THE OSINT VAULT

A COMPLETE PLATFORM FOR DIGITAL INVESTIGATORS, ANALYSTS, AND RESEARCHERS.

Getting Started

OSINT Beginner Kit

Start investigating with a clear, sequential workflow. Tools, ethics, OpSec, documentation — everything you need to go from zero to your first real investigation without wasting time on the wrong things.

Beginner-Friendly Ethics Included Free Tools Workflow-First
Back to Tools Directory

What is OSINT?

Open Source Intelligence (OSINT) is the collection and analysis of information from publicly available sources. It's used by security professionals, investigators, journalists, and researchers to gather intelligence ethically and legally. The key distinction: OSINT uses only what's publicly accessible — no unauthorized access, no intrusion.

Getting Started: 5 Essential Steps

1. Learn the Basics

Understand what OSINT is, its legal boundaries, and ethical considerations. Know the line between open-source collection and intrusive surveillance before you run your first query.

2. Choose Your Starting Tools

Start with browser-native tools that don't require installation. Use the Google Dork Generator for precision searches, the Multi-Search Launcher for platform pivots, the Report Composer for documentation, and the Bookmarklet Library for on-page extraction.

3. Practice Safe Investigation

Use a dedicated browser profile, a VPN, and a virtual machine for sensitive work. Never investigate yourself using personal accounts — operational separation is non-negotiable.

4. Document Everything

Record timestamps, source URLs, and screenshots for every finding. Use the Note Organizer to structure raw notes, then export to the Report Composer for a defensible deliverable.

5. Join the Community and Keep Learning

OSINT skills atrophy without practice. Follow active researchers, participate in CTF challenges, and run practice investigations on public datasets regularly.

Your First 10 Tools

  1. Google Dorking — Advanced search operators for finding hidden data. Generate dorks here.
  2. Sherlock — Username enumeration across 300+ social networks.
  3. Hunter.io — Find and verify professional email addresses by domain.
  4. WhatsMyName — Check username availability and presence across platforms.
  5. crt.sh — Certificate transparency search for subdomain discovery.
  6. Have I Been Pwned — Check whether email addresses appear in breach data.
  7. Wayback Machine — View historical versions of websites for timeline reconstruction.
  8. TinEye — Reverse image search for photo origin and reuse tracking.
  9. Shodan — Search engine for Internet-connected devices and exposed infrastructure.
  10. OSINT Framework — Taxonomy of OSINT tools organized by investigation type.

Safety & Ethics

Do Not:

  • Access private or password-protected information
  • Use hacking tools or exploit vulnerabilities
  • Harass, stalk, or intimidate individuals
  • Share personal information publicly without consent
  • Investigate yourself using personal accounts
  • Break any local laws or regulations

Do:

  • Only use publicly available information
  • Respect privacy and ethical boundaries
  • Use VPNs and OpSec best practices
  • Document your sources and methodology
  • Verify information from multiple independent sources
  • Know and follow your local laws

Practice Exercises

Exercise 1: Username Investigation

Pick a common username (not your own) and find all social media profiles associated with it using Sherlock or WhatsMyName. Document each result with timestamp and URL.

Exercise 2: Domain Research

Use crt.sh to find all subdomains of a public company website. Map the infrastructure and note any unexpected subdomains.

Exercise 3: Image Analysis

Take a public photo from a news article, check its metadata with ExifTool, then reverse-search it on TinEye and Google Images. Note any discrepancies in claimed origin.

Exercise 4: Historical Research

Use the Wayback Machine to see how a company website looked 5 years ago. Document structural changes, removed pages, or contact info that no longer appears.

Learning Resources

Free Courses & Training

  • OSINT Framework by Justin Nordine
  • Trace Labs OSINT Search Party Fundamentals
  • Intelligence-X OSINT Training
  • Michael Bazzell's IntelTechniques

Recommended Reading

  • Open Source Intelligence Techniques — Michael Bazzell
  • OSINT Handbook — Rae Baker
  • Social Engineering: The Art of Human Hacking — Christopher Hadnagy

Communities

  • r/OSINT on Reddit
  • OSINT Curious Project
  • Trace Labs Discord
  • Bellingcat Community

Ready to Start Investigating?

The tools are here. The methodology is clear. Start with the Dork Generator, run a pivot in the Multi-Search Launcher, and document results in the Report Composer. Then test your skills in the OSINT Quiz.

Explore All OSINT Tools

Beginner Kit FAQ

Who should use this kit?

New investigators who want a structured, low-friction start to OSINT workflows. No prior experience required.

What should I practice first?

Run a query in the Google Dork Generator, pivot with the Multi-Search Launcher, and capture evidence with the Bookmarklet Library.

How do I document results?

Use the Report Composer to structure findings with timestamps and sources. Every finding needs a source chain.