Advances in Science and Technology

Research Journal
Advances in Science and Technology Research Journal 2024, 18(3), 123–139 Received: 2024.02.10
https://doi.org/10.12913/22998624/186036 Accepted: 2024.03.13
ISSN 2299-8624, License CC-BY 4.0 Published: 2024.04.20

Open Source Intelligence Opportunities and Challenges – A Review

Sabina Szymoniak1*, Kacper Foks1

1
Department of Computer Science, Częstochowa University of Technology, ul. Dąbrowskiego 69, Częstochowa,
Poland
* Corresponding author’s e-mail: sabina.szymoniak@icis.pcz.pl

ABSTRACT
Data files, photos, and videos on the internet are vast sources of information about the person who posted them.
These files contain content about appearance, behaviour, views, and material status. Analyzing these files helps
verify the accuracy of the content and helps verify the creation method. Social media platforms like Facebook,
Twitter, and Instagram often post this information. Public databases provide information about enterprises, corpo-
rations, and public figures, enabling access to government trips, scientific articles, and company reputations. These
resources help in understanding potential collaborations and identifying potential partners. Open-source intelli-
gence (OSINT) is a collection of tools and methods for extracting information from publicly available sources. It
helps verify the accuracy and authenticity of information, as seen in the FBI’s 2020 investigation of a Philadelphia
woman involved in protests and preparing precise attacks like spear phishing. In this manuscript, we present an up-
to-date overview of research that uses open-source methods and techniques. We will concentrate on the tools and
methods advancing the cybersecurity industry. Studying the manuscript of OSINT opportunities and challenges
can help readers understand the state of the art in theory and practice. We will also highlight the future directions
and requirements for OSINT methods and the newly designed tools using these methods.

Keywords: open-source intelligence, OSINT tools, OSINT techniques, social media.

INTRODUCTION corporations or public figures. From the Internet,

we can find out what trips the head of our state
Every data file, photo, video or note posted on is preparing for. Scientists publish a list of their
the Internet is a vast source of information about scientific articles and interests so we know with
the person who posted it. Files (text, graphics, whom and on what topic we can discuss. We can
audiovisual) primarily contain content that may also find the reputation of a particular company
provide information about someone’s appear- we want to cooperate with.
ance, behaviour, views or material status. In turn, It is worth noting that posting various infor-
a thorough analysis of the content of the infor- mation on the Internet has good and bad sides.
mation posted in this way may also help verify The advantages and disadvantages of sharing
the accuracy of the content posted. For example, information online can be considered on many
confirm that our friend went on an exotic vaca- levels. The mere possession and transfer of in-
tion and did not post a doctored photo on one of formation are beneficial because, thanks to the
the social networking sites. In addition, the files information, we can learn something, help some-
contain metadata, which, among other things, en- one, get help, show off, express our opinion, and
able verification of the manner and time of their make new friends and relationships [3, 4]. Nev-
creation. We post much of this information on ertheless, on the other hand, publicly posting
social networks like Facebook, Twitter or Insta- information that we are on holiday abroad may
gram [1, 2]. On the other hand, publicly available allow thieves to rob our place of residence. By
databases contain information about enterprises, informing about the purchase of a new car, we

123
Advances in Science and Technology Research Journal 2024, 18(3), 123–139

can provoke its theft, but by posting information such as WHOIS data, DNS records, and informa-
about the theft, we can contribute to finding the tion about organizational systems. Hackers can
perpetrator. If someone goes missing, informa- use OSINT to gather information about the physi-
tion posted on social networking sites can also cal location where they want to launch an attack.
contribute to finding that person. The same infor- This may include building plans, security system
mation can hurt our lives because the information diagrams, or employee data [12, 13].
provided is not true. Similarly, opinions posted It is worth mentioning that the evolution of
on the Internet can be harmful due to the desire OSINT in the context of cybersecurity highlights
for revenge and thus spoil someone’s reputation. its key role in identifying, analyzing and counter-
Publicly available information is also used as part ing threats in a dynamic cyber environment. Con-
of an intelligence operation, such as the search for stant adaptation to changing challenges and inno-
evidence of a crime [5]. vation in this field is essential for adequate protec-
Obtaining information from publicly avail- tion against cyber threats. With the development of
able sources is called Open-Source Intelligence the Internet and globalization, the amount of infor-
(OSINT) [6, 7]. It is a collection of tools and meth- mation available to the public has increased signif-
ods that allow us to download and process data icantly. OSINT began to be used to monitor threats
to extract even more information. These methods and track activities in cyberspace. As technology
will also allow us to verify the accuracy of the in- advances, the nature of cyber threats has changed.
formation posted and the authenticity of photos or More advanced attacks emerged, and hackers be-
videos on the web [8, 9, 10]. Similarly, as in the gan to use publicly available information to per-
case of posting various information on the Inter- sonalize and target attacks. OSINT has become a
net, OSINT techniques are not always malicious. key tool in the reconnaissance phase of cyberat-
They are used for secure purposes, such as threat tacks. Before an attack, hackers collect informa-
analysis and cybersecurity. However, in the hands tion about targets, their infrastructure, employees
of dishonest individuals, information collected us- and technologies that may be used in the attack.
ing OSINT techniques can be used to harm others. Security agencies and cybersecurity companies
Therefore, individuals and organizations must be use OSINT for threat analysis. By monitoring ac-
aware of the potential risks associated with exces- tivities in cyberspace, you can identify potential at-
sive disclosure of information online. It was with tacks, analyze hacking techniques and develop de-
the help of OSINT methods that in 2020, the FBI fence strategies. The complexity of cyber-attacks
found a woman from Philadelphia who participat- continues to increase, and hackers are using in-
ed in the protests after George Floyd’s death and creasingly advanced techniques. OSINT provides
set fire to two police cars [11]. the tools to understand and predict such attacks,
On the other hand, computer hackers use which is crucial for effective defence. OSINT has
OSINT methods to carry out various attacks, espe- contributed to the growth of a knowledge-sharing
cially in the information-gathering phase of the re- culture and cooperation in cybersecurity. Security
connaissance stage. For example, hackers can use teams share information about new threats to pro-
information collected using OSINT to personalize tect against attacks effectively. With the increase
phishing attacks. A phishing attack can be more in the use of OSINT, privacy challenges have also
credible and effective by collecting data about the arisen. Public awareness of the need to share infor-
victim, such as name, surname, position or inter- mation responsibly online has increased, impact-
ests. Also, hackers may carry out spear phishing, ing how individuals and organizations use social
an advanced form of phishing in which hackers media and other public sources. Law enforcement
target a specific person or organization. Informa- agencies and regulators use OSINT to identify and
tion gathered through OSINT can help personal- prosecute cybercriminals. Analyzing public infor-
ize an attack, increasing the chances of success. mation can help track down perpetrators and un-
OSINT techniques can gather information about a derstand the motivations of attackers [13, 14].
target, which is then used to manipulate the victim.
For example, hackers can use information about Motivations and contributions
professional or personal relationships to gain the
victim’s trust. Before launching attacks on IT in- Access to the Internet gives us a vast data
frastructure, hackers often conduct a reconnais- space that we can use. All data provided, includ-
sance phase using publicly available information ing by us, can be used for various ethical and

