We review and practice popular OSITN tools
Introduction
I am glad to welcome readers again to my favorite column “SHH”, which is short for “Sherlock Holmes” and, of course, a series of such articles directly relates to OSINT. Today we will try some tools in practice and try to find out more about a person based on his nickname. I'll take one of my names “VI…….TE” as my target.
Disclaimer: All data provided in this article is taken from open sources, does not call for action and is only data for information and study of the mechanisms of the technologies used.
Start nickname
Well, since our input data is only a nickname, I propose to run it through two good tools for this matter.
Maigret
Maigret is an innovative tool specially designed to analyze data from various social platforms. It provides ample opportunities for collecting information, analyzing user activity, searching for connections and other functions. This tool has flexible settings for collecting and analyzing data, allowing you to select social networks and save the results to files. Maigret supports more than 3000 sites for searching by nickname.
An excellent tool for searching by nickname, it is installed as simply as possible and just as easy to use.
pip3 install maigret
maigret usernameВыбираем пункт 1 и далее у нас спросят хотим ли мы использовать прокси, я прокси не использую и откажусь, далее выберу первый метод поиска. Так же после поиска инструмент поинтересуется хотим ли мы пройтись по доркам, передать кому-то отчёт о поиске и хотим ли мы зашифровать наш отчёт.
git clone https://github.com/soxoj/maigret && cd maigret
pip3 install -r requirements.txt
./maigret.py username
It’s already good, we found an account on a social network and some common services such as pinterest.
Mr.Holmes
Mr.Holmes is a project aimed at collecting open source information about social networks, phone numbers, domains and IP addresses using Google Dorks.
The next tool names itself in honor of the well-known detective, and I can say that the tool is worthy of attention, plus it can be installed on both Linux and Termux with Windows. We will of course consider the option with Linux.
git clone https://github.com/Lucksi/Mr.Holmes
cd Mr.Holmes
sudo apt-get update
sudo chmod +x install.sh
sudo bash install.sh
python Mr.Holmes.py
We select point 1 and then we will be asked if we want to use a proxy, I don’t use a proxy and will refuse, then I will select the first search method. Also, after the search, the tool will ask whether we want to go through the doors, give someone a search report, and whether we want to encrypt our report.
The tool has a very good feature with maintaining a local database. Let's just use our database and select item 5.
As we can see, the server with the database started on port 5001, when we go to this address, a login form to the database control panel will pop up, according to the Admin Qwerty123 standard.
Select search by Username and enter the alias you used to search.
Also, as a result of the investigation, you can obtain user avatars and compare them with other services. You can also use the PEOPLE-OSINT item number 10.
We also have detailed search logs here.
Mail selection
From the nickname you can use some manipulations to extract the name of the mailbox, from which you can then continue to extract information.
One of the most convenient methods for me to select mail is through a special Excel table. Open it using this link, save in Yandex Disk and view and edit right there. Well, as you can see, you can also check your nickname through this table.
First of all, I check the validity of Gmail, because most people use it. You can check the validity of your email at Mr.Holmes. To do this, select item number 8.
As you can see, the mail is quite valid, which means we can go further and look at what services and sites the mail is registered on.
Holehe
Holehe is a powerful tool for detecting registered email accounts. Holehe checks for email links to accounts on various platforms, including twitter, instagram, imgur and over 120 other sites.
Our tool is installed and used in a very simple way.
pip install holehe
holehe email
As you can see, the services coincide with those that we found earlier when searching by nickname, which means we are on the right track. In the same way, you can scan mail through another equally useful tool.
Ghunt
Ghunt is a powerful and versatile OSINT tool designed to collect information about users based on their gmail addresses. It provides access to the owner's name, IDs, active Google services such as YouTube, Photos, Maps and others. You can also get information about possible locations, Google Docs, scheduled calendar appointments, and more.
Installation and use are very simple.
pip3 install pipx
pipx ensurepath
pipx install ghunt
ghunt loginNext, go to your Google account, which you don’t mind, and using special plugin Log in to our tool. And then we search by email of interest to us.
ghunt email почта
As you can see, we weren’t able to find out much information this time, but nevertheless we found out what services there are and its identifier.
H8mail
H8Mail is a tool that scans the specified mailbox in its databases and provides a set of possible passwords. It can be used to gain access not only to email, but also to all other accounts if the user reuses the same passwords.
For me, this is a very good tool for checking with the databases of various shareware services to search for leaked email passwords.
Our installation is as easy as possible:
pip3 install requests
pip3 install h8mailNext, we generate a configuration file to collect the necessary APIs.
h8mail -g
Then go to the file and enter the available tokens.
And after that we launch the tool with the following options.
h8mail -t mail -c h8mail_config.ini
As we can see, the script works perfectly.
Conclusion
Today I gave you a more practical example of using OSINT tools and showed you how you can effectively conduct a search almost without leaving the terminal!
