Last updated on October 4, 2020
Searching for information in public sources and making intelligence with this information is something very useful for a hacker. Sometimes you don’t need to break into any system to get the information you need. You just need to know where to look.
Some time ago I published a post in which I explained how to do hacking with google dorks. I recommend you to take a look at it. Using search engines to find data is very effective, but there are tools that make the job much easier. In this post I will show you the different tools I have been trying and collecting over time.
Shodan is a search engine for finding specific services such as webcams, SCADA systems, linksys… The possibilities with this search engine are almost infinite. To search for cameras, the best thing to do is to use its Beta version. You have much more information about this search engine in the post I dedicated to it a few weeks ago.
Maltego is a data mining program that allows results to be displayed in the form of graphs that are linked to each other.
Maltego makes it possible to link and integrate people, social networks, companies, organizations, websites, documents… It is one of the best and most intuitive intelligence tools.
Soon I will make a post explaining how this program is used and analyzing my website with it.
However, some websites or social networks have blacklists that prevent the registration of this type of temporary emails. Therefore, another option is to create a gmail email, and use the + symbol in the name of the email. For example, if you create the email firstname.lastname@example.org, you can create hundreds of Instagram accounts by adding at the end of the name the sum symbol and a number: email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org…
And all those accounts redirect the emails to email@example.com, since they are actually the same.
Other temporary emails:
It is possible to impersonate another person in the recipient of an email using the web https://emkei.cz/
The sender will receive the message as if it had been sent by email to DonaldTrump@gmail.com. Depending on the impersonated email and the server to which it is sent (gmail, hotmail, yahoo, etc.) the mail will be marked as spam or not. In this case, we can see how the sender receives the email without any notice, except for a question mark in the image.
These three search engines allow you to upload an image and search for web pages that contain it. In addition, you can find plugins for the three engines for Firefox and Google Chrome that make it easy to upload images.
To get information about a certain phone number, you can add that number to your address book and search for contacts on the main social networks: instagram, whatsapp, telegram, twitter…
If the owner of that number has linked it to one of their social networks, which is common, you can get information such as name, nick, profile pictures, likes… And then you can use this information to expand your search.
All social networks and platforms use nicknames or usernames that people often repeat. If you have the username or nickname that your target uses in the networks, besides searching it in google you can use pages like checkusernames.com or namechk.com.
These pages allow you to search if that user exists in a large number of websites and social networks.
Peer-to-Peer Networks and Anonymity
P2P networks use a distributed network architecture based on nodes, in which each user is a node with equal privileges with respect to the rest. This allows for some privacy with respect to client-server based systems.
Below are the most well-known P2P networks, as well as anonymity networks such as TOR:
Bell¿ngcat is an independent international network of detectives, investigators and journalists specialised in open source research and social media. They have a google document in which you can find the repertoire of tools they use in their investigations:
Finally, I recommend you to read the pdf of the Spanish National Intelligence Center that shows the techniques they use to analyze intrusions and collect information (only in Spanish):
You can also find all kinds of OSINT tools divided into categories on this website: