(First Published on Medium February 2020)

My journey into the world of OSINT is now just over one year old. OSINT is not the main area of my work, I don’t get to learn or practice anywhere near as much as I would like but it is certainly the work I enjoy the most.

Following on from my previous Blogs in relation to leveraging messaging apps for OSINT I thought I would share how I conducted the research.

I’m still working on the project which I hope will help me increase my research potential in relation to mobile (cell) phone numbers and email addresses. Most of what I will write about can be done using free resources. It isn’t overly technically and it’s something I thought I would share for those like me who are still learning. There are many tutorials also available to assist with how to leverage the apps I am going to talk about.

The problem was how can I research mobile numbers and email addresses without relying upon the use of sites that require payment. Everything that happened in the summer of 2019 appears to have focused people’s attentions on creating their own OSINT tools. So what could I do with the platforms that people use everyday?

My first consideration as always is operational security. I won’t write about that as this would then become a lengthy article. Needless to say @dutch_osintguy has this covered for us with some great articles.

Next up is a sock puppet, @technisette and @jakecreps have some very good articles. My sock would only be used on this setup.

One part of my operational security was the use of a Virtual Machine to host what was going to be my OSINT set-up. There are free flavours from both VMware & Virtual Box. My VM was going to be completely separate from any other OSINT VMs I have created and I was going to use a clean install of Windows 10. Next up was precuring myself an old Android phone. Family and friends are always upgrading phones so it wasn’t to hard getting my hands on one for free.

The phone was then factory reset and would only be used alongside my new VM. Setting the Android up is solely for the purposes of leveraging social media apps and messenger apps. You can use Wi-Fi (with VPN) to download the apps but you will need a SIM for verification purposes. In the UK a SIM will set you back £1 pound but you can pick them up for as little as a penny.

Needless to say this is an on-going project which can be expanded upon however the apps I started off with were, the usual suspects you may say but I did expanded it to include less well known apps.

Next up was replicating this on my VM, so downloading the desktop applications.

Desktop Clients

You will see on the left hand side the desktop applications available for the messengering apps from my previous blog. In the Bookmarks you will see which website applications are in use.

This way I can link these apps to my Android phone and enjoy the desktop experience. Then you can use the websites for the other social media sites. I also find that this is an easier setup for functionality, flexibility, recording and evidencing what I do.

You may have wondered why Android, (People don’t seem to mind giving you old ones, which is a starter), you can use an I-Phone which I have done too however the next part of the set up is not Apple friendly, the use of Vysor. Vysor is a clever little application that enables you to control your smartphone from your computer as if it were just another window via a Chrome extension or desktop app. There is a free version of Vysor too, bonus! The paid version is better though, which you would expect. You could in fact not use Vysor at all and rely on the desktop environment you have created or you could just use Vysor full stop.

If you don’t like the idea of Android then cool go with an Apple I-Phone without using Vysor. You can still mirror I-Phones on to your desktop you just can’t control them using your mouse and keyboard like you can with Vysor. The above set up takes a little longer to setup than an emulator but I find it is easier and seamless to work with.The benefits are numerous including the ability to seamlessly copy a profile picture and reverse image search it.

Now before I go any further I think it is important that we understand the risks of using any app to do our research. Truecaller for example will suck up your contacts as that is what their business is. So you have to be very careful and decide on a case by case basis whether you want your subject’s mobile number / email being harvested by all these companies. Privacy polices are boring but an essential read.

Disclaimer everything we do, the results are dependent upon our subject’s own Opsec and Privacy settings.

On WhatsApp our luck is in and our subject has not bothered about their privacy. We have a nice profile picture that we can do reverses image search on and see where else on the web they appear. The bonus of having the desktop application is you can access the full profile picture and save it straight to your VM. Last seen is another nice touch, if you are keeping tabs on them you can watch when they are using WhatsApp there are also apps that will monitor the account for you. Even if, Last Seen, is disabled you can still see when your subject is on-line. This could help you work out their patterns and determine where in the world they may be and the times they operate on-line.You may get really lucky if someone has updated their status and maybe provided an alternative means of contact because they are off-line. Don’t forget to check their About Me either.

I have also used an Android emulator inspired by @aware-online and their excellent tutorial on how to geolocate groups on Telegram.

Needless to say this is not for nefarious purposes and it should also be used to understand the information you are giving away, from a privacy & OPSEC perspective.