Quiz Entry - updated: 2026.07.14
What are the essential OSINT command-line tools that every security professional should know?
Six key tools cover the core OSINT workflow: Sherlock for usernames, Twitter for social analysis, ExifTool for metadata, subfinder for domains, and theHarvester for email collection.
| Tool | Command | Purpose |
|---|---|---|
| Sherlock | sherlock username |
Search for a username across hundreds of social networks simultaneously. |
twitter.com/username |
Analyze a public Twitter profile, including bio, tweets, and network. No login required for public profiles. | |
| ExifTool read | exiftool image.jpg |
Extract all hidden metadata from an image, including GPS coordinates, timestamps, and camera information. |
| ExifTool strip | exiftool -all= image.jpg |
Remove all metadata from an image before sharing. Essential for personal privacy hygiene. |
| subfinder | subfinder -d domain.com |
Discover subdomains of a target domain, revealing infrastructure and services. |
| theHarvester | theHarvester -d domain -b google,linkedin |
Collect email addresses and names associated with a domain from public sources. |
Defensive insight: ExifTool isn't just an offensive tool. The command exiftool -all= photo.jpg should be part of everyone's routine before uploading any photo. It strips GPS coordinates, camera serial numbers, timestamps, and other metadata that reveal far more than the image itself.