- The Art Of The Sock https://www.secjuice.com/the-art-of-the-sock-osint-humint/
- Reddit My process for setting up anonymous sockpuppet accounts - https://www.reddit.com/r/OSINT/comments/dp70jr/my_process_for_setting_up_anonymous_sockpuppet/
- Fake Name Generator https://www.fakenamegenerator.com/
- This Person Does not Exist https://www.thispersondoesnotexist.com/
Use Fake Name Generator to create a person whom you feel fits your sockpuppet persona.
Use This Person Does Not Exist to generate an image. Make sure you inspect the image closely and get one that doesn't have any obvious flaws, as they often do. It is worth picking up some Photoshop, GIMP, Affinity Photo or Designer, or other basic image manipulation skills to fix them and change the background of the image.
Get a burner phone, completely wiped and fresh. Can be any brand that will accept a Mint Mobile SIM card.
Get a burner credit card from Privacy.com to use for on Amazon and possible the Mint Mobile setup. They might need it to set up the account.
Set up a burner Amazon account. We're only going to use it once.
Buy two Mint Mobile SIM cards. You can find them various places online and in stores near you, but you can get two of them for $5 on Amazon. They also give you 1 week free trial with something like 100 text messages, which we're going to use. This gives you two cards for two sockpuppet accounts for only $5.
I like to use Amazon to have the card sent to an Amazon pickup box, which can be anonymous.
Get a VPN that you can set to the physical area in which you want your sockpuppet to "exist."
Set up the Mint Mobile trial account somewhere away from your home; as far as you're willing to go.
Use this Mint Mobile trial phone number to set up all of the websites you need.
I recommend at least set up a Google account and Protonmail account. Both will come in handy at different times.
Once you've set up all the accounts with your trial Mint SIM, set up 2FA on all of the accounts.
After setting up 2FA on all of the accounts, change the phone number to one you have more permanent access to, such as MySudo or Google Voice.
Make sure everything works!
Destroy the SIM card.
Wipe the phone.
-
Google https://www.google.com/
-
Google Advanced Search https://www.google.com/advanced_search
-
Google Search Guide http://www.googleguide.com/print/adv_op_ref.pdf
-
Bing Search Guide https://www.bruceclay.com/blog/bing-google-advanced-search-operators/
-
Yandex "Google of Russia" https://yandex.com/
-
DuckDuckGo https://duckduckgo.com/
-
DuckDuckGo Search Guide https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/
-
Baidu Chinese search engine http://www.baidu.com/
Course photos + challenges: https://drive.google.com/drive/folders/1xMADgUUoJ0A-plnoFzcHY7rBh7-3ZYTT?usp=sharing
-
Google Image Search https://images.google.com
-
Yandex Google of Russia https://yandex.com
-
TinEye https://tineye.com
-
Pimeyes paid service - https://pimeyes.com/en
-
Jimpl https://jimpl.com/
-
geo location games GeoGuessr https://www.geoguessr.com
-
GeoGuessr The Top Tips, Tricks and Techniques https://somerandomstuff1.wordpress.com/2019/02/08/geoguessr-the-top-tips-tricks-and-techniques/
-
type in the company name for results on Hunter.io https://hunter.io/
-
Phonebook.cz https://phonebook.cz/
-
VoilaNorbert https://www.voilanorbert.com/
-
Email Hippo https://tools.verifyemailaddress.io/
-
Email Checker https://email-checker.net/validate
-
Clearbit Connect https://chrome.google.com/webstore/detail/clearbit-connect-supercha/pmnhcgfcafcnkbengdcanjablaabjplo?hl=en
-
Email enumerations -EMAIL login -use email -Forgot password -will give more information on another email or phone number
Breached credentials - Dehashed - https://dehashed.com/ (cost money)
-
WeLeakInfo https://weleakinfo.to/v2/
-
LeakCheck https://leakcheck.io/
-
SnusBase https://snusbase.com/
-
Scylla.sh https://scylla.sh/ (DOWN)
-
HaveIBeenPwned https://haveibeenpwned.com/
-
NameChk https://namechk.com/
-
WhatsMyName https://whatsmyname.app/
-
NameCheckup https://namecheckup.com/
-
WhitePages https://www.whitepages.com/
-
TruePeopleSearch https://www.truepeoplesearch.com/
-
FastPeopleSearch https://www.fastpeoplesearch.com/
-
FastBackgroundCheck https://www.fastbackgroundcheck.com/
-
WebMii https://webmii.com/
-
PeekYou https://peekyou.com/
-
Spokeo https://www.spokeo.com/
-
That'sThem https://thatsthem.com/
Voter Records https://www.voterrecords.com
-
TrueCaller https://www.truecaller.com/
-
CallerID Test https://calleridtest.com/
-
Infobel https://infobel.com/
-
Twitter Advanced Search https://twitter.com/search-advanced
-
gather geo location for search in twitter
-
geocode:344.0207305,-118.567657,10km (example)
-
OSINT Tool Collection: https://github.com/rmdir-rp/OSINT-twitter-tools (OLD TOOLS)
-
Sowdust Github https://sowsearch.info
-
IntelligenceX Facebook Search https://intelx.io/tools?tab=facebook
ImgInn - https://imginn.com/ For the profile ID, right click and click "View page source". Then search for "profilePage_"
Snapchat Maps - https://map.snapchat.com
- Dehashed API Tool: https://github.com/hmaverickadams/DeHashed-API-Tool
- sherlock
- whatsmyname.app
-
phoneinfoga scan -n 12148675309
-
phoneinfoga serve -p 8080
Social Media OSINT
-
github tools!
- recon ng
- maltego
- Hunchly https://hunch.ly
-
whois CLI whois tcm-sec.com subfinder -d tcm-sec.com assetfinder tcm-sec.com amass enum -d tcm-sec.com cat tesla.txt | sort -u | httprobe -s -p https:443 gowitness file -f ./alive.txt -P ./pics --no-http
-
Subfinder https://github.com/projectdiscovery/subfinder subdomains
-
Assetfinder https://github.com/tomnomnom/assetfinder subdomains, will show more info. good for wild card domains good to grep fruits such as dev,adm,vpn,admin,stage
-
httprobe https://github.com/tomnomnom/httprobe all domains that are alivev
-
GoWitness https://github.com/sensepost/gowitness/wiki/Installation takes pictures of all the domains
-
enlarge images including youtube thumbnails - i.ytimg.com