Genealogy – Find a Grave

Find A Grave (findagrave.com) is the world’s largest repository of grave site information. The site is free and easy to use.

The site’s records are primarily from individuals uploading information. As a result, there may be different kinds of information available in different records.

Furthermore, any search that you run in FamilySearch.org will also check if that information is available on Find A Grave, thereby saving you the second step of searching in a second website. See bleow for a screenshot showing how a record from Find A Grave may appear in your search results in FamilySearch.org:

The Find A Grave Website

Nonetheless, the search function within the actual findagrave.com website is pretty thorough and gives a lot of different options for different ways to search for a record. Therefore, you may decide to try using the website itself.

For example, as you see in the findagrave.com search function below, you can even choose to search by burial plot information. That might seem like an obscure bit of information, but many records will identify the specific plot or cemetery section. Based on that information, you can search for relatives by looking for grave sites next to the first one, or for grave sites within the same section of the cemetery, possibly filtered for people with the same last name.

Below you see an example of the kinds of information that might be available in a particular record.

Your record may not always have identified family members, memorials, or photos, but you can generally count on four pieces of information being available:

1 – Name

2 – Date of Birth (and maybe location)

3 – Date of Death (and maybe location)

4 – The cemetery where they were buried

The first 3 pieces of information are very valuable because they provide unique details about a person that can help you find more records about them in different data sources. Maybe before you were searching for James Richard in familysearch.org but there were too many results. With this new information you can return to familysearch.org and filter your results to look for the James Richard that was born on June 19th, 1930.

The Cemetery Itself

The next step is to take the fourth piece of information (the cemetery) and go to the source. You want to go to the source of the information because there is often a bit more information there. You can either look the cemetery up online or consider contacting them to ask if they have additional records about the specific burial you are researching.

In one example, (see below) we see the name of the cemtery and a link to another page within Find A Grave that gives additional details about the cemetery.

The individual was buried at the Long Island National Cemetery and by clicking on the link for the cemetery, we are brought to this page below. In this case, the descriptor explains that the cemetery is for veterans and is run by the UD Department of Veterans Affairs. Notice that the description page provides a website for the cemetery, where we can find more information.

In this case, clicking on the cemetery’s website brings us to the VA’s National Cemeteries Administration, which has a “grave locator” function. See below:

In this case, looking up the record for the same burial site yielded new information, specifically the burial plot location, a link to a map of the graveyard revealing the location of the burial plot, and the rank and branch of the military where the individual served.

That’s all, good luck!

Genealogy Basics – FamilySearch.org

This post will identify free genealogy resources and how a beginner can use them. Over time, this post will grow to include additional resources with periodic updates. For now (November 11th, 2021) only one resource, FamilySearch.org, will be discussed. Future updates will include, but not be limited to:

Find a Grave – (findagrave.com)

Civil War Soldiers and Sailors Database – (https://www.nps.gov/civilwar/soldiers-and-sailors-database.htmhttps://www.nps.gov/civilwar/soldiers-and-sailors-database.htm)

Legacy.com/search – (a database of obituaries)

Heritage Quest – (a paid resource accessible via local libraries, including the Montgomery County Public Library)

FamilyTreeNow – (available at familytreenow.com) This is a free genealogy site that is akin to people-searching websites but focused on genealogy. There is an interesting Washington Post article about this site.

SIDE NOTE: If you are primarily interested in researching “the living,” Family Tree Now is a good resource for finding if a specific person (who is still alive) has deceased relatives. From there, you will be able to make use of genealogy resources.

FamilySearch.org

Family Search (FamilySearch.org) is a free resource, though it requires that you sign up for a free account, and a good starting point for genealogy research.

There are three key features worth noting, the basic search function, a wiki catalogue of regional databases, and a database of family trees that were built by individual account-holders.

To reach the basic search function, click on “Search” from the menu bar and then click on “Records” from the drop down menu.

Later on, you can return to this drop down menu and click on “Genealogies” or “Research Wiki.” Clicking on “Genealogies” will let you search family trees that were uploaded by users. “Research Wiki” is a wiki of different local genealogy-related databases that are specific to different locations.

You’ll want to start with the search records functions. The following search window will appear. If you submit a search here, the website will also search for results that are similar but not exactly what you typed (such as names there are spelt similarly to what you typed). If this give you too many results, then before getting started, it might be worth clicking on “More Options,” so you can choose to search for an exact spelling of a name.

The following window will appear and you will notice that there are options for search for exactly what you typed.

Data Sources

You can also browse the data sources available on Family Search by going to (https://www.familysearch.org/search/collection/listhttps://www.familysearch.org/search/collection/list)

This will help you know what to expect (for example, the Alabama State Marriage Licenses from 1816-1957 or Casualties from the Vietnam War). If you expect your ancestor is listed in one of these databases, you can click on it to search only records within that database. This is especially useful when your ancestor has a common name.

Two of the most important data sources to make note of in Family Search are the Social Security Death Index and U.S. National Censuses from 1790 to 1940 (Census data is only available if it is more than 70 years old), more on those data sources in upcoming posts.

That’s all for now.

What You Can Learn From a Phone Number

This posts addresses some of the tools that have become available for obtaining information about a given phone number. The prevalence of app-based caller ID has made it possible to identify the owners of unlisted numbers and even identify how they are casually referred to by associates.

WA Tools provide a resource that lets you know if a phone number has downloaded WhatsApp, whether they are active on WhatsApp at that moment, and most importantly it can even (usually) download their profile photo.

Though this is only indirectly related to the phone number, there is also a tool that lets you search (based on name / username) for and view skype profiles.

HLR (home location registry) lookups can potentially reveal general location data about the phone user.

Finally, this post summarizes previously discussed sites and information for researching phones with data breaches, Python, and people-search tools.

App-based Caller ID

True Caller – (truecaller.com) & Sync.me (sync.me) are two widely used apps with over a billion numbers combined. The apps access the contacts lists of their users and will identify a given number based on how people identify it in their contacts list, (i.e. “john – computer guy”). This is especially useful for phone numbers that are not listed in more established sources.

WhatsApp

WA Tools (https://watools.io/) can be used to search on any phone number and then find if it has WhatsApp, if the user is on WhatsApp at that moment, and download the user’s WhatsApp profile photo

Skype

The tool Skypli (https://www.skypli.com/) (recently discovered thanks to @OsintTechniques) lets you search for a Skype user by name and, if you find them, open their profile which can reveal name, location, profile photo, username and/or possibly other information.

HLR Lookups

HLR-Lookups.com will want you to sign up for a free account but it is worth it as it shows you the following information that, in theory, includes whether the number is actively roaming. However, Roaming means you are out of your network provider’s territory and is often a sign that the phone, and its owner, are traveling abroad.

Hlrlookup.com will identify a general region where the phone number was issued (see bottom portion of the table below), even if the area code is from a different location. This gives a better feel for the current actual home base of the phone number’s owner. In other words, they may have gotten the phone number and then moved to a different part of the country.

Intelx Phone Search Tool – (https://intelx.io/tools?tab=telephone)

Intelx.io has two great tool-aggregators for searching phone numbers. The first is for international phone numbers and the second is for US Phone numbers.

US-Focused Phone Search Tools

Previous posts addressed that there are several US-focused phone number lookup tools. For convenience here is a list:

truepeoplesearch.com, fastpeoplesearch.com, and freepeoplesearch.com – People search tools (all three seem to have access to the same data) –

thatsthem.com and searchpeoplefree.com – Similar to the people search tools but these two seem to have access to different data

calleridservice.com – Caller ID-based information

Data Breach Websites

There are several data breach websites that let you lookup phone numbers, but anecdotal evidence suggests it is not as likely to find results compared to email addresses.

breachdirectory.tk/ 

dehashed.com 

haveibeenpwned.com 

leak-lookup.com

Python Phone Lookup for Instagram, Snapchat

A previous post explained how to use a Python script named Ignorant to find if a phone number had been used to register accounts on Instagram or Snapchat.

If you believe you have then found the correct Instagram account, another post described how to use a Python code named Toutatis to see a partially obfuscated phone number used for the account. You can use that to confirm if you found the correct account.

Ghost Codes – There is a website called Ghost Codes, associated with an app with the same name. The website is a databases of Snapchat-users, limited to those who also have the Ghost Codes app, and for each user in the database there is info on their snapchat profile and other social media accounts.. The database only includes the users who have Ghost Codes and Snapchat.

