🎓 Beginner OSINT Starter Kit

Your complete guide to getting started with Open Source Intelligence

← Back to Main Site

What is OSINT?

Open Source Intelligence (OSINT) is the collection and analysis of information from publicly available sources. It's used by security professionals, investigators, journalists, and researchers to gather intelligence ethically and legally.

Getting Started: 5 Essential Steps

1. Learn the Basics

Understand what OSINT is, its legal boundaries, and ethical considerations. Never access private or protected information.

2. Choose Your Tools

Start with free, beginner-friendly tools like Google Dorking, Shodan, Hunter.io, and WhatsMyName.

3. Practice Safely

Use VPNs, virtual machines, and separate browsers. Never investigate yourself or use personal accounts.

4. Document Everything

Keep detailed notes with timestamps, sources, and screenshots. Use tools like Maltego or simple spreadsheets.

5. Join the Community

Follow OSINT experts on Twitter, join Discord communities, and participate in challenges like Trace Labs.

Your First 10 Tools

  1. Google Dorking - Advanced search operators for finding hidden data
  2. Sherlock - Find usernames across 300+ social networks
  3. Hunter.io - Find and verify email addresses
  4. WhatsMyName - Check username availability across platforms
  5. crt.sh - Certificate transparency search for subdomains
  6. Have I Been Pwned - Check if emails were in breaches
  7. Wayback Machine - View historical website versions
  8. TinEye - Reverse image search
  9. Shodan - Search engine for Internet-connected devices
  10. OSINT Framework - Directory of OSINT tools

Safety & Ethical Guidelines

✶ DO NOT:

  • Access private or password-protected information
  • Use hacking tools or exploit vulnerabilities
  • Harass, stalk, or intimidate individuals
  • Share personal information publicly
  • Investigate yourself using your own accounts
  • Break any local laws or regulations

✶ DO:

  • Only use publicly available information
  • Respect privacy and ethical boundaries
  • Use VPNs and OpSec best practices
  • Document your sources and methodology
  • Verify information from multiple sources
  • Know and follow your local laws

Practice Exercises

Exercise 1: Username Investigation

Pick a common username (not your own!) and find all social media profiles associated with it using Sherlock or WhatsMyName.

Exercise 2: Domain Research

Use crt.sh to find all subdomains of a company website. Map out their infrastructure.

Exercise 3: Image Analysis

Take a photo, check its metadata using ExifTool, then reverse search it on TinEye and Google Images.

Exercise 4: Historical Research

Use the Wayback Machine to see how a website looked 5 years ago. Note any changes.

Learning Resources

📚 Free Courses

  • OSINT Framework by Justin Nordine
  • Trace Labs OSINT Search Party Fundamentals
  • Intelligence-X: OSINT Training
  • Michael Bazzell's IntelTechniques

📖 Recommended Reading

  • "Open Source Intelligence Techniques" by Michael Bazzell
  • "OSINT Handbook" by Rae Baker
  • "Social Engineering: The Art of Human Hacking" by Christopher Hadnagy

🌐 Communities

  • r/OSINT on Reddit
  • OSINT Curious Project
  • Trace Labs Discord
  • Bellingcat Community

Ready to Start Investigating?

You now have everything you need to begin your OSINT journey. Return to the main site to explore all 124+ tools.

Explore All OSINT Tools