OSINT Ninja: Beginner terms #NoobFriendly

Want to become an OSINT ninja? Our beginner's guide will teach you the basics terms of Open Source Intelligence.

💻 #Pentesters use a wide range of tools for OSINT, with consultants often using their own tools.
🔍 Some popular OSINT tools include:

🔍 Scrapesy: Scrapes both the clear web and dark web for exposed credentials
📧 O365 Squatting: Generates typosquatting permutations and cross-references them against Office 365 infrastructure to find potential phishing websites
🌐 ZMap: Network scanner that discovers devices and services exposed to the internet
🔎 #Ghunt: Finds information associated with a Google ID
🦉 Intel Owl: Pulls together threat analysis tool feeds into a single API
🕸️ #ReNgine: Open source tool for aggregating recon feeds
📡 #Shodan: IoT device search engine used to find unsecured equipment on LANs and other hardware-based weak spots
🕵️‍♀️ Social Mapper: Uses facial recognition and usernames to track targets across platforms
🕷️ Spiderfoot: OSINT automation tool, available in open source and commercial versions
🔍 Sublist3r: Python-based sub-domain enumerator
🕵️‍♂️ theHarvester: Helps to "determine a company's external threat landscape on the internet" by gathering emails, names, subdomains, IPs and URLs
🔎 Google dorking: Technique for using specialist search terms to find hidden results

📚 The SANS Institute has also published a detailed list of OSINT tools.