Section 1 Introduction to Open Source Intelligence

Finding Location, Phone Number + More From a Photo 1 Course Introduction 2 What is OSINT? 3

Section 2 Search Engines OSINT

Introduction to Search Engines OSINT 4

Section 3 Search Engine OSINT – Google Search Operators

Discovering Sensitive Information About People 5 Discovering Social Media Profiles / Accounts 6 Discovering PDF Documents Associated with Targets 7 Find Hidden Search Results 8 Find Cameras & More with GHDB 9 Enhancing Google Searches with AI 10

Section 4 Search Engine OSINT – Bing Search Operators

Discovering Additional Information & Online Accounts Using Bing 11 Beyond Google: Finding Hidden Information 12

Section 5 Alternative Search Engines

Find More with Special Yandex Operators 13 Expanding Results with Alternative Search Tools 14 Course Note 15

Section 6 Database Breaches & Leaks

Introduction to Database Breaches & Leaks 16 Understanding the Difference Between Breached & Leaked Databases 17 Finding Relevant Breach / Leak Databases 18 Finding Emails, Passwords & More 19 Finding Addresses, Phone Numbers & More 20

Section 7 Downloading Leak / Breach Databases

Setting Up an Isolated Virtual Environment 21 Installing Needed Software to Manage Leaked Databases 22 Downloading & Accessing Leaked Facebook Data 23 Downloading & Accessing Leaked Twitter Data 24 Downloading & Accessing Leaked LinkedIn Data 25 Downloading & Accessing Leaked Snapchat Data 26 Finding Leaked Databases on the Internet 27 Recap 28

Section 8 Sock Puppet Identities

Introduction to Sock Puppet Accounts in OSINT 29 Creating an Untraceable Covert Account 30 How to Keep Your Covert Account Safe & Active 31

Section 9 Social Media Intelligence (SOCMINT)

Introduction to Social Media OSINT (SOCMINT) 32

Section 10 Facebook OSINT

Extracting Valuable Information from a Facebook Profile 33 Extracting User ID, Facebook Friends & More 34 Uncovering Emails and More from Facebook Profiles 35 Finding Comments / Tags of a Facebook Account 36 Facebook OSINT Recap 37

Section 11 Instagram OSINT

Extracting the User ID of an Instagram Account 38 Extracting Timestamps from Posts and Comments 39 Uncovering Comments of Private Instagram Accounts 40 Extracting Hidden Information from Instagram Metadata 41 Scraping Instagram Followers 42 Downloading Instagram Posts 43

Section 12 Creating an OSINT Virtual Machine

Installing Trace Labs OSINT VM 44 OSINT VM Overview 45 The Terminal & Linux Commands 46 Install Essential OSINT Tools 47 Automatically Download Instagram Profiles 48 Undetectable Instagram Info Extraction 49

Section 13 Twitter / X OSINT

Extracting X / Twitter User IDs 50 Recovering Deleted Tweets and Timestamps 51 Leveraging Search Operators to Find Specific Tweets 52 Discovering Tweets Posted from a Specific Location 53 Twitter OSINT Recap 54

Section 14 LinkedIn OSINT

Discovering and Analysing LinkedIn Profiles 55 Finding Hidden Names & Extracting Post Timestamps 56 Finding LinkedIn Profile Member IDs 57

Section 15 Other Social Media OSINT

Snapchat OSINT – Downloading Stories & Extracting Metadata 58 TikTok OSINT – Downloading Videos, Extracting Timestamps, Metadata & More 59

Section 16 Username OSINT

Introduction to Username OSINT 60 Tracking a Username Using Advanced Search Techniques 61 Finding Hidden Profiles with Reverse Username Lookup 62 Finding Linked Accounts Across the Web 63 Finding Passwords & Other Breached / Leaked Data Connected to a Username 64 Discovering Additional Online Accounts Automatically 65 Recap 66

Section 17 People OSINT

Introduction to People OSINT 67 Finding the Geographic Origins of a Name 68 Find Personal Details Using Advanced Search Techniques 69 Discovering Social Media Accounts Linked to a Person 70 Discovering Phone Numbers, Addresses, DOB, and More 71 Uncover Political Party Affiliations 72 Finding Partners and Maiden Names in Registries 73 Recap 74

Section 18 Email OSINT – Finding Email Addresses

Introduction to Email OSINT 75 Uncovering Emails from Social / Online Accounts 76 Finding Emails Using Advanced Search Techniques 77 Uncovering Emails Linked to Usernames 78 Creating and Verifying Possible Email Addresses 79 Uncovering Emails with Browser Tools 80 Finding Business Email Addresses 81 Discovering Emails within Data Breaches / Leaks 82 Extracting Emails from GitHub Accounts 83 Recap 84

Section 19 Email OSINT – Email Address Intelligence

Tracking the Identity Behind an Email Address 85 Leveraging Password Resets to Validate Email Addresses 86 Investigating an Email Address for Red Flags 87 Uncovering Websites & Accounts Linked to an Email Address 88 Discovering More Websites Linked to an Email Address 89 Gmail OSINT – Discovering Phone Numbers, Reviews, Addresses & More 90 Identifying Data Leaks Linked to an Email Address 91 Discovering LinkedIn Profiles Linked to an Email 92 Leveraging Usernames and Emails to Discover Additional Information 93