124
 Advances in Science and Technology Research Journal 2024, 18(3), 123–139

unethical purposes. When collecting data, OSINT resources. However, OSINT practice should al-
methods and tools allow for in-depth analysis. ways respect privacy rights and principles and
These methods and tools provide ethical investi- follow applicable regulations.
gators many opportunities to help others and en- Data sources may be from social networking
able attackers to obtain confidential information sites, media, online scanners, and other publicly
and further nefarious activities. available databases, such as public administration
In this manuscript, we present an up-to-date or commercial data [15]. OSINT techniques can
overview of research that uses open-source methods be used to obtain information about individuals
and techniques. We believe that studying the manu- and entire corporations or countries. When ob-
script of OSINT opportunities and challenges can taining data within OSINT, illegal activities such
help readers understand the state of the art in theory as password cracking, impersonation or manipu-
and practice. We will also highlight the future direc- lation are not used [16, 17]. Using OSINT tech-
tions and requirements for OSINT methods and the niques enables the gathering and processing of
newly designed tools using these methods. information about the chosen target [18].
OSINT is used in many situations, such as na-
Methodology tional security, law enforcement, or business intel-
ligence. It is most often used in business activities
During our research, we collected articles when enterprises seek information about another
using various search engines (such as Google enterprise’s legal, financial, commercial and eco-
Scholar, Web of Science, Scopus, IEEE Xplore, nomic situation to assess the risk of cooperation
and DBLP). We analyzed references from found with it. There are also situations in which govern-
articles and citations to these papers from 2020– ment bodies use OSINT techniques to study the
2023. We aimed to compose the most complete current political situation and create a strategy for
and up-to-date review of open-source intelligence governing the state. In this way, crime-fighting
opportunities and challenges. We mainly used the authorities learn about the functioning of criminal
keywords OSINT and Open Source Intelligence groups, terrorist organizations [19], and specific
and their combinations with expressions: tools, people [20, 21, 10]. Figure 1 summarizes promi-
opportunities, and solutions. nent Open-Source Intelligence use cases.
Open-source intelligence methods are used in
Organisation cybersecurity as well as by computer hackers. Re-
connaissance performed using OSINT methods is
The rest of this paper is organized as follows. usually the first step in penetration testing. The
Section 2 describes the Open-Source Intelligence test result makes it possible to build a clear pic-
purposes and tasks. Also, it describes spear phish- ture of the tested object and partially detect sig-
ing attacks, in which the attackers use the OSINT nificant irregularities [22].
method to possess information about the target. Computer hackers’ use of OSINT methods
Section 3 describes tools used during OSINT in- makes it possible to extract much information
vestigations. Section 4 describes and discusses the about their victims from publicly available sourc-
current OSINT opportunities, solutions and chal- es. Here, the most significant mine of knowledge
lenges. The last Section summarizes the whole is social networking sites, where users share vast
manuscript and discusses open-source intelligence amounts of private information. The information
opportunities, challenges and future directions. provided in this way can make it easier to guess
the password, which was created based on the
date of birth or children’s names. Meticulously
OPEN-SOURCE INTELLIGENCE collected information can allow attackers to con-
duct precise attacks such as spear phishing [23].
Open-source intelligence relies on legally and OSINT methods meet with verifying the in-
ethically gathering, processing and correlating formation to detect and avoid replicating fake
information from publicly available data sources. news and conveying false information. OSINT
The goal of OSINT is to obtain data and infor- employs critical thinking, searching and verifi-
mation legally and ethically, using open sources cation techniques to assess the credibility and
such as websites, social media, public docu- reliability of information gathered from pub-
ments, press articles and other publicly available licly available sources. Firstly, OSINT analyst

125
Advances in Science and Technology Research Journal 2024, 18(3), 123–139

Figure 1. Main open-source intelligence use cases

thoroughly examine the source of the information companies, or interests. It then uses this informa-
(investigating the website, author, or organization tion to create an email that appears to come from
behind the information to assess their credibility a trusted source, such as a colleague, customer, or
and potential biases). So, if various reliable out- government agency.
lets report a piece of information, it is more likely In 2021, 51% of social engineering attacks
to be accurate. However, if conflicting informa- were spear phishing, and the most popular at-
tion exists, further investigation is needed to de- tacked company was Microsoft [24]. This is a
termine the most likely explanation. The critical particular type of phishing attack. The main dif-
analysis of the information content is also an ef- ference between phishing and spear phishing is
fective OSINT method. Logical inconsistencies, the specially selected target group of the attacker.
factual errors, or emotional manipulation tactics The attackers want confidential information such
are often employed in misinformation. as passwords, user data or company secrets. The
high efficiency of the attacks performed features
Ethical and legal aspects it. Spear techniques are used in 91% of attacks
[25]. The spear phishing attacks use open-source
Open-source intelligence uses publicly avail- intelligence to gather information about individu-
able data, so it is entirely legal. However, it can als and organizations [26, 27, 28, 29].
also be used in an unethical way. The first exam- OSINT techniques are being used to gather
ple may be the use of data that has been made
more information about victims of spear phishing
publicly illegally. An example of such data may
attacks. This action is intended to personalize the
be data from leaks. Be ethical when investigat-
attack better and increase the chances of a suc-
ing, and do not overstep other people’s boundar-
cessful attack. OSINT techniques are being used
ies. This type of activity is called stalking and is
to gather more information about victims of spear
punishable in many countries.
phishing attacks. This action is intended to better
personalize the attack and increase the chances of
Spear phishing a successful attack.
Spear phishing is a type of phishing that tar-
Example of spear phishing
gets specific people or groups. Unlike traditional
phishing, which involves sending mass emails Figure 2 shows the typical anatomy of spear
to random recipients, spear phishing is more phishing attacks. This type of phishing attack is
personalized. The attacker collects information heavily correlated with SocMINT because they
about their targets, such as their names, job titles, are full of information about people, and the

126
 Advances in Science and Technology Research Journal 2024, 18(3), 123–139

Figure 2. Typical anatomy of a spear phishing attack

victim’s profile can be created. Figure 3 shows on the creator’s creativity and the difficulty level.
a real example of spear phishing with a politi- We often need to find where the photo was taken or
cal thread. Hackers are expanding their attacks information regarding the people in question.
on Tibetan activists and employing increasingly
sophisticated virus delivery mechanisms. Fol- Operational security
lowing these spam efforts, Fire Eye analyst Alex
Lanstein has discovered an unusual example Operational Security is also known as the
of such a malicious email. The attacker gathers shorter version of OPSEC. The US Army pio-
much information from the victim’s social me- neered this concept. This term refers to practices
dia. The attachment of an email message had a and activities that protect information privacy, con-
suspicious file with backdoor malware. The at- fidentiality, and Security. The main goal of OPSEC
tacker encouraged the victim to open the infected is to minimize the risk of revealing key information
attachment [30, 31, 32]. that potential adversaries could use to harm a giv-
en enterprise, organization or institution. OPSEC
OSINT in capture the flag competitions practice analyzes potential threats, identifies key
information to be protected, and introduces mea-
Capture the flag (CTF) in cybersecurity is a sures to minimize risk. OPSEC elements include
special competition designed to test competence information access control, confidentiality rules,
and knowledge about cybersecurity. Competitors information manipulation, masking activities and
can try themselves in various challenges of differ- disinformation. In the digital realm, OPSEC can
ent difficulty levels in different categories, such as also address computer security and cybersecurity.
web, cryptography, and forensics, but increasingly In short, OPSEC is an approach to maintain se-
in the OSINT category. The competition is to find crecy and security during operations, considering
and enter the right flag, which we need to get differ- various threats and potential attack points [33].
ently depending on the category of the challenge.
The confessions themselves in the OSINT cat-
egory can take different forms. They often require TOOLS AND FRAMEWORKS
knowledge of the field and familiarity with special
tools, which will be discussed later in this article. For every new OSINT investigation, the best
Tasks in the OSINT category can vary, depending practice is to use a fresh virtual machine with

