This toolkit, useful for profiling, research, and digital investigations, was built for me and my trainees (profilers, fact-checkers, researchers and journalists). It contains only working and necessary tools. All are tested in real cases and are mostly free. The UI and CLI tools are separated.
👁️🗨️ For additional purposes use Bellingcat’s Online Open Source Investigation Toolkit. It is awesome!
🖖 Do you want to have a piece of training from me? Feel free to send a request in Russian or English on my LinkedIn Service Page. Please find some free training and webinars in the OSINT Design section of this kit.
- Research
- Target Identification
- Arrange Your Findings
- Some Thoughts About OSINT Design and OPSEC
- Professional Standards for Work and reports
This section is useful not only for the profiler but in general for any journalist, fact-checker, or researcher
- Open Measures. Ex-SMAT. Research in the list of sources
- TGStat. From $20 monthly. Limited free options
- Perplexity. Very good for deep research
- Domain Digger
- Whoxy
- American Registry for Internet Numbers
- SMAT. Provides command line tools for getting data from the Social Media Analysis Toolkit (SMAT)
- theHarvester. You should add APIs to make this tool useful
- creepycrawler. OSINT tool to crawl a site and extract useful recon info
Names, nicknames, e-mails, phones, crypto wallets — find your target's digital footprint and connections
- OSINT Industries. The best UI available at the moment for free for investigators and police
- OnChain Industries. From free to $10
- User Search AI. Free is not bad. $19 monthly subscription
- WhatsMyName. UI includes 2 CSE. 403 with some VPNs (unveil or use Tor in this case)
- Epieos. From free to 1 euro for a full-access request
- Intelligence-X. From free to $20,000/year
- Himera Search. For Russia. Pay what you get (about $1-2 for a detailed report)
- VkHistoryRobot. Free
- ShaitanMachine Bot. Paid
- Telegram OSINT Bot catalogue. Search for the bots you need
- Sherlock
- GoSearch. Sherlock analog in Go. Tool development in progress but it seems very perspective
- Maigret. CLI is better than the official TG-bot, the local web interface available and it is not bad
- WhatsMyName. I use this version
- BlackBird. Searches for user accounts by username or email. It features WhatsMyName integration
- GHunt. Brilliant for Google account research
Where to keep your findings and/or create a final report
- Obsidian. A customizable writing app from Micah Hoffman, aka @webbreacher, excellent and transparent interface. Available for any OS. A lot of plugins. Free for personal use. Obsidian Templates are here
- Osintracker. Run in a browser. Don't forget to backup your findings. Osintracker WIKI
- Maltego. From $2,500/year. Free Community Edition is available
- Paliscope Explore. Free Community Edition is available
Before you start, you have to think about operation security. It is about your security and all the people you work with and accidentally disclosing your target information without your permission. The main task is not to install tons of software on your machine but to change your behavior from insecure to secure.
- Here's the link to my webinar on Personal Cybersecurity Basics (in Russian).
- Introduction to OSINT by Micah Hoffman and Griffin Glynn | Get a certificate! (In English)
- Otherwise, see Aidan Rainey's webinar (in English).
- See also this OpSec-Guide on GitHub.
- Step-by-step guide to building a custom machine for OSINT activities
It's best to start with one "don't." Don't create a profile "just because I can." Firstly, it's not always ethical, and secondly, it can lead you down the wrong path. A good rule I've developed for myself, and which I try to follow, is this: I don't need more data than I actually require to solve a specific task.
A profile is always built around a specific task. When you're investigating a crime, searching for a missing person, or when you need to hire people whose views align with the company's mission, you will naturally include creating a psychological profile. But when your task is to determine if certain provided data is fraudulent, no psychology will likely be needed. Nor will linguistic analysis.
- Choose your tools according to the task.
- Remember, not all tasks can be solved quickly, easily, or cheaply. There are always some tasks you won't be able to solve by yourself.
- Learn from others; profiling is a constant learning process.
- Read: How to find information on anyone: The best OSINT tools for people search
- Look at: OSINT Framework
-
The Intelligence Community Standard (ICS) offers a framework designed to ensure consistency, accuracy, and professionalism across the U.S. Intelligence Community. It is clear and acceptable for use as guidance for OSINTers worldwide. ICS provides clear guidelines for processes, methodologies, and workflows, enabling intelligence professionals to produce reliable and credible outputs. For example, ICS 206–01, effective December 2, 2024, focuses on the proper citation and referencing of Publicly Available Information (PAI), Commercially Available Information (CAI), and Open Source Intelligence (OSINT)
