Bayu_Ajie knowledge is free you can learn anything

OSINT tips and trick technique hunt your target

Don't use this technique to spread disgrace or po*n videos and other bad things


This article is made in 2 language. Indonesian and English

English version : 
Hello welcome back with me Bayu Aji this time I will share about OSINT techniques and tips and tricks. This article is a request from Seccodeid channel subscribers, thank you for giving you an idea, if you want to request what to discuss join us you can join the Seccodeid Channel, this channel contains about events, quiz and discuss about IT here is a link
Telegram : https://t.me/seccodeid 
Okok, talking about OSINT there are actually positive and negative impacts to that I don't teach you how to divulge disgrace, identity of a person in public. Lets do it Will you be taught how to avoid OSINT attacks? What to prepare for? Okok I will discuss one by one, so read carefully yes
# Prepare Tools 
You can prepare some tools, techniques or methods that will be used including:
1. Sherlock 
2. Metedata remover 
3. Exif tools 
4. OSINT framework 
5. Dorking 
6. Metasploit 
7. Privacy badger extension 
8. Social engineering 
Of the few I've mentioned, it's like this. Actually there is more but here will not discuss in depth or can be said fundamentals first. Okok after you prepare the tools and techniques. Now it's time to discuss how to implement the material. Check this out

# OSINT Implementation
How do we stalk someone who is deep enough? Can we find out about someone in detail and in full? Yes it can, it all comes back to yourself how you attack, the datasets you collect such as photos, names, schools, hobys, social media and others then you can analyze the data such as dorking, stalking social media and other things, after that you can create a report or report and reanalyze it. Okok time I'll discuss his technique. The thing I will do will probably be sensitive for it here the target is myself so that no one is harmed and blamed.


1. Hunting username  

Executing sherlock -h

usage: sherlock [-h] [--version] [--verbose] [--folderoutput FOLDEROUTPUT]

                [--output OUTPUT] [--tor] [--unique-tor] [--csv]

                [--site SITE_NAME] [--proxy PROXY_URL] [--json JSON_FILE]

                [--timeout TIMEOUT] [--print-all] [--print-found] [--no-color]

                [--browse] [--local]

                USERNAMES [USERNAMES ...]

Okok here I will use the first 2 methods using sherlcok and dorking tools. If you use sherlock you can install first you can install via the link below 
Link: https://sherlock-project.github.io/ 
After you install and the next configuration is the use of these tools. Here's how to use Sherlock. 

Sherlock: Find Usernames Across Social Networks (Version 0.14.0)

positional arguments:
  USERNAMES             One or more usernames to check with social networks.

optional arguments:
  -h, --help            show this help message and exit
  --version             Display version information and dependencies.
  --verbose, -v, -d, --debug
                        Display extra debugging information and metrics.
                        If using multiple usernames, the output of the results
                        will be saved to this folder.
  --output OUTPUT, -o OUTPUT
                        If using single username, the output of the result
                        will be saved to this file.
  --tor, -t             Make requests over Tor; increases runtime; requires
                        Tor to be installed and in system path.
  --unique-tor, -u      Make requests over Tor with new Tor circuit after each
                        request; increases runtime; requires Tor to be
                        installed and in system path.
  --csv                 Create Comma-Separated Values (CSV) File.
  --site SITE_NAME      Limit analysis to just the listed sites. Add multiple
                        options to specify more than one site.
  --proxy PROXY_URL, -p PROXY_URL
                        Make requests over a proxy. e.g.
  --json JSON_FILE, -j JSON_FILE
                        Load data from a JSON file or an online, valid, JSON
  --timeout TIMEOUT     Time (in seconds) to wait for response to requests.
                        Default timeout is infinity. A longer timeout will be
                        more likely to get results from slow sites. On the
                        other hand, this may cause a long delay to gather all
  --print-all           Output sites where the username was not found.
  --print-found         Output sites where the username was found.
  --no-color            Don't color terminal output
  --browse, -b          Browse to all results on default browser.
  --local, -l           Force the use of the local data.json file.


- Start hunt your target


sherlock target

sherlock your target     


- Start analyzing  

How do we analyze? Once you've done a sherlock command you can wait for that process to finish. If it is finished next you analyze the report tools for example checking one by one from the results of the report. Here's an example

 In the sherlock tool there is an import feature.csv but I prefer to use.txt for that you can save the results of the report then you can combine it with linux command examples.

grep Telegram report.txt 

grep your content file or path 


Result : 

└──╼ $grep Telegram report.txt
[+] Telegram: https://t.me/WahyuBayuAji
└──╼ $grep Linkedin report.txt

- Dorking method 

Sherlock can search for anything like usernames, social media accounts and sites. If the results of sherlock are not right, you can use this technique dorking technique very freely you can search for anything with this technique. Here's the dorking order.

