OSINT

OSINT: Social Stuff

What is OSINT?

multi-method methodology for collecting, analyzing and making decisions about data acessible in publicly available sources

sock puppets

For some investigations it is beneficial to use sock-puppet accounts, a.k.a., fake identities. Those are built over time and have, e.g., a fake social media presence and should never trace back to your real identity or IP address.

Background information:

• https://web.archive.org/web/20210125191016/https://jakecreps.com/2018/11/02/sock-puppets
• https://www.secjuice.com/the-art-of-the-sock-osint-humint/
• https://www.reddit.com/r/OSINT/comments/dp70jr/my_process_for_setting_up_anonymous_sockpuppet/

People OSINT

image and location OSINT

url	what
https://images.google.com/	reverse image searching. drag image into google from file browser
https://yandex.com/
https://tineye.com/
http://exif.regex.info/exif.cgi	viewing EXIF data, look at lng/lat

This can also include physical security:

• streetview: check for areas such as smoke areas
• what are people wearing
• identifying geographical locations (there is geoguessr which is a gamified platform)
  • https://somerandomstuff1.wordpress.com/2019/02/08/geoguessr-the-top-tips-tricks-and-techniques/

people osint

Finding information about people. This might include getting phone numbers, background checks, etc.

Birthdays can be important, e.g., for password-reset questions, you can find them online:

• google search it, maybe with in-text
• search for gratulations on twitter/facebook
• searching for resumees
  • google dorks: filetype:docx, site:google

social media osint

• twitter, facebook, insta, reddit, snapchat, linkedin, tiktok, etc.
• maybe check out some tracelabs
• in general: the newer the network the more insecure they are

Social Account finder: https://whatsmyname.app/#

Businesses OSINT

• start with linkedin but use a burner account
  • use image search to identify people and go back to linkedin
  • site:linkedin.com/in/ "at company name"
  • search through job openings to get more information about used technology

Account OSINT

Users

• https://email-checker.net
• https://tools.verifyemailaddress.io
• https://dehashed.com
• https://centralops.net/co/
• https://dnslytics.com/
• https://pimeyes.com/en reverse picture search
• given a username what can you find out?
  • https://namechk.com/
  • https://whatsmyname.app/
• https://web.archive.org for checking old versions of a website

Or just use automated tools such as theHarvester or h8mail:

$ theHarvester -d tesla.com -b google -l 500 # (for gathering emails)
h8mail -t [email protected] -bc "/opt/breach-parse/BreachCompilation/" -sk # (search for passwords)

Passwords

• google dorking

  • site:tesla.com filetype:pdf password
  • site:tesla.com filetype:docx
  • search for backup files

• dehashed

• try to enumerate over everything you know (passwords, emails, etc)

• hashes.org

• haveibeenpwned.com

• gathering breached credentials

  • github.com/hmaverickadams/breach-parse
  • DeHashed for more searching
  • hashes.org, put it into google

Tooling

• https://github.com/laramies/theHarvester
• https://github.com/khast3x/h8mail
• https://github.com/sherlock-project/sherlock
• https://intelx.io/tools?tab=facebook
• https://github.com/six2dez/reconftw