The Power of Reconnaisance- OSINT


image-source:Chameleon Associates

OSINT (Open source intelligence) is nothing but the information gathered from open source platforms which can be used in an intelligent manner to do certain activities. The open source platforms includes search engines- Google, Yahoo, Bing, Social media platforms- Facebook, Twitter, Instagram and the other platforms which contains the users’ data irrespective of public or private. The OSINT is mainly recognised as the red team activity which is not true to be exact. It plays a key role for the blue team members as well, depends upon the usage to be precise.

The data collected via these platforms is huge in volume and the purpose behind information gathering is mainly exploitation. How the bits and pieces can be put together to understand the context, properly analysed followed by the intelligent exploits. Here, the word intelligent is put as the victim should be point blank about the adversary and its ploy. Just to clarify OSINT is the process which is legal but obviously there are some limits set and you have to play by the rules set.

As mentioned in the research paper, OSINT is witnessing its second generation and third generation is on the cards but before diving deep into the generations, it is important to know how exactly OSINT works and what are the tools used for it.

So there are basically 5 steps of OSINT:


image-source:Ashish Chhatani

1. Identify the source

Attackers identifies the platforms/areas to target from which they can get some useful data. The platforms can be social media platforms, any documents or may be a person as well. Social engineering is the best way to get the information.

2. Harvest the data:

The information gets harvested in this phase.

3. Process and integrate the data:

The data gathered from the various source is rectified in this phase. The rectification can be done by applying intelligence in it. This is the important step where the data leads to the important aspect. Enumeration comes into the picture.

4. Analyse the data:

The OSINT tools are introduced with all blazing guns to analyse the data properly.

5. Deliver the result:

Submit whatever the data is received after analysing to experts/red team who conducts the advanced attacks.


There’re tons of OSINT tools available in the market. In fact, you can create your own tool as well if you know the scripting and have some knowledge of languages like Python and GO. These tools are nothing but enumeration tools which collects all possible data available on the internet of the user. As mentioned in the above steps of OSINT process, the data collected by the tools needs to be filtered to obtain some serious information which can be used later on.

Popular OSINT tools and platforms:

1. Shodan

2. CMD

3. Datasploit


5. Spokeo

6. The Harvester

7. Google Dork

8. Recon-ng

9. Maltego

10. Creepy

11. WIG

12. Virustotal

13. Greynoise

14.FireHOL IP lists

15. Robtex

16. Hacker Target

17. BinaryEdge

18. Censys

19. Google Hacking Database (GHDB)

20.Security Trails

21. Social media (Twitter, Facebook, LinkedIn, Instagram, Pinterest, Reddit, Tumblr)

There are plenty of other tools available to get the job done. OSINT has so many popular tools which helps you to gain the extensive information. In fact, recently OSINT has helped in hacking crypto mining.

Using couple of tools for reconnaissance on


WHOIS record of the site to lookup domain details


Using The Harvester to dig in further


Trying out Shodan to get some more details

Starting from gathering DNS information, Internet scanning, Passive DNS to automation, OSINT has it all to give you the information you look for. As I mentioned the tools in above segment, you just have to figure out which tool to use and first of all decide the approach. Once your approach is defined properly, one piece of information will take you to another and the chain of information will be there. OSINT is not only about running the tools to get the required information. Apply brain along with the tools. The tools list which is shared covers all the domains but again as I said there are so many other tools and options available to opt for. It’s upto you how you do it and what you do but OSINT certainly plays a significant role in threat intelligence, reconnaissance and to investigate your story.

But while doing so do remember, as the Uncle Ben of Spiderman says “With great power comes great responsibility”. OSINT gives you the power of data and then it’s all upto you. You should know what to do and what not to do and how to deal with data in an effective manner.





4G LTE attacks

The attacks exploit design weaknesses in three key protocol procedures of the 4G LTE network known as attach, detach, and paging.


Wifi Security Protocols

In today’s world Wi-Fi has become the essential thing in our daily routine. The wireless networks are also not secure in this digital age.