Ready to Start Your Career?

OSINT Investigations

ex0xpl0it 's profile image

By: ex0xpl0it

December 8, 2016

responsibilityI am sure many people that use OSINT are aware of these tools and links; however, information, and acquiring that information from all sources, is relevant and should never be overlooked. Hopefully, this will come in handy for OSINT investigations.I have listed some resources that are known within the hacker community in acquiring information on many entities, this includes all aspects of people and companies from email searches, username searches, phrases, phone numbers and even pictures.Many of the resources are free however some do charge an access fee for a more thorough search. I am unable to suggest which of these services are worth the money as I have never paid for a resource as the information is out there somewhere and just needs to be found
  1. Understanding who owns a domain is very easy online, however sometimes a domain is protected by cloud flare, this can stop and investigation in its tracks very quickly. Without waiting time for policy and emails from a web hoster one is able to sometimes be able to get around Cloudflare and get the correct IP address with some handy online tools. These are: and
  2. One of the BEST Free DNS lookup tools on the internet: The NSA uses this. noteworthy DNS tool to use is besides this the only one that comes to mind that will probably already be in your arsenal is
  3. Social networks can be used to find family relations however moose roots can be found to do the same thing without letting on that someone has looked at your profile. They are also good to find password reset questions. and This one is good to be able to find sub-sites. http://www.mooseroots.comAnother good site to mention is this is great for background checks and a good resource to find a person’s location if one has a vague idea of where someone lives.
  4. While this site links off to other sites (some requiring money) it does give some good information. This is has gone downhill of late and is not as good as it once was, still worth mentioning though
  5. Search for emails, names, usernames here: Not as many of results returned as other sites. Though, in saying that, there are not as many links to commercial sites either.
  6. One of my personal favorites! Not meant for profiling but works well for the task. Able to find a specific username on many sites. From there you are able to look at the profile that has taken the username. Saves time in checking out accounts on each site.
  7. This one is similar to the above website but claims to check over 500 sites instead. Probably a good paid site this is beyond my financial capacity I have never used it but I understand from others that it is very useful.
  8. This was once a Spock “Single Point of Contact by Keyword). This has changed over the years and isn’t as good anymore. It changed when it was bought out by a company named Intelius. You are able to search; name, phone, email and screen name. Unfortunately only for US data and is now commercial.
  9. Able to search name, email, username and phone. Results can be noisy not to mention the links to paid sites. Can be a nice starting point to lead to other areas.
  10. This one is very similar to the above website good for footprinting: links that are given are for some paid and some not. I am unable to evaluate any of the commercial sites as I find it more of a challenge to find the information without paying.
  11. This one can be a bit of a tart or information tease. It gives some good results but most are for commercial sites. It is a good starting point to lead to other quires.
  12. Search people by name or keyword. You’re able to use this as a username search as well I have found.
  13. Good to find where someone works. Much of the information is from LinkedIn or
  14. A picture finding website, this is good in finding duplicate pictures of a profile account to see it’s been stolen from another account or to be able to link the picture to other websites.
  15. Sometimes people upload documents or pictures but remove them. This site might help to find deleted info.
  16. This is the hacker search engine without going onto the deep web this is available for the surface users:
  17. Great site for a multitude of reasons. Online networking tools including a port forward tester phone number geolocator reverse email look-up and more.
  18. Add-ons for Firefox can be very valuable. One, in particular, that I would name is Passive Recon:
  19. Another favorite of mine is go check it out! Many tools are available.
  20. Number one in my books Maltego:
  21. A paid version of the above is
  22. This one is pretty good too, should be in any OSINT investigators tool list:
  23. Linux tools: Metagoofil is great OSINT information gathering tools. Able to extract metadata from a target. Able to extract MAC address. This gives an attacker an idea of the hardware used in the network. Can be used to guess the type of OS running and the network names. It is also good at extracting network path information which can be used to map the network. Brute force is an available function with this tool.
  24. Google hacking database. OSINT is not complete without some google hacking. This helps in understanding Dorks and search quires while helping find information on google.
  25. FOCA is also a good network infrastructure mapping tool and can be used for OSINT.
  26. Social Engineer Toolkit. Tool for as you can see…social engineering. Includes spear phishing and web attack vectors. Can work with Metasploit:
  27. This tool allows us to gather the geolocation that is related to information about users from social networking platforms.
  28. This automates recon from, Linkedin, Jigsaw, Shodan and others. Good Linux tool
*Others would argue that GREP, the Linux command, is better than all of these combined! I; however, wouldn’t go that far. It is very useful, though.All the tools mentioned should get you off to a good start. Bookmark the sites! Trust me they will come in handy in some way or another. Please be good with this information. With great knowledge comes great responsibility! (Insert other cheesy movie quotes about responsibility) :pA good hacker and researcher understand the following: Don’t be lame and use them for malicious activities. Or I WILL find you and make an example out of you!Ok maybe over the top a little, but be responsible and don’t use it to DOX!
Schedule Demo