OSINT: What it is & What Tools to Use?

OSINT: What it is & What Tools to Use?

All Social Links products are applied in OSINT. The term is relatively new, Wikipedia defines it as ‘Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context.[1] In the intelligence community, the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources). It is not related to open-source software or collective intelligence.

Intelligence, investigations, and open data searches have been around for thousands of years. Their goals haven’t changed much, but their form and tools change very much. A foreign merchant listened carefuly to the conversations on the market of Byzantine Constantinople could learn more than just the changes in market conditions, but form an opinion on the stability of political regimes in different countries, the probability of war with barbarians, the Emperor’s financial problems, court intrigues and more. All this and much more was acquired by curious readers through thoughtful newspaper analysis in the 19th century. In the last century, radio and television joined newspapers as major information sources. The advent of the Internet and social networks took the problem of searching for information to a new level. And at the same time, new tools emerged.

For OSINT, only sources and methods that are used by a person working on the Internet manually and without violating property rights are used. Hacking protection, password selection, closed databases do not belong to OSINT. Databases of the Europol or Interpol are not analyzed: only resources in free public access.

An experienced professional can create special search queries and use them to look up files on a site not visible during regular web surfing. You can specify a specific URL and get access to data that is not displayed on the site pages, or displayed on many pages in a breakdown. There are thousands of similar search methods and ways to access information. Such requests can be generated manually, but it takes an unacceptably long time. OSINT tools allow you to do the same thing, but much faster.

Some investigations that can be safely attributed to OSINT are carried out manually, but with the participation of a huge number of people, usually volunteers. A classic example of such investigations is the work of Bellingcat ( This approach has repeatedly proved its effectiveness, but it is applicable only in cases of interest to the general public, significant to people. If you are a security officer of a commercial holding company and you need to check the track record and connections of potential contractors, volunteers won’t help you, you need approaches that automate routine operations.

OSINT Instruments

There are two main types of software products for OSINT: some collect information, others process, analyze and visualize it.

Of course, we will describe further in more detail about Social Links and other tools, and maybe it will not be independent, but nevertheless we will try to do this using the example of a comparison of Maltego and IBM I2 Analyst’s Notebook.

For example, Maltego has powerful visualization features. Social Links Pro plugin for Maltego collects information from a wide range of resources through numerous search queries (depending on what information is needed). The most difficult part of the job is collecting data, because its layout and access to it are constantly changing, so data collection tools must change with them. There are fewer products like that, however, there are noticeably more options for analyzing and visualizing previously collected information.

There are several large, complex solutions, including IBM I2, Palantir Gotham, and Paliscope. They are quite expensive, and access to Palantir is only given under certain restrictions unrelated to payment. A key type of analysis with Palantir Gotham is link analysis, which enables analysts to visualize and analyze the connections between “entities” such as people, addresses, phone numbers, etc.

Below you can find a brief overview of the comparison Maltego and IBM I2:

Maltego (commercial versions):

has the incredible feature to enrich the data available in the network/graph via its public and paid transforms.

can be used for OSINT investigations (fraud, IP, cyber crime, domain analysis, etc.) and also for reconnaissance for any type of penetration test projects.

IBM i2 Analyst’s Notebook:

is great if associated with IBM i2 Base database for graphical mapping of structured data within the db.

has a lot of options in relation to the layout (graphical) representation of the networks (way more options than Maltego).

cannot enrich the data in the network via any type of transforms (transforms paid or public do not exist).

They are both link analysis tools with the main difference that Maltego is fundamental for data enrichment, while IBM i2 Analyst Notebook for analysis of that data.

Most professionals who work with OSINT use open-source products. A huge collection of tools of various levels is collected on GitHub: from individual scripts to Linux distributions with Maltego included in it. There are products with narrow specialties, for instance, Hunshly - an app that saves web pages in a form suitable for filing documents in court, like screenshots. The vast majority of solutions are highly trained user-oriented, and the necessary programming skills include the ability to independently understand the code and change it, if necessary, to adjust it to the task. There are almost no complex packages that solve users' problems in a graphical user interface, without direct access to the code, and have a wide range of functions. Most products solve the limited task of finding specific information in a small number of sources.

There is relatively little investment in OSINT products for two reasons. First, such a product must work reliably in a very volatile environment. Permanent staff should make sure that the automation of requests to sources does not stop working properly to give results: after all, how information is laid out is constantly changing. Secondly, the legislation on data protection, including personal data, is also constantly changing, becoming more complex and tough, making development in this area even more problematic.

Data owners, especially large social networks, try to close their resources to external search as much as possible. Even getting the right answers manually is becoming more difficult. This makes the value of automated tools like Social Links, which can still extract necessary information from public repositories, constantly increasing.

Social Links is a Maltego add-on for Open Source, Social Media and DarkNet investigations and analysis. Our add-on is dedicated to make OSINT investigations less time-consuming and more efficient. With Social Links you can:

Discover full Social Media presence of target individual,
Map crime group structure and affiliates,
Identify person behind digital credentials,
Find Social Media content by Geo,
Super detail Facebook search,
DarkNet search and much more.

Social Links is popular in EU police forces - Law enforcement agencies from 50% of EU countries already use Social Links.

With Social Links you can mine data from 50+ socials, databases and use 700+ search methods empowered with Face Recognition and search by Geo-coordinates. You will get unique searches in 30+ DarkNet forums and marketplaces without authorization by Phrase, PGP Key, Alias, also, you can get analytics by Products and Locations (shipping from/to).

We also recommend subscribing to our channels to get acquainted with Case study: Facebook Social Links page
Linkedin Social Links page
Twitter Social Links

If you’re looking at OSINT & SOCMINT tools our team will be happy to give you an individual demo and consultation! Please contact us at