Open-source intelligence work is rarely glamorous. It usually involves dragging yourself through a swamp of messy public data, comparing fragmented records, spotting subtle patterns, and turning scattered digital breadcrumbs into a structured line of inquiry.
ChatGPT can drastically accelerate this process, but only if you use it correctly. It is not an investigative oracle. It is an analysis assistant. Its superpower is taking unstructured, chaotic data, like a disorganized dump of social media posts, messy WHOIS records, or translated foreign news articles, and organizing it into timelines, entity maps, and follow-up strategies.
In OSINT, evidence must always come from original public sources, never from an AI-generated response. ChatGPT is here to help you think faster and structure your work better, but every claim it helps you extract still needs manual verification.
To get the most out of it, you need highly specific, carefully constrained prompts. Below is a comprehensive prompt pack covering the full lifecycle of an OSINT investigation. Simply copy these prompts, replace the bracketed placeholders with your specific data, and let the AI do the heavy lifting.
1. Investigation Scoping & Boundary Setting
The quickest way to fail an OSINT investigation is to fall down a “rabbit hole” and lose track of what you were actually trying to find. Before you collect a single piece of data, use this prompt to establish a strict collection plan and prevent scope creep.
- Act as a senior Intelligence Manager. I am starting a new OSINT investigation. Before I collect any data, help me define the scope and prevent rabbit holes.
My target/objective: [Insert target name, organization, or general investigative goal here]
Tasks:
1. Primary Objective: Refine my objective into a single, focused sentence.
2. Boundary Setting: Create a bulleted list defining what is strictly “In-Scope” and what is “Out-of-Scope” for this investigation.
3. Key Intelligence Questions (KIQs): Generate 3 to 5 specific, answerable questions that I must resolve to consider this investigation a success. Do not invent answers; just provide the questions.
2. Tool Stack & Methodology Planning
Once your scope is defined, you need to know exactly where to look. ChatGPT is an excellent methodology guide. If you have a specific type of target (like a crypto address, an IP, or a username), this prompt will generate a customized footprinting plan outlining exactly which tools and databases to hit.
- Act as an expert OSINT investigator. I am building a collection plan for the following target: [Insert Target Type: e.g., a corporate domain, a Telegram username, an IPv4 address, or a Bitcoin wallet].
Provide a structured footprinting methodology. Do not perform the search for me; instead, map out exactly how I should conduct the investigation.
Format your response as a checklist using this structure:
– [Data Category, e.g., Historical DNS or Social Media Correlation] -> [Specific OSINT Tool/Website, e.g., SecurityTrails or WhatsMyName] -> [Exactly what specific data I should look for using this tool].
Include at least 5 distinct data categories relevant to this specific target type.
3. Reconnaissance & Search Strategy (Advanced Dorking)
Often, the hardest part of an investigation is knowing exactly how to query search engines to surface hidden files or forgotten directories. ChatGPT is phenomenal at writing advanced Google, Bing, and Yandex search operators.
- Act as an expert OSINT researcher. I am trying to find specific public information about the following target/topic: [Insert target name, organization, or topic here].
Based on this target, generate a comprehensive list of advanced search operators (Dorks) for Google, Bing, and Yandex. Include:
1. Filetype searches (e.g., PDF, DOCX, XLSX, TXT) that might contain sensitive or public internal records.
2. Intitle and inurl operators targeting directories, admin portals, or forgotten subdomains.
3. Social media specific searches (e.g., searching site:linkedin.com, site:twitter.com, or obscure forums).
4. Keyword permutations, including likely acronyms, misspellings, or alternative naming conventions.
Provide a brief explanation of what each search string is designed to uncover.
4. Custom Tooling & Large-Scale Data Parsing
Sometimes, OSINT involves data dumps, like breached databases, massive server logs, or scraped forums, that are simply too large to paste into ChatGPT. When you hit a context window limit, use the AI to write a custom script so you can parse the data locally on your own machine.