127
Advances in Science and Technology Research Journal 2024, 18(3), 123–139

Figure 3. Typical anatomy of a spear phishing attack

special built-in tools. The most popular operating are OSINT Framework [35] or Awesome OSINT
system for OSINT investigations is Kali Linux, on GitHub [36]. It is worth noting that many tools
which is also very popular for penetration testing or data sets may only be available in certain coun-
purposes. Some alternatives for Kali Linux exist, tries or regions:
e.g., Buscador, Parrot OS, or Trace Labs OSINT • search engines – are the fundamental tools
VM. The virtual machine without any previous used in OSINT investigation. They are often
signs of use is the best practice because of the the first tool used for each investigation before
more universal results of every new investigation. using more complex and advanced tools. The
Virtual machines are easy to use and more flex- result may be different depending on the lan-
ible than standard machines. Many preinstalled guage and location of the search. Some search
and ready-to-use tools can speed up the investiga- engines have a built-in language or coun-
tion process. Virtual machine snapshots are very try search filter. The most powerful thing in
helpful, allowing us to perform new investiga- search engines is operators. They are symbols
tions without reinstalling, as we can restore the and keywords that can narrow the investiga-
machine to a fresh state. In addition, investigators tion but may differ in each search engine. The
can edit or install more tools on snapshots and list of the operators is very long. It is worth
create their workspace for investigations [34]. remembering that search engines produce the
These are certainly only some of the avail- most universal results when they do not have
able categories of tools for OSINT. Some of these the user’s previous activity;
tools may no longer be available after some time, • image search engines are similar to search
or new and better replacements are developed in engines, only that of images. Modern search
their place. There are many websites with collec- engines allow not only whole images but also
tions of tools for OSINT. Examples of such sites their elements dynamically, allowing for even

128
 Advances in Science and Technology Research Journal 2024, 18(3), 123–139

better search results. Many search engines • network – Web resources have much informa-
have built-in image search engines, but also tion. Using tools from this category, we can
they are standalone tools. With these tools, it is collect much information about the network
possible to search for exactly where a particu- infrastructure, such as IP address, DNS servers,
lar photo was taken, or it is possible to find out SSL/TLS, IP localization ISP, and Whois data.
where that photo can be found on the Internet. Tools in this category are used not only to con-
• maps – these tools are used for geographi- duct OSINT investigations but also by cyber-
cal and graphical searches of places. In some crime investigators or web security researchers;
tools, we can also find reviews of specific plac- • SocMINT (Social Media Intelligence) – this
es, which can be used to see if certain people category is specifically for searching for infor-
have been to a particular place. In the case of mation about people on social media. The soci-
web mapping, it is worth to mention about the ety leaves much information in those services,
which can be collected and further searched.
weather services. This application shows much
Such data include personal data, images, lo-
information about the weather worldwide. It
cations, education, friendships, interests, and
can be helpful, for example, in analyzing a web
other activities. Some tools allow detecting and
camera view. They may differ in accuracy or
searching for photos of faces and searching for
timeliness. Some maps may have hidden ob-
similar ones on other social media. Company
jects, such as military bases or other strategic recruiters also use tools in this category to get
points for a country. That is why it is good to to know job candidates better;
use multiple tools during each OSINT investi- • OSINT Automation – to automate OSINT
gation and compare the results with each other; investigation, special tools aggregate results
• metadata – metadata is additional information from many different sources and tools. Often,
on the file. They can include much informa- these tools combine listed tools into one unit
tion like date and time, creator information, and much more. Using automation during an
device information, GPS coordinates, resolu- investigation can save much time and increase
tion, frame rate, codec and others. It depends the scope of the investigation. Some of them
on the file type and with which the software require paid licenses or paid APIs. OSINT op-
and hardware were made. This tool can also erating systems have preinstalled many tools
remove or edit the metadata information; (summarised in Table 1).

Table 1. Example OSINT tools

Category Tool name Description Effectiveness Limitations
Russian search engine, with which it is
possible to obtain very interesting search
results. It will be very good not only for Some results it
Search Returns very relevant
Yandex conducting investigations in Russia can only return in
engine search results.
but also because the operators of this Cyrillic
browser may work differently from other
devices of this type.
The most popular browser
This search engine is equivalent to in the Chinese market,
Search Works only for
Baidu Google but for China. It will be a great making it give the best
engine Chinese language.
tool to start an investigation within China. investigation results for
that language.
One of the most popular image searches
besides Google Images. The search
results of this tool are really good, which
is due to its very large database of
images. This image search engine also
Image has many advanced filters, which can Very good results can be
Only for reverse
search Bing Images be very helpful during the investigation. obtained by searching for
image search.
engine A significant advantage is the ability to image fragments.
search only for an element of a given
photo. Bing images are often integrated
with other Microsoft products, like the
Edge web browser. Currently, it is one of
the best tools for finding images.

129
Advances in Science and Technology Research Journal 2024, 18(3), 123–139

This map aggregates views from different

sources (Apple Map, OpenStreetMap,
Google Map, and Yandex Map) into one Some maps do
Very good efficiency by
web application. This tool makes it easy not have full
Maps satellites.pro comparing results from
to switch between maps from different functionality from
different maps.
sources and compare results and sources this site.
quickly. It has built-in weather and
measures the distance between points.

Specialised web application with a search

engine focused on searching networked
devices and collecting information about
The most effective engine
them. The website is gathering much
for searching information It does not have a
Network Shodan information. For example, IP address,
about network and network free version.
open ports, domains, geographic location,
devices.
etc. It depends on the type of device and
how much-publicised information it has
[37].

It is a small tool which extracts metadata

from different types of files like JPEG, TIFF,
PNG, MP3, MP4, AVI, PDF and many
others. Metadata is additional information on
the file. They can include much information
Allows you to get
like date and time, creator information,
information on metadata Only for extracting
Metadata Exiftool device information, GPS coordinates,
from many different file metadata from file.
resolution, frame rate, codec and others. It
extensions.
depends on the file type and with which the
software and hardware were made. This
tool can also remove or edit the metadata
information. The creator of these tools is
Phil Harvey [38].

A powerful tool for finding usernames

and logins in various applications and
services WhatsMyName has a large
database. The tool allows us to search Very effectively searches
WhatsMyName Only for searching
SocMINT for sites where the same username multiple sites for the same
Web usernames.
also appears. Which helps associate a usernames.
person with various applications. The
more unique the username, the better the
result.

Open-source tool written in Python

focuses on finding and analysing
information about companies and
organisations, including nonprofits.
It is used not only for open-source
intelligence but also for scientific research
or penetration testing. The tool provides
Additional paid API
modules such as Bing, duckduckgo,
tokens are required
Anubis, brave, Rocket Reach, Hunter
Very good at finding for full functionality
OSINT or GitHub-code. In 2022, the Google
TheHarvester information about of this tool. Does
Automation module was blocked and removed from
companies. not work well for
the tool. The best alternatives for Google
finding information
are Bing or Rocketreach. The tool can
about people.
gather information like e-mail addresses,
subdomains, and IP addresses.
The results depend on the available
information and used modules and
limits. Some modules of this tool require
API keys, and some are paid. Christian
Martorella created the tool.

One of the most popular OSINT Automation

tools. It is a sophisticated tool that searches
multiple data sources and presents the
results in graphical form. The result of the The best link analysis Limited free version,
OSINT
Maltego investigation can be presented in the report software used for OSINT and very expensive
Automation
version. The tool is free for the community and forensics. paid versions.
version. A higher version of this product
requires a paid license. The tool also has a
special license for companies.

