Open in app

Sign in

Write

Sign in

Week in OSINT #2019–11

This time a collection of mostly tools and sites

Sector035
Week in OSINT
5 min readMar 18, 2019

--

This week I’ve made a collection of mostly tools and sites that might come in handy during any kind of investigation. It’s a long list about DNS entries, phone numbers, emails and social media. So there’s a little bit in here for everyone. Let’s have a look at the overview of this week:

  • The Harvester
  • DNS Enumeration
  • Phone Number Information
  • OSINT Combine
  • Write Facebook Graphs
  • More Fake Pics
  • Phone Numbers
  • Reverse Image Searches
  • Hidden Friends Finder

Tool: The Harvester

This tool has been used by pentesters all over the world for quote some time already. It is a very handy tool for recon on companies and gathers email addresses, domain names and IP addresses. This project was pretty static since May 2015 but end of last year it was getting some updates and version 3.0 is now released. So it is finally time to update this tool if you’ve been using it!

Link: https://github.com/laramies/theHarvester

Tool: DNS Enumeration

The Amass tool by OWASP is a new tool that can be used to enumerate DNS entries. The list of sites it checks to find domain names is impressive! Whether it’s a reverse DNS sweep in an IP block, scraping multiple search engines, going over archive sites or by using other web tools via an API, it can all be done. Very nice new tool by the OWASP project!

OWASP: https://github.com/OWASP/Amass

Tool: Phone Number Information

PhoneInfoga is maybe the only tool out there that is aimed at phone numbers. In the blog Raphaël wrote about his tool he lists a long list of resources that are being checked when supplying the tool with a phone number. A very impressive tool that absolutely deserves to be checked!

GitHub: https://github.com/sundowndev/PhoneInfoga

Blog: https://medium.com/@SundownDEV/phone-number-scanning-osint-recon-tool-6ad8f0cac27b

Site: OSINT Combine

The last few weeks multiple people have been talking about all the changes in the Facebook graph engine. If you do want to know a little bit more about that, also read the next segment right after this. But first we look at a brand new web tool, called the ‘Facebook Intersect Search Tool’. A simple little search tool that gives you the option to combine two pieces of information to parse to Facebook. Just find the ‘intersect’ between the two items, click the search button, fill in the information you have and accept the popup from the Facebook site in question.

Link: https://www.osintcombine.com/facebook-intersect-search-tool

Tutorial: Write Facebook Graphs

Paul Myers is constantly looking for more information when it comes to Facebook graph searches. And this time he found a ‘Wikihow’ article with information on how to write them by hand. And absolute must read if you want to know exactly how it works!

And besides that I will also mention the official Facebook API page, where you cannot only read about the different endpoints, but also have a look at the changelog. In there you can also find information about the availability of certain versions, breaking changes and a complete reference of the currently active Graph API.

Link: https://www.wikihow.com/Write-Facebook-Graph-Search-Queries

Link: https://developers.facebook.com/docs/graph-api/overview

Site: More Fake Pics

The OSINT community went wild some time ago when ‘This face does not exist’ was published. But, do you maybe need more faces? Do you maybe even need some similar faces to use for a profile? Look no more! Because FifthFuture shared a new site on Twitter the other day.

The only issues? Well… First of all, these have been generated already. So let’s agree upon who uses which face, shall we? And the second thing is that the site accepts being indexed by Google and Yandex the first batch of faces are already out there and thus useless… So do you only need a face for a short amount of time? Go grab one! Do you need one for a semi-permanent sock? Better stay away from this site!

Great site, but it’s a petty it’s being indexed

Site: https://fakeface.co/

Links: Phone Numbers

I am not even going to write a lot about this list. Why not? Because the tweet says it all! It simply is a nice list with telephone resources from all over the world. So if you’ve used PhoneInfoga and still need some more sites, here you go!

Tweet: https://twitter.com/vanshitmalhotra/status/1104645030491242496

Site: Reverse Image Search

Karma Decay is another reverse image tool, specifically for images within Reddit. A nice little tool with maybe a limited range but extremely useful! Thanks for OSINT Techniques for sharing this one last weekend.

Link: http://karmadecay.com

Tool: Hidden Friends Finder

This is a new tool by the person who gave us the tool geolocatethis.site and this time we can search for friends on Facebook. I only played with an older version and haven’t had the time yet to look at the current release, so I’m unable to tell you anything about it. What I can tell you, is that this tool is able to get information on Facebook friends, even if they are hidden for you. No need to manually visit multiple profiles to use an intersect to find the information, this tool will automate all that manual labour for you.

GitHub: https://github.com/musafir-py/Hidden-Friends-Finder

Have a good week and have a good search!

Osint
Open Source Intelligence
Verification

--

--

Sector035
Week in OSINT

Written by Sector035

1.8K Followers

Just a shadowy nerd… Busy with InfoSec, geolocation and OSINT (archived articles only, Week in OSINT can be found on https://sector035.nl)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams