Section 1 Introduction to Open Source Intelligence

Finding Location, Phone Number + More From a Photo 1 Course Introduction 2 What is OSINT? 3

Section 2 Search Engines OSINT

Introduction to Search Engines OSINT 4

Section 3 Search Engine OSINT – Google Search Operators

Discovering Sensitive Information About People 5 Discovering Social Media Profiles / Accounts 6 Discovering PDF Documents Associated with Targets 7 Find Hidden Search Results 8 Find Cameras & More with GHDB 9 Enhancing Google Searches with AI 10

Section 4 Search Engine OSINT – Bing Search Operators

Discovering Additional Information & Online Accounts Using Bing 11 Beyond Google: Finding Hidden Information 12

Section 5 Alternative Search Engines

Find More with Special Yandex Operators 13 Expanding Results with Alternative Search Tools 14 Course Note 15

Section 6 Database Breaches & Leaks

Introduction to Database Breaches & Leaks 16 Understanding the Difference Between Breached & Leaked Databases 17 Finding Relevant Breach / Leak Databases 18 Finding Emails, Passwords & More 19 Finding Addresses, Phone Numbers & More 20

Section 7 Downloading Leak / Breach Databases

Setting Up an Isolated Virtual Environment 21 Installing Needed Software to Manage Leaked Databases 22 Downloading & Accessing Leaked Facebook Data 23 Downloading & Accessing Leaked Twitter Data 24 Downloading & Accessing Leaked LinkedIn Data 25 Downloading & Accessing Leaked Snapchat Data 26 Finding Leaked Databases on the Internet 27 Recap 28

Section 8 Sock Puppet Identities

Introduction to Sock Puppet Accounts in OSINT 29 Creating an Untraceable Covert Account 30 How to Keep Your Covert Account Safe & Active 31

Section 9 Social Media Intelligence (SOCMINT)

Introduction to Social Media OSINT (SOCMINT) 32

Section 10 Facebook OSINT

Extracting Valuable Information from a Facebook Profile 33 Extracting User ID, Facebook Friends & More 34 Uncovering Emails and More from Facebook Profiles 35 Finding Comments / Tags of a Facebook Account 36 Facebook OSINT Recap 37

Section 11 Instagram OSINT

Extracting the User ID of an Instagram Account 38 Extracting Timestamps from Posts and Comments 39 Uncovering Comments of Private Instagram Accounts 40 Extracting Hidden Information from Instagram Metadata 41 Scraping Instagram Followers 42 Downloading Instagram Posts 43

Section 12 Creating an OSINT Virtual Machine

Installing Trace Labs OSINT VM 44 OSINT VM Overview 45 The Terminal & Linux Commands 46 Install Essential OSINT Tools 47 Automatically Download Instagram Profiles 48 Undetectable Instagram Info Extraction 49

Section 13 Twitter / X OSINT

Extracting X / Twitter User IDs 50 Recovering Deleted Tweets and Timestamps 51 Leveraging Search Operators to Find Specific Tweets 52 Discovering Tweets Posted from a Specific Location 53 Twitter OSINT Recap 54

Section 14 LinkedIn OSINT

Discovering and Analysing LinkedIn Profiles 55 Finding Hidden Names & Extracting Post Timestamps 56 Finding LinkedIn Profile Member IDs 57

Section 15 Other Social Media OSINT

Snapchat OSINT – Downloading Stories & Extracting Metadata 58 TikTok OSINT – Downloading Videos, Extracting Timestamps, Metadata & More 59

Section 16 Username OSINT

Introduction to Username OSINT 60 Tracking a Username Using Advanced Search Techniques 61 Finding Hidden Profiles with Reverse Username Lookup 62 Finding Linked Accounts Across the Web 63 Finding Passwords & Other Breached / Leaked Data Connected to a Username 64 Discovering Additional Online Accounts Automatically 65 Recap 66

Section 17 People OSINT

Introduction to People OSINT 67 Finding the Geographic Origins of a Name 68 Find Personal Details Using Advanced Search Techniques 69 Discovering Social Media Accounts Linked to a Person 70 Discovering Phone Numbers, Addresses, DOB, and More 71 Uncover Political Party Affiliations 72 Finding Partners and Maiden Names in Registries 73 Recap 74

Section 18 Email OSINT – Finding Email Addresses

Introduction to Email OSINT 75 Uncovering Emails from Social / Online Accounts 76 Finding Emails Using Advanced Search Techniques 77 Uncovering Emails Linked to Usernames 78 Creating and Verifying Possible Email Addresses 79 Uncovering Emails with Browser Tools 80 Finding Business Email Addresses 81 Discovering Emails within Data Breaches / Leaks 82 Extracting Emails from GitHub Accounts 83 Recap 84

Section 19 Email OSINT – Email Address Intelligence

Tracking the Identity Behind an Email Address 85 Leveraging Password Resets to Validate Email Addresses 86 Investigating an Email Address for Red Flags 87 Uncovering Websites & Accounts Linked to an Email Address 88 Discovering More Websites Linked to an Email Address 89 Gmail OSINT – Discovering Phone Numbers, Reviews, Addresses & More 90 Identifying Data Leaks Linked to an Email Address 91 Discovering LinkedIn Profiles Linked to an Email 92 Leveraging Usernames and Emails to Discover Additional Information 93