130
 Advances in Science and Technology Research Journal 2024, 18(3), 123–139

OSINT RESEARCH OPPORTUNITIES of computer forensic techniques used for intelli-

AND SOLUTIONS gence gathering on social media platforms. The
author used these techniques for cyber profiling
As mentioned, OSINT is used in many do- and prediction of political orientation. Yu con-
mains [39]. Gordon in [40] highlights the im- cluded that people’s political opinions are not
pact of OSINT methods in criminal investiga- always consistent, and their political orientation
tions (also, to evaluate wildlife crimes [41]. Even might not be unchangeable. When analyzing
though these methods help to find criminals, they SOCMINT, it is crucial to note any inconsistency
also cause data privacy problems. Thus, Osterrit- and shift in attitude, which is impossible to cap-
ter et al. in [42] highlighted the importance of us- ture when analyzing aggregate data.
ing dynamic network analysis and social network Sasaki et al. in [51] used OSINT-based profil-
analysis because such analysis might show peo- ing to identify individual attackers visiting hon-
ple and organizations trying to advance or shape eypots of connected infrastructure. Their method
narratives in ways that might not be immediately identifies attackers. These attackers were IT and
apparent to casual observers. security experts or employed by security, IT con-
Alquwayzani et al. in [43] focused on the con- sulting, or engineering companies. The attackers
nection between the dark web and OSINT. Main-
publicize vulnerability exploits and malware, en-
ly, the dark web creates anonymous discussion
gage in aggressive activities, and have a particu-
forums, websites, e-commerce stores and blogs.
lar interest in the system. The study concluded
The dark web includes legal and illegal content
that it is possible to identify and profile these hon-
[44]. Alquwayzani et al. highlighted that we can
eypot visitors. Lohar et al. in [52] proposed Au-
find many interesting information for OSINT in-
tOSINT. This cutting-edge footprinting software
vestigations on the dark web. Law enforcement
uses artificial intelligence and machine learning
and security experts can monitor the dark web to
techniques to extract valuable information about
learn more about illicit activity and take the nec-
target victims using OSINT APIs. The software
essary precautions to stop or lessen it. Monitoring
provides a user-friendly GUI, allowing users to
the dark web, however, has some drawbacks and
difficulties. The main obstacle is the requirement interact and input requirements to obtain essential
for specific knowledge and technical proficiency details like location, phone numbers, and domain
to efficiently and safely explore the dark web. Ad- information. AutOSINT streamlines information
ditionally, those people or organizations who are gathering by automating data retrieval from vari-
unfamiliar with the nuances of the dark web run ous sources, saving time, effort, and resources.
the risk of being exposed to potentially harmful This OSINT tool enhances intelligence gathering
or unlawful content. Also, OSINT techniques can and investigation processes.
be used to gather Tor onion addresses [45] or to Dale et al. in [53] proposed an AI-based
research terrorism [46][47][48]. scheme to automatically extract information from
Also, Wangchuk et al. in [49] focused on the Twitter, filter out security-irrelevant tweets, per-
dark web. The authors proposed a Python-based form natural language analysis, correlate tweets,
framework for investigating the dark web. This and validate information. This scheme can help
tool is used to gather information from the dark security operators prioritize vulnerabilities and
web and turn it into intelligence that can be used provide insight into ongoing events. Similar re-
with OSINT tools for further research. The pro- search was provided by Reyes et al. [54].
posed tool successfully scraped the hidden ser- Suryotrisongko et al. in [55] used OSINT
vice URLs in the experimental implementation and explainable artificial intelligence methods
of the framework, harvested the email addresses for botnet domain generation algorithm (DGA)
of dark web users, and fed suspicious email ad- detection. They evaluated five machine learning
dresses into OSINT tools for gathering intelli- methods using 55 botnet family datasets. Based
gence to de-anonymize. The authors summarized on this research, the authors proposed a new mod-
that investigators can efficiently use the proposed el for botnet DGA detection. To combat doubt
framework to identify and de-anonymize suspect about the model’s output and improve system
users from the dark web. confidence, open-source intelligence and explain-
Yu in [50] focused on SOCMINT, which able artificial intelligence approaches like SHAP
stands for social media intelligence, composed [56] and LIME [57] were merged. The temporal

131
Advances in Science and Technology Research Journal 2024, 18(3), 123–139

complexity of generating the features and the were made to enhance the procedures for audit-
model’s weak susceptibility to attacks from Mask ing businesses’ information security by using in-
botnets were further drawbacks of the offered formation-finding techniques. Also, Decusatis et
frameworks. Fauziyyah et al. in [58] combined al. in [64] focused on auditing using open-source
steganography and OSINT methods to analyze intelligence.
and decode images in social media to uncover Al Mahmeed et al. in [65] proposed the Ea-
hidden messages and protect sensitive informa- gle-Eye tool, an Open-Source Intelligence tool
tion. Their tool can be used for intelligence gath- for detecting IoT devices. The authors integrated
ering and secure communication. Also, they ana- this tool with the Shodan search engine. Compa-
lyzed malware and OSINTs to determine the best nies, clients, and researchers can use this applica-
OSINT for detecting malicious URLs and files. tion to automate finding and looking for various
Duitsman et al. in [59] employed OSINT tools IoT device statics that can be used and studied to
to locate radioactive sources outside regulatory harden these devices.
control. They noticed that open-source data could Saraswathi et al. in [66] noticed that ethical
be a priceless addition to national inventories of hackers become lazier and stop manually con-
radioactive sources, even though it cannot wholly ducting each check, so recon automation is be-
replace more conventional techniques. An orga- coming more and more necessary. They provide
nizational centre for data and analysis is located a recon framework to improve the recon pen-
at a place where radioactive sources are allegedly etration testing process and make it simple and
present. Several forms of data are used to learn quick. The mentioned tool automates the time-
about the facility, including satellite and ground consuming process of information gathering. It
truth imaging, academic and grey literature, news only requires the primary top-level domain of the
reports, and press releases, while social media de- organization as input. The output of this frame-
tails present and former staff. Guo et al. in [60] work is created in the format and can be handled
[61] noticed that cyberattacks have become more by other tools to further filter the data under the
sophisticated and challenging to solve. They pre- ethical hacker’s requests and needs. Marinho et
sented a framework for threat intelligence extrac- al. in [67] employed MITRE ATT&CK frame-
tion and fusion that combines cybersecurity en- work and OSINT methods for characterization
tity-relation triples from structured and unstruc- and profiling the identified threats, including their
tured data, constructing the Cyber Threat Kit. intentions and goals. The authors proposed an au-
The joint model uses deep learning techniques to tomated cyber threat identification and profiling
extract entities and relations simultaneously, out- system based on the natural language processing
performing traditional pipeline models. The light- of Twitter messages. The goal is to extract valu-
weight method optimizes features of the cyberse- able information about emerging threats on time
curity corpus. A similar research was conducted by mapping tweets to real threats described in the
by Shamunesh et al. [62]. MITRE ATT&CK knowledge base. The system
Melshiyan et al. in [63] demonstrated how uses this evolving knowledge base to train ma-
OSINT techniques can conduct an information chine learning algorithms, leveraging the efforts
security audit and potentially find weaknesses in of the cybersecurity community to profile identi-
an organization’s information and telecommu- fied threats in terms of their intents.
nication networks. The authors showed the pos- Also, San Biagio et al. in [68] noticed that so-
sibility of finding restricted access information cial media platforms enable interaction between
hidden within the organization’s information re- individuals and organizations, allowing them to
sources and inaccessible through regular search share knowledge, interests, and ideas while inte-
techniques. Thanks to the mentioned methods, we grating them into daily life. Thus, they can be valu-
can locate non-indexed files that include personal able tools for criminals to commit various crimes,
information or know-how and are not meant for including terrorism and cybercrime. The authors
open access by unauthorized individuals. They proposed a framework for threat intelligence that
can be used in addition to standard audit methods uses artificial intelligence methods to analyze
to offer information on routes of sensitive infor- open-source intelligence data and extract practical
mation leakage that are difficult to identify during threat intelligence. Elmas et al. in [69] noticed that
a company’s routine audit process for information malicious users called trolls use social media to be-
security needs. Based on the findings, suggestions come famous. So they publish disparaging remarks

