๐Ÿ•ต๏ธ How to find everything public about any target (beginner OSINT + free loot)

:package: elhacker.info: free courses, wordlists, cracked tools, books โ€” plus OSINT 101

Welcome aboard :ocean: โ€” solid first drop. And damn, what a first drop: a link to elhacker.info, basically a free warehouse of hacking courses, wordlists, cracked pro tools, OS ISOs, and a fat pile of cybersec books. People pay hundreds for half this shit. Itโ€™s just sitting there.

:wrapped_gift: The loot: https://elhacker.info/ โ€” courses, MP4 tutorials, 46GB rockyou2024 wordlist, Burp/Metasploit/Cobalt Strike, ebooks, the works.

Below: a dead-simple breakdown of OSINT (digging up info thatโ€™s already public โ€” Google, but for finding everything about a target) and the tools that do it. No jargon left unexplained. :backhand_index_pointing_down:

๐ŸŒ what the hell is OSINT (2-line version)

OSINT = Open Source Intelligence = collecting info thatโ€™s already public and free to grab. Social media, websites, forums, leaked databases, public records โ€” all of it.

Why care? Because everything youโ€™d ever want to know about a website, company, or person is already out there scattered across the internet. OSINT is just the art of vacuuming it all up and connecting the dots. Itโ€™s 100% legal when you stick to public stuff, costs nothing, and itโ€™s the first move in basically every hack, investigation, or background check.

Think of it as being a detective who never leaves the couch.

๐Ÿ› ๏ธ the tools that do the digging (plain-English)

You donโ€™t memorize these โ€” you just need to know which one grabs what (all links go straight to the tool):

  • Shodan โ†’ a search engine for devices, not websites. It finds webcams, servers, routers, smart fridges โ€” anything plugged into the internet. Type a query, see whatโ€™s exposed. Scary how much is wide open.
  • Maltego โ†’ the connection-map drawer. Feed it a name/email/domain and it draws a spiderweb showing how everything links together. Great for โ€œwhoโ€™s connected to who.โ€
  • theHarvester โ†’ the email & subdomain scraper. Point it at a company, it pulls every email address and hidden sub-page it can find from search engines. Phishers love this one.
  • SpiderFoot โ†’ the auto-recon robot. You give it a target, it runs hundreds of checks on its own while you grab coffee. Lazy personโ€™s best friend.
  • Recon-ng / Censys โ†’ bulk internet scanners. Find domains, IPs, and exposed assets in bulk.
  • FOCA โ†’ the metadata snitch. Drop in a PDF or Word doc and it reveals hidden junk inside โ€” who made it, what software, sometimes internal usernames. People forget this stuff is baked into their files.

:light_bulb: Start with Shodan (free web version, no install). Search your own home IP and see whatโ€™s exposed. Instant โ€œoh shitโ€ moment, instant hooked.

๐Ÿค– making it run on autopilot

The whole point is to stop doing this by hand. Two moves:

  • Scripts โ€” a little Python program (beginner-friendly coding language) can ask Shodan โ€œshow me every device running old, hackable softwareโ€ and ping you when it finds one. Set it, forget it.
  • Scheduled scans โ€” tell SpiderFoot to re-scan your targets every night and flag anything new. You wake up to a report.

Thatโ€™s it. The fancy version plugs into a SIEM (a security dashboard that collects all your alerts in one place), but you donโ€™t need that to start. A free tool + one script = youโ€™re already ahead of most people.

โš–๏ธ don't be dumb about it

OSINT is legal because it uses public info. The second you log into accounts that arenโ€™t yours, brute-force a password, or grab private data โ€” thatโ€™s a different crime entirely. Stay on the public side.

Two habits worth having:

  • Use a VPN (hides your real location/identity) while poking around, so the target canโ€™t see you sniffing.
  • Donโ€™t collect random peopleโ€™s personal data for no reason โ€” privacy laws (like GDPR in Europe) exist and bite.

Basically: look, donโ€™t touch. Public, not private. Youโ€™re a detective, not a burglar.


simple-pimple:

  • :wrapped_gift: Free loot: elhacker.info โ€” courses, wordlists, tools, books
  • :globe_with_meridians: OSINT = vacuuming up public info and connecting the dots
  • :electric_plug: Start free with Shodan, scan your own IP, get hooked
  • :robot: Automate later with a tiny Python script
  • :balance_scale: Public = legal. Private = jail. Stay on the right side.

Throw a target youโ€™d OSINT first in the comments :backhand_index_pointing_down: โ€” your own domain is a good safe start.

15 Likes