What is OSINT and is it legal?

Open-source intelligence likely existed as long as social networks do. Completing the jigsaw of personal data is a very amusing thing - especially if you like arcanes of this sort

You may be interested in taking a look at our other antivirus tools:
Trojan Killer, Trojan Scanner for Android.

OSINT - open-source intelligence

What is OSINT?

OSINT, or Open-Source Intelligence, is a powerful tool for getting the information on any suspect. It is often used by governmental special services, but available to use by every user.

The meaning of this abbreviation uncovers the whole task of that phenomenon. The intelligence that is conducted based on the open-source data works extremely well when you need to keep the fact of reconnaissance in secret. All breaches, or attempts of ones may easily be detected by system administrators, or other qualified personnel. Meanwhile, obtaining the info about the co or the person in Instagram, or on the website with local companies’ info, is much more stealthy and easier.

It is important to uncover how that works. It is hard to describe how much information you leave while acting on the Internet. And it is not your fault, if you are not paranoid about your privacy and don’t think twice at each message. You mentioned your location here and there, said when did you usually finish your workday – and that is already enough to say a lot about you.

Instagram data
Instagram contains a lot of data for OSINT operations

Comprehension of shattered facts about a person or a company is not an easy task, especially when in OSINT you rely on databases or unstructured info rather than on messages in social networks. At that moment, OSINT tools come into view.

OSINT tools

Primary task of OSINT toolkits is to make the data analysis easier by structuring it. But most of the modern OSINT tools offer not just the ability to sort your info in a preferred way, but also ready databases to analyse. Yes, that may look like an attempt to be more clever than the user is, but it is just the way to make these semi-legal tools less fragmented.

Majority of the OSINT tools are available even in the surface Web - on GitHub, in particular. However, some of them - especially ones for deep analysis - could be found only in the Darknet. Some special tools that are designed for actions that can easily be classified as spying are placed for sale on the Darknet forums or sales platforms.

OSINT vectors

Let’s have a look at where you can get the information about the suspect you’re interested in. Once again - all data from all OSINT sources can be gathered and analysed manually, without any additional software. Apps are needed to make this process faster and easier, one may say - available for everyone.


How much can you get by having only the email address of your target? Surprisingly, a lot. With the help of Google you can uncover various facts, including shocking ones. But only with analysing the exact email address you can get the user’s name, year of birth (or even the full date) or other important dates. The pronunciation of this individual, along with the language and possible country may possibly be there, too.

Information about the sender that you can get from the single email address

Applying Google or other search engines (or even special tools), you will be able to find the social networks connections for this particular email. Sometimes, you will also find the related images, domains registered with this email and some other things. If there was a breach with this email in the leaked data pack - you will likely see this pack, too.

Social networks (Twitter, Instagram examples)

Twitter and Instagram are the places where people are not shy to uncover their personal details. What is more important for OSINT - these networks have a lot of valuable data exposed by default. Hence, all things are available - just take it and use it. And there are a lot of new users to both of these networks, who still don’t know how to hide their private information.

Main points of interest in these social networks are concentrated in profiles and in posts. The information lies on the surface, so you don’t even need to run any additional tools to complete the jigsaw. Instagram reconnaissance surface is the target’s username, followers and followed accounts, its websites, biography in the profile top, and so on. In the posts you will find enough info to track the favourite places of this person, or the friends of your object of interest.

Twitter offers other data to observe, but in the end you will have almost the same full picture. You can see the profile pic and track the last replies of the user, see the join date and birthday. Some users add location to their profile - this action is not obligatory, but may say a lot if the target does not try to counteract the reconnaissance. Twitter also allows everyone to save the media attached to the message. That allows you to make the image analysis - see the next paragraph.

OSINT surface Twitter
OSINT surface in Twitter

Images analysis

Metadata in the images is a juicy source of information about who, where and how it was made. Even if you have a deal with the screenshot, you can figure out the screen characteristics, phone model, operating system and camera app. Going deeper may uncover the geolocation and time when the photo was taken. However, metadata is pretty hard to analyse without the special software - it looks more like a row of slightly structured numbers and letters.

