elhacker.info: free courses, wordlists, cracked tools, books โ plus OSINT 101
Welcome aboard
โ solid first drop. And damn, what a first drop: a link to elhacker.info, basically a free warehouse of hacking courses, wordlists, cracked pro tools, OS ISOs, and a fat pile of cybersec books. People pay hundreds for half this shit. Itโs just sitting there.
The loot: https://elhacker.info/ โ courses, MP4 tutorials, 46GB rockyou2024 wordlist, Burp/Metasploit/Cobalt Strike, ebooks, the works.
Below: a dead-simple breakdown of OSINT (digging up info thatโs already public โ Google, but for finding everything about a target) and the tools that do it. No jargon left unexplained. ![]()
๐ what the hell is OSINT (2-line version)
OSINT = Open Source Intelligence = collecting info thatโs already public and free to grab. Social media, websites, forums, leaked databases, public records โ all of it.
Why care? Because everything youโd ever want to know about a website, company, or person is already out there scattered across the internet. OSINT is just the art of vacuuming it all up and connecting the dots. Itโs 100% legal when you stick to public stuff, costs nothing, and itโs the first move in basically every hack, investigation, or background check.
Think of it as being a detective who never leaves the couch.
๐ ๏ธ the tools that do the digging (plain-English)
You donโt memorize these โ you just need to know which one grabs what (all links go straight to the tool):
- Shodan โ a search engine for devices, not websites. It finds webcams, servers, routers, smart fridges โ anything plugged into the internet. Type a query, see whatโs exposed. Scary how much is wide open.
- Maltego โ the connection-map drawer. Feed it a name/email/domain and it draws a spiderweb showing how everything links together. Great for โwhoโs connected to who.โ
- theHarvester โ the email & subdomain scraper. Point it at a company, it pulls every email address and hidden sub-page it can find from search engines. Phishers love this one.
- SpiderFoot โ the auto-recon robot. You give it a target, it runs hundreds of checks on its own while you grab coffee. Lazy personโs best friend.
- Recon-ng / Censys โ bulk internet scanners. Find domains, IPs, and exposed assets in bulk.
- FOCA โ the metadata snitch. Drop in a PDF or Word doc and it reveals hidden junk inside โ who made it, what software, sometimes internal usernames. People forget this stuff is baked into their files.
Start with Shodan (free web version, no install). Search your own home IP and see whatโs exposed. Instant โoh shitโ moment, instant hooked.
๐ค making it run on autopilot
The whole point is to stop doing this by hand. Two moves:
- Scripts โ a little Python program (beginner-friendly coding language) can ask Shodan โshow me every device running old, hackable softwareโ and ping you when it finds one. Set it, forget it.
- Scheduled scans โ tell SpiderFoot to re-scan your targets every night and flag anything new. You wake up to a report.
Thatโs it. The fancy version plugs into a SIEM (a security dashboard that collects all your alerts in one place), but you donโt need that to start. A free tool + one script = youโre already ahead of most people.
โ๏ธ don't be dumb about it
OSINT is legal because it uses public info. The second you log into accounts that arenโt yours, brute-force a password, or grab private data โ thatโs a different crime entirely. Stay on the public side.
Two habits worth having:
- Use a VPN (hides your real location/identity) while poking around, so the target canโt see you sniffing.
- Donโt collect random peopleโs personal data for no reason โ privacy laws (like GDPR in Europe) exist and bite.
Basically: look, donโt touch. Public, not private. Youโre a detective, not a burglar.
simple-pimple:
Free loot: elhacker.info โ courses, wordlists, tools, books
OSINT = vacuuming up public info and connecting the dots
Start free with Shodan, scan your own IP, get hooked
Automate later with a tiny Python script
Public = legal. Private = jail. Stay on the right side.
Throw a target youโd OSINT first in the comments
โ your own domain is a good safe start.

!