Back to OSINT Section

OSINT Sources

Complete catalog of public information sources

Explore the best OSINT sources for collecting strategic information. From search engines to specialized databases, discover the tools and techniques for conducting effective investigations.

Quick OSINT Tips

Google Dorks : site: filetype: intitle: inurl: intext:
Shodan : port:22 country:US org:"company"
WHOIS history to detect ownership changes
Certificate Transparency logs to discover subdomains
Wayback Machine to find removed content
EXIF data from images for geolocation and metadata

Internet Sources

Web platforms and social networks for collecting public information

Search Engines

Google, Bing, DuckDuckGo, Yandex and specialized engines for targeted information searches

Recommended Tools

Google DorksBing OperatorsShodanCensysZoomeye

Tip

Use advanced operators: site:, filetype:, intitle:, inurl: to refine your searches

Usage Examples:

  • site:example.com filetype:pdf
  • intitle:"index of" "config.php"
  • inurl:admin

Social Networks

Social platforms and professional networks for profile and activity analysis

Recommended Tools

Twitter Advanced SearchLinkedIn Sales NavigatorFacebook Graph SearchInstagram OSINT

Tip

Analyze metadata, connections, posts and geolocated information

Usage Examples:

  • Twitter search by geolocation
  • LinkedIn connection analysis
  • Photo EXIF extraction

Forums and Communities

Technical exchange platforms, underground forums and specialized communities

Recommended Tools

Reddit SearchStack OverflowGitHubPastebin4chan Archives

Tip

Search for technical discussions, data leaks and known security issues

Usage Examples:

  • Credential search on Pastebin
  • GitHub repository analysis
  • Subreddit monitoring

Web Archives

Historical captures of websites and removed content

Recommended Tools

Wayback MachineArchive.todayGoogle CacheCached View

Tip

Find old versions of sites, removed content and modifications

Usage Examples:

  • Site modification history
  • Removed content recovery
  • Evolution analysis

Technical Sources

Technical information about infrastructure, domains and network configurations

DNS and WHOIS

Information about domains, owners and DNS configurations

Recommended Tools

WHOIS LookupDNSDumpsterSecurityTrailsViewDNS.infoMXToolbox

Tip

Analyze ownership changes, subdomains, MX configurations and DNS history

Usage Examples:

  • Subdomain enumeration
  • WHOIS history
  • MX/TXT record analysis

SSL/TLS Certificates

Certificate analysis, trust chains and security history

Recommended Tools

SSL LabsCensysCrt.shCertificate Transparency

Tip

Discover hidden domains, validate authenticity and analyze expired certificates

Usage Examples:

  • Organization search
  • Subdomain discovery via CT logs
  • Certificate chain analysis

File Metadata

Extraction of hidden information in documents, images and media

Recommended Tools

ExifToolMetagoofilFOCAMetadata Extraction Tool

Tip

Extract GPS coordinates, authors, software used, creation dates

Usage Examples:

  • Photo EXIF extraction
  • PDF metadata analysis
  • Author information recovery

IoT Engines

Scanning of connected devices, exposed services and vulnerabilities

Recommended Tools

ShodanCensysZoomeyeBinaryEdgeFOFA

Tip

Identify webcams, servers, industrial equipment and vulnerable services

Usage Examples:

  • Unsecured webcam search
  • Open port scanning
  • Banner detection

Institutional Sources

Official registers, government databases and legal publications

Public Registers

Business registers, property records, courts and legal databases

Recommended Tools

National RegistersOpenCorporatesCompanies HouseINPI

Tip

Verify legal existence, executives, addresses and legal status

Usage Examples:

  • Company search
  • Executive analysis
  • Modification history

Official Publications

Government reports, security bulletins and official alerts

Recommended Tools

CERT-FRANSSINIST NVDCISA Advisories

Tip

Consult CVEs, security bulletins and official recommendations

Usage Examples:

  • CVE search
  • Security alerts
  • Incident reports

CTI Databases

Threat intelligence, IOCs, TTPs and threat analysis

Recommended Tools

MITRE ATT&CKVirusTotalAlienVault OTXThreatCrowdHybrid Analysis

Tip

Analyze indicators of compromise, malicious campaigns and adversary tactics

Usage Examples:

  • IOC search
  • Malware analysis
  • Threat correlation

Academic Databases

Scientific publications, research and specialized studies

Recommended Tools

Google ScholarArXivResearchGateAcademia.edu

Tip

Access the latest research in security, cryptography and exploitation

Usage Examples:

  • Research papers
  • Proof of concepts
  • Case studies

Essential Best Practices

Verify Your Sources

Always cross-check information with multiple independent sources. Be wary of misinformation and manipulated content.

Document Systematically

Capture timestamped screenshots, note complete URLs, save web pages before they disappear.

Respect Legality

Access only public information. No hacking, no identity theft, no privacy violations.

Protect Your Identity

Use VPN, Tor, isolated virtual machines and compartmentalize your investigations to preserve your OPSEC.

Ready for Practice!

Now that you know the sources, discover how to exploit them with our investigation methodologies and practical guides.

OSINT MethodologiesPractical GuidesToolbox