Want to protect your data, find an old friend or check any information online? Master OSINT for yourself - it is the key to the world of open sources, available to everyone!
IntroductionWith the advancement of technology and the increasing volume of information available on the Internet, the ability to collect public data (OSINT - Open Source Intelligence) is becoming increasingly relevant. You may have heard of this method before, while many find it difficult and inaccessible. In this article, we will explain what OSINT is, how it can be used in everyday life, and offer free resources for training. You will learn how to collect information for your needs, whether it is checking for data leaks, finding an old friend's profile, or targeting public data.
What is OSINT and why do you need it?Open source intelligence involves collecting and analyzing information from publicly available sources. The use of OSINT is not limited to security professionals: anyone can use these skills to check people, find information about products, or find out about specific events. OSINT is just one part of a broader intelligence activity, but it focuses exclusively on information that is already publicly available.
[h4]Practical applications[/h4]
- Leak detection: For example, you can check your email for data leaks using a dedicated service such as Have I Been Pwned.
- Getting information about a person: Social media provides a wealth of data that can be used for analysis.
- Check for credibility: Research the seller on the online marketplace, learn more about the company offering you the job, or look for reviews about the suspicious call.
What skills are needed for independent development?To successfully learn OSINT, it is helpful to master a few basic skills and tools.
[h4]Search operators (Google/Yandex Dorks)[/h4]These operators allow you to narrow your search results and find specific information. Here are some examples:
-
— search for information only on a specific site.Code:
site:example.com -
— search for PDF files only.Code:
filetype:pdf
[h4]Tools[/h4]To get started, all you need is a browser and a notepad. As you get deeper into OSINT, you may find more powerful tools useful:
- Maltego: A powerful tool for visualizing relationships between data objects. Suitable for analyzing information about different individuals and organizations. Maltego.
- Recon-ng: A framework for intelligence gathering. Contains modules for tasks ranging from social media mining to domain analysis (Recon-ng).
Where to study for free and with benefitThere are many resources where you can learn OSINT for free.
[h4]Russian language resources[/h4]
- Articles on Habr will give you a general idea of this area:
Code:
site:habr.com osint
[h4]Online course[/h4]
- Udemy and Cybrary: Great platforms with lots of OSINT courses.
- TCM Security Course: An Exciting Program for Learning the Basics of OSINT (TCM Security).
Practical case "Find information about..."In this section, we will consider a practical case. The task is to choose a public account or pseudonym, for example, a blogger or a famous author, and try to find their email, associated social networks, check for information leaks. It is important to remember that searching for personal information about individuals can violate their privacy, so for training, use data that the person himself made public.
[h4]Steps[/h4]- Collecting Basic Data: Start simple - write down a name, nickname or handle.
- Search Query (Google Dork): Use different operators to narrow your search. For example:
Or try to find where else this nickname is mentioned:Code:"имя человека" site:twitter.com
Don't forget about other data sources: government registries, news aggregators, forums, message boards, public company profiles, public Whois databases and mapping services.Code:"никнейм" OR "другой никнейм" - Check for leaks: Visit the Have I Been Pwned website and check if any accounts have been compromised.
- Visualization: If you decide to go deeper, use Maltego to visualize the relationships between the data you've collected.
Important note: This script is a simplified example and uses the pwnedpasswords.com API to check passwords associated with an email, rather than the email itself in leaks (that would require a different API). It demonstrates the concept of using the API. For a full-fledged email leak check, it is better to use the Have I Been Pwned website itself or its official API.Code:import requests def check_haveibeenpwned(email): """ Проверяет email на наличие в известных утечках данных через API Have I Been Pwned. """ url = f"https://api.pwnedpasswords.com/range/{email[:5]}" # Используем только первые 5 символов для API Pwned Passwords try: response = requests.get(url) if response.status_code == 200: # Обработка ответа, поиск полного хеша email # В реальном приложении здесь была бы более сложная логика print(f"Email {email} возможно был скомпрометирован. Проверьте на сайте Have I Been Pwned.") return True elif response.status_code == 404: print(f"Email {email} не найден в известных утечках.") return False else: print(f"Ошибка при проверке email: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"Произошла ошибка при подключении: {e}") return False if __name__ == "__main__": email_to_check = input("Введите email для проверки на утечки: ") check_haveibeenpwned(email_to_check)
What's next - develop OSINT skillsOnce you have mastered the basics of OSINT, it is worth continuing to learn and practice.- Participate in courses and forums where new tools and techniques are discussed.
- Join OSINT groups on social media to stay up-to-date and share knowledge.
- Practice by solving specific cases every month.
- As you delve deeper into OSINT, it is also important to think about your own digital security (OPSEC). This may include using VPNs, Tor, sandboxes (such as virtual machines), and disposable email accounts to avoid leaving digital traces.
ConclusionAs you can see, basic OSINT skills are within everyone's reach. There are plenty of resources for self-study, and anyone can start small. By taking the time to develop these skills, you can extract a lot of useful data from open sources.
Frequently asked questions- Is it possible to learn OSINT without English? Yes, many resources are available in Russian.
- Is it legal? Yes, as long as you only use open data and act within the law.
- How long will it take? It all depends on your progress, but the basic ideas can be mastered in a few weeks.
- Do you need Linux? Not necessarily, but command line knowledge can be useful, especially for working with some tools.