132
 Advances in Science and Technology Research Journal 2024, 18(3), 123–139

under YouTube videos, on forums, and posts on recommendations for end users. Grine et al. in
blogs and other social media sites to intention- [77] proposed a method for accessing website ma-
ally insult, annoy, or actively assault others. The terial specific to a particular domain by leverag-
authors proposed an OSINT-based tool for deter- ing social media networks as a portal. It starts by
mining why an account has gained popularity. This locating pertinent profiles, gathering links posted
tool helps users identify rogue accounts that have in posts to associated web pages, and then ex-
unnaturally amassed a large following and separate tracting and indexing the data acquired. The tool
these accounts from those that obtained popularity created using this methodology was tested for a
and followers legitimately. case study in the area of human trafficking, spe-
Similar research was provided by Mahaini cifically in sexual exploitation, and the findings
et al. in [70]. The authors focused on detecting were encouraging and suggested that it might be
cybersecurity-related Twitter accounts and differ- used in a real-world situation.
ent sub-groups. They proposed a set of machine Seo et al. in [78] tried to improve the effi-
learning-based classifiers for identifying accounts ciency of defensive deception technology within
related to cybersecurity on Twitter. These classi- organizations by proposing an open-source in-
fiers include a baseline classifier for identifying telligence-based hierarchical social engineering
accounts related to cybersecurity generally and decoy (HS-Decoy) strategy. The strategy consid-
three sub-classifiers for identifying accounts re- ers the organization’s fingerprint and proposes a
lated to individuals, hackers. Nobili et al. in [70] loosely proactive control-based MTD strategy
focused on European violence against workers. based on competitive exposure of OSINT be-
They noticed that this problem requires a com- tween defenders and attackers. The proposed
bination of safety and security perspectives. The deception concepts reduce total attack efficiency
authors proposed a framework to collect evidence by 287%, artificial deception efficiency by 382%,
from multiple sources, including mass media and and increase deception overhead rate by 174%.
social networks, to provide a consolidated over- The combination of HS-Decoy and LPC-MTD is
view of the phenomenon. The mixed strategy introduced for organizational-specific optimiza-
combines qualitative and quantitative informa- tion. The study aims to advance the HS-Decoy
tion, including Internet data. and LPC-MTD-based combined model into an
Daskevics et al. in [72, 73] considered test- international standard-based complex architec-
ing OSINT sources to detect their vulnerabilities. ture characterized as game theory. Drichel et al. in
The authors proposed a non-intrusive tool for [79] focused on phishing prevention techniques.
testing open data sources to detect vulnerabilities. They proposed a new pipeline that addresses this
This tool inspects predefined data sources like issue by monitoring Certificate Transparency logs
MySQL, PostgreSQL, MongoDB, Redis, Elastic- during website preparation. The pipeline includes
search, CouchDB, Cassandra, and Memcached to dataset creation, training, and classification of
assess their vulnerabilities and extent. It analyzes Certificate Transparency logs, allowing easy ex-
unprotected data sources and IP ranges, allowing change of classifiers and verification sources. The
for a comprehensive analysis of potential threats. pipeline has been tested on various classifiers and
The tool covers 8 data sources, including rational has potential for future improvements.
databases, NoSQL databases, and data stores, and Khan et al. in [80] noticed that open-source
is easily scalable. Karthika et al. in [74] proposed intelligence is a rapidly growing field in secu-
that NoRegINT. This tool is used to compile data rity and intelligence involving collecting and
regarding the Pulwama attacks [75] in an orga- transforming internet-based data into actionable
nized way and make deductions about data vol- intelligence. They proposed the system to man-
ume, general public opinion, and the influence of age open-source intelligence data and provenance
a specific hashtag. information, enhancing efficiency and supporting
Abdullah et al. in [76] proposed a methodol- intelligence-led security decision-making. The
ogy for determining which OSINT tools best ad- system allows for tracking requests, ownership,
dress particular issues. The suggested framework analysis, and delivery of intelligence products,
offers tools based on MIME types or sophisti- reducing costs and improving operations. The au-
cated search capabilities and is user-friendly. thors suggested that the open-source intelligence
Subject matter experts have examined the frame- company involved in this project must understand
work, showing it to be a priceless source for tool its data holdings and comply with General Data

133
Advances in Science and Technology Research Journal 2024, 18(3), 123–139

Protection Regulation obligations. Also, many cyberspace problems, threats, vulnerabilities and
researchers (for example [81–85]), used OSINT attacks. SMP means social media-based profiling.
methods and tools for emotional analysis, risk This group refers to research that uses OSINT
perception and mental health analysis during techniques to collect social media user data. OM
COVID-19 pandemic. This research was mainly means OSINT management. This group refers to
based on social media analysis. research that focuses on OSINT’s tools verifica-
tion. The last group, Other, refers to the rest of
the discussed research that can not be included
RECAPITULATION in other groups. Figure 4 summarises the num-
ber of articles related to OSINT in 2020–2023
Table 2 summarises OSINT’s applications prepared using the google.scholar.com database.
and solutions. The Type column refers to the ar- The summary includes the division into the previ-
eas into which we have divided all solutions. Col- ously mentioned categories. We can observe an
umn Applications refers to the issue solved using increase in interest in OSINT from 2022.
OSINT methods and tools. Column References Open-source intelligence has many opportu-
points to cited publications. nities in which it can be applied. We observed that
We divided the research into four groups. most OSINT solutions are connected with cyber-
CRD means cyberattack recognition and de- attack recognition and defence. Also, we noticed
fence. This group refers to research focusing on that these solutions had a strong connection with

Table 2. Summary of OSINT’s research applications and solutions

Type Application References
Dark web monitoring [43][49]
Gather Tor onion addresses [45]
Identify individual attackers visiting honeypots [51]
Domain generation algorithm detection [55]
Threat intelligence extraction and fusion [60][61][62]
CRD Conducting an information security audit and potentially finding weaknesses [63][64]
Penetration testing automation [66]
Characterization and profiling the identified threats [67]
Detecting cybersecurity-related Twitter accounts and different sub-groups [70]
Compile data regarding the Pulwama attacks [74]
Phishing prevention [79]

