Open Source Intelligence (OSINT) Master Course

Hands on live tracking and deep web searching

Utilize vulnerabilities to identify if unauthorized activity is possible.

Understand the basic concepts of OSINT from ground up

Understand the basic concepts of OSINT from ground up

Understand the Internet, search techniques, analyse information and intelligence

Learn to remain anonymous while using OSINT for investigations

Request more information

We'll connect you at the earliest
Open Source Intelligence (OSINT) Master Course
Open Source Intelligence (OSINT) Master Course

Tools Covered in this Course

Course Details

What You Will Learn

In this course, you will learn about OSINT (open-source intelligence) from a hacker’s point of view. You will get equipped with various tools and techniques and learn how to set up a virtual lab and protect yourself. This is a comprehensive course that will be using free open source tools to investigate people and companies. No matter if you are totally new to the fascinating world of OSINT and hacking or have some experience, this course will walk you through how both hackers and investigators use these tools and why.

By the end of this course, you will have a good understanding of OSINT, how to perform it, the tools necessary, and how your own information online could be used against you. You will learn Linux basics and how-to setup your own virtual lab.

Who Should Attend?

This course will teach you techniques to help your work whether you are trying to find suspects for a legal investigation, identify candidates to fill a job position, gather hosts for a penetration test, or search for honey tokens as a defender.

While this list is far from complete, the OSINT topics will be helpful to:

  • Cyber Incident Responders

  • Digital Forensics (DFIR) analysts

  • Penetration Testers

  • Social Engineers

  • Law Enforcement

  • Intelligence Personnel

  • Recruiters/Sources

  • Private Investigators

  • Insurance Investigators

  • Human Resources Personnel

  • Researchers

Why is this important?

Whether you are in cyber network defense, an intelligence analyst, corporate investigator, or law enforcement personnel, we have the curriculum and qualified instructors to enhance your capabilities.

From tracking the digital exhaust from a target on the dark web to uncovering a source looking to disrupt your brand reputation by stealing your intellectual property – organizations must be equipped with defenses to prevent critical disruption in their company’s operations.


Module 1 – OSINT for data collection – start-up

Starting with DNS enumeration, getting useful URLs, IP and host finder, we will dive into harvesting email addresses anonymously and finding information about an email. Google dork or Google hacking database will play a crucial role in finding the complete information about anything deeply. Netcraft, web archives, and cached data will complete this module with outstanding command over all the topics discussed. You can start OSINT straight from here.

  • DNS Enumeration

  • DNSSEC analyzer

  • URLcrazy

  • URL Expanders

  • Passive recon

  • IP, Host automater

  • Harvesting email addresses

  • Email information gathering

  • Netcraft analytics

  • GHDB

  • Multiple Website Archives

  • Cached data


  • Harvesting email addresses

  • Using Google dorks to find hidden data

  • Searching for cached data

  • Using Automater

  • Gathering DNS records

Module 2 – Company, Social Networks and file metadata OSINT

This module consists of several such tools that are capable of doing anything from extracting information or data from the file’s metadata, insights of a company’s details that will be beneficial while conducting attack for pentesting. We will dig into databases of job site postings to figure out the servers and databases used inside a company. Further, we will find people, their details, phone numbers, and social profiles will be gathered in order to perform social engineering. Maltego-CE will be investigating domains, people, email and so on. We will get details about a picture, from date and time, pixel, focal length, geo-location and much more.

  • FOCA – Extract information from metadata

  • Metagoofile

  • Opanda PowerExif – Data viewer

  • EDGAR – Accessing company insights

  • Company search database

  • Get database/server used in a company with job site

  • Twofi – Twitter data

  • Peekyou – people search

  • Lullar

  • Maltego-CE – finding links and details with investigation

  • Facebook OSINT

  • Twitter OSINT

  • Google+ OSINT

  • LinkedIn OSINT

  • Reddit, Tinder, eBay, Craigslist (Classifieds)


  • Database server of a company from job site

  • Information about a picture (Metadata)

Module 3 – Databases and records

This module will make you think of yourself like an investigator or something like a crime scene investigator. Getting data leaks of someone’s email record, information about terrorist’s groups strength, blasts weapons, etc., feeling like James Bond will be when you get someone’s flight details. Vehicle records, wireless networks around you, cell phone tower locations worldwide, employee records, important documents with a whole database, default passwords, live cameras, finding geo-location details over a live map and, most importantly, government’s data that is top secret. All of these are key information that needs someone to hack into or penetrate networks for security testing. We will collect data even from the Darknet (Dark web).

  • Exploit DB and search sploit

  • Terrorism record database

  • Hunting criminal records

  • Default passwords DB and lists

  • Juicy information from Dark web

  • Data Leaks hunt

  • Air traffic live database

  • Mapping the fence like intruders

  • Vehicle records and database

  • Live cameras in the world

  • Wireless network mapping

  • Cell phone tower mapping

  • Important Documents search database

  • Employee profiles

  • Government Records


  • Investigate leaked data

  • Get the flight data on and before time of landing

  • Map the fence of a location

  • Find employees of an organization

Module 4 – Threat Intelligence – Automating the whole thing

The last module of this course will remind you how the black hat hackers work without leaving a trace of presence. From GUI tools to CLI, the first three lessons dive in with multiple format information gathering. Recon-ng alone is powerful enough to get each piece of information, from internal IP addresses to the geo-location of stand-alone servers around the globe and that makes us think about how many load balancers may be there. And yes, threat intelligence will prove to be a backbone for security guys who think about protection from Zero-day attacks. We will get cell phone numbers and details about that from a social profile. Web information leakage about the servers, misconfigurations, developer’s comments in the source code will leave a web application open to attack. And finally, the SHODAN HQ, that is called a search engine for hackers, will be playing a great role in hunting vulnerable servers, databases, routers, cameras and so on.

  • Spider foot – Extracting information in a GUI

  • Discover script – multi specialty hunter

  • Recon-ng – Complete info data

  • Threat Intelligence

  • Recorded future

  • Search engine for Ethical hackers

  • Accidental leakage data web leak

  • Mobile phone number details

  • Exploits and advisories

  • Bonus – Godfather of every OSINT


  • Search for vulnerable or outdated servers of Microsoft

  • Perform the recon-ng on target site

  • Collect geo-location IP addresses of target



  • CPU: 64-bit 2.0+ GHz processor or higher based system is mandatory for this course (Important – Please Read: a 64-bit system processor is mandatory)

  • BIOS/UEFI: VT-x, AMD-V, or the equivalent must be enabled in the BIOS/UEFI

  • RAM: 8 GB (gigabytes) of RAM or higher is mandatory for this course (Important – Please Read: 8 GB of RAM or higher is mandatory)

  • Wireless Ethernet 802.11 G/N/AC

  • USB 3.0 port (courseware provided via USB)

  • Disk: 30 gigabytes of free disk space

  • VMware Workstation Pro 15.5.X+, VMware Player 15.5.X+ or Fusion 11.5+

  • Privileged access to the host operating system with the ability to disable security tools

  • A Linux virtual machine will be provided in class