Open Source Intelligence (W40)

(2 customer reviews)


59 items sold

Out of stock

Product Description

The access to this course is restricted to Hakin9 Premium or IT Pack Premium Subscription

In the age of social networking where people post everything about themselves over the insecure internet, it becomes easy to hunt for information with the help of open source intelligence gathering. The only thing we are required is to use is the right set of minds with the right set of open source tools.

We can get almost everything, from credit card numbers to social security numbers, personal data, complete profiles of any person, vulnerable and misconfigured servers, private or internal IP addresses of an organization, passwords for admin panel, geo-location of IP addresses; more than 80 percent of the desired information can be obtained using only OSINT (Open Source Intelligence gathering).

This course is focused only on OSINT tools that are free to use. We have used numerous such tools that act as a silver bullet in terms of accessing public sources.

Course duration: 18 hours (18 CPE credits awarded on completion) 

Course is self-paced, pre-recorded (with instructor support)

What will you learn? 

  • Analytical thinking about information gathering
  • Investigative skills that give you surety for hacking success
  • How you can get any information from public databases
  • How security agencies collect information about your systems and network
  • Data mining techniques
  • Tracking using mobile, social networks, e-commerce sites, etc.
  • OSINT from Darknet or dark web
  • OSINT using free tools only
  • Know how you can use power of Google dorks
  • Databases details from job site postings
  • Threat intelligence
  • Wireless mapping, geo-location mapping
  • Government’s secret records leakage
  • Finding people across the globe
  • Vehicle details database
  • Keep track of intelligence gathering
  • Keep track of people, flight, changes, servers, routers and data

What skills will you gain? 

  • Investigation and OSINT reconnaissance
  • Become an intelligence investigator
  • Collect data indirectly without knowing other information
  • Collect data about servers, location, operating systems, etc.
  • Be able to investigate cases of cyber stalking, cyber trafficking
  • Threat intelligence for your organization
  • Be skilled in complete OSINT
  • Data gathering that could protect you and your company
  • Tracking wireless routers around
  • Skills of GHDB
  • Maltego-CE Investigative methods for servers, emails, people
  • Shodan methods and operations
  • Darknet (Dark web) search methods from TOR networks

What will you need? 

  • OSINT tools in this course (install instructions given in lectures)
  • Windows and/or Kali Linux OS
  • Working network connection - wired or wireless

What should you know before you join? 

  • Familiar with command line tools
  • Familiar with GUI based tools

Your instructor:

Atul Tiwari has over 10 years in security training. He has trained more than 45k students across 162 countries in online mode. Atul has specialized in web security testing and have conducted over hundreds of pentesting, audits, testing of web applications since 2013. He holds CISSP certifications with CEH, cyber laws, CCNA.  

He is founder and CTO at gray hat | security (INDIA)


Module 1

OSINT for data collection – start-up

Starting with DNS enumeration, getting useful URLs, IP and host finder, we will dive into harvesting email addresses anonymously and finding information about an email. Google dork or Google hacking database will play a crucial role in finding the complete information about anything deeply. Netcraft, web archives, and cached data will complete this module with outstanding command over all the topics discussed. You can start OSINT straight from here.

  • DNS Enumeration
  • DNSSEC analyzer
  • URLcrazy
  • URL Expanders
  • Passive recon
  • IP, Host automater
  • Harvesting email addresses
  • Email information gathering
  • Netcraft analytics
  • GHDB
  • Multiple Website Archives
  • Cached data


  • Harvest email
  • Use Google dorks to find hidden data
  • Search for cached data

Module 2

Company, Social Networks and file metadata OSINT

This module consists of several such tools that are capable of doing anything from extracting information or data from the file’s metadata, insights of a company’s details that will be beneficial while conducting attack for pentesting. We will dig into databases of job site postings to figure out the servers and databases used inside a company. Further, we will find people, their details, phone numbers, and social profiles will be gathered in order to perform social engineering. Maltego-CE will be investigating domains, people, email and so on. We will get details about a picture, from date and time, pixel, focal length, geo-location and much more.

  • FOCA – Extract information from metadata
  • Metagoofile
  • Opanda PowerExif – Data viewer
  • EDGAR – Accessing company insights
  • Company search database
  • Get database/server used in a company with job site
  • Twofi – Twitter data
  • Peekyou – people search
  • Lullar
  • Maltego-CE – finding links and details with investigation
  • Facebook OSINT
  • Twitter OSINT
  • Google+ OSINT
  • LinkedIn OSINT
  • Reddit, Tinder, eBay, Craigslist (Classifieds)


  • Database server of a company from job site
  • Information about a picture (Metadata)

Module 3

Databases and records

Welcome to the investigation with publicly available information. This module will make you think of yourself like an investigator or something like a crime scene investigator. Or James Bond 007? Yes, getting data leaks of someone’s email record, information about terrorist’s groups strength, blasts weapons, etc., feeling like James Bond will be when you get someone’s flight details. Vehicle records, wireless networks around you, cell phone tower locations worldwide, employee records, important documents with a whole database, default passwords, live cameras, finding geo-location details over a live map and, most importantly, government’s data that is top secret. All of these are key information that needs someone to hack into or penetrate networks for security testing. We will collect data even from the Darknet (Dark web).

  • Exploit DB and search sploit
  • Terrorism record database
  • Hunting criminal records
  • Default passwords DB and lists
  • Juicy information from Dark web
  • Data Leaks hunt
  • Air traffic live database
  • Mapping the fence like intruders
  • Vehicle records and database
  • Live cameras in the world
  • Wireless network mapping
  • Cell phone tower mapping
  • Important Documents search database
  • Employee profiles
  • Government Records


  • Investigate leaked data
  • Get the flight data on and before time of landing
  • Map the fence of a location
  • Find employees of an organization

Module 4

Threat Intelligence – Automating the whole thing

The last module of this course will remind you how the black hat hackers work without leaving a trace of presence. From GUI tools to CLI, the first three lessons dive in with multiple format information gathering. Recon-ng alone is powerful enough to get each piece of information, from internal IP addresses to the geo-location of stand-alone servers around the globe and that makes us think about how many load balancers may be there. And yes, threat intelligence will prove to be a backbone for security guys who think about protection from Zero-day attacks. We will get cell phone numbers and details about that from a social profile. Web information leakage about the servers, misconfigurations, developer’s comments in the source code will leave a web application open to attack. And finally, the SHODAN HQ, that is called a search engine for hackers, will be playing a great role in hunting vulnerable servers, databases, routers, cameras and so on.

  • Spider foot – Extracting information in a GUI
  • Discover script – multi specialty hunter
  • Recon-ng – Complete info data
  • Threat Intelligence
  • Recorded future
  • Search engine for Ethical hackers
  • Accidental leakage data web leak
  • Mobile phone number details
  • Exploits and advisories
  • Bonus - Godfather of every OSINT


  • Search for vulnerable or outdated servers of Microsoft
  • Perform the recon-ng on target site
  • Collect geo-location IP addresses of target
  • FINAL EXAM - MCQ-based

Course format: 

  • The course is self-paced – you can visit the training whenever you want and your content will be there.
  • Once you’re in, you keep access forever, even when you finish the course.
  • There are no deadlines, except for the ones you set for yourself.
  • We designed the course so that a diligent student will need about 18 hours of work to complete the training.
  • Your time will be filled with reading, videos, and exercises. 


If you have any questions, please contact our eLearning Manager at [email protected].


2 reviews for Open Source Intelligence (W40)

  1. Giuseppe

    excellent information and investigation methods.

  2. Julie Beck (verified owner)

    Great coverage of OSINT tools and techniques. The instructor is an effective communicator and possesses adept presentation skills making it easy to follow and understand. The assignments provide hands-on experience to reinforce what was covered in each module.

Only logged in customers who have purchased this product may leave a review.

Harvesting email addresses for OSINT

ExploitDB and searchsploit


You may also like…

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.