How to Search Pastebin Websites for Data Breaches

What are Pastes?

According to HaveIBeenPwned.com, “Often when online services are compromised, the first signs of it appear on “paste” sites like Pastebin. Attackers frequently publish either samples or complete dumps of compromised data on these services. ” (click here for more information)

What is Pastebin Specifically?

According to a post on Echoshare.net,:

  • Pastebin is a website that allows users to share plain text through public posts called ‘pastes'”
  • “There are many similar web applications, known as ‘paste sites'”
  • “Paste sites are commonly used for sharing code.”
  • “Pastebin specifically is user-friendly, supports large text files, doesn’t require user registration, and allows for anonymous posting if the user has a VPN. “
  • “This allows black hat hackers to easily and anonymously breach data in an accessible place.”
  • Finally, per the Pastebin FAQ, search engines will only index the public pastes

How to Search Pastes?

The following are two good tools for searching pastes. Keep in mind that data breaches are often taken down after discovery on pastebin sites so you have a limited window of opportunity to find the raw data. Eventually, the info will filter down to the data breach sites mentioned in a previous post.

Pastebin Search Engine – (https://pastebinsearchengine.blogspot.com/?m=1&s=03) as its name says, this is a search engine for pastebin websites.

PSBDMP – (https://psbdmp.ws/) this site vaguely describes its data as follows, “Psbdmp collects data automatically from different sources and is not responsible for the data’s content,”

(see new post for updated pastebin in tools)

What To Look For When Researching a Twitter Account

Here are some key features to look for while:

Views on primary topics – First, look at the main topics they discuss and then click on one of the bubbles to find all the tweets on the topic. Read through a few tweets to get the account user’s view on the matter. So for example if one of the main topics is “President”, you can read through the tweets to see if they are pro or against the president

Specific details of their life – look for topics in the small bubbles to find the errant tweets that reveal details about their life, so maybe the bubble that says “wife” will link to a tweet saying “…my ex wife….”

Find closest associates – look at main usernames that are in primary topics and (unless they are a celebrity), look at 5 of them in a row to find common features that can reflect the original account user.

Find relatives – use All My Tweets to list all followers and do a quick word search for the original account owner’s last name

The account’s first follower – this is often someone close to the user. Use All My Tweets to get a full list of the account’s followers. Scroll all the way to the bottom and you will see the first follower there.

Assess relationships – use Tweet Beaver to display “conversations” between the primary twitter account and its close associates. Do they interact or just retweet?

Location – If you cannot find the account owner’s location directly, consider looking for locations of close friends and family in their bios or Geo Social Footprint. Try to identify time zone based on Sleeping Time.

Are staff members tweeting – for famous / powerful individuals, the tweets sometimes come from the actual person or staff members. Often, tweets from the person come from a phone and at any hour while tweets from staff come from a computer during the day. Use Twitonomy to identify the platform used for individual or all tweets. If the tweet came from a phone (it will say “Twitter for Android” or “…Iphone” etc.) or a computer (“Twitter Web App”).

List of Good Tools to Research a Twitter Account

Truth Nest

TurthNest (https://www.truthnest.com) look under “Activity” and there’s an option for “Mentioned Users” that shows you which users the targeted account mentioned the most times. You can click on “view latest” under each account to look at the specific tweets of the targeted account mentioning this user. You can also click on the account names to open their Twitter accounts and see their bio pages. This doesn’t sound useful but if you click on an account name in most tools it will merely search for the account in the tools itself. It is useful to right-click on 5 of these accounts in a row and choose to “open in new tab” so you can look at them all at once and find common features.

Tweet Topic Explorer

Tweet Topic Explorer (http://tweettopicexplorer.neoformix.com/) identifies the most common words tweeted from the account (excluding useless words like “the”) and allows you to click on any of them to immediately see a list of the tweets with that word. Scan the map for words that might reflect important things about the account user like political views or profession.

See this post here for how to find an account’s closest friends.

Or, see this post, for how to manipulate data and view original posts, most important topics in content, or rank other accounts mentioned in tweets.

Tweet Beaver

Tweet Beaver (https://tweetbeaver.com/) has a variety of tools that are especially useful for assessing a relationship between two accounts (common followers, what have they tweeted at each other, etc.)

