OSINT Methods

OSINT tools used in open-source intelligence: OSINT framework, Metagoofil, Shodan. All methods and tools used in open-source intelligence can be divided into two categories.

OSINT Methods and Tools1


Allow you to get general information about the object. It is collected manually or with the help of special services and tools that simplify data collection, systematization, and analysis.
For example, programs for parsing websites.
Passive web prospecting can be used by absolutely everyone who has a computer and Internet access, from a simple user to an employee of an analytical or marketing department.

Passive methods :

  • Collecting information (including photos) from public search engines;
  • Analysis of user activity in social networks and blogs, forums, and other virtual platforms;
  • a search of open personal data of users in social networks, and messengers;
  • viewing of saved copies of sites in search engines, and Internet archives;
  • obtaining geolocation data using publicly available resources like Google Maps.


This implies the analyst’s direct influence on the object under study, the use of specialized means of obtaining data, or the performance of actions that require some effort, for example:

  • Collecting data from closed resources that can only be accessed by subscription;
  • Using specialized services and programs that actively influence the object under study – for example, automatically registering on the site;
  • The use of services that scan applications, files, or sites for malicious code;
  • Creation of fake web resources, channels in messengers, collecting user data, confidential or secret information.

In OSINT logic, passive methods designed to collect general information from readily available sources precede the use of active methods designed to collect specific data about an object.

OSINT tools

OSINT framework

This is the most comprehensive open-source database available. They are grouped into categories in an interactive map. By clicking on a particular class, you can go to a subclass, and in it, to a particular source of information. OSINT framework doesn’t propagandize any ideology, it is a purely informational resource, aimed to simplify the search on the Internet.


This is a search engine designed to find devices connected to the Internet via IPv4 addresses (routers, surveillance cameras, security sensors, etc.). The system does not harm itself, but with its help, anyone can find an unprotected or poorly protected device if they try hard enough. It takes its name from the antagonist of System Shock games – mad artificial intelligence.


This is a metasearch engine that uses other search engines to find and retrieve publicly available PDF, Word, Powerpoint, and Excel files. It can be used to parse technical documentation, client databases, reference books, directories, and other useful sources.

OSINT is legal and legitimate, as long as the information it gathers is not used to the detriment of others, an organization, or the government. Open-source intelligence is no longer the prerogative of state security and defense agencies and is actively used in the civil (primarily commercial) sphere.