Reviewing and Practicing popular OSINT Tools.

[Fixxx]

Today we'll practically try out some tools and attempt to learn more about a person based on nickname.
Since the only input we have is a nickname, I suggest we run it through two good tools for this purpose.


Maigret​

Maigret is an innovative tool specifically designed for analyzing data from various social platforms. It provides extensive capabilities for gathering information, analyzing user activity, finding connections and other functions. This tool has flexible settings for data collection and analysis, allowing you to choose social networks and save results to files. Maigret supports over 3000 sites for searching by nickname. An excellent tool for nickname searching, it installs very easily and is just as easy to use.

pip3 install maigret
maigret username

Or:

git clone https://github.com/soxoj/maigret && cd maigret
pip3 install -r requirements.txt
./maigret.py username

Already not bad, we found an account on a social network and some popular services like Pinterest.

Mr.Holmes​

Mr.Holmes is a project aimed at gathering information from open sources about social networks, phone numbers, domains and IP addresses using Google Dorks. The next tool is named after the well-known detective and I can say that it's worth attention. It can be installed on both Linux and Termux on Windows. We will, of course, consider the Linux option.

git clone https://github.com/Lucksi/Mr.Holmes
cd Mr.Holmes
sudo apt-get update
sudo chmod +x install.sh
sudo bash install.sh
python Mr.Holmes.py

Choose option 1 and then it will ask if we want to use a proxy; I don't use a proxy and will decline. Next, I will choose the first search method. After the search, the tool will also ask if we want to go through the dorks, send a report of the search to someone and if we want to encrypt our report.



The tool has a very nice feature of maintaining a local database. Let's take advantage of our database and select option 5.



As we can see, the database server has started on port 5001. When we go to this address, a login form for the database management panel will pop up, with the default being Admin Qwerty123.



We select the search by Username and enter the nickname we used for the search.



As a result of the investigation, we can also obtain the user's avatars and compare them with other services. We can also use the PEOPLE-OSINT option under number 10.



Here we also have detailed logs of the search.

Holehe​

Holehe is a powerful tool for discovering registered accounts by email. Holehe checks for the presence of email binding to accounts on various platforms, including Twitter, Instagram, Imgur and over 120 other sites. This tool is installed and used in a very simple way.

pip install holehe
holehe email

As we can see, the services match those we found earlier when searching by nickname, so we are on the right track.

 

[Fixxx]

Ghunt​

Ghunt is a powerful and versatile OSINT tool designed to gather information about users based on their Gmail addresses. It provides access to the owner's name, identifiers, active Google services such as YouTube, Photos, Maps and more. You can also obtain information about possible locations, Google documents, scheduled meetings in the calendar and much more. Installation and usage are very simple.

pip3 install pipx
pipx ensurepath
pipx install ghunt
ghunt login

Next, we log into a Google account using and authorize our tool with a special plugin. After that, we perform a search by the email of interest.

ghunt email email

As we can see, we didn't manage to learn much information this time, but we did find out which services are available and its identifier.

H8mail​

H8Mail is a tool that scans the specified email in its databases and provides a set of possible passwords. With it, you can gain access to not only the email but also to all other accounts if the user reuses the same passwords. For me, this is a very good tool for checking against databases of various conditionally free services for finding leaked email passwords. The installation is very easy:

pip3 install requests
pip3 install h8mail

Next, we generate a configuration file to collect the necessary APIs.

h8mail -g

After that, we open the file and enter the available tokens.



Then we can run the tool with the following options:

h8mail -t mail -c h8mail_config.ini

As we can see, the script works great.

Conclusion​

I shared a more practical example of using OSINT tools and showed how to effectively conduct searches without leaving the terminal. By applying these techniques, we can gain valuable insights into individuals based on their online activity and presence, enhancing our understanding of their digital footprint.