Geo Social Footprint

  • (lately I am having difficulty with this tool so I am listing two alternatives below)

Geo Social Footprint (http://geosocialfootprint.com/) should show a twitter account’s geotagged tweets on a map and link to the tweets themselves. If you get an error message when you run a twitter account, like “map cannot display”, that often just means that there are no geotagged tweets. Based on the twitter api limitations, it is reasonable to guess that the tool looks at the last 200 tweets.

Alternate Tweet Mappers:

https://www.omnisci.com/demos/tweetmap and https://keitharm.me/projects/tweet/

For geo context, you can find what people nearby are tweeting about by using (https://www.omnisci.com/demos/tweetmap) or (https://onemilliontweetmap.com/).

Profile Changes Over Time?

Type out this url in your browser with the twitter account of interest at the end (in this example we used “search_ish”)

https://spoonbill.io/twitter/data/search_ish

All My Tweets (https://www.allmytweets.net/) is a great tool to find an account’s first follower. Just select the account to search, click in “Followers” and it will give you a list of followers in chronological order, so scroll to the bottom. A number of investigative reporting guides suggest that the first follower is often a person that has a close relationship with the account holder.

This tool will also list all of an accounts tweets in a list that can be copied and pasted into a CSV file.

Other useful tools include:

AccountAnalysis (https://accountanalysis.app/) this tool categorizes an account’s content to assess relationships and interests. It is similar to Tweet Topic Explorer in that in that it will analyze content of tweets and click on one thing (like a username) and the tool will identify the tweets that reference the account.

Below you see that for the analyzed account, the tool identifies the accounts that it replied to, retweeted, or quoted the most. This is a great way to quickly identify accounts that reflect your subject’s interests or associates. Tweet Topic Explorer takes more of a broad brush approach. But in this tool we can choose to focus on accounts that the subject account replied to rather than retweeted.

The tool lists Hashtags and URLs, which are a great way to figure out the account’s interests.

If you do not understand anything on the page, there is a very useful help section that details all of the analysis fields.

The only drawback of this tool is that you need to specifically request at the top if you want to analyze more than the last 200 tweets., Likewise at the bottom where it lists the tweets that reference the topic you clicked on, it will default to showing you 12 tweets and you have to click for it to load more. This presumably allows the tool to run faster and crash less.

Foller Me

Foller Me (https://foller.me/) gives similar info on an account (and is easier to read) such as when they joined but also gives a larger list of the people that researched account interacts with.

Twitonomy

Twitonomy (https://www.twitonomy.com/) performs analysis on the account as a whole, but you have to remember to search for an account and then actually click on the account name somewhere in the results. It gives information such as which accounts it tweets about or replies to most, how many times the account tends to tweet per day and from what kind of device, and how often they tend to tweet on given hours in the day or days in the week.

For example, at the very bottom of the results we here we see that the user of the @searchish_site account uses an Android phone and the search-ish wordpress account to Tweet.

Keep in mind that this tool is a little tricky at first. You have to search an account, and then in the initial results click on the account name again or click on Analyze a Twitter profile in order to get the full results.

Sleeping Time

For redundancy, Sleeping Time (http://sleepingtime.org/) also gives the hours of use for an account. But this tool gets right to the point and makes an educated guess about the hours of sleep so you don’t have to look into the data yourself and guess if an average of 3 hours at 4am means the person usually sleeps at that time or not.

What to look for with these tools?

Here are some key features to look for:

Views on primary topics – First, look at the main topics they discuss and then click on one of the bubbles to find all the tweets on the topic. Read through a few tweets to get the account user’s view on the matter. So for example if one of the main topics is “President”, you can read through the tweets to see if they are pro or against the president

Specific details of their life – look for topics in the small bubbles to find the errant tweets that reveal details about their life, so maybe the bubble that says “wife” will link to a tweet saying “…my ex wife….”

Find closest associates – look at main usernames that are in primary topics and (unless they are a celebrity), look at 5 of them in a row to find common features that can reflect the original account user.

Find relatives – use All My Tweets to list all followers and do a quick word search for the original account owner’s last name

The account’s first follower – this is often someone close to the user. Use All My Tweets to get a full list of the account’s followers. Scroll all the way to the bottom and you will see the first follower there.

