OSINT stands for Open-source intelligence. It is the process of collecting data from public sources to be used in an intel context.
Google search query:
Result: Search results for you to review 🙂
I won’t go into more detail about what OSINT is or what is used for. Instead, I am going to focus on reviewing a tool that I found on Github to perform OSINT searches.
The tool is called Skiptracer. Find the code here: https://github.com/xillwillx/skiptracer
Further disclosure, I didn’t write this code, use at your own risk. Risk means, if you install it, your computer will self destroy in 3, 2, …, just kidding.
I borrowed the author’s great description of this tool for my blog post. The author describes it as “OSINT framework…on a ramen noodle budget.”
Here is when I am going to lose a lot of readers.
To install this tool you have to type some commands on your command terminal.
…page views just dropped…bounce rate 99%.
If you are still reading. I will assure you that it’s not that hard. It uses Python2.
Here is a good tutorial for installing Python on Windows and Mac: https://realpython.com/installing-python/
It will take you just five minutes to install it. It’s that easy.
Let’s start by cloning the repo.
OK…mmm. Most likely this is a good tool if you know what Github is or you are somehow familiar with Github.
Open your terminal, go to wherever you want to download the repository:
$ git clone https://github.com/xillwillx/skiptracer.git skiptracer $ cd skiptracer
Now you need to set a virtual environment to use Python2.
I lost you, right?
I need to build a sort of container in my computer to install this tool and it won’t affect anything else in my system.
$ virtualenv -p /usr/bin/python env $ source env/bin/activate
Now we have to install the requirements for skiptracer:
$ pip install -r requirements.txt
That’s it. That wasn’t so horrible, right?
Just use this command:
$ python skiptracer.py
Now you will get this awesome menu.
The menu has these lookup options:
- License plate
Let’s start with
Bill Gates email and got this:
On the menu I typed
1 to select
Now I got this menu:
Article Continues Below
The menu has these options:
 All - Run all modules associated to the email module group  LinkedIn - Check if user exposes information through LinkedIn  HaveIBeenPwned - Check email against known compromised networks  Myspace - Check if users account has a registered account  AdvancedBackgroundChecks - Run email through public page of paid access  Reset Target - Reset the Email to new target address  Back - Return to main menu
When trying option
 AdvancedBackgroundChecks, I got these results:
The results show this data:
- Phone numbers
- Email addresses
- Address, street, city
- Previous address
Let’s go back to the previous menu and try a phone number. I googled
spacex los angeles and got the phone number listed on Google Maps.
Back in our Terminal, selecting the
Phone option shows this menu:
The menu has these options:
 All - Run all modules associated to the phone module group  TruePeopleSearch - Run email through public page of paid access  WhoCalld - Reverse phone trace on given number  411 - Reverse phone trace on given number  AdvancedBackgroundChecks - Run number through public page of paid access
After adding the phone number, I selected the option for
 All. It started showing some results:
- Name, age, alias
- Related associates
- Related phone numbers
Back to the main menu. Let’s try Screenname.
What’s Elon Musk’s Twitter handle? On Twitter I typed
Elon Musk and…
The second result says
@BoredElonMusk. It has 1.7M followers. Described as a parody account of Elon Musk.
Back on SkipTracer, I chose the option for
It has these options:
 All - Run all modules associated to the email module group  Knowem - Run screenname through to determin registered sites  NameChk - Run screenname through to determin registered sites  Tinder - Run screenname and grab information if registered
The results from
[+] Acct Exists: https://facebook.com/BoredElonMusk [+] Acct Exists: https://twitter.com/BoredElonMusk [+] Acct Exists: https://www.instagram.com/BoredElonMusk [+] Acct Exists: https://plus.google.com/+BoredElonMusk/posts [+] Acct Exists: https://www.reddit.com/user/BoredElonMusk/ [+] Acct Exists: https://www.pinterest.com/BoredElonMusk/ [+] Acct Exists: https://BoredElonMusk.yelp.com
And about a dozen more links.
OSINT License Plate
I tried a few vanity license plates but couldn’t find results. This requires more experimentation.
I tried these for California:
OSINT is an interesting process to find more data from different sourcers. You just need some basic knowledge of the command line to use this tool.