OSINT Starter Pack

This is the free first asset for early learners: a safe, practical starting point for open source intelligence work without expensive courses or unclear legal boundaries.

Safe Research Rules

• Only investigate accounts, domains, systems, or datasets you own or are authorized to assess.
• Do not buy, trade, request, or republish leaked passwords or private personal data.
• Record where each fact came from, when it was captured, and how confident you are.
• Separate observation from conclusion. A match, username, or exposed email is not proof of identity by itself.
• Use lab environments for malware, phishing, exploit, or suspicious-code learning.

Beginner Workflow

1. Define the question and what permission you have.
2. Collect baseline identifiers: names, handles, domains, emails, locations, and dates.
3. Check official sources first: registries, company filings, public profiles, policy pages, and archives.
4. Pivot carefully into web intelligence: DNS, certificate transparency, historical pages, repositories, and public mentions.
5. Verify with at least two independent sources before treating a finding as useful.
6. Write a short evidence note with source links, confidence, risk, and recommended next action.

First 25 Tools to Learn

Start with these categories before chasing advanced tools: search operators, archives, WHOIS/RDAP, certificate transparency, DNS history, breach notification, image verification, map review, social username checks, and note-taking.

• DuckDuckGo, Google, Bing, Brave Search, and Yandex for different result coverage.
• Wayback Machine, archive.today, and Common Crawl for historical pages.
• ICANN Lookup, RDAP, crt.sh, DNSDumpster, SecurityTrails, and ViewDNS.info for web infrastructure.
• Have I Been Pwned and Firefox Monitor for consent-based exposure awareness.
• ExifTool, Google Lens, TinEye, Sentinel Hub EO Browser, OpenStreetMap, and Geonames for media and geospatial checks.
• Obsidian, Zotero, Hunchly, Maltego CE, SpiderFoot, and the OSINT Framework for organizing research.

Breach Data Boundaries

Learn breach exposure as a defensive topic. The right goal is to help people reduce harm: password resets, MFA, session review, domain-owner notification, and safer monitoring. The wrong goal is building a searchable pile of stolen secrets.

Practice Labs

• Map your own domain footprint: DNS, certificates, hosting, email security records, and archive history.
• Build a source-confidence table for a public claim using at least five sources.
• Review a harmless image and write down visible clues, map hypotheses, and confidence.
• Configure a test Cloudflare zone and document what each security setting changes.

What Comes Next

Early-access learners will get safe tutorials, field notes, Cloudflare setup lessons, and practical exercises that build toward junior web security and OSINT capability.