Section 20 Phone Number OSINT – Discovering Phone Numbers

Introduction to Phone Number OSINT 94 Tracking a Phone Number Across Online Platforms 95 Uncovering Phone Numbers Linked to LinkedIn Accounts 96 Discovering Sensitive Details Linked to a Phone Number 97 Finding Phone Numbers in Leaked Databases 98 Recap 99

Section 21 Phone Number OSINT – Deep Analysis

Uncovering Detailed Phone Number Information 100 Revealing Sensitive Information Using Advanced Search Techniques 101 Uncovering the Identity Behind a Phone Number 102 Finding the Caller ID in the US 103 Uncovering Accounts Registered with a Phone Number 104 Discovering Leaked Information Linked to a Phone Number 105 Deep Phone Number Scanning & Footprinting 106 Recap 107

Section 22 Image OSINT

Introduction to Image OSINT 108 Gathering Profile Images for OSINT Investigations 109

Section 23 Image OSINT – Reverse Image Search

Tracking Images Using Google 110 Discovering Location of an Image 111 Discovering Similar Pictures / Images on the Internet 112 Expanding the Search with Specialized Image Engines 113

Section 24 Image OSINT – Facial Recognition

Track Online Presence / Profiles Using a Photo 114

Section 25 Image OSINT – Geolocation

Using AI to Identify an Image Location 115 Discovering Image Location Using Search Engines 116 Extracting Location, Device Info & More from Images 117

Section 26 Maps OSINT

Introduction to Maps OSINT 118 Uncovering Key Details About Any Location 119 Viewing Satellite Imagery from Different Angles 120 Extracting Key Insights from Eastern Europe Maps 121 Using Apple Maps without an Apple Device 122 Investigating Places with Street-Level Imagery 123 Geo-Locating Images Using OpenStreetMap (OSM) 124 Extract Additional Information Using Google Earth 125

Section 27 Website OSINT

Introduction to Website OSINT 126 Discovering Website Owners & Hidden Contact Details 127 Identifying Technologies Used in a Website 128 Discovering Subdomains 129 Extracting Information from DNS Records 130 Uncovering Websites under the Same Ownership 131 Tracking a Website's Changes and Updates 132 Advanced Website Investigation Techniques 133 Discovering Subdomains (Advanced) 134 Investigating WordPress Websites 135 Automating OSINT Investigations 136

Section 28 Advanced OSINT Techniques

Advanced Investigation Methodologies 137

Section 29 Reporting

Cleaning and Structuring Notes 138 Reviewing Collected Information & Relationships 139 Creating an OSINT Relationship Map 140 Structuring Open-Source Investigations 141 Writing a Professional OSINT Report 142 Breaking Down a Real-World OSINT Case Report 143

Section 30 Course Exam

OSINT Exam / Bonus Lecture – What's Next? 144

Finding Relevant Breach / Leak Databases

18 min Lesson 18 Database Breaches & Leaks

LESSON 18

Lesson 18: Searching Breached Databases

Now the key question is: How can you search within a database? What information do you need? One of the most important pieces is a phone number or email address, as these are unique identifiers belonging to only one person.

Searching by just a first and last name might yield hundreds of results, making it hard to identify the right person. That's why having an email or phone is crucial. Additional details can further refine your search.

For example, if you lack an email/phone but have the first/last name, city, approximate age, and gender, you can narrow it down significantly.

Real-world example: Using the instructor's info — name "Sad Sarraj", lives in New York, 24 years old — a database search might return only 3–4 matches. The more details you have, the better.

Using Have I Been Pwned? (HIBP)

The first tool is Have I Been Pwned? (haveibeenpwned.com), which checks if an email or phone has been exposed in known breaches.

Example: Entering an email shows it was found in 2 breaches — download those databases to investigate further.

Practical demo: Using Rishi Cabra's known email on HIBP revealed it was compromised in 9 data breaches. This confirms the email's validity (used across multiple sites requiring verification).

Breaches include:

8tracks (music streaming)
BigBasket (online grocery/ordering)
Dominus India (India-specific service)
Gravatar
Gifit
Rentomojo (furniture rental in India)
Tungle
Zomato (food delivery)
One spam list

Breach dates range from 2016–2017 to as recent as 2023, indicating ongoing use.

Insights from Breaches

Beyond validation, HIBP reveals interests and habits:

8tracks: Interest in music
BigBasket: Online food/grocery ordering
Dominus India/Rentomojo: Likely living/renting in India
Zomato: Food delivery usage

Types of Leaked Data

HIBP details what was compromised in each breach. For one example:

Date of birth
Email addresses
IP addresses
Names
Passwords (plain text or hashed)
Physical addresses

In the latest breach (Rentomojo, 2023):

Date of birth
Email addresses
Genders
Government-issued IDs
Passport numbers
Passwords (plain text or hashed)
Purchase history
Social media profiles

Downloading these databases could reveal Rishi Cabra's DOB, IP, passwords, address, and more. In upcoming lectures, we'll cover how to find, download, and search leaked databases safely.