osint.md

OSINT

Tools

Twint for Twitter

• An advanced Twitter scraping & OSINT tool written in Python
• Requires no Twitter APIs and no twitter login
• Scrape a user's followers, following, Tweets and more while evading most API limitations.

Command-Line Options

-u <twitter-handle>
–limit 20
-s "<string-search>"
-o <file>.json -json
–min-likes 100
–since 2021-04-28
–year 2016
–images
–near <location>
–g="<latitude>,<longitude>,<radius-in-km>"

Python Scripting

import twint
from datetime import datetime

# Example 1

search = input("Search: ")
city = input("Location: ")

c = twint.Config()
c.Search = search
c.Near = city
c.Limit = 20
c.Popular_tweets = True

twint.run.Search(c)

# Example 2

today = datetime.now().strftime('%Y-%m-%d')

c = twint.Config()
c.To = "<handle>"
c.Since = today
c.Hide_output = True
c.Store_object = True

twint.run.Search(c)

tweets = twint.output.tweets_list

mypeople = []

for tweet in tweets:
    mypeople.append(('{}'.format(tweet.username)))

print(mypeople)

for user in mypeople:
    c = twint.Config()
    c.Username = user
    c.Limit = 20
    twint.run.Search(c)

• For More

Osintgram for Instagram

• Dummy account is needed
• Create config directory with username.conf, pw.conf and settings.json
  • With their contents as "username", "password" and "{}"
• For More

PhoneInfoga for Phone Numbers

• Get Google Search Dork Requests
  • General footprints
  • Social network footprints
  • Individual footprints
  • Reputation footprints
  • Temporary number providers footprints
• OVH telecom scan

Command-Line

$ phoneinfoga scan -n <phone-number>
$ docker run -it sundowndev/phoneinfoga scan -n <phone-number>

Web UI

$ phoneinfoga serve -p 8080
$ docker run -it -p 8080:8080 sundowndev/phoneinfoga serve -p 8080

• For More

Sherlock

• Hunt down social media accounts by username across social networks

$ python3 sherlock --timeout 1 <username>

• For More

Google for Passive Recon (Fingerprinting)

• Search Operators

  > site:<domain>
  > inurl:admin
  > intext:admin
  > intitle:login
  > filetype:pdf
  

• Google Hacking Database from exploit-db

  • Get webcam feeds : intitle:"webcamxp 5" or intitle:"WEBCAM 7 " -inurl:/admin.html
  • Finding some DB passwords : filetype:env "DB_PASSWORD"
  • Auth Info : "authentication failure; logname=" filetype:log
  • Registry : filetype:reg ref HKEY_CURRENT_USER username
  • Nessus Reports : intitle:"Nessus Scan Report" "This file was generated by Nessus"
  • Terminal Services / Remote Desktop : allinurl:tsweb/default.htm
  • Profiling : site:linkedin.com intitle:starbucks "network engineer"

theHarvester

• A CLI Search Engine

$ theHarvester -d <domain> -b google
$ theHarvester -d <domain> -b netcraft

Emails / Usernames / Accounts

Discovering Emails

• Hunter.io
• Phonebook.cz
• VoilaNorbert
• Clearbit Connect

Verifing Emails

• Email Hippo
• Email Checker
• EPIEOS

Usernames and Accounts

• Namech_k
• WhatsMyName
• NameCheckup

References

YouTube

• Hacker Skills // OSINT (Information Gathering) 7 Videos
• Discovering Email Addresses (OSINT)
• Hunting Usernames and Accounts (OSINT)