OSINT for Defence: Free Tools and Techniques Worth Knowing

29 May 2026 · 9 min read

The Committee on Earth Observation Satellites fleet as of 2026. Dozens of civilian and commercial imaging satellites now provide open-access data used by defence analysts for operational monitoring. Image: NASA/CEOS, Public Domain

The most comprehensive picture of Russian armoured movements ahead of the 2022 Ukraine invasion was not produced by the Central Intelligence Agency (CIA), the Government Communications Headquarters (GCHQ), or India's Defence Intelligence Agency. It was assembled by freelance researchers, hobbyist trackers, and conflict-monitoring volunteers using free satellite imagery, public Telegram channels, and a browser. The intelligence community calls this Open Source Intelligence (OSINT) — and it has permanently changed how military information is collected, contested, and consumed.

What makes this moment different is not the availability of satellite images. Spy satellites have existed for decades. What changed is the cost of entry. A researcher in Delhi with a 500 Mbps connection and zero classified clearances can now track military build-ups along the Line of Actual Control with tools that cost nothing and require no permission. The implications for defence, deterrence, and operational secrecy are still being absorbed.

The Tool That Broke Open Satellite Intelligence

The single most accessible tool for defence OSINT belongs to the European Space Agency (ESA), not the Pentagon. Sentinel Hub's EO Browser provides free access to ESA Copernicus Sentinel-2 imagery at 10-metre resolution — good enough to identify vehicle staging areas, artillery positions, freshly dug defilade positions, and damage from bombardment Source: Sentinel Hub EO Browser. The same platform serves Sentinel-1 Synthetic Aperture Radar (SAR) imagery, which penetrates cloud cover and works at night. In a conflict where the adversary operates during monsoon cloud cover, SAR is the difference between knowing and guessing.

NASA's FIRMS (Fire Information for Resource Management System) was designed to track wildfires. Defence analysts discovered it also detects artillery barrages, missile impacts, and explosive ordnance detonations in near-real time. The VIIRS sensor on the Suomi-NPP satellite detects thermal anomalies at 375-metre resolution within hours of any event hot enough to register Source: NASA FIRMS. During the 2022 Kherson offensive, multiple OSINT accounts cross-referenced FIRMS hotspots with satellite imagery to map the artillery preparation sequence before ground forces moved. The technique is now standard.

In April 2026, Bellingcat released a new tool for analysing Sentinel-1 SAR data specifically to detect structural damage and destruction patterns, demonstrated in a case study of damage assessment in Iran and the Gulf Source: Bellingcat — When Satellite Imagery Goes Dark. The tool addresses a fundamental problem: when optical satellite imagery is unavailable — deliberately restricted by providers or blocked by cloud cover — SAR fills the gap. A building that was standing on Tuesday and collapsed on Thursday leaves a measurable radar signature difference.

Google Earth Pro remains the workhorse interface for temporal change detection. Its historical imagery slider, free in the desktop application, lets an analyst scroll through years of satellite photos of a single military installation Source: Google Earth. This is how People's Liberation Army (PLA) tunnel construction in Aksai Chin was tracked before it entered classified reporting cycles. This is how every airbase expansion, every new pier at Hambantota, every graded road approaching a disputed border crossing gets documented before any government acknowledges it.

Matching Pixels to Places

Satellite imagery tells an analyst what changed. Geolocation tells them where the change occurred, down to the square metre.

Bellingcat's ongoing guide series on geolocation methodology — how to match terrain features, shadow angles, road markings, and architectural styles between a video frame and a digital map — has become the de facto training curriculum for new OSINT analysts Source: Bellingcat Resources. The core technique is simple: take a still from a conflict video, identify distinctive features, and find the matching location in Google Earth satellite imagery. The practice is anything but simple. It requires patience, geographic literacy, and familiarity with the visual signatures of different regions.

GeoHints catalogs these regional signatures: what road markings look like in Ukraine versus Syria, what electrical poles are used in Pakistan versus India, what roof materials are common in Myanmar versus the Philippines Source: GeoHints. For an analyst trying to verify whether a video claiming to show an Indian Army convoy near the Line of Actual Control is genuine or a repurposed clip from a different region, GeoHints provides the visual baseline: India uses concrete road dividers painted in specific stripe patterns. Syria does not.

SunCalc adds temporal verification. By computing the sun's position at any given latitude, longitude, and time, an analyst can check whether the shadows in a video frame are consistent with the claimed date and time Source: SunCalc. A video claiming to show a dawn attack but with shadows falling westward (which only happens in the afternoon) is a video that has been misdated, mislocated, or staged.

A 2025 Bellingcat investigation tested whether large language models (LLMs) have finally mastered this process. The conclusion: LLMs can identify landmarks and suggest plausible locations, but the final verification step — matching a specific terrain feature to a specific coordinate — still requires human judgment Source: Bellingcat — Have LLMs Finally Mastered Geolocation. The models accelerate an analyst's workflow. They are not good enough to replace it. That distinction matters for defence applications where an incorrect geolocation could send forces to the wrong grid reference.