Assess relationships – use Tweet Beaver to display “conversations” between the primary twitter account and its close associates. Do they interact or just retweet?

Location – If you cannot find the account owner’s location directly, consider looking for locations of close friends and family in their bios or Geo Social Footprint. Try to identify time zone based on Sleeping Time.

Are staff members tweeting – for famous / powerful individuals, the tweets sometimes come from the actual person or staff members. Often, tweets from the person come from a phone and at any hour while tweets from staff come from a computer during the day. Use Twitonomy to identify the platform used for individual or all tweets. If the tweet came from a phone (it will say “Twitter for Android” or “…Iphone” etc.) or a computer (“Twitter Web App”).

.

Python for OSINT: Find Google Accounts with GHunt

This post will walk through how to use the Python script GHunt via gitpod.io, which lets you search an email address to find the associated Google Account and pulls relevant information from it. Google account

GHunt is located at https://github.com/mxrch/GHunt , and was developed by mxrch on Github.

Running GHunt

1 – Go to:

https://gitpod.io/#https://github.com/mxrch/GHunt

2 – type the following command and then hit enter:

docker pull mxrch/ghunt

3 – copy and paste in this next command and then hit enter:

docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt check_and_gen.py
docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt ghunt.py email
docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt ghunt.py doc

4 – The file will ask you one at a time to input your google cookies, you only have to do this once.

You get the following prompt to find your google cookie “SID”

Find Google Cookies (using Firefox or Chrome)

a.) Log in to accounts.google.com

b.) After that, open the Dev Tools window and navigate to the Storage tab (Shift + F9 on Firefox)
If you don’t know how to open it, just right-click anywhere and click “Inspect Element”.

c.) For Google Chrome (sorry, not sure about Firefox) you click on application

d.) Then on the left side click the triangle next to Cookies so it is directed down. Then click on

https://myaccount.google.com

e.) Now your cookies appear in the menu to the right.

f.) For each cookie that you need, the script will identify its by the cookie name, which you can find in the Name column.

g.) So the first cookie that was asked for was SID:

So we go to the menu and under Name we find SID

h.) Then we copy the Value and paste it in where the file asked in gitpod

j.) You will be prompted to find and input the cookies named SID, SSID, APISID, SAPISID, and HSID.

Now lets return to step 5 in the process of running GHunt.

5 – Now in order to search for the Google Account of an email address, type in the following command (but with the email address where it says “<email_address>” (also remove the carrots)) and hit enter:

docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt check_and_gen.py
docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt ghunt.py email
docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt ghunt.py doc

SIDENOTE: GHunt can also research a Google Doc. To do so, get the document link and run the following command:

docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt ghunt.py doc

And here is the kind of results you may receive (name, location, photos, etc.):

When I click on the Google Maps link (gitpod requires you to hold down Ctrl while you click on the link), I get the account’s profile photo and a review on Google Maps at a specific location.

Don’t forget to hit Save within the Gitpod workspace so that you do not need to input your cookies in the future!

Python For OSINT: Instagram Account Lookup

This post will walkthrough running a Python scrip (Toutatis) in Gitpod that will find information on an Instagram account such as a partial email or phone number that is privately registered with the account. Once you have the partial email, you can make an educated guess about the full email and then search for it in a data breach website to see if such an email does exist.

We will use the Toutatis Python Script written by Megadose and can be obtained from https://github.com/megadose/toutatis.

Recall that a previous post Find if A Phone has an Instagram Account, showed how to use a Python script (Ignorant) to find out if a phone number was registered with an unidentified account on Instagram.

So if you start with a phone and run the script, you will know there is an account out there and therefore you can go look for an account that you think is used by the phone’s owner. Once you find an account you can now use this new script (Toutatis) to confirm if you found the right one by checking if the account is registered to the same phone number with which you started.

Before running Toutatis we must get our Instagram SessionID and then the second is to run the actual script.

Get Instagram SessionID

Open instagram and then right-click and choose “inspect” from the dropdown menu

Then (this is for chrome but it is similar for other browsers) click on Application, then the down arrow next to Cookies, and then http://www.instagram&#8230;

The SessionID is 2nd down in the menu in the middle. Double click on it to make it copy-able.

