Section 1 Introduction to Open Source Intelligence

Finding Location, Phone Number + More From a Photo 1 Course Introduction 2 What is OSINT? 3

Section 2 Search Engines OSINT

Introduction to Search Engines OSINT 4

Section 3 Search Engine OSINT – Google Search Operators

Discovering Sensitive Information About People 5 Discovering Social Media Profiles / Accounts 6 Discovering PDF Documents Associated with Targets 7 Find Hidden Search Results 8 Find Cameras & More with GHDB 9 Enhancing Google Searches with AI 10

Section 4 Search Engine OSINT – Bing Search Operators

Discovering Additional Information & Online Accounts Using Bing 11 Beyond Google: Finding Hidden Information 12

Section 5 Alternative Search Engines

Find More with Special Yandex Operators 13 Expanding Results with Alternative Search Tools 14 Course Note 15

Section 6 Database Breaches & Leaks

Introduction to Database Breaches & Leaks 16 Understanding the Difference Between Breached & Leaked Databases 17 Finding Relevant Breach / Leak Databases 18 Finding Emails, Passwords & More 19 Finding Addresses, Phone Numbers & More 20

Section 7 Downloading Leak / Breach Databases

Setting Up an Isolated Virtual Environment 21 Installing Needed Software to Manage Leaked Databases 22 Downloading & Accessing Leaked Facebook Data 23 Downloading & Accessing Leaked Twitter Data 24 Downloading & Accessing Leaked LinkedIn Data 25 Downloading & Accessing Leaked Snapchat Data 26 Finding Leaked Databases on the Internet 27 Recap 28

Section 8 Sock Puppet Identities

Introduction to Sock Puppet Accounts in OSINT 29 Creating an Untraceable Covert Account 30 How to Keep Your Covert Account Safe & Active 31

Section 9 Social Media Intelligence (SOCMINT)

Introduction to Social Media OSINT (SOCMINT) 32

Section 10 Facebook OSINT

Extracting Valuable Information from a Facebook Profile 33 Extracting User ID, Facebook Friends & More 34 Uncovering Emails and More from Facebook Profiles 35 Finding Comments / Tags of a Facebook Account 36 Facebook OSINT Recap 37

Section 11 Instagram OSINT

Extracting the User ID of an Instagram Account 38 Extracting Timestamps from Posts and Comments 39 Uncovering Comments of Private Instagram Accounts 40 Extracting Hidden Information from Instagram Metadata 41 Scraping Instagram Followers 42 Downloading Instagram Posts 43

Section 12 Creating an OSINT Virtual Machine

Installing Trace Labs OSINT VM 44 OSINT VM Overview 45 The Terminal & Linux Commands 46 Install Essential OSINT Tools 47 Automatically Download Instagram Profiles 48 Undetectable Instagram Info Extraction 49

Section 13 Twitter / X OSINT

Extracting X / Twitter User IDs 50 Recovering Deleted Tweets and Timestamps 51 Leveraging Search Operators to Find Specific Tweets 52 Discovering Tweets Posted from a Specific Location 53 Twitter OSINT Recap 54

Section 14 LinkedIn OSINT

Discovering and Analysing LinkedIn Profiles 55 Finding Hidden Names & Extracting Post Timestamps 56 Finding LinkedIn Profile Member IDs 57

Section 15 Other Social Media OSINT

Snapchat OSINT – Downloading Stories & Extracting Metadata 58 TikTok OSINT – Downloading Videos, Extracting Timestamps, Metadata & More 59

Section 16 Username OSINT

Introduction to Username OSINT 60 Tracking a Username Using Advanced Search Techniques 61 Finding Hidden Profiles with Reverse Username Lookup 62 Finding Linked Accounts Across the Web 63 Finding Passwords & Other Breached / Leaked Data Connected to a Username 64 Discovering Additional Online Accounts Automatically 65 Recap 66

Section 17 People OSINT

Introduction to People OSINT 67 Finding the Geographic Origins of a Name 68 Find Personal Details Using Advanced Search Techniques 69 Discovering Social Media Accounts Linked to a Person 70 Discovering Phone Numbers, Addresses, DOB, and More 71 Uncover Political Party Affiliations 72 Finding Partners and Maiden Names in Registries 73 Recap 74

Section 18 Email OSINT – Finding Email Addresses

Introduction to Email OSINT 75 Uncovering Emails from Social / Online Accounts 76 Finding Emails Using Advanced Search Techniques 77 Uncovering Emails Linked to Usernames 78 Creating and Verifying Possible Email Addresses 79 Uncovering Emails with Browser Tools 80 Finding Business Email Addresses 81 Discovering Emails within Data Breaches / Leaks 82 Extracting Emails from GitHub Accounts 83 Recap 84

Section 19 Email OSINT – Email Address Intelligence

Tracking the Identity Behind an Email Address 85 Leveraging Password Resets to Validate Email Addresses 86 Investigating an Email Address for Red Flags 87 Uncovering Websites & Accounts Linked to an Email Address 88 Discovering More Websites Linked to an Email Address 89 Gmail OSINT – Discovering Phone Numbers, Reviews, Addresses & More 90 Identifying Data Leaks Linked to an Email Address 91 Discovering LinkedIn Profiles Linked to an Email 92 Leveraging Usernames and Emails to Discover Additional Information 93

