OSINT
Open Source Intelligence (OSINT) is about gathering data from publicly available sources, websites, images, maps, and social media, to uncover hidden information.
In CTF challenges, OSINT tasks may include:
- Identifying a location from a photo
- Tracing a username across platforms
- Searching for password leaks
- Recovering deleted web content through archives
This section summarizes the most practical OSINT resources and techniques used in CTF and cybersecurity investigations.
| Tool | Purpose |
|---|---|
| OSINT Framework | Find free OSINT resources. |
| IntelTechniques | Public collection of OSINT tools. |
Goal: Identify a location based on visual or textual clues.
Common data points to analyze:
- Architecture, terrain, and language on signs.
- Vehicle types and license plates.
- Shadow direction and sun position.
- Road markings and natural landmarks (mountains, coastlines).
Tools:
| Tool | Purpose |
|---|---|
| GeoTips | Comprehensive training guide for geolocation challenges (especially Google Street View). |
| Google Earth / Maps | Examine landscapes, buildings, and coordinates. |
| SunCalc | Estimate sun position and shadow direction for time-of-day deductions. |
| Mapillary | Street-level imagery alternative to Google Street View. |
| What3Words | Coordinate locator dividing the world into unique 3‑word addresses. |
Approach:
- Identify language or signage: note writing systems, road markings, and symbols.
- Analyze environmental features: terrain, flora, weather, and vehicles.
- Verify coordinates: use map matching on Google Earth or Street View.
- Confirm accuracy: align shadows using SunCalc or landmark geometry.
Goal: Investigate and trace images to their origin or related content.
Reverse image searches are often used to find where a photo first appeared, identify people, or locate objects and symbols.
Tools:
| Tool | Purpose |
|---|---|
| Google Images | Standard reverse image search from URLs or uploads. |
| Yandex Images | Often more effective for faces, buildings, or non‑Western content. |
| TinEye | Reverse image search focused on image matching rather than content. |
exiftool |
Extract embedded metadata such as GPS coordinates, timestamps, and camera info. |
Before uploading, always check the image locally with exiftool or strings image.jpg, flags and coordinates are often left in metadata.
For faces or unique landmarks, try both Google and Yandex, each indexes different datasets.
Goal: Identify re‑used or compromised passwords, usernames, and email addresses in public leaks.
These tools provide access to leaked credentials (for ethical research use only).
| Tool | Purpose |
|---|---|
| dehashed | Search database leaks by email, username, or password hash. |
| LeakCheck | Search and API-based credential checking service. |
| SnusBase | Large-scale breach search with hash lookups. |
| HaveIBeenPwned | Free public API to check if an email appears in known breaches. |
Tips:
- Search usernames or emails found in metadata, social media, or archives.
- Use partial hashes or common passwords in combination with CTF clues.
Goal: Uncover deleted or hidden information from websites and public data sources.
Common tasks:
- Recover deleted web pages or past site states.
- Search usernames or domains across platforms.
Tools:
| Tool | Purpose |
|---|---|
| Wayback Machine | View historical versions of websites. |
| Hunter.io | Discover email patterns and addresses linked to domains. |
| Social Searcher | Search multiple social platforms for usernames and keywords. |
| Shodan | Search for exposed machines on the internet. |
| Sherlock | Command-line username search across hundreds of websites. |
| Maigret | OSINT tool for aggregating social accounts tied to a single identity. |