What is OSINT?
Nicolas,
OSINT is an intelligence discipline that relies exclusively on publicly accessible information sources. Used by intelligence agencies, journalists, cybersecurity professionals and private investigators, OSINT has become in 2026 one of the most sought-after skills in the fields of digital security and online investigation.
Definition of OSINT
OSINT stands for Open Source Intelligence. It refers to the set of techniques and methodologies used to collect, analyse and cross-reference information from publicly accessible sources in order to extract actionable intelligence.
The term "open source" does not refer to open-source software, but to the idea that the information sources are open — meaning accessible without resorting to illegal means, computer intrusions or interception of private communications.
The main sources used in OSINT
OSINT draws on a wide variety of public sources:
- Internet and search engines: web pages, forums, blogs, advanced search results (Google Dorking)
- Social networks: public profiles, posts, photo metadata, geolocation
- Public databases: company registries, land registers, official records, official journals
- WHOIS and DNS data: domain name registration information, network infrastructure
- IP addresses: approximate geolocation, associated ISP, reputation history
- Data leaks: publicly released compromised databases, exposed credentials
- Images and videos: geolocation through visual analysis, EXIF metadata
- Press and media: articles, archives, official press releases
- Dark web: forums and marketplaces accessible without intrusion
Good to know: the IP address is one of the most common starting points for an OSINT investigation. From a public IP address, an analyst can identify the internet service provider, approximate location, ASN (Autonomous System Number), reputation history and open ports of a host — all information legally available via services such as Shodan, GreyNoise or public WHOIS databases.
What is OSINT used for?
OSINT applications are numerous and cover many different fields:
| Field | Application |
|---|---|
| Cybersecurity | Target reconnaissance, data exposure detection, threat intelligence |
| Journalism | Fact-checking, investigation of individuals or organisations, event geolocation |
| Law enforcement | Criminal investigations, suspect identification, online activity monitoring |
| Business | Due diligence, competitive intelligence, partner verification |
| Recruitment | Verification of candidate identity and background |
| Personal security | Auditing one's own digital footprint, privacy protection |
The most widely used OSINT tools in 2026
The OSINT tools ecosystem is very rich. Among the most popular:
- Maltego: data visualisation and correlation tool, widely used in cybersecurity
- theHarvester: collection of emails, subdomains and infrastructure information
- Shodan: search engine for internet-connected devices exposing their ports and services
- Recon-ng: modular command-line reconnaissance framework
- SpiderFoot: automation of OSINT collection on a given target
- OSINT Framework: online directory referencing hundreds of tools categorised by type
- Wayback Machine: archive of historical versions of web pages
OSINT and privacy: the legal limits
Although OSINT is based on public information, its use is not without legal limits. In France and the European Union, the GDPR strictly regulates the collection and processing of personal data, even when publicly accessible. Collecting OSINT data on an individual for the purposes of harassment, stalking or intimidation is illegal, regardless of the public nature of the information.
Ethical OSINT rests on three fundamental principles: the legality of the sources used, the proportionality of collection relative to the objective pursued, and the protection of third-party data not involved in the investigation.
Good to know: conducting an OSINT audit on yourself is a recommended practice to assess your own digital exposure. Searching your name, email addresses and phone number on search engines and data breach databases (such as Have I Been Pwned) allows you to identify which personal information is publicly accessible and take the necessary steps to reduce it.