CSINT Research Workstation

207 sources checked every week

CSINT Research

A safe source guide for OSINT

Start with a domain, image, news claim, username, or file trace and see how to check it.

The site points you to useful sources, shows a clear order, and helps turn notes into a short report. It does not teach attacks; it helps people read public information carefully.

  1. 01Write the question
  2. 02Record the sources
  3. 03Separate the evidence
  4. 04Write report or notes

Core investigative pathways

Roadmap

Where to start?

Pick the first safe investigative path using our decision tree.

Database

Resource library

Browse 207 verified, defensive OSINT tools with full context.

Practice lab

Incident lab

Practice forensic verification on real-world incident files.

Editor

Report builder

Format your findings into structured, objective evidence notes.

Workstation

GOSI-Ready OSINT VM

Set up a repeatable Ubuntu OSINT workstation with scripts, docs, and optional OVA import guidance.

SRC

207

checked sources

CHK

weekly

link checks

CAT

34

topic groups

ETH

clear

safe-use notes

Research flow

QuestionSourceEvidenceReport

Every check follows the same four steps: write the question, record sources, separate visible evidence from interpretation, then produce a short report or comment.

  1. 01

    Question

    Write the question

    State in one sentence what you are checking and what input you hold.

  2. 02

    Source

    Record sources

    Keep links, publication dates, and the source chain on separate lines.

  3. 03

    Evidence

    Separate evidence

    Log dates, context, and verifiable traces apart from interpretation.

  4. 04

    Report

    Write report or notes

    Only state what the evidence supports, plus missing checks and confidence limits.

What do you want to do?

Pick an intent; the matching path opens.

New to OSINT or unsure where to begin. Choose the first safe path.

  • Decision tree: a safe first path from the input you hold
  • Start guide: first 15 minutes and an example case
  • Practice case: build a small OSINT note from a real event
Open the decision treeStart guide

First step

Type what you want to check.

You can start with a domain, IP, image, news claim, username, or file trace.

Recommended Tags:

Research desk

What does this site do?

It shows which source to open, which order to follow, and how to write down the result without overclaiming.

01

For a domain or IP, it points to DNS, WHOIS, archive, and certificate checks.

02

For an image or news claim, it checks older copies, dates, and context.

03

For reporting, it separates evidence, interpretation, and uncertainty.

VETTED_SOURCES.DB
_X

Example sources

These tools do not decide for you; they give you a clear place to start.

Wayback Machine logo

Wayback Machine

Archive and timeline checks

accessible
Shodan logo

Shodan

Passive service visibility

passive query
TinEye logo

TinEye

Earlier visual traces

verification
VirusTotal logo

VirusTotal

URL and indicator context

defensive

Quick intake

What do you have?

Pick one card and go to the matching check steps.

crt.sh logoDNS

Domain / IP

Put DNS, WHOIS, archive, and visible service traces in order.

Open
TinEye logoIMG

Image

Separate older copies, context, location clues, and timing.

Open
AFP Fact Check logoCLM

News claim

Check the claim, source chain, date, and archive record.

Open
WhatsMyName logoUSR

Username

Compare open profile traces without making identity claims.

Open
Telegram logoSOC

Social media

Record first source, context, and missing evidence calmly.

Open
VirusTotal logoIOC

Hash / IOC

Read indicators with defensive sources and careful limits.

Open
GitHub Markdown logoRPT

Report

Turn findings, sources, and uncertainty into a short draft.

Open
CSINT logo?

Not sure

Use the decision tree to choose the first safe path.

Open

Safe boundaries

Some things this site does not do.

Open-source research is a calm, careful practice. CSINT intentionally stays outside these lines:

  • PROTOCOL 01ENFORCED

    No people tracking

    Not used to locate individuals, hunt profiles, or mark targets.

  • PROTOCOL 02ENFORCED

    No doxxing

    Does not push toward publishing private contacts, home addresses, or identity data.

  • PROTOCOL 03ENFORCED

    No exploit guidance

    Does not teach attack, credential cracking, or unauthorised access methods.

  • PROTOCOL 04ENFORCED

    No live conflict tracking

    Does not produce real-time tactical feeds during active crises or conflict.

Maintenance

Links are checked on a schedule.

Source links and redirects are checked every week. The status page shows the latest result in a short summary.

View resource health
⚠️ Short safety note
_X
CSINT does not teach attacks. It helps people check public information legally, safely, and clearly.

Latest content

Recent guides and case notes.

Changelog
LATEST GUIDE
_X

Handbook shelf is live

PDF guides and field notes are easier to find.

Read
LATEST CASE
_X

Visual geolocation check

Case 01 - 35-50 min

Read
CHANGES
_X

Source archive and maintenance pages were updated

Research paths, source health, and homepage presentation are easier to scan.

Read