Open Source Intelligence
OSINT is the art of finding information that is technically public, but not always easy to find. It is used by journalists, researchers, law enforcement, and security professionals to gather intelligence from publicly available sources.
Where would this get you? This image shows something interesting, but the real question is: where was this photo taken? Identify the building where this photo was captured.
What building was this taken from? This photo was captured from a high vantage point overlooking a city at night. Your mission is to identify which building the photographer was standing in when they took this shot.
You received this file from an anonymous source. Something about it seems... off. Find the GPS coordinates of where this was taken. The answer format is: latitude,longitude
Extract hidden data from images
Upload or paste an image to extract EXIF metadata including GPS coordinates, camera info, timestamps, and software fingerprints. All processing happens locally in your browser.
Extract hidden data from images
Upload or paste an image to extract EXIF metadata including GPS coordinates, camera info, timestamps, and software fingerprints. All processing happens locally in your browser.
Find where an image appears online
Upload an image to find where it has been posted online, discover similar images, and trace the origin of photos. Uses Google Lens for comprehensive results.
Find where an image appears online
Upload an image to find where it has been posted online, discover similar images, and trace the origin of photos. Uses Google Lens for comprehensive results.
Advanced search operators
A quick reference guide for Google search operators that help you find information that is not easily accessible through normal searches.
Advanced search operators
A quick reference guide for Google search operators that help you find information that is not easily accessible through normal searches.
OSINT is 10% tools and 90% critical thinking. The tools change, but the mindset is what separates finding noise from finding answers. Before you touch a single tool, internalize these four principles.
Define your intelligence goal before you start. Decide what question you are answering. Random clicking leads to rabbit holes and wasted hours.
One source is a rumor. Two is a coincidence. Three independent sources is intelligence. Never trust a single data point, especially one that is easy to fake.
Use one piece of data to find the next. An email leads to a username, a username to a profile, a profile to a location, a location to a name. Each finding is a doorway to another.
Do not alert your subject. Use a VPN, private browsing, and research-only sock puppet accounts. Your personal accounts should never touch a target.
Every photo your phone takes carries hidden data baked in: GPS coordinates, the time it was shot, the device model, sometimes the editing software. Most people don't know it's there, which makes it one of the fastest wins in OSINT. The catch is that metadata is just as easy to strip or fake as it is to read, so treat it as a lead and confirm it with something else.
Geolocation is figuring out where a photo was taken when nobody handed you the coordinates. You work the visible clues: architecture, signage, license plates, the language on a storefront, even shadow angles for time of day. Narrow it to an area, then use Street View to stand in the same spot and confirm the exact perspective.
Encoding is not encryption. It's just data wearing a different outfit: Base64, hex, Base62 and friends are all reversible by anyone who recognizes the format. The real skill is spotting which encoding you're looking at, because feeding Base62 into a Base64 decoder gives you garbage and a false sense that you hit a dead end.
Reverse image search flips the usual question: instead of searching words to find a picture, you hand over a picture to find where else it lives online. Each engine has a personality. Google Lens is the best all-rounder, Yandex is unmatched for faces and locations outside the US, and TinEye is built for tracking exact copies across the web. When one comes up empty, run the same image through another before giving up.
Search engines index far more than people realize, and operators let you aim that index like a scalpel. site: locks results to one domain, filetype: surfaces specific document types, and quotes force an exact phrase. Chain a few together and you can find exposed documents, login pages, and directory listings that nobody meant to leave public. It's all still public data, you're just asking better questions than everyone else.
The line between research and harassment is thinner than people think, and the difference is intent and restraint. Never use your personal accounts to view a target, because platforms like LinkedIn will tell them you looked. Use a research-only sock puppet, a VPN, and private browsing to stay a ghost. And know where the law and the terms of service draw the line in your jurisdiction, because curiosity is not a legal defense.