Section 20 Phone Number OSINT – Discovering Phone Numbers

Introduction to Phone Number OSINT 94 Tracking a Phone Number Across Online Platforms 95 Uncovering Phone Numbers Linked to LinkedIn Accounts 96 Discovering Sensitive Details Linked to a Phone Number 97 Finding Phone Numbers in Leaked Databases 98 Recap 99

Section 21 Phone Number OSINT – Deep Analysis

Uncovering Detailed Phone Number Information 100 Revealing Sensitive Information Using Advanced Search Techniques 101 Uncovering the Identity Behind a Phone Number 102 Finding the Caller ID in the US 103 Uncovering Accounts Registered with a Phone Number 104 Discovering Leaked Information Linked to a Phone Number 105 Deep Phone Number Scanning & Footprinting 106 Recap 107

Section 22 Image OSINT

Introduction to Image OSINT 108 Gathering Profile Images for OSINT Investigations 109

Section 23 Image OSINT – Reverse Image Search

Tracking Images Using Google 110 Discovering Location of an Image 111 Discovering Similar Pictures / Images on the Internet 112 Expanding the Search with Specialized Image Engines 113

Section 24 Image OSINT – Facial Recognition

Track Online Presence / Profiles Using a Photo 114

Section 25 Image OSINT – Geolocation

Using AI to Identify an Image Location 115 Discovering Image Location Using Search Engines 116 Extracting Location, Device Info & More from Images 117

Section 26 Maps OSINT

Introduction to Maps OSINT 118 Uncovering Key Details About Any Location 119 Viewing Satellite Imagery from Different Angles 120 Extracting Key Insights from Eastern Europe Maps 121 Using Apple Maps without an Apple Device 122 Investigating Places with Street-Level Imagery 123 Geo-Locating Images Using OpenStreetMap (OSM) 124 Extract Additional Information Using Google Earth 125

Section 27 Website OSINT

Introduction to Website OSINT 126 Discovering Website Owners & Hidden Contact Details 127 Identifying Technologies Used in a Website 128 Discovering Subdomains 129 Extracting Information from DNS Records 130 Uncovering Websites under the Same Ownership 131 Tracking a Website's Changes and Updates 132 Advanced Website Investigation Techniques 133 Discovering Subdomains (Advanced) 134 Investigating WordPress Websites 135 Automating OSINT Investigations 136

Section 28 Advanced OSINT Techniques

Advanced Investigation Methodologies 137

Section 29 Reporting

Cleaning and Structuring Notes 138 Reviewing Collected Information & Relationships 139 Creating an OSINT Relationship Map 140 Structuring Open-Source Investigations 141 Writing a Professional OSINT Report 142 Breaking Down a Real-World OSINT Case Report 143

Section 30 Course Exam

OSINT Exam / Bonus Lecture – What's Next? 144

Find Cameras & More with GHDB

22 min Lesson 9 Search Engine OSINT – Google Search Operators

LESSON 9

Lesson 9: Find Cameras and More With GHDB

The Google Hacking Database (GHDB) is a collection of specialized Google search queries (known as "Google dorks") designed to uncover sensitive or juicy information that is publicly indexed but not intended to be easily found. These dorks combine operators we've learned in previous lessons to locate things like vulnerable servers, exposed passwords, usernames, and more.

Finding Public Webcams

One common use of GHDB is to discover publicly accessible cameras.

Steps:

Visit the Google Hacking Database site.
Search for "camera" to find relevant dorks.
Copy a dork from the results (examples are listed on the next pages of the category).
Paste it directly into Google.com and run the search.

Many results will link directly to live camera feeds. Opening them often shows real-time video without requiring any login credentials.

Important Ethical Note:
If a camera, server, or IoT device prompts for a username/password (even if using default credentials), you are not authorized to log in. Accessing protected systems without permission is illegal. However, viewing truly public feeds that require no authentication is generally permissible as they are openly exposed.

Finding Exposed Files on Android Devices

Another useful dork category targets pictures and files hosted on Android devices (often due to misconfigured web servers or shared folders).

Running one of these dorks reveals indexed directories containing:

MP4 video files (downloadable and viewable)
Images/photos
Parent directory access showing folders like books, applications, and more

Extracting Metadata from Images/Videos

Files found this way often contain valuable metadata (EXIF data) embedded in images or videos. This can reveal:

Device model (e.g., Samsung phone)
Camera model and software used
Exact creation/modification dates and times
GPS coordinates (location where the photo was taken)

How to extract EXIF data:

Copy the direct URL of an image.
Search Google for "exif tool" and open a reputable online viewer (e.g., the first result).
Paste the image URL into the tool and submit.
View the extracted metadata details.

Online EXIF tools work with images, videos, and even PDFs to reveal hidden embedded information not visible in standard viewers.