Figure 4. Summary of the number of articles related to OSINT in 2020–2023

134
 Advances in Science and Technology Research Journal 2024, 18(3), 123–139

Social Media group solutions. The first group OSINT also may lead to the collection of sen-
was concerned with detecting and solving cyber- sitive data, such as medical, financial or sexual
space problems to increase Internet users’ secu- orientation information, which may be ethically
rity. However, these solutions used social media and legally problematic. Next, companies often
to gain the necessary knowledge, for example, worry that OSINT may help competitors obtain
about hackers. The solutions from the Social Me- sensitive information about business strategies,
dia group are also aimed at security because they customers or products. Cybercriminals can use
focus on the dangerous activities of other users, collected information to launch attacks on indi-
which may result in human trafficking or users’ viduals or companies. Also, collected information
loss of privacy. The solutions from the other two can be misinterpreted or used in the wrong con-
groups were connected with security, but in dif- text, leading to incorrect conclusions and reputa-
ferent aspects, for example, OSINT source, envi- tional damage. Finally, the lack of uniform ethical
ronmental, and mental or employment security. standards regarding OSINT may lead to different
In security, OSINT plays an important role, practices in different cases and contexts. To mini-
enabling the collection of essential data for threat mize the risk of privacy breaches, it is crucial to
analysis, monitoring competitors’ activities, and work under applicable legal regulations, respect
supporting investigative activities. Based on the ethical principles and take appropriate precau-
overviewed research, we can assign the follow- tions when collecting, storing and processing
ing trends related to OSINT security. The first information. Whenever information is collected,
is connected with automation and Artificial In- consideration must be given to individuals’ rights
telligence. The rise of automation and Artificial to privacy and data security.
Intelligence enables more efficient processing
of large volumes of OSINT data. Artificial In-
telligence algorithms can help identify patterns, CONCLUSIONS
classify information, and respond more quickly
to potential threats. Next, due to the vast amount In this manuscript, we surveyed papers that
of OSINT data available, big data analysis tools presented research using open-source intelli-
and techniques are becoming increasingly im- gence. We collected papers focusing on differ-
portant. They allow for more effective filtering, ent OSINT applications and resolutions. Also,
analysis and extraction of valuable information we discussed the theoretical aspects of OSINT
from large data sets. Also, over time, more and methods and attacks that can be performed us-
more information becomes available online. ing these methods. We highlighted the features of
Therefore, OSINT monitors and analyses social OSINT methods and tools. We use these meth-
media, online forums, blogs, and other publicly ods and tools to investigate and learn about the
available sources and possesses a lot of data. As functioning of employers, criminal groups, ter-
mentioned, OSINT plays a key role in monitor- rorist organizations, or specific people. OSINT
ing the activities of cybercriminals. Analysis of investigations can help us find kidnapped persons
cybersecurity threats using information obtained or publicly available information about us. Also,
from open sources is an important element of the criminals can use them to gain knowledge about
incident prevention and response strategy. With a specific person in the organisation and then per-
increasing threats from cybercrime and other at- form phishing attacks.
tacks, OSINT education is becoming increasingly We looked at various scientific solutions that
important. Organizations and individuals increas- use OSINT methods for legitimate purposes.
ingly invest in staff training to use publicly avail- These solutions were associated with security,
able information sources more effectively. As mostly cybersecurity, but with other security
technology advances and the online environment aspects like OSINT source, environmental, and
changes, OSINT security will likely continue to mental or employment security. Also, these solu-
evolve, adapting to new challenges and taking tions widely use data from social media. This data
advantage of new opportunities. On the other makes predicting users’ behaviour, intentions or
hand, it also comes with challenges and privacy political orientation possible. After such analysis,
concerns. OSINT can lead to collecting large the other tools can block some users (who may
amounts of personal information about individu- cause problems or unnecessary confusion in social
als, which may constitute an invasion of privacy. media). OSINT offers numerous opportunities for

135
Advances in Science and Technology Research Journal 2024, 18(3), 123–139

government organizations, security services, and Springer International Publishing. 2023; 71–108.
companies, particularly law enforcement agen- 6. Govardhan, D., Krishna, G.G.S.H., Charan, V., Sai,
cies, to gather evidence and verify information in S.V.A., Chintala, R.R. Key Challenges and Limita-
the era of fake news. Future tools may improve tions of the OSINT Framework in the Context of
social media content analysis, sentiment analy- Cybersecurity. In 2023 2nd International Confer-
sis, geospatial data integration, and cybersecurity. ence on Edge Computing and Applications (ICE-
Blockchain technology can enhance the security CAA). IEEE 2023; 236–243.
and immutability of OSINT data. 7. Manohari, D., Adithya E.S., Vijayakumar K. Infor-
Upon analyzing the present condition of mation Retrieval using OSINT and GHDB.” 2023
open-source intelligence knowledge, we can set International Conference on Advances in Comput-
ourselves further research goals. We noticed that ing, Communication and Applied Informatics (AC-
CAI). IEEE 2023.
OSINT solutions for cybersecurity are extremely
necessary because the dynamic development of 8. Kim K., Youn J., Yoon S., Kang J., Kim K., Shin
network technologies also brings the development D. Study on Cyber Common Operational Picture
Framework for Cyber Situational Awareness. Ap-
of attacking methods. Our future works will fo-
plied Sciences. 2023; 13(4): 2331.
cus on OSINT’s investigations around Advanced
9. Grigaliūnas Š., Brūzgienė R., Venčkauskas A. The
Persistent Threats (APT) groups. These groups
Method for Identifying the Scope of Cyberattack Stag-
carry out advanced, long-term cyber attacks that
es in Relation to Their Impact on Cyber-Sustainability
sophisticated and determined criminal or state Control over a System. Electronics. 2023; 12(3): 591.
groups carry out. APT groups are organized, high-
10. Block L. The long history of OSINT. Journal of In-
ly capable and persistent in pursuing their goals.
telligence History. 2023; 1–15.
Preventing and detecting APTs is a difficult task
11. NBC Philadelphia. https://www.nbcphiladelphia.
that requires complex cybersecurity solutions,
com/news/national-international/instagram-etsy-sale-
including appropriate protection tools, network
tattoo-how-fbi-found-woman-accused-of-torching-
traffic monitoring, user behaviour analysis, and IT ppd-cars/2436832, Accessed 22nd November 2023.
security training for staff. If there is a suspicion
12. Evangelista J.R.G., Sassi R.J., Romero M., Napoli-
that an organization may be a victim of APTs, it is
tano D. Systematic literature review to investigate
necessary to take immediate action to identify and the application of open source intelligence (OSINT)
neutralize the threat. We will focus on preventing with artificial intelligence. Journal of Applied Secu-
and detecting APT groups in the network. rity Research. 2021; 16(3): 345–369.
13. Hassan, Nihad A., Hijazi R. Open source intelligence
methods and tools. New York, NY: Apress, 2018.
REFERENCES 14. Nobili M. Review OSINT tool for social engineer-
ing. Frontiers in Big Data 6(2023).
1. Lee, Soon L., Cai Lian T., Sivakumar T. Facebook
depression with depressed users: The mediating ef- 15. Li X., Li D., Yang Z., Zhao H., Cai W., Lin, X. 2022.
fects of dependency and self-criticism on facebook ND-NER: A Named Entity Recognition Dataset for
addiction and depressiveness. Computers in Human OSINT Towards the National Defense Domain. In
Behavior, 2023; 139: 107549. International Conference on Neural Information
Processing. Singapore: Springer Nature Singapore.
2. Govers J., Feldman P., Dant A., Patros P. Down
2022; 361–372.
the Rabbit Hole: Detecting Online Extremism,
Radicalisation, and Politicised Hate Speech. ACM 16. Black I.S., Fennelly L.J. Investigations and the art of
Comput. Surv. 2023; 55(14): 1–35. https://doi. the interview. Butterworth-Heinemann, 2020.
org/10.1145/3583067 17. Böhm I., Samuel Lolagar S. Open source intelli-
3. Kutschera S. Incidental data: observation of privacy gence: Introduction, legal, and ethical considera-
compromising data on social media platforms. Interna- tions. International Cybersecurity Law Review.
tional Cybersecurity Law Review. 2023; 4(1): 91–114. 2021; 2: 317–337.
4. Pattnaik N., Li S., Nurse J.R.C. Perspectives of 18. Qusef A., Alkilani H. The effect of ISO/IEC 27001
non-expert users on cyber security and privacy: An standard over open-source intelligence. PeerJ Com-
analysis of online discussions on twitter. Computers puter Science. 2022; 8: e810.
& Security. 2023; 125: 103008. 19. The Police1. https://www.police1.com/investigations/
5. Downing J. Social Media, Digital Methods and Crit- articles/using-webint-and-osint-to-tackle-extrem-
ical Security Studies. Critical Security Studies in ist-groups-Fvy2So5OzaAoNLTC/, accessed 17th No-
the Digital Age: Social Media and Security. Cham: vember 2023.

136
 Advances in Science and Technology Research Journal 2024, 18(3), 123–139

20. The Telegraph. https://www.telegraph.co.uk/world- Operations Security, Site Security, and Incident Re-
news/2022/07/04/celebrity-ukraine-volunteer-sol- sponse. In Ciottone’s Disaster Medicine. Elsevier.
dier-exposed-fraud-internet-sleuths/, accessed 17th 2024; 573–581.
November 2023. 34. Yamin M.M., Ullah M., Ullah H., Katt B., Hijji M.,
21. Kowta A.S.L., Bhowmick K., Kaur J.R., Jeyanthi N. Muhammad K. 2022. Mapping Tools for Open Source
2021. Analysis and overview of information gath- Intelligence with Cyber Kill Chain for Adversarial
ering & tools for pentesting. In 2021 International Aware Security. Mathematics. 2022; 10(12): 2054.
Conference on Computer Communication and In- 35. OSINT framework, https://osintframework.com/,
formatics (ICCCI) IEEE, 2021; 1–13. accessed 28th February 2024.
22. Herrera-Cubides, J.F., Gaona-García P.A., 36. Awesome OSINT, https://github.com/jivoi/awe-
Sánchez-Alonso S. Open-source intelligence ed- some-osint, accessed 28th February 2024.
ucational resources: a visual perspective analysis. 37. Alsmadi I., Dwekat Z., Cantu R., Al-Ahmad B. Vul-
Applied Sciences; 2020; 10(21): 7617. nerability assessment of industrial systems using
23. Yamin M.M., Ullah M., Ullah H., Katt B., Hijji M., Shodan. Cluster Computing. 2022; 25(3): 1563–1573.
Muhammad, K. 2022. Mapping Tools for Open Source 38. Phil Harvey. Exiftoolgui for windows v12.62.
Intelligence with Cyber Kill Chain for Adversarial https://exiftool.org/exiftool_pod.html}, accessed
Aware Security. Mathematics. 2022; 10(12): 2054. 25 August 2023.
24. Inc. Barracuda Networks. https://assets.barracuda. 39. Pastor-Galindo J., Nespoli P., Mármol F.G., Pérez
com/assets/docs/dms/Spear-phishing-vol7.pdf, ac- G.M. 2020. The not yet exploited goldmine of
cessed 22nd November 2023. OSINT: Opportunities, open challenges and future
25. Microsoft. https://www.microsoft.com/en-us/micro- trends. IEEE Access, 2020; 8: 10282–10304.
soft-365/business-insights-ideas/resources/what-is- 40. Reider-Gordon M. Too Much Information: OSINT
spear-phishing-how-to-keep-yourself-and-your-da- in Criminal Investigations and the Erosion of Pri-
ta-above-water, accessed 18th November 2023. vacy. Regulating Cyber Technologies: Privacy Vs
26. Distler, V. The Influence of Context on Response Security. 2023; 145.
to Spear-Phishing Attacks: an In-Situ Deception 41. Katzner, T., Thomason, E., Huhmann, K., Conkling,
Study. Proceedings of the 2023 CHI Conference T., Concepcion, C., Slabe, V., Poessel, S. Open‐
on Human Factors in Computing Systems. 2023. source intelligence for conservation biology. Con-
27. Butt U.A., Amin R., Aldabbas H., Mohan S., Alouffi B., servation Biology. 2022; 36(6): e13988.
Ahmadian A. 2023. Cloud-based email phishing attack 42. Osterritter L., Carley K.M. Conversations around
using machine and deep learning algorithm. Complex organizational risk and insider threat. In Proceed-
& Intelligent Systems. 2023; 9(3): 3043–3070. ings of the 2021 IEEE/ACM International Confer-
28. Birthriya S.K., Ahlawat P., Jain A.K. An Efficient ence on Advances in Social Networks Analysis and
Spam and Phishing Email Filtering Approach us- Mining. 2021; 613–621.
ing Deep Learning and Bio-inspired Particle Swarm 43. Alquwayzani A., Aldossri R., Rahman M.H. 2023.
Optimization. International Journal of Computing How dark web monitoring can be used for osint and
and Digital Systems. 2023; 13(1): 189–199. investigations. Journal of Theoretical and Applied
29. Nalini Priya G., Damoddaram K., Gopi G., Nitish Information Technology, 101(10).
Kumar R. 2023. Phishing Attack Detection Using 44. Connolly K., Klempay A., McCann M., Brenner
Machine Learning. In International Conference on P. Dark Web Marketplaces: Data for Collaborative
Emerging Trends in Expert Applications & Security. Threat Intelligence. Digital Threats: Research and
Singapore: Springer Nature Singapore. 2023; 301–312. Practice. 2023; 4(4): 1–12.
30. Pro-tibetan activists become victim of spear phish- 45. Pastor-Galindo J., Mármol F.G., Pérez G.M. On the
ing. https://thehackernews.com/2012/04/pro-tibet- gathering of Tor onion addresses. Future Generation
an-activists-become-victim-of.html, accessed 26 Computer Systems. 2023; 145: 12–26.
September 2023. 46. Chaudhary M., Bansal D. Open source intelligence
31. Tyagi S., Tyagi R.K., Dutta P.K., Dubey P. 2023. extraction for terrorism‐related information: A re-
Next Generation Phishing Detection and Preven- view. Wiley Interdisciplinary Reviews: Data Mining
tion System using Machine Learning. In 2023 1st and Knowledge Discovery. 2022; 12(5): e1473.
International Conference on Advanced Innovations 47. Lakomy M. Open-source intelligence and research
in Smart Cities (ICAISC). IEEE, 2023; 1–6. on online terrorist communication: Identifying eth-
32. Sonowal G., Sonowal G. Types of Phishing. Phishing ical and security dilemmas. Media, War & Conflict.
and Communication Channels: A Guide to Identify- 2023; 17506352231166322.
ing and Mitigating Phishing Attacks. 2022; 25–50. 48. Gianluigi, M. E., & MUCCI, M. F. (2023). Coun-
33. Maniscalco P.M., Holstege C.P., Cormier S.B. tering Daesh Cognitive and Cyber Warfare with

