Listen, OSINT is more relevant than ever. On the one hand, we hear about database leaks every week, and on the other, people are posting everything they can about themselves. While collecting information about someone used to be the preserve of intelligence agencies, now any schoolchild with internet access can do it.
I've been working in this field for several years now, and during that time I've tried dozens of services. Some work great, others are so-so, and still others are completely fake. In this article, I've compiled proven tools for searching by email, nickname, phone number, and full name, as well as for analyzing social media and IT structures. I've focused on free solutions because not everyone has the budget for paid subscriptions.
---
Why OSINT is legal (for now)
While bribing a bank employee to obtain confidential information is definitely a crime, searching open sources remains somewhat of a gray area, though probably legal. You're not hacking servers or stealing databases. You just Google and use what people have made publicly available.
The thing is, the information you obtain can't be used for blackmail, stalking, or other illegal activities. But it's perfectly fine for checking a business partner, finding lost contacts, or simply studying a correspondent.
---
Email Search: Where Any Intelligence Investigation Begins
Email is a unique identifier for a person on the internet. It can be used to find social media accounts, forum registrations, and even password leaks.
EmailSherlock.com
A service for automatic email address searches. It checks which websites the specified email address is linked to. Its advantages include being fast and free. Its disadvantages include a small database, which mostly finds popular social networks. It also contains a lot of ads for third-party services, many of which are no longer operational.
Emailrep.io
A more advanced tool. Determines which websites an email address is registered to, analyzes the account's reputation based on spam databases and data leaks. Shows whether the address has been compromised. Convenient when you need to quickly determine whether a person can be trusted.
--
Search by nickname: When email doesn't help
If searching by email doesn't yield any results, move on to the nickname. People often use the same nickname on different websites.
WhatsMyName
This isn't just a service, it's a complete tool. It checks for account presence by nickname on 280 services! You can sort by category and export the results in various formats. One of the best free tools.
Maigret
A fork of Sherlock, written in Python. It checks account presence on over 2,300 websites! It builds a profile on a person by username and doesn't use API keys. This is a local utility that requires installation, but the results are worth it.
git clone https://github.com/soxoj/maigret.git
cd maigret
pip install -r requirements.txt
python maigret.py username
Usersearch.org
Searches not only popular social networks but also relevant forums and dating sites. Convenient results: the account link and the account deletion page (if it's yours) are immediately displayed. Additionally, it searches by phone number and checks the HIBP (Have I Been Pwned) database.
Instant Username Search
Quick checks popular and less popular services. The database includes interesting relevant sites like MyAnimeList and Last.fm. Results are displayed immediately, and you can click the links.
Namech_k and Namecheckr
Simple and fast services for checking nicknames. Namech_k has an API that can be called from scripts—useful for automation.
---
Phone Number Search: From Theory to Practice
Phone numbers are more difficult because most databases are focused on landlines. But there are some useful tools.
SpravkaRU.Net
An extensive phone database. You can search not only by number, but also by a person's full name. The problem is that most numbers are landlines, which are rarely used these days.
Microsoft account.live.com
Checks whether a phone number is linked to a Microsoft account. Simply go to the website, enter the number, and the system tells you whether the account exists or not. It works flawlessly.
Email2phonenumber
A tool for collecting information from account recovery pages for various services. It can create lists of phone numbers and check their presence in profiles.
last4mailbot (Telegram)
A bot that identifies the last four digits of a Sberbank customer's phone number based on their email address. I tested it on several accounts—it works accurately.
---
Search by name: Russian services
This service focuses on VKontakte, the most popular social network on the RuNet.
VK-express
Monitors VK accounts: tracks avatars, likes, comments, friends, and groups. It can find hidden friends and user comments. Useful when you need to gather maximum information about a person.
220vk
An analytical service. Determines the average age of friends, hidden friends, their cities, and profile registration dates. It shows friends who have hidden the profile you're searching for, helping to identify connections between people. It also searches for likes and comments.
PeekYou
Searches for Facebook, Instagram, and Twitter profiles by first and last name. Searches a large list of services, suggesting possible email addresses based on username. It also displays people with similar names and their email addresses.
---
Analysis of accounts on foreign services
Reddit-user-analyzer
Analyzes public Reddit profile data: registration date, number of comments, karma, active subreddits. Generates activity graphs. Free, no registration required.
redditinvestigator.com
Creates a comprehensive profile of a Reddit account: subreddits, registration date, activity graph (which can be used to infer location). Numerous graphs and predictions based on profile data are available.
Twint
A powerful Twitter analysis tool that works without an official API. Requires installation, but the results are worth it. It gathers general profile information, tweets by topic, hashtags, and finds email addresses and phone numbers in tweets.
Whopostedwhat.com
Search for Facebook posts. Get a user ID via their profile link, then search for posts, comments, dates, and keywords. Simple and free.
---
Legal Entity Search
Egrulbot (Telegram)
Finds everything available in the Unified State Register of Legal Entities (USRLE) about Russian companies and individual entrepreneurs. Name, Taxpayer Identification Number (INN), status, address, and director. Free and fast.
vKarmanebot (Telegram)
Searches by UNP and organization name. Displays status, UNP, registration dates, and address.
---
Computer Intelligence: Websites, IP, Metadata
Xinit.ru
A real harvester. Checks a domain or IP using WHOIS, retrieves images from Google cache and web archive, displays server services and protocols, HTTP headers, and domain email addresses, checks a website on VirusTotal, reveals the real IP behind Cloudflare, and analyzes DNS infrastructure. Very useful for reconnaissance on a target company.
Urlscan.io
Checks who issued the TLS certificate, which IP addresses are associated with the website, and determines the tech stack. Fast, convenient, and free.
PublicWWW
Searches the source code of pages. Finds nicknames, references in code, and compares website icons. You can find lookalikes, advertising widget providers, wallets, and tokens. A very powerful tool.
Metadata2Go and Jeffrey's Image Metadata Viewer
Extract EXIF metadata from photos and images. Coordinates, camera location, and shooting date—all of this could be in a file someone uploaded online.
HostHunter
Searches domain names for a set of IP addresses. Useful when you need to quickly conduct reconnaissance on a target subnet. Results can be exported to CSV.
Knock Subdomain Scan
Brute-forces subdomains on the target domain. Helps find hidden subdomains that could be entry points.
---
There are dozens of OSINT tools. Some are better than others, but they can all provide useful information if you know where to look and how to interpret the results.
My advice: don't limit yourself to one service. Combine them. Start with WhatsMyName for searching by nickname, then use Maigret for in-depth analysis, and for social media, use specialized tools like Twint or Reddit-user-analyser.
And remember: OSINT isn't just about tools, it's also about thinking. Sometimes the most valuable information lies right on the surface; you just need to be able to spot it.
