top of page

Threat Intelligence Information Gathering - OSINT Analysis

What is OSINT?

Open-source intelligence (OSINT) is the way of collecting information from publicly available sources published. OSINT operations, whether practiced by IT security pros, malicious hackers, or state-sanctioned intelligence operatives, use advanced techniques to search through the vast haystack of visible data to find the needles they're looking for to achieve their goals—and learn information that many don't realize is public.

I will cover the below tools of Kali Linux for Open-source intelligence (OSINT) Anaysis.

  1. casefile

  2. creepy

  3. dmitry

  4. jigsaw

  5. maltego

  6. metagoofil

  7. theharvester

  8. twofi

  9. urlcrazy

1) casefile

CaseFile gives you the ability to quickly add, link, and analyze data having the same graphing flexibility and performance as Maltego without the use of transforms. Combining Maltego's fantastic graph and link analysis this tool allows for analysts to examine links between manually added data to mind map your information.

  • CaseFile is a visual intelligence application that can be used to determine the relationships and real world links between hundreds of different types of information.

  • It gives you the ability to quickly view second, third and n-th order relationships and find links otherwise undiscoverable with other types of intelligence tools.

  • CaseFile comes bundled with many different types of entities that are commonly used in investigations allowing you to act quickly and efficiently. CaseFile also has the ability to add custom entity types allowing you to extend the product to your own data sets.

USAGE n/a; GUI tool
EXAMPLE n/a, GUI tool

2) creepy

creepy is an application that allows you to gather geolocation-related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation. As you can see is just that – CREEPY, but what a great tool to gather information and build profiles on targets.

USAGE n/a, GUI tool 
EXAMPLE n/a, GUI tool

3) DMitry

DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, TCP port scan, whois lookups, and more. The information are gathered with the following methods:

  • Perform an Internet Number whois lookup.

  • Retrieve possible uptime data, and system and server data.

  • Perform a SubDomain search on a target host.

  • Perform an E-Mail address search on a target host.

  • Perform a TCP Portscan on the host target.

  • A Modular program allowing user-specified modules

How to install: sudo apt install dmitry
USAGE dmitry [options] <file> <url>
EXAMPLE dmitry –help (DMitry help)
EXAMPLE man dmitry (DMitry complete documentation)
EXAMPLE dmitry -iwns -o example.out

4) jigsaw

jigsaw is a simple ruby script for enumerating information about a company's employees. It is useful for Social Engineering or Email Phishing

USAGE jigsaw [options] <url>

EXAMPLE jigsaw -s Google

EXAMPLE ./jigsaw.rb -i 215043 -r google -d

5) maltego

N Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego can locate, aggregate, and visualize this information. Maltego is a program that can be used to determine the relationships and real-world links between people, groups of people (social networks), companies, organizations, websites, phrases, affiliations, documents and files, internet infrastructure (domains, DNS names, netblocks, IP addresses).

USAGE n/a, GUI tool
EXAMPLE n/a, GUI tool

6) metagoofil

Metagoofil is an information gathering tool designed for extracting metadata of public/indexed

documents (pdf,doc,xls,ppt,odp,ods) available in the target/victim websites.

The output is a file that can reveal:

  • relevant metadata information

  • usernames (potential targets for brute force attacks on open services like ftp, pop3, auths in web apps, ...)

  • list of disclosed paths in the metadata

USAGE python <option>


  • -d <domain> Domain to search

  • -f <type> Filetype to download (all,pdf,doc,xls,ppt,odp,ods, etc)

  • -l <number> Limit of results to work with (default 100)

  • -o <path> Output file (html format)

  • -t <path> Target directory to download files

How to install: sudo apt install metagoofil
EXAMPLE python \ -d ****** \ -l 100 \ -f all \ -o output.html \ -t output-files

7) theharvester

TheHarvester aims at gathering e-mail accounts and subdomain names from:

USAGE theharvester [options]


  • -d <domain> domain to search or company name

  • -b <src> data source (google,bing,pgp,linkedin)

  • -s <start> start in result number X (default 0)

  • -v verify host name via DNS resolution

  • -l <limit> limit the number of results to work with (bing goes from 50 to 50 results, Google 100 to 100, and pgp doesn't use this option)

How to install: sudo apt install theharvester
EXAMPLE ./ -d -l 500 -b bing

8) twofi

Twitter Words Of Interest - twofi uses Twitter to help generate lists based on searches for keywords related to the list that is being cracked. An expanded idea is being used in twofi which will take multiple search terms and return a word list sorted by most common first. Also given a list of Twitter usernames the script will bring back approximately the last 500 tweets for each user and use those to create the list.

How to install: sudo apt install twofi
USAGE term1,term2,term3 ,…(no spaces)
USAGE username1,username2,username3 ,…(no spaces and no @)

--help, -h: show help
--count, -c: include the count with the words
--min_word_length, -m: minimum word length
--term_file, -T file: a file containing a list of terms
--terms, -t: comma separated search terms quote words containing spaces, no space after commas
--user_file, -U file: a file containing a list of users
--users, -u: comma separated usernames

9) urlcrazy

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

  • Detect typo squatters profiting from typos on your domain name

  • Protect your brand by registering popular typos

  • Identify typo domain names that will receive traffic intended for another domain

  • Conduct phishing attacks during a penetration test

How to install: sudo apt install urlcrazy
USAGE ./urlcrazy [options] <domain>
EXAMPLE ./urlcrazy

Recent Posts

See All


bottom of page