Running Toutatis

1 – Log into github.com and gitpod.io (for first-time users, registering is quick and easy)

2 – Open a new tab and type in the url:

https://gitpod.io/#https://github.com/megadose/toutatis

You will see something like this image on your screen for about 1 minute:

Then this screen will appear:

If this screen above does not appear after 5 minutes, you can change your default IDE which will usually fix the problem. See the Trouble Shooting Section at the bottom for how to change your default IDE.

3 – Then type:

sudo python3 setup.py install

4 – type the command

“toutatis -u USERNAME -s SESSIONID”

But replace USERNAME with the username and SESSIONID with the session id

So I will be using the username paulwalker1 and the sessionid 26902806300%3ANXEuxHSiGWtS1F%3A10. So as you see in the screenshot below, I will type:

“toutatis -u paulwalker1 -s 26902806300%3ANXEuxHSiGWtS1F%3A10 “

5 – And my results include a partial of a private email and a private phone number

(I have blocked them out with red for the sake of the user’s privacy)

I know that the number of * in the partials correlates to the correct number of hidden characters so I can make an educated guess about the email and phone.

Now you can guess the email and verify if it exists or not by searching for it in a data breach website. You could also use the Profil3r script to search for social media accounts and email addresses that use the same username (see walkthrough in the post titled Python for OSINT: Find If a Username is listed as an Email or Social Media Account).

You can guess the phone number and check it in Trucaller (trucaller.com), a callerid database (calleridservice.com), or people-searching website (truepeoplesearch.com). These websites would tell you if the phone exists and then who owns it. To help confirm that you have the right phone number, it would be good to go back to the Ignorant script ( Find if A Phone has an Instagram Account) to make sure that the phone number you guessed does in fact have an Instagram account.

That’s it!

See below if you were having trouble logging into your virtual environment.

Trouble Shooting Section

If your computer keeps running for more than 5 minutes when you try to set up a virtual environment, then:

1 – open a new tab and log into gitpod.

2 – go to settings

3 – then preferences

4 – then switch the IDE on the right, sometimes VS Code works better, sometimes Theia

That should help

Python For OSINT: Find Websites Where an Email Registered Accounts – Holehe

We can identify a list of websites where a specific email address has registered accounts in a very straightforward process of 6 steps. This process does not require the reader to know, learn, or download Python, but does use a Python script.

CREDIT WHERE IT IS DUE: This process does not require a knowledge of Python but the explanation must address the computer language a bit. The Github user account Megadose hosts an amazing Python script named Holehe and deserves a lot of credit for this creation.

The script will find the different social media networks where the email is registered to an account. However, because many people do not know anything about Python, I’ve come up with a process intended for people that do not know anything about python and do not want to learn about it. It is a rote process requires no knowledge of python, no downloads, and no thinking at all.

Instructions for First Time Using Holehe

Step 1 (the hardest) – Click here and sign up for an account on Github . Sorry, that is more than one step but the process is simple and it gets easy afterward.

Step 2 – Login to Gitpod. You do not need to sign up for Gitpod if you already have a Github account. Go here (https://gitpod.io/login/) and you will see an option on the left to sign in with your Github account even though you don’t have a Gitpod account. See below:

Once you have logged in your page will probably look like this:

Step 3 – Copy and paste this url into your browser and hit Enter:

gitpod.io/#https://github.com/megadose/holehe

Why? – Basically, you are making a url that consists of the gitpod website url, a hashtage, and the url of the github page for the script.

Here is the explanation. We want to run a Python script but to do so we need a development environment. Normally you would download it but in this case, Gitpod provides a development environment online where you can run Python scripts. When you identify a script posted on Github you create a url of the Gitpod website’s url, a Hashtag, and the url for the page hosting the Python script. So with our script hosted at https://github.com/megadose/holehe, we create a url like this:

gitpod.io + /# + https://github.com/megadose/holehe

Gitpod will create a workspace, a virtual computer, specifically for running the script. The script and its affiliated files will be downloaded though you will likely still have to run the setup.py file, or its equivalent. If you go to the script’s page on Github there should be instructions for downloading and running the script.

Wait for Gitpod to do some processing and then your computer should look like this:

Step 4 – At the bottom of the screen find where it says “/workspace/holehe $”.

Click to the right of these words and type “python3 setup.py install” and then hit enter.

