Mastering OSINT: A Guide to TryHackMe’s Free Educational Rooms

Introduction

Open-Source Intelligence (OSINT) is a critical skill in cybersecurity, enabling professionals to gather actionable intelligence from publicly available sources. Osama Shilbayeh’s newly released OSINT rooms on TryHackMe provide structured, hands-on training for beginners and advanced practitioners alike. These free resources cover GEOINT, SIGINT, and HUMINT, making OSINT accessible to all.

Learning Objectives

• Understand core OSINT methodologies and tools.
• Apply GEOINT, SIGINT, and HUMINT techniques in real-world scenarios.
• Develop proficiency through TryHackMe’s interactive challenges.

You Should Know

1. Basic OSINT Reconnaissance with `theHarvester`

Command:

theHarvester -d example.com -b google 

Step-by-Step Guide:

1. Install `theHarvester`: `sudo apt install theharvester`

2. Replace `example.com` with your target domain.

1. Use `-b` to specify data sources (e.g., Google, Bing).
2. Analyze results for emails, subdomains, and IP addresses.

2. Geolocation Intelligence (GEOINT) with `exiftool`

Command:

exiftool image.jpg | grep "GPS" 

Step-by-Step Guide:

1. Install `exiftool`: `sudo apt install exiftool`

1. Run the command on an image file to extract GPS coordinates.
2. Use tools like Google Earth to plot the location.

3. Social Media OSINT with `sherlock`

Command:

python3 sherlock username 

Step-by-Step Guide:

1. Clone the repository: `git clone https://github.com/sherlock-project/sherlock.git`
   

   2. Navigate to the directory: `cd sherlock`

2. Run the script to check username presence across platforms.

4. Advanced Metadata Analysis with `metagoofil`

Command:

metagoofil -d example.com -t pdf,docx -l 20 -o /output 

Step-by-Step Guide:

1. Install `metagoofil`: `sudo apt install metagoofil`

1. Specify file types (-t) and download limit (-l).
2. Review extracted metadata for usernames, software versions, and more.

5. Network Reconnaissance with `Maltego`

Tool Setup:

1. Download Maltego (Community Edition).

1. Use transforms to map domain relationships (e.g., DNS records, IP ranges).

6. Automating OSINT with `SpiderFoot`

Command:

python3 sf.py -s example.com -m all 

Step-by-Step Guide:

1. Clone SpiderFoot: `git clone https://github.com/smicallef/spiderfoot.git`
   2. Launch the web UI (`python3 sf.py -l 127.0.0.1:5001`) and input targets.

7. Dark Web OSINT with `OnionScan`

Command:

onionscan URL.onion 

Step-by-Step Guide:

1. Install OnionScan: `go get github.com/s-rah/onionscan`

1. Scan .onion sites for vulnerabilities and metadata leaks.

What Undercode Say

• Key Takeaway 1: Free, structured OSINT training democratizes cybersecurity education.
• Key Takeaway 2: Hands-on labs bridge theory and real-world application.

Analysis: Shilbayeh’s TryHackMe rooms address the growing demand for OSINT skills in threat intelligence and investigations. By integrating GEOINT, SIGINT, and HUMINT, learners gain a holistic understanding of intelligence gathering. Future updates could include AI-driven OSINT automation, further enhancing efficiency.

Prediction

OSINT will become integral to corporate security and law enforcement, with AI tools streamlining data collection. Expect more platforms to adopt gamified learning like TryHackMe to meet global demand.

Try the Rooms Here:

• OSINT Level 1
• OSINT Level 2
• OSINT Level 3

IT/Security Reporter URL:

Reported By: Osama Shilbayeh – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin