What is OSINT?

With technology rapidly advancing, the internet has become accessible worldwide. Nowadays, almost all individuals, businesses (large or small), organisations, entertainment, etc., are on the internet in some form or another.

The internet has become one large database with lots of information, and this information can be accessed by anyone. The act of scraping/collecting this information about an individual or organisation legally is called Open Source Intelligence (OSINT).

When we do something on the internet, we leave a series of digital footprints behind, which can be traced back to us. But privacy issues are often the last thing on normal users' minds when browsing the internet. This article will help you perform an OSINT on yourself and see if something that isn't supposed to be public can be found.

Emails and Passwords

Emails are one of the essentials required to use the service on the internet. We often need emails to sign up for the service we want to use. It might be social media, a video streaming platform, note-taking software, product management, etc.

So it's very important to check if your emails have been compromised. You can use the following resources to check whether your email, password, and other information have ever been compromised.

HaveIbeenpwned & Dehashed

To minimise the effect of credential leakage, avoid using the same passwords for multiple sites and services. Use 2FA and password manager to generate a long and strong password that you won't have to remember.

We are well aware that most services also sell the user's data to third-party services. A small trick to know which service was the one that sold your data is to use the feature of Gmail, which many are not aware of.  You can create an alias for your email ID. For example, if my email is example@gmail.com, I can create an alias like example+@gmail.com or e.x.a.m.p.l.e@gmail.com. Now, using this feature, when you signup for any service, use example+service-name@gmail.com so that when you receive spam from a third-party service, you know which service sold your data to them.

Username & Phone Numbers

We often use an alias while we are on the internet. Since most people use the same alias when signing up for everything, often time alias can be used to find out the person behind it. You might have set your information private on one platform while forgetting to set it private on another platform. Use the following sites to check where you have used the same alias to sign up. You might even find an account that you discarded long ago.

knowem | whatsmyname | peekyou

You can use Google to find additional information using your username.

Search for documents with your username that you may have leaked accidentally.

Searching for leaked documents using google dork

If you have your alias in your email, then others can find your email or your websites with:

Using Google Dorks to search for websites and email

Check if any information which contains your username has been dumped on Pastebin.

Using Google Dorks to check dumped data on Pastebin

You can do the same for your phone numbers as well. To check whether your phone number is exposed to the public, you can use the following Google dorks.

intext:"9779841XXXXXX" OR intext:"+9779841XXXXXX" OR intext:"9841XXXXXX" OR intext:"984-1XXXXXX"

(ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:sxw OR ext:psw OR ext:ppt OR ext:pptx OR ext:pps OR ext:csv OR ext:txt OR ext:xls) intext:"9779841XXXXXX" OR intext:"+9779841XXXXXX" OR intext:"9841XXXXXX"

Is your info on your social networks set to private, or is it available for anyone?

site:facebook.com intext:"9779841XXXXXX" OR intext:"+9779841XXXXXX" OR intext:"9841XXXXXX"

site:twitter.com intext:"9779841XXXXXX" OR intext:"+9779841XXXXXX" OR intext:"9841XXXXXX"

site:linkedin.com intext:"9779841XXXXXX" OR intext:"+9779841XXXXXX" OR intext:"9841XXXXXX"

site:instagram.com intext:"9779841XXXXXX" OR intext:"+9779841XXXXXX" OR intext:"9841XXXXXX"

Is your phone number dumped in Pastebin?

site:pastebin.com intext:"9779841XXXXXX" OR intext:"+9779841XXXXXX" OR intext:"9841XXXXXX"

Social Media

The use of social media has been on a constant rise. Now, almost 2 thirds of the world population have signed up for an account on one or two platforms. Social media is often a gold mine of data to gather information about individuals or organisations. Some of the ways to check if you have something that shouldn't be on social are given below:

Facebook

IntelligenceX

SowSearch

💡
Facebook often changes things around to make it hard for anyone looking for ways to gather data on its users. So these tools may or may not work.

Twitter

Accountanalysis (Requires Login)

Make sure to delete your account after you are done using this service.

foller.me

Reddit

Redit-User-Analyser

RedditCommentSearch

Images often contain a lot of information. You can use the image to identify where an image was taken, find similar images, and use your photo to check which sites are using your images.

Yandex | Google | Bing | Yahoo

This article only covers a small portion of what you can find on the internet using OSINT. There are thousands of tools that can be used to get freely available information on the internet. If you want to learn more about it, Osintframework is a great place to start.