Exploring the metadata
Exploring the image metadata

Another edge of image analysis touches the exact contents of the image. Buildings, persons, views - all these things will help you to determine location and circumstances. For such an analysis, you will likely need to use Google Street View, Google Maps and Google Lens. All of them are free and pretty effective. However, people who have a descent knowledge about cybersecurity and privacy will likely wipe the metadata - manually or with the use of special tools.

IP analysis

The old good verbal threat to figure out the location by the IP address is not as silly a joke as it could look like. Sure, you will still likely fail to get the precise location, but there are a lot of other things to compensate for that. This analysis is done prevalently with the use of special tools - websites or web applications.

OSINT by IP-address
Scheme of OSINT attack through the IP-address

First step into IP analysis is to make sure that you are dealing with a real IP, not a VPN server or Tor Exit Node IP-addresses. After clearing that moment, you may step forward - to checking the IP properties. Using certain sites, you can figure out if that IP is static or dynamic, private or public, and can also check if Cloudflare bans it. By the way, services like Cloudflare can reveal to you if that IP is associated with threat actions or spamming.

Scanning that IP address with basic network tools will show you the open ports on that address, OS, hostname and the services run under that IP. Using some specific keywords and functions of the torrent-trackers, you can get what did the user download, which search engines used in both Surface and Dark Web.


The most popular video hosting sites also keep secrets poorly. However, that is just the specific model of that social network. You can easily track the comments of the person you need just by having his/her nickname. On the exact YouTube page, you can see which games this user plays, what are his typical activity hours, possibly get some details on his personal life. Location may be obtained through either checking the activities and in the Community tab.

OSINT surface in the YouTube
Here is what you can get with checking the account details

Other part of the information hides in the Channel Info section. Here you can see the subscriptions of that user, channels he/she likes, email of that account, joined date and a lot of other interesting stuff. What will you do with all this information - that is your choice. But YouTube offers one of the biggest surfaces for OSINT attack.

Of course, that is not a full list of possible vectors of open-source intelligence. Moreover, there is no guarantee that you will get even a thing from the object of intelligence. Users who know the key rules of online anonymity will just leave no significant tracks. Ones who know the exact OSINT vectors will also understand how to avoid the successful reconnaissance, or will even mislead it.

Who and why uses the OSINT?

Open-source intelligence is demanded by a wide range of different users. Don’t think that if it contains the word “intelligence” thus it is demanded only by the FBI and cybercriminals. Sure, they use it, too, but they have access to more serious and sophisticated tools of reconnaissance. Meanwhile, OSINT is pretty widespread in companies, and sometimes used by individuals. Companies use it to prepare for negotiations with the company they have never had a deal with. It is quite useful to know more about your potential partner or rival even before the talks.

Individuals, on the other hand, use open-source intelligence to get some information. OSINT may be extremely useful if you want to know more about the company you’re trying to get a job in, or to see who that beautiful girl you met yesterday in the park. That may look strange and a bit overkill, but it is always possible to stop before that goes too far.

Unless you use illegal software for it - yes. However, illegal programs for OSINT that you can see for sale in the Darknet are rather a spyware than just a program for data analysis. That’s nothing bad in checking the available information without any malevolent intentions. However, benevolent search may easily turn into malevolent when you go too far to get the information. Searching online is OK, starting a phishing campaign to get the info out of the employees is not.

However, from a moral point of view any type of intelligence is bad. If someone doesn't want to say something to you, he/she likely has some motivations for that. And searching for some info on that topic in the social networks of this person may be harmful for your relationships. Sure, it cannot be called illegal from the legislative point of view, but can make you an ill-famed maniac. Reconnaissance based on the open-source data is a very powerful tool, so use it wisely to keep your reputation clean.