcoming series, we’ll be convering below points.

  1. OSINT using different search engines

  2. Finding leaked passwords, emails and other PIIs

  3. People OSINT (Insta, Facebook, Twitter, LinkedIn)

  4. Image OSINT (Reverse image search)

  5. And many more

✅ Types of OSINT:

  1. SOCMINT – Social Media Intelligence (e.g., Facebook, LinkedIn, Twitter).

  2. GEOINT – Geospatial Intelligence (e.g., maps, satellite images, geotags).

  3. TECHINT – Technical Intelligence (e.g., IPs, domains, SSL certs).

  4. HUMINT – Human Intelligence from public sources (e.g., interviews, forums).

  5. IMINT – Imagery Intelligence (e.g., photos, CCTV, drone shots).

  6. WEBINT – Web Intelligence (websites, blogs, news).

  7. Darknet OSINT – Info from darknet forums, marketplaces.

  8. FININT – Financial Intelligence (public company data, leaks).

  9. COMINT – Communications Intelligence (metadata, open radio comms).

✅ Common Data Sources:

  • Search Engines: Google, Yandex, DuckDuckGo

  • People Search: Hunter.io, BeenVerified, Pipl, Spokeo

  • Social Media: Instagram, LinkedIn, Facebook, Twitter

  • Metadata: EXIF data from images, PDFs

  • Domain/IP Data: WHOIS, Shodan, Censys, DNSdumpster

  • Git Repos: GitHub dorks, commits, secrets

  • Paste Sites: Pastebin, Ghostbin, PrivateBin

✅ Popular OSINT Tools:

  • Sherlock – Username search across platforms.

  • theHarvester – Emails, domains, subdomains.

  • Spiderfoot – Automated OSINT scanning.

  • GHunt – Google account OSINT.

  • Recon-ng – Modular recon framework.

  • Maltego – Link analysis and visual recon.

  • Photon – Crawl and scrape target web assets.

  • ExifTool – Metadata from files/images.

  • Metagoofil – Metadata from public documents.

  • FOCA – Docs and metadata extractor.

✅ OSINT Techniques:

  • Google Dorking: site:, inurl:, filetype:, etc.

  • Social Footprinting: Analyze profiles, patterns, connections.

  • Subdomain Enumeration: crt.sh, Amass, Subfinder

  • WHOIS & DNS: WhoisXML, nslookup, dig

  • Image Analysis: Reverse image search, geolocation via EXIF

  • Leak Detection: Public DBs, breach directories

Further Reading: EP02: Modern OSINT Techniques - Search Engines

OSINT
OSINT Passwords Social Media Search Engine
This post is licensed under CC BY 4.0 by the author.