Section 20 Phone Number OSINT – Discovering Phone Numbers

Introduction to Phone Number OSINT 94 Tracking a Phone Number Across Online Platforms 95 Uncovering Phone Numbers Linked to LinkedIn Accounts 96 Discovering Sensitive Details Linked to a Phone Number 97 Finding Phone Numbers in Leaked Databases 98 Recap 99

Section 21 Phone Number OSINT – Deep Analysis

Uncovering Detailed Phone Number Information 100 Revealing Sensitive Information Using Advanced Search Techniques 101 Uncovering the Identity Behind a Phone Number 102 Finding the Caller ID in the US 103 Uncovering Accounts Registered with a Phone Number 104 Discovering Leaked Information Linked to a Phone Number 105 Deep Phone Number Scanning & Footprinting 106 Recap 107

Section 22 Image OSINT

Introduction to Image OSINT 108 Gathering Profile Images for OSINT Investigations 109

Section 23 Image OSINT – Reverse Image Search

Tracking Images Using Google 110 Discovering Location of an Image 111 Discovering Similar Pictures / Images on the Internet 112 Expanding the Search with Specialized Image Engines 113

Section 24 Image OSINT – Facial Recognition

Track Online Presence / Profiles Using a Photo 114

Section 25 Image OSINT – Geolocation

Using AI to Identify an Image Location 115 Discovering Image Location Using Search Engines 116 Extracting Location, Device Info & More from Images 117

Section 26 Maps OSINT

Introduction to Maps OSINT 118 Uncovering Key Details About Any Location 119 Viewing Satellite Imagery from Different Angles 120 Extracting Key Insights from Eastern Europe Maps 121 Using Apple Maps without an Apple Device 122 Investigating Places with Street-Level Imagery 123 Geo-Locating Images Using OpenStreetMap (OSM) 124 Extract Additional Information Using Google Earth 125

Section 27 Website OSINT

Introduction to Website OSINT 126 Discovering Website Owners & Hidden Contact Details 127 Identifying Technologies Used in a Website 128 Discovering Subdomains 129 Extracting Information from DNS Records 130 Uncovering Websites under the Same Ownership 131 Tracking a Website's Changes and Updates 132 Advanced Website Investigation Techniques 133 Discovering Subdomains (Advanced) 134 Investigating WordPress Websites 135 Automating OSINT Investigations 136

Section 28 Advanced OSINT Techniques

Advanced Investigation Methodologies 137

Section 29 Reporting

Cleaning and Structuring Notes 138 Reviewing Collected Information & Relationships 139 Creating an OSINT Relationship Map 140 Structuring Open-Source Investigations 141 Writing a Professional OSINT Report 142 Breaking Down a Real-World OSINT Case Report 143

Section 30 Course Exam

OSINT Exam / Bonus Lecture – What's Next? 144

Finding Emails, Passwords & More

20 min Lesson 19 Database Breaches & Leaks

LESSON 19

Lesson 19: Finding Emails, Passwords & More

In the previous lecture, you learned how to check if an email is in a data breach using Have I Been Pwned?. Now, we'll focus on extracting leaked information from databases.

Using DHashed

DHashed (dhashed.com) is a powerful search engine for querying data breaches and leaks. It allows searches by name, email, phone, username, IP, address, VIN, and more — not limited to emails.

Downside: It's a paid service (affordable for OSINT: $5.50/week, $15/month, $180/year). Free alternatives will be covered later.

Setup: Create an account and subscribe to access searches.

Search fields: Email, username, IP, name, address, phone, VIN, or domain scan.

Example: Searching for "Zaid Sabih" (using quotes for exact match) yielded 3 results:

First: Unrelated, but linked email ghostofthematrix@yahoo.com associated with name in mindjolt.com breach. Includes IP, username "Zaid Sabih", and another email zaidazad@yahoo.com.
Third: Relevant — zaid@zsecurity.org, name "Zaid Sabih", hashed password, and IP address.

Follow-Up Analysis

IP Lookup: Paste the IP into an IP lookup tool (e.g., first Google result). Revealed Dublin, Ireland — matching ZSecurity's location (verified via Google: "zsecurity dublin").

Cross-Check with HIBP: The email zaid@zsecurity.org was in one breach (promo.com), confirming the data source.

Further Search: Search the email in DHashed: 18 results, revealing multiple passwords (e.g., unique ones like variations with "++"). Note them in your notepad.

IP from Another Result: One IP traced to Jordan; associated username "Zeus".

Verify Username: Google "zsecurity zeus" → Leads to ZLogger tool and Zaid's GitHub (username "zeus" confirms link).

Password Search Tip: Search a unique password in DHashed: 9 results, including the same email but with @gmail.com variant — a new email to note.

This methodology works for any target (e.g., Rishi Cabra could reveal phone, address, SSN, plain-text passwords). We'll cover archived sites in future lectures.