137
Advances in Science and Technology Research Journal 2024, 18(3), 123–139

OSINT and Basic Data Mining Tools. In Interna- extraction and fusion. Computers & Security. 2023;
tional Conference on Cybersecurity and Cyber- 132: 103371.
crime. 2023; 10: 71–80). 62. Shamunesh P., Vinoth S., Srinivas L.N.B. Cybercheck–
49. Wangchuk T., Rathod D. Opensource intelligence OSINT & Web Vulnerability Scanner. In 2023 2nd In-
and dark web user de-anonymisation. International ternational Conference on Edge Computing and Appli-
Journal of Electronic Security and Digital Forensics. cations (ICECAA). IEEE, 2023; 275–279.
2023; 15(2): 143–157. 63. Melshiyan M.A., Dushkin A.V. Information Securi-
50. Yu, S. Cyber profiling: Predicting political orienta- ty Audit Using Open Source Intelligence Methods.
tion with SOCMINT. Telematics and Informatics In 2022 Conference of Russian Young Researchers
Reports. 2023; 10: 100058. in Electrical and Electronic Engineering (ElCon-
51. Sasaki T., Yoshioka K., Matsumoto T. Who are youƒ Rus). IEEE, 2022; 379–382.
OSINT-based Profiling of Infrastructure Honeypot Vis- 64. DeCusatis C., Peko P., Irving J., Teache M., Laibach
itors. In 2023 11th International Symposium on Digital C., Hodge J. A Framework for Open Source Intel-
Forensics and Security (ISDFS). IEEE, 2023; 1–6. ligence Penetration Testing of Virtual Health Care
52. Lohar S., Kolte J., Zambare P. AutOSINT: GUI- Systems. In 2022 IEEE 12th Annual Computing and
Based Foot printing Software with AI and OSINT. Communication Workshop and Conference. IEEE,
EPRA International Journal of Multidisciplinary 2022; 0760–0764.
Research (IJMR), 2023; 9(5), 301–305. 65. Al Mahmeed Y., Elmedany W., Sharif M.S. Ea-
gle-Eye: Open-Source Intelligence Tool for IoT De-
53. Dale D., McClanahan K., Li Q. AI-based Cyber
vices Detection. In 2022 International Conference on
Event OSINT via Twitter Data. In 2023 Interna-
Innovation and Intelligence for Informatics, Comput-
tional Conference on Computing, Networking and
ing, and Technologies (3ICT) IEEE, 2022; 526–530.
Communications. IEEE. 2023; 436–442.
66. Saraswathi, V.R., Ahmed I.S., Reddy S.M., Akshay
54. Reyes J., Fuertes W., Arévalo P., Macas M. An Envi-
S., Reddy V.M., Reddy S.M. Automation of recon
ronment-Specific Prioritization Model for Informa-
process for ethical hackers. In 2022 International
tion-Security Vulnerabilities Based on Risk Factor
Conference for Advancement in Technology (ICO-
Analysis. Electronics. 2022; 11(9): 1334.
NAT) IEEE, 2022; 1–6.
55. Suryotrisongko H., Musashi Y., Tsuneda A., Sugi-
67. Marinho, R., Holanda, R. Automated Emerging
tani K. Robust botnet DGA detection: Blending XAI
Cyber Threat Identification and Profiling Based on
and OSINT for cyber threat intelligence sharing.
Natural Language Processing. IEEE Access, 2023.
IEEE Access. 2022; 10: 34613–34624.
68. San Biagio, M., Acquaviva, R., Mazzonello, V., La
56. Zheng G., Zhang Y., Yue X., Li K. Interpretable pre-
Mattina, E., Morreale, V. A new SOCMINT frame-
diction of thermal sensation for elderly people based
work for Threat Intelligence Identification. In 2021
on data sampling, machine learning and SHapley
International Conference on Computational Science
Additive exPlanations (SHAP). Building and En-
and Computational Intelligence (CSCI). IEEE,
vironment. 2023; 242: 110602.
2021; 692–697.
57. Li X., Xiong H., Li X., Zhang X., Liu J., Jiang H., 69. Elmas T., Ibanez T.R., Hutter A., Overdorf R., Ab-
Dou D. G-LIME: Statistical learning for local in- erer K. WayPop Machine: A Wayback Machine to
terpretations of deep neural networks using global Investigate Popularity and Root Out Trolls. In 2022
priors. Artificial Intelligence. 2023; 314: 103823. IEEE/ACM International Conference on Advances
58. Fauziyyah A.K., Adrian R., Alam S. Analyzing Im- in Social Networks Analysis and Mining (ASON-
age Malware with OSINTs after Steganography us- AM) (pp. 391–395). IEEE, 2022; 391–395.
ing Symmetric Key Algorithm. Sinkron: jurnal dan 70. Mahaini, M.I., Li, S. Detecting cyber security re-
penelitian teknik informatika. 2023; 8(2): 818–824. lated Twitter accounts and different sub-groups:
59. Duitsman M., Kalinina-Pohl M. Open Source Intel- a multi-classifier approach. In Proceedings of the
ligence and Investigative Techniques for Locating 2021 IEEE/ACM International Conference on Ad-
Radioactive Sources. 2013. vances in Social Networks Analysis and Mining.
60. Guo Y., Liu Z., Huang C., Liu J., Jing W., Wang Z., 2021; 599–606.
Wang Y. CyberRel: Joint entity and relation extrac- 71. Nobili M., Faramondi L., Setola R., Ghelli M., Per-
tion for cybersecurity concepts. In Information and sechino B., Lombardi M. An OSINT platform to ana-
Communications Security: 23rd International Con- lyse violence against workers in public trasportation.
ference, ICICS 2021, Chongqing, China, November In 2021 International Conference on Cyber-Physical
19–21, 2021, Proceedings, Springer International Social Intelligence (ICCSI) IEEE, 2021; 1–6.
Publishing. 2021; I23: 447–463. 72. Daskevics A., Nikiforova A. ShoBeVODSDT:
61. Guo Y., Liu Z., Huang C., Wang N., Min H., Guo Shodan and Binary Edge based vulnerable open data
W., Liu J. A framework for threat intelligence sources detection tool or what Internet of Things

138
 Advances in Science and Technology Research Journal 2024, 18(3), 123–139

Search Engines know about you. In 2021 second 79. Drichel, A., Drury, V., von Brandt, J., Meyer, U.
international conference on intelligent data science Finding phish in a haystack: A pipeline for phish-
technologies and applications (IDSTA). IEEE, ing classification on certificate transparency logs. In
2021; 38–45. Proceedings of the 16th International Conference on
73. Daskevics A., Nikiforova A. IoTSE-based open data- Availability, Reliability and Security. 2021; 1–12.
base vulnerability inspection in three Baltic countries: 80. Khan S., Wallom D. A system for organizing, col-
ShoBEVODSDT sees you. In 2021 8th International lecting, and presenting open-source intelligence.
Conference on Internet of Things: Systems, Manage- Journal of Data, Information and Management.
ment and Security (IOTSMS). IEEE. 2021; 1–8. 2022; 4(2): 107–117.
74. Karthika S., Bhalaji N., Chithra S., Sri Harikarthick 81. Garzia F., Borghini F., Bruni A., Lombardi M.,
N., Bhattacharya, D. NoRegINT—A Tool for Per- Minò L., Ramalingam S., Tricarico G. Sentiment
forming OSINT and Analysis from Social Media. In and emotional analysis of risk perception in the Her-
Inventive Computation and Information Technolo- culaneum Archaeological Park during COVID-19
gies: Proceedings of ICICIT 2020 Springer Singa- pandemic. Sensors. 2022; 22(21): 8138.
pore. 2021; 971–980. 82. Li T., Wang X., Yu Y., Yu G., Tong X. Exploring the
75. Jan S.A., Barclay F.P. Conflict and Conflicting News Dynamic Characteristics of Public Risk Perception
Discourses: An Analysis of Newspaper Coverage of and Emotional Expression during the COVID-19
Pulwama Attack. Journalism Practice. 2023; 1–19. Pandemic on Sina Weibo. Systems. 2023; 11(1): 45.
76. Abdullah A., Laghari S.A., Jaisan A., Karuppayah 83. Qing H., Bang Z., Agostini M., Bélanger J.J., Gütz-
S. OSINT Explorer: A Tool Recommender Frame- kow B., Kreienkamp J., Reitsema A.M., van Breen
work for OSINT Sources. In Advances in Cyber J.A. PsyCorona Collaboration, N. Pontus Leander.
Security: Third International Conference, ACeS Associations of risk perception of COVID-19 with
2021, Penang, Malaysia, August 24–25, 2021, Re- emotion and mental health during the pandemic.
vised Selected Papers. Springer Singapore. 2021; Journal of affective disorders. 2021; 284: 247–255.
3: 389–400. 84. Savadori L., Lauriola M. Risk perceptions and
77. Griné T., Teixeira Lopes C. A Social Media Tool COVID-19 protective behaviors: A two-wave lon-
for Domain-Specific Information Retrieval-A Case gitudinal study of epidemic and post-epidemic peri-
Study in Human Trafficking. In Joint European ods. Social Science & Medicine. 2022; 301: 114949.
Conference on Machine Learning and Knowledge 85. Garzia F., Borghini F., Makshanova E., Lombardi
Discovery in Databases Cham: Springer Nature M., Ramalingam S. Emotional analysis of safeness
Switzerland, 2022; 23–38. and risk perception of cybersecurity attacks during
78. Seo S., Kim D. (2021). OSINT-based LPC-MTD the COVID-19 pandemic. In 2022 IEEE Interna-
and HS-decoy for organizational defensive decep- tional Carnahan Conference on Security Technolo-
tion. Applied Sciences, 11(8), 3402. gy (ICCST). IEEE, 2022; 1–6.

139