The OSINT Stack That Ties It Together

Individual tools produce raw data. A framework makes that data into intelligence.

Michael Bazzell's IntelTechniques maintains a curated directory of free OSINT tools organised by category: social media search, people lookup, imagery analysis, mapping, and VPN/Tor verification Source: IntelTechniques Tools. For defence-focused researchers, the most valuable section is the mapping and geolocation cluster, which aggregates dozens of satellite and terrain-mapping services into a single reference page. Bazzell's Open Source Intelligence Techniques, now in its tenth edition, is the standard textbook for new OSINT practitioners across the defence and law enforcement sectors.

OSINT Combine offers a complementary suite: their Multi-Map tool overlays Google Maps, Bing Maps, Yandex Maps, and OpenStreetMap simultaneously, letting an analyst compare coverage across providers Source: OSINT Combine. This matters because satellite coverage varies by provider and region. Yandex Maps has better resolution for former Soviet states. Google Maps has better coverage for South Asia. Cross-referencing reveals details any single provider might obscure.

The Royal United Services Institute (RUSI), the world's oldest defence think tank, has published extensively on how OSINT is reshaping military intelligence collection. Their research covers the ethical frameworks for OSINT in defence contexts, the challenge of information overload — analysts now process more open-source material in a day than their predecessors saw in a year — and the structural tension between OSINT's transparency and the military's instinct for secrecy Source: RUSI — Open Source Intelligence. RUSI's position is that OSINT is not an optional supplement to classified intelligence. It is now the baseline layer that everything else builds on.

India's OSINT Moment

The Indian defence establishment has been slower than its Western counterparts to institutionalise OSINT, but the capability is being built in practice by researchers outside the formal structure.

Along the Line of Actual Control (LAC), satellite imagery from Sentinel Hub and Google Earth has been used to track PLA tunnel construction, new helipads within striking distance of the border, and the gradual hardening of forward logistics nodes Source: The Hindu — India-China Border. The Galwan Valley clash in 2020 was geolocated and verified by multiple independent OSINT researchers within hours of the first videos appearing — far faster than any official assessment could have been produced. The same methodology has since been applied to monitor infrastructure development on both sides of the border, providing a real-time picture that the Ministry of Defence's own assessment apparatus cannot match for granularity.

India's own force mobilisation is equally visible to anyone running the same tools. Any adversary monitoring Indian defence movements can use open-source satellite imagery with sub-monthly revisit times to track convoy staging, airbase activity, and naval fleet movements. The operational security implications are symmetrical: the same tools that let an Indian researcher monitor a Pakistani military exercise equally let a Pakistani researcher monitor an Indian one.

This is not a problem that can be solved by restricting access to satellite imagery. The constellation of commercial and civilian imaging satellites has grown past the point of effective control. A 2025 Bellingcat conflict monitoring guide demonstrated how to track military movements even when platforms restrict data — using cross-referencing, archival imagery, and alternative satellite sources Source: Bellingcat — A Guide to Monitoring Conflict. The guide was written for conflict monitors, but the techniques translate directly to defence intelligence collection.

The Symmetry Problem

OSINT is the first intelligence discipline where the quality of the analyst matters more than the size of the budget. A Center for Strategic and International Studies (CSIS) researcher with a $0 tool budget and good methodology can produce a more accurate assessment of military movements than a well-funded intelligence agency with poor tradecraft Source: CSIS Analysis. The cost of entry has collapsed so completely that the barrier is no longer access to data — it is the ability to synthesise data into a coherent picture.

The tension this creates for defence establishments is fundamental. On one side: OSINT is free, fast, and verifiable. It accelerates the intelligence cycle, provides redundant confirmation for classified reporting, and holds adversaries accountable for denied operations. On the other side: the same tools strip away the operational secrecy that military forces have relied on for centuries. Every MQ-9B SeaGuardian deployment, every Heron Mark 2 sortie along the LAC, every Archer-NG weapon test — all of it is visible to anyone who cares to look.

The question is not whether the Indian defence establishment should adopt OSINT tools. It already does, informally, through open-source feeds and commercial satellite imagery procurement. The question is whether the establishment is prepared for the reciprocal transparency: everything visible to its analysts is equally visible to its adversaries.

An army that cannot accept that OSINT works both ways has not understood what the last four years of conflict monitoring have demonstrated. The tools are free. The satellite passes are scheduled. The data is public. The only variable is who is looking.

Sources: Sentinel Hub EO Browser, NASA FIRMS, Bellingcat — Satellite Damage Assessment, Google Earth, Bellingcat Resources, GeoHints, SunCalc, Bellingcat — LLM Geolocation, IntelTechniques Tools, OSINT Combine, RUSI — OSINT, The Hindu — India-China Border, Bellingcat — Conflict Monitoring, CSIS Analysis