Methodology

Every tool on OSINT Lab follows the same methodological spine. Understanding it helps you read results without over- or under-interpreting them.

1. Passive by default

Tools read what a target voluntarily publishes: DNS records, HTTP responses for public URLs, robots.txt, sitemaps, HTML metadata. They do not brute-force paths, they do not try credentials, and they do not scan ports.

2. Bounded, polite requests

Each tool has a request budget (typically a handful of HTTP fetches and a small DNS query fan-out). Requests use a realistic User-Agent, respect standard timeouts, and back off on errors.

3. Explicit confidence

Findings are labeled with a confidence level:

• high — exact match on a protocol-level signal.
• medium — a strong pattern match, with known counter-examples.
• low — a weak hint. Useful as a direction, never as a conclusion.

4. No hidden corrections

If a signal is ambiguous — a header that is present but weak, a DNS record that is present but points somewhere odd — we show it. We do not "fix" the output to look cleaner than the target actually is.

5. Reproducibility

Every run records the exact input, a timestamp, and the tool version. You can re-run later and compare.