Open Source Intelligence

Published on : 18 Oct 2022

Open Source Intelligence

What is Open Source Intelligence?

The term “open source” refers in particular to records this is publically available. A huge part of the internet cannot be found using major search engines. This is called as “Deep Web”. Deep Web is a mass of websites, databases, files, and more that cannot be indexed by Google, Bing, Yahoo, or any other search engine. Despite this, much of the content of the dark web can be considered open source because it is easily available to the public.

There is plenty of information available online that can be found using online tools other than regular search engines. Tools like Shodan can be used to find IP addresses, open ports, CCTV, printers, and everything else that is connected to the internet.

Information can be considered open source if it is:

  • Published or broadcasted for a public audience like news
  • Available to the public by request for eg. census data
  • Available to the public by subscription or purchase
  • Could be seen or heard by any casual observer
  • Made available at a meeting open to the public
  • Obtained by visiting any place or attending any event that is open to the public

How is the Open Source Intelligence Used?

OSINT is widely used in:

      1.Ethical Hacking & Penetration Testing

Security professionals use open-source intelligence to identify weaknesses in networks so that they can be remediated before they are exploited by hackers. Commonly found weaknesses include:

  • Accidental leaks of sensitive information, like through social media
  • Open ports or unsecured internet-connected devices
  • Unpatched software, such as websites running old versions of CMS
  • Leaked or exposed assets.

     2.Identifying External Threats

From identifying which new vulnerabilities are being actively exploited to intercepting threat actors about an upcoming attack, open source intelligence enables security professionals to prioritize their time to address the most significant current threats.

The fact that open-source intelligence is frequently combined with other intelligence categories, is one of the most crucial things to comprehend about. Open-source intelligence is frequently filtered and verified using information from closed sources like external intelligence-sharing forums and closed dark web communities. Analysts can carry out these tasks with the use of a variety of instruments.

The Dark Side of Open Source Intelligence

If security analysts can access everything, threat actors can do the same with ease. Threat actors use open-source intelligence tools and tactics to identify potential targets and exploit weaknesses in target networks. Attackers attempt to exploit a weakness once it has been identified to breach the target.

This procedure is the main cause of the high number of attacks on small and medium-sized businesses. It is not because threat actors target particular businesses; rather, it is because open-source intelligence tools can spot design flaws in a company’s network or website. Additionally, threat actors look for data about people and organizations that can be used to support complex social engineering campaigns utilizing phishing (email), vishing (phone or voicemail), and Smishing (SMS). Sensitive information often published on social networks and blogs can be used to create social engineering campaigns that are very persuasive to convince individuals to compromise the network or assets of their company.

This is why it is crucial to use open-source intelligence for security objectives. It provides you a chance to identify and address network vulnerabilities in your company and delete critical data before threat actors utilize the same tools and strategies to take advantage of them.

Open Source Intelligence Techniques

The methodology to perform OSINT falls under two categories: Passive OSINT & Active OSINT.

Passive OSINT Threat Intelligence Platforms (TIPs) are frequently used in passive OSINT to aggregate several threat feeds into one convenient location. This issue is resolved by more sophisticated threat intelligence solutions, which automate the process of prioritizing and ignoring warnings in accordance with the unique requirements of a company. These solutions use artificial intelligence, machine learning, and natural language processing. Similar to this, organized threat groups frequently employ botnets to gather crucial data using methods like traffic sniffing and keylogging.

Active OSINT is the use of a variety of techniques to search for specific insights or information. For security professionals, this type of collection work is usually done for one of two reasons:

  • A passively collected alert has highlighted a potential threat and further insight is required.
  • Used in Penetration Testing exercise.

Open Source Intelligence Tools

While there are numerous free and practical tools available to security experts and threat actors alike search engines like Google are among the most often utilized open-source intelligence tools.

The frequency with which common, well-intentioned people unintentionally leave important assets and information exposed to the internet is one of the largest problems encountered by security experts. The data and assets they reveal can be found using a set of sophisticated search techniques known as “Google Dork” queries.

The Public Intelligence website offers a more thorough rundown of Google dork queries, below is an example of what a google dork query looks like:

“sensitive but unclassified” filetype: txt”

If you type this search term into a search engine, it returns only TXT documents from the Public Intelligence website that contain the words “sensitive but unclassified” somewhere in the document text. As you can imagine, with hundreds of commands at their disposal, security professionals and threat actors can use similar techniques to search for almost anything.

Beyond search engines, literally hundreds of technologies are available for locating network vulnerabilities or exposed assets.

There are a ton of free and paid programs with common features that may be used to search and analyze open-source data, including:

  • Metadata search
  • Code search
  • People and identity investigation
  • Phone number research
  • Email search and verification
  • Linking social media accounts
  • Image analysis
  • Geospatial research and mapping
  • Wireless network detection and packet analysis


All security disciplines can benefit greatly from open-source intelligence. It will take some time and some trial and error to find the best set of tools and methods for your particular needs. The tools and methods required to locate unsecured assets differ from those that will enable you to act on a threat alert. The presence of a clear strategy is the most crucial element in the success of any open-source intelligence endeavor. Once goals have been stated and objectives are clear, it will be much easier to find the best tools and methodologies.

Narendra Sahoo
Narendra Sahoo

Narendra Sahoo (PCI QPA, PCI QSA, PCI SSF ASSESSOR, CISSP, CISA, CRISC, 27001 LA) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2 Compliance & Audit, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.