Join the Webinar | Strong Protection Against Cyber Threats

What is OSINT? – Most Commonly Used OSINT Tools

In our era when information has become a power, the importance of intelligence has increased considerably. Therefore, “Open Source Intelligence”, which is an intelligence technique, has gained a lot of importance. OSINTThis term, abbreviated as , is especially pronounced in Cyber Security.

What is OSINT?

Open Source Intelligence OSINT, which we can translate into Turkish as Open Source Intelligence, is essentially a step forward. It is implemented during pentest stages and during attacks by professional attackers. It is a process that includes all of the passive information gathering stages. open source intelligenceis perhaps the most important step in penetration testing. The more information about the target system or the person can be gathered, the easier it is to act in the future.

What are OSINT Tools that Can Be Used in Passive Information Gathering?

A framework that includes all OSINT tools. OSINT FrameworkIt can be accessed with the "osrf" command on linux systems. This framework includes dozens of different tools and techniques. In fact, it allows you to collect not only passive information, but also active information.

Other important things to mention OSINT tools and techniques include:

  1. Dorking

The commands we will give to search engines are called “dork” for short. There are important docks that will come in handy during OSINT. Thanks to these dorks, it is possible to collect information about the target in a fast and practical way.

allintextLists results containing all given terms.
IntextSearches all given terms in the page content.
inurlLists results that contain the given word or phrase in the URL address.
AllinurlLists results with URL addresses containing all given terms.
intitleLists results that include the given word or phrase as a title.
allintitleLists results with all given terms in their title.
siteUsed when specifying a specific website.
filetypeUsed when specifying a specific file type.
  1. Whois Query

It analyzes the domain name of the target website and provides various information such as the provider company.

  1. Tracert & Traceroute Commands

On Windows systems, "tracert", a command that runs in PowerShell, gives the IP address of the target site. Likewise on Linux systems. OSINT The "traceroute" command that you can use during the process gives the IP address of the target site.

  1. Spokeo

It is a website that you can use when collecting information about a person rather than a website. It collects various information about the target person.

  1. Onyphe

It provides various information by scanning the given IP address.

  1. Shodan

Shodan; It is a website where you can access systems such as cameras, video game systems and other IoT devices connected to the internet. It allows you to monitor sensitive information such as services used in the system, SSL certificate and port information by scanning the destination IP address.

Passive information gathering an important step in the process OSINT If you are interested in this article about OSINT and OSINT tools, if you would like to examine Nmap, which is used extensively in the active information collection step and allows you to obtain sensitive information about the target system, up to the vulnerability information.What is Nmap?” You can check our article.


Categories Articles