OSINT - spinningideas/resources GitHub Wiki

OSINT Framework

  • Search Engine Operators & Google Dorking
  • Social Media OSINT
  • Image & Video Analysis (Reverse Image Search, Metadata Extraction)
  • Geospatial Intelligence (GEOINT)
  • Data Correlation & Verification

Introduction to OSINT

What is OSINT? – Public data → Intelligence

The OSINT Process: Define target, Gather info, Analyze, Verify Ethics & Legality: Use only on authorized targets, follow all laws

OSINT Framework: A map of free OSINT resources - https://osintframework.com/

See osintframework.com. This interactive interface, which lists many resources by categories (people search, social media, domain research, etc.). Click through a category (e.g., "Domain Name" → "Whois" or "Email Search") to reveal specific tools.

Search Engine Operators & Google Dorking

  • site:, filetype:, intitle:, inurl:, etc. • Example: site:example.com filetype:pdf "confidential"
  1. Google Dorking Example

Select a target domain and perform a simple Google search that uses advanced operators – for example, search for site:domain.com "password" to show how one might find exposed information on a target domain. (Use a benign target like site:github.com "password" for demo to retrieve some public results.) Explain how Google dorks can uncover pages that are not immediately obvious.

Social Media OSI

  • Profiling targets on LinkedIn, Twitter, Facebook, etc.
  • Tools: sherlock (CLI, Python) can check multiple platforms for the same username across Windows/macOS/Linux.

Image & Video Analysis

  • Reverse Image Search: Google Images, TinEye, Yandex
  • Metadata Extraction: ExifTool (cross-platform) reveals camera model, GPS, software.
  • Geolocation from background clues or EXIF coordinates.

Geospatial Intelligence (GEOINT)

  • Using Google Earth, Bing Maps, or open satellite data for location-based investigations.
  • Matching landmarks, analyzing timelines with historical imagery.

Data Correlation & Verification

  • Cross-reference multiple sources to confirm authenticity.
  • Differentiate facts from assumptions.

OSINT Framework Techniques

Search Engine Operators & Google Dorking

  • site:, filetype:, intitle:, inurl:, etc.

Example: site:example.com filetype:pdf "confidential"

Social Media OSINT

  • Profiling targets on LinkedIn, Twitter, Facebook, etc.
  • Tools like sherlock (CLI, Python) can check multiple platforms for the same username across Windows/macOS/Linux.

Image & Video Analysis (Reverse Image Search, Metadata Extraction)

  • Reverse Image Search: Google Images, TinEye, Yandex
  • Metadata Extraction: ExifTool (cross-platform) reveals camera model, GPS, software.

Geospatial Intelligence (GEOINT)

Tool Setup (Cross-Platform)

Tools: theHarvester, Shodan, Maltego

Tool Install

Windows: pip install theHarvester (or from GitHub)
macOS: brew install theharvester or pip3 install theHarvester
Linux: sudo apt install theharvester (if available) or pip3 install theHarvester

Tool Use

  • Verify with theHarvester --help
  • Use theHarvester to gather domain info
  • Choose a target domain (with permission!). (eg example.org - Run: theHarvester -d example.org -l 100 -b bing)
  • Look for any discovered emails, subdomains, possibly IP addresses.

Notes:

  • Use -b to different data sources (google, yahoo, etc.).
  • If you have Shodan or Hunter.io API keys, you can integrate them.
  • Use option -f to save results (-f example_report.html)