Utilize publicly available information such as search engines, public repositories, social media, and more to gain in-depth knowledge on a topic or target. Open Source Intelligence (OSINT) are skills used for data gathering in preparation for a penetration tests.

Recommended Tools:

Scanning Tools:

  • OSINT Framework – queries free search engines, resources, and tools publicly available on the Internet. 
  • Maltego – Included in Kali Linux ; collects footprints of any target
  • Google Dorks – ways to query Google against certain information using operators that may be useful.
  • Nmap  – open source utility utilized for security auditing and network exploration across local and remote hosts”.
  • Recon-ng – built in the Kali Linux distribution; used to perform reconnaissance on remote targets.
  • Shodan – network security monitor and search engine focused on the deep web & the internet of things. 
  • OpenVAS (Open Vulnerability Assessment System) – open source version of Nessus used for vulnerability scanner & security manager
  • Fierce  – IP and DNS recon tool written in PERL for finding target IPs associated with domain names.
  • FOCA (Fingerprinting Organizations with Collected Archives) – analyze web servers and their hidden info. Collects data from MS Office, OpenOffice, PDF, as well as Adobe InDesign, SVG and GIF files. Works with Google, Bing and DuckDuckGo. 

This web reconnaissance framework was written in Python and includes many modules, convenience functions and interactive help to guide you on how to use it properly.


  1. Youtube: ‘Solving CTF Challenges: Reconnaissance‘ (57:25)
  2. Youtube: ‘Open Source Intelligence 101‘ (46:49)
  3. Youtube: ‘HackMiami %27 – OSINT 101 with Buscador and Maltegock
  4. YouTube: Information Gathering with Kali Linux : Use Maltego to Gather & Visualize Information|packtpub.com