Step 5 – Wait for the install to complete and then right click on the folder on the type left that is named “holehe” (not the one titled “holehe.egg-info”). When you right click on the folder a drop down menu appears, choose “open in terminal”.

A new tab has appeared in the terminal, notice the new tab that reads “gitpod /workspace/holehe/holehe” and the cursor is located next to a similarly named prompt.

Step 6 – Finally, choose your email that you want to research, in our case we will use the fake example email “fake@example.com”

Now the last thing to do is type in the final sequence with your email in place of our fake example. So find the prompt “gitpod /workspace/holehe/holehe $” and next to it you will type the following and hit enter:

“holehe fake@example.com”

Results: Separately, I ran a real email address for an example to show how the results should look. The output is a list of 50 or so social media networks and other websites. If the name of the site/network is purple, there was no account on it, green means there is an account registered with the email address and red means the script could not check the site. Hopefully you got something like this:

Now that you’ve done this once, the process will be much easier in the future.

Next time

Login to Gitpod and there will be a workspace named for the script. It should look like the image below. Just click “Open” on the workspace.

From here, you repeat steps 4, 5, and 6. You install setup.py, open a new terminal tab, and run the command.

That’s it!

Python for OSINT: Find If a Username is listed as an Email or Social Media Account

This post will explain how to use the profil3r tool to automatically search if a given username or real name is used in various social media or an email address for gmail, yahoo, or hotmail.

If you already have accounts on Github and Gitpod, login and jump to step 3.

Step 1 – (the hardest) – Click here and sign up for an account on Github . Sorry, that is more than one step but the process is simple and it gets easy afterward.

Step 2 – Login to Gitpod. You do not need to sign up for Gitpod if you already have a Github account. Go here (https://gitpod.io/login/) and you will see an option on the left to sign in with your Github account even though you don’t have a Gitpod account. See below:

Step 3 -Go to https://github.com/Rog3rSm1th/Profil3r and then click on green button that says Gitpod. You’ll then have to wait for a bit.

If the gitpod button does not appear on this page for you, you can alternatively paste the following url into a new tab:

gitpod.io/#https://github.com/Rog3rSm1th/Profil3r

Step 4 -That brings you to Gitpod where it will set up a virtual machine.

Step 5 – see where it says “gitpod /workspace/Profil3r $” and next to it type

sudo python3 setup.py install

Step 6 – hit enter, wait for the install to complete. Then, as shown below, type “sudo python3 profil3r.py -p [USERNAME]”

I am going to use the example username “usernameforme”, so I typed

sudo python3 profil3r.py -p usernameforme

Step 7 – Hit Enter and then this screen appears.

If you had entered a person’s name “john smith”, you could choose here if you want the script to search with any, none, or all of the separators listed. as noted in the instructions, move the little yellow arrow up or down with the direction arrows on your keyboard. Choose an option by hitting “space” and unchoose it by hitting the same button. you can also check/choose all options with the “a” button or uncheck them all with the “i” button.

Or you can do nothing at all. Regardless of what you choose, (including nothing) hit enter when you are done.

Step 8 – Now you have a series of options for what you want the script to search. Feel free to hit “a” to choose all, and then hit enter.

Step 9 – wait and get your results. For each version of the username or name (from Step 7) it will check each website listed. Below we see there are several social media sites with the username “usernameforme” but nothing on Soundcloud.

The possible email addresses might be a bit confusing. The script searches if there are email addresses for gmail, yahoo, or hotmail with that username. If it says [SAFE] next to the email address, that means it did NOT find evidence that the email address exists.

That is because the script searches haveibeenpwned.com for instances where the email address is listed in a data breach. If the email address is not in a data breach, the website tells the script that the email address is “safe”. For our purposes, if the email address WERE in a data breach, that would prove that it does exist.

Feel free to follow up researching the email address on a website like emailrep.io.

That’s it! You’re Done!

Update: Multiple Usernames

It is also possible to run multiple usernames at once, but be careful not to overload it.

To add more usernames, run the same command but add additional usernames separated by commas, like below:

sudo python3 profil3r.py -p username1, username2, username3

See the post (Find A Twitter Account’s…) that identifies the Twitter accounts most commonly mentioned by a given account.

You can then take the most commonly mentioned accounts and research them all with Profil3r.py