Open-source Intelligence, or OSINT, consists of using publicly available information to collect data on subject. Used primarily by investigators, law-enforcement, and penetration testers, this information could include anything from public records to social media data. Several freely available tools exist to collect open-source information in Python, and I will present a few of the most popular.
Social Mapper uses facial recognition to search for social media accounts related to either an individual or company. As an input, the program needs a CSV file with
persons name in one column, and
path to picture in another. Social Mapper will then search the top results for the persons name on various popular social media sites, then use facial recognition to compare the profile photo to the provided photo, drastically reducing the amount of false positives that would need to be dealt with in a large scale collection.
Skiptracer is a python based CLI that uses web scraping to gather information on a given target. For example, if you have a username you want to search for this tools will return all of the sites with that provided username. You can also search for information based on someones phone number, name, domain, or email. One interesting feature of this tool is that it also allows you to run license plates to get information such as VIN number, vehicle age, and year/make model of the vehicle.
Want to try to figure out who keeps calling you to update your cars warranty? Phoneinfoga is a tool that parses phone numbers and attempts to extract meaning from those numbers. It can tell you if a number is valid, if it’s a mobile/landline, the phone carrier linked to the number, the country of origin, and will also scan 411.com against the number for additional information.
This was a very short peak into the vast amount of tools available to collect open source information on subjects. Obviously, these tools should be used responsibly but if you’re interested in penetration testing this is a good jumping off point. If you found these tools interesting then you should definitely check out this youtube channel where they go through how to use various white-hat hacking and penetration testing tools. Try putting your own information into the tools listed above and see what they come back with!
Happy Coding :)