It has been sometime since I have had time to update my website with new material as my GitHub OSINT tools & resources take up quite a bit of my time. I thought it was time to have a change and write a new blog over the Christmas holidays.
The inspiration for this blog came from presenting at a conference in the summer of 2023 where I introduced the delegates to OSINT.industries. I said at the time that they should make use of it as it would inevitably go behind a pay-wall. Anyone who has been involved with OSINT over the years will have seen this model before, Epieos and Dehashed are two of the most recent ones that spring to mind. I have no issue with this model after all, its takes a lot of time, effort and undoubtedly money to build such resources.
Michael Bazzell is unlikely in the short term at least to release an OSINT 11 edition, there is always the hope that he will reconsider.
What can we do if we cannot afford a subscription to resources such as the aforementioned or your organisation will not allow you to use such paid for services. What if OSINT pioneers like Michael Bazzell take a break. In 2021 when I wrote a blog on investigating emails, I was using Epieos (It was free back then) however the site went down and as a result I decided to install Ghunt & Holehe.
We can build our own, after all, some of the resources used are available to use free of charge. In this blog I am going to take you through how I build my own VM for investigating identifiers, such as email addresses, usernames and telephone numbers.
There are other OSINT VMs that you can create some are free, some you have to pay for, however lets learn new skills my building our own and not being reliant on others. Unfortunately I am no Linux wiz and I will be building the VM the manual way.
I do not like having all my OSINT resources in one VM, as you know I have a VM just for Telegram research. I like to separate the different aspects of my OSINT work and researching identifiers fits nicely into that ethos.
You will need to read my Telegram blogs in relation to creating the Ubuntu base. Don’t worry for those of you who are new to Linux and VMs below are the links you will need for those particular blogs.
It has only been about six months since I wrote my Telegram blogs and I have added extra tools and deleted others. That is the benefit of building and maintaining your own.
One thing that is worthy of a note here, is that I no longer use the, ‘Normal Installation’ I now use the, ‘Minimal installation’. I will also use DuckDuckGo as my default search engine on Firefox and not Yandex.
The reason for using the minimal installation, is regardless of the OS I use, I remove software / bloatware that I will never use. It is easier adding what I need to my VMs then removing all the bloatware.
The link to my Telegram blogs are below, it will be beneficial to read these as it will aid you in following the subsequent instructions. Ensure you give your new VM a suitable name.
I am going to assume at this stage you have read my Telegram blogs or are happy with how to install your Ubuntu base. Lets begin.
You will need to add the GHunt companion app extension to Firefox:-
https://addons.mozilla.org/en-US/firefox/addon/ghunt-companion/
With this being an OSINT VM that works beyond just Telegram I am going to add some extra search engines, which I have listed below, you can never have too many options plus it enables you to obfuscate your searching if necessary. You can add whichever ones you like, you do not need to follow my choices.
Now, when you type in the search bar the below will populate and you can choose which search engine you would like to use.
Next I will bookmark the following sites:-
https://github.com/cqcore/Email-Username-OSINT
https://github.com/cqcore/Data-OSINT
https://github.com/cqcore/Telephone-OSINT
https://whatsmyname.app/
https://haveibeenzuckered.com/
https://haveibeenpwned.com/
https://www.digitalfootprintcheck.com/checks/free-checker.html
https://search.0t.rocks/
https://inteltechniques.com/tools/
https://intelx.io/
Lets talk about a couple of the bookmarks in more detail. Most of them you will have heard of, however I also use a site called Digital Footprint Check, which works on both usernames and email addresses. It is a paid for service but it also allows 3 free searches a day. Search 0t Rocks is a free Data OSINT site, use it responsibly as the owner has previously closed the site down because of misuse.
I will now install the following GitHub tools:-
https://github.com/sherlock-project/sherlock
https://github.com/soxoj/maigret/
https://github.com/mxrch/GHunt
https://github.com/megadose/holehe
I will walk you through how to install the above Github tools and then I will run through each and see what we can find out about a particular email or username.
Always remember to do, ‘sudo apt update’ and ‘sudo apt upgrade’ before installing any new software.
By now you should have configured you Firefox browser.
You will need a password manager to store any credentials you create for accounts and in any case for your sock puppet GMail account that you will need for GHunt. I do not recommend you store any passwords in your browser, always use a reputable password manager. I like to use Keepassxc as it stores the passwords locally and not in the cloud, which removes one vulnerability.
Lets download Keepassxc.
In terminal use the following cmd:-
sudo snap install keepassxc
Lets look to install Chrome, as this is an OSINT VM I will use Chrome due to the extra OSINT extensions that are available when compared to Firefox, also if I am using Google as one of my main OSINT search engines, due to the advanced search operators, then I do not see an issue with using Chrome.
Navigate to:-
https://www.google.com/chrome/index.html
The way to Install Chrome once it is downloaded is to right click on the zip and select, ‘Open with Other Application’ and select, “Software Install.’
Give the Software install time to kick in and then select, ‘Install.’
Then navigate to, ‘Show Applications” and add Chrome to your favourites.
You can now delete the zip file that you downloaded.
We need to check that we have python3 installed and the version.
We also need to install Pip.
You will need to install Git next.
Next lets create some folders on our desktop for Sherlock, Maigret, Holehe, GHunt and WhatsMyName. That way we can use them to store our OSINT collections for each tool we use, you can also save instruction on how to use each tool.
The tools & resources I am going to use will follow the below order:-
Usernames
Emails
Phone Numbers
Sherlock
I will start with Sherlock, it seems like it has been around for a long time, it was one of the first username tools I used from Github many years ago. It is straight forward to install and use.
Complete the following steps using Git: –
git clone https://github.com/sherlock-project/sherlock.git
cd sherlock
$ python3 -m pip install -r requirements.txt
Lets run a scan on my username cqcore
python3 sherlock cqcore
You will find the results in the Sherlock Folder in your Home Folder.