- Act as a Python developer and OSINT data analyst. I have a massive local data dump [Describe the file, e.g., a 2GB server log, a massive messy text file of scraped forums] that is too large to paste here.
Write a robust Python script that reads this local file and uses Regular Expressions (Regex) to extract the following: [Specify what you need, e.g., all unique IPv4 addresses, .onion links, or email addresses].
Requirements:
1. Include clear comments explaining exactly how the regex captures the data.
2. Add basic error handling for unreadable characters or large file streams.
3. Output the extracted, deduplicated data into a clean CSV file.
5. People Search & Identity Resolution
People-focused OSINT involves matching identities across usernames, bios, public records, and data breaches. The main challenge is avoiding false positives (e.g., confusing two people with the same name). This prompt forces the AI to cross-reference data while strictly grading its own confidence.
- Act as an OSINT research assistant. I have collected the following fragmented data regarding an individual.
Known inputs: [Insert known names, usernames, aliases, locations, emails, employers, or bio snippets here]
Your tasks:
1. Identity Matrix: Create a table cross-referencing all provided data points to establish a unified identity profile.
2. Username Permutations: Generate 15 logical username variants based on their name, known aliases, birth years (if inferred), and interests.
3. False Positive Check: Highlight any conflicting data in my inputs that suggests I might be looking at two completely different people.
4. Next Steps: Provide a prioritized list of specific public platforms, registries, or databases I should manually check next to confirm this identity.
Do not invent information. If the data is inconclusive, state clearly that confidence is low.
6. Corporate & Business Intelligence
Investigating companies often means untangling complex ownership structures, identifying beneficial owners, and mapping out subsidiaries. When you have a massive dump of business registry text or corporate press releases, this prompt will map it for you.
- I am conducting a corporate intelligence investigation. Below is raw text collected from business registries, corporate websites, and news articles.
Raw Data: [Insert messy business text, registry dumps, press releases, or news clippings here]
Analyze this data and extract the following into a structured Markdown format:
1. Key Entities: A list of all parent companies, subsidiaries, shell companies, and joint ventures mentioned.
2. Key Personnel: A table of all executives, directors, shareholders, and their associated titles.
3. Addresses & Contact Info: All physical addresses, registered agent addresses, domains, and phone numbers.
4. Relationship Map: Write a clear narrative explaining the corporate hierarchy (who owns what, who directs what).
5. Red Flags: Identify any anomalies (e.g., multiple companies sharing the same obscure address, abrupt changes in leadership, offshore jurisdictions).
7. Infrastructure & Threat Intelligence (CTI)
When dealing with malicious infrastructure, phishing campaigns, or Advanced Persistent Threats (APTs), you need to quickly extract Indicators of Compromise (IOCs) from massive threat reports or messy server logs.
- Act as a Cyber Threat Intelligence (CTI) analyst. I am providing you with unstructured notes, logs, or threat reports regarding a cyber incident or suspicious infrastructure.
Input Data: [Insert raw WHOIS data, DNS records, IP addresses, threat report text, or server logs here]
Perform the following tasks:
1. Extract and categorize all Indicators of Compromise (IOCs) into a table: Domains, IP addresses, ASNs, Hashes (MD5/SHA), and Email addresses.
2. Identify the Threat Actor’s TTPs (Tactics, Techniques, and Procedures) if mentioned in the text.
3. Infrastructure Pivoting: For every IP or Domain identified, suggest specific pivots (e.g., checking reverse DNS, passive DNS, specific ports, or historical WHOIS) to uncover related infrastructure.
4. Defang all URLs and IP addresses in your output (e.g., example[.]com) to prevent accidental clicks.
8. Social Media & Disinformation Network Analysis
Social media OSINT is incredibly noisy. If you are investigating coordinated inauthentic behavior, bot networks, or tracking the spread of a narrative, you need to step back and look at behavioral patterns rather than just individual posts.
- I have collected a batch of social media posts, comments, and profile bios that I suspect may be part of a coordinated network or specific narrative campaign.
Raw Posts/Bios: [Insert text of social media posts, timestamps, and usernames here]
Analyze this text and provide the following:
1. Core Narratives: What are the primary themes, biases, or specific claims being pushed?
2. Linguistic Tics: Identify any repeated catchphrases, identical typos, forced hashtags, or unusual grammar that might suggest copy-paste behavior or a non-native speaker.
3. Sentiment Analysis: Is the tone designed to provoke anger, build trust, or spread confusion?
4. Target Audience: Who is this content trying to influence?
5. Coordination Clues: Point out any indicators that these accounts are operating together (e.g., exact same timestamps, identical external links, circular retweeting).
9. Geolocation & Visual Clue Processing
While ChatGPT cannot directly “look” at an image to geolocate it, it is phenomenal at processing descriptions of images. If you can describe the background of a video or photo, the AI can narrow down the geographic region based on architectural, botanical, and cultural clues.
- I am trying to geolocate a photograph/video. I will describe the visual clues present in the image in detail.
Image Description: [Insert highly detailed description: e.g., type of trees, side of the road cars drive on, license plate colors, language/alphabet on street signs, architectural style, plug sockets, weather, sun position, etc.]
Based on this description:
1. Narrow down the possible countries or specific regions this could be.
2. Explain the rationale for each location based on the clues provided (e.g., “Yellow rear license plates and driving on the left strongly suggests the UK or Cyprus”).
3. Suggest 3 specific Google Street View or Google Earth searches I can perform to confirm these hypotheses.
4. Point out any contradictory clues that might indicate the image is manipulated or located somewhere unexpected.
10. Language & Cultural Context Translation
Standard translation tools like Google Translate often fail at local slang, military jargon, or cultural idioms. ChatGPT excels at providing context, which is vital when investigating foreign entities or regional conflicts.
- I have intercepted or collected text in a foreign language (or regional dialect) that I need translated and analyzed for an OSINT investigation.
Source Text: [Insert foreign text, forum posts, or intercepted messages here]
Please provide:
1. A direct, literal translation.
2. A localized, intent-based translation (what they actually mean).
3. Slang/Jargon Breakdown: Highlight any slang, military jargon, criminal codes, or regional idioms, and explain their cultural context.
4. Geographic Profiling: Does the specific dialect, vocabulary, or spelling indicate a specific city, region, or demographic?
11. Structuring the Final Output: The Master Intelligence Brief
Once you have spent hours collecting clues, the final hurdle is turning your messy notes into a digestible report for a client, a law enforcement partner, or your own records.
- Act as a senior intelligence analyst. I am going to provide you with my raw, disorganized notes from an OSINT investigation.
Raw Investigation Notes: [Insert all your findings, timelines, dead ends, and extracted data here]
Transform these notes into a polished, professional Intelligence Brief using the following structure:
– Executive Summary: A 3 to 4 sentence TL;DR of the most critical findings.
– Scope of Investigation: What was the goal of this research?
– Key Findings: Bullet points of confirmed facts.
– Intelligence Gaps: What critical information is still missing or remains unverified?
– Analytical Assessment: What is the most likely scenario or conclusion based strictly on the provided evidence?
– Recommended Next Steps: Actionable recommendations for further public-source collection or legal process.Rule: Maintain a strictly neutral, objective tone. Clearly separate confirmed facts from analytical assumptions.
Final Thoughts on Using AI in OSINT
A prompt is only as good as the analyst using it. Remember these golden rules:
- Garbage In, Garbage Out: Give the AI real input. Paste actual text, parsed data, or detailed descriptions. Vague inputs yield useless, generalized outputs.
- Force Structured Outputs: Always ask for tables, markdown, JSON, or matrices. Unstructured prose is hard to skim.
- Guard Your OPSEC: Never feed highly sensitive, classified, or legally protected PII into a public AI model. Use these prompts on scrubbed data, or use locally hosted LLMs if you are dealing with sensitive targets.
- Trust, but Verify: Treat every AI output as a hypothesis, not a fact. The real evidence always lives in the original source.