1. intitle:

Search for specific titles

2. inurl:

Search for specific urls or paths

3. intext:

Search for specific words or contects

4. filetype:

Search for files

5. site:

Website or target specifically



1. filetype:log username putty

2. filetype:xls inurl:"email.xls"

3. intitle:"webcamXP 5"

4. inurl:zoom.us/j and intext:scheduled for

5. "index of" "database.sql.zip"

6. intitle:"Index of" wp-admin


Result : 

inurl:"admin" site:.edu

Here is an example of dorking, you can find anything specific by dorking. You can develop your dork into a powerful dork


- OSINT framewok tools 

If your search results are lacking. Maybe you can use the OSINT FRAMEWORK tool is powerful enough to find the target details, the following are the tools collected by the OSINT FRAMEWORK


1. Username

2. Email addres

3. Domain name

4. Ip address

5. Fille reverse

6. Social network

7. Instant messaging

8. People search engine

9. Telephone number  

- Hunt with social searcher

- Hunt with yandex reverse image 

- Hunt with pddikti 

You just need a full name and a university. Then the search results will bring up in the form of majors, university origin, semesters, study programs and others. This method is very sensifitf so I only display the front page only
- Hunt with social media apps 
In this case you can search for content or posts on social media. Yep Facebook is the largest social media most likely you can search for something specific such as photos, account name posts and events

You can also search more specifically from the date, location of recent posts and friend posts from friends or anything else.


- Hunt with Instagram location search 

In this case you can use the tools of bellingcat instagram location search. You can install the following tools are links 


Link: https://github.com/bellingcat/instagram-location-search 


Tools work by taking sessions from the browser will then capture in the form of lat, ing and destination location

- Hunt with EXIF tools

In this case you can read the metadata on a file to see what is in the file. If you're lucky to get geolocation on the file. This method is very effective to use moreover files that are fresh or original from direct sources you can use exif tools offline or online.

exif tool online jimplexif

exif tool online pic2map   

exif tool cli  

You can use exif or exiftool cli. You can download the exif tool with the following link


Tautan : https://www.exiftool.org/ 


ExifTool Command-Line Examples

0) Extract information from a file

    exiftool a.jpg

    A basic command to extract all metadata from a file named a.jpg.

1) Basic write example

    exiftool -artist=me a.jpg

    Writes Artist tag to a.jpg. Since no group is specified, EXIF:Artist will be written and all other existing Artist tags will be updated with the new value ("me").

2) Write multiple files

    exiftool -artist=me a.jpg b.jpg c.jpg

    Writes Artist tag to three image files.

3) Write to all files in a directory

    exiftool -artist=me c:/images

    Writes Artist tag to all files in directory c:/images.

4) Write multiple tags

    exiftool -artist="Phil Harvey" -copyright="2011 Phil Harvey" a.jpg

    Writes two tags to a.jpg.

5) Extracting duplicate tags

    exiftool -a -u -g1 a.jpg

    Print all meta information in an image, including duplicate and unknown tags, sorted by group (for family 1).

6) undefined

    exiftool -common dir

    Print common meta information for all images in dir.

7) undefined

    exiftool -T -createdate -aperture -shutterspeed -iso DIR > out.txt

    List meta information in tab-delimited column form for all images in directory DIR to an output text file named "out.txt".

8) undefined

    exiftool -s -ImageSize -ExposureTime b.jpg

    Print ImageSize and ExposureTime tag names and values.

9) undefined

    exiftool -l -canon c.jpg d.jpg

    Print standard Canon information from two image files.

10) undefined

    exiftool -r -w .txt -common pictures

    Recursively extract common meta information from files in C directory, writing text output into files with the same names but with a C<.txt> extension.

11) undefined

    exiftool -b -ThumbnailImage image.jpg > thumbnail.jpg

    Save thumbnail image from C to a file called C.

12) undefined

    exiftool -b -JpgFromRaw -w _JFR.JPG -ext CRW -r .

    Recursively extract JPG image from all Canon CRW files in the current directory, adding C<_JFR.JPG> for the name of the output JPG files.

13) undefined

    exiftool -d "%r %a, %B %e, %Y" -DateTimeOriginal -S -s *.jpg

    Print formatted date/time for all JPG files in the current directory.

14) undefined

    exiftool -IFD1:XResolution -IFD1:YResolution image.jpg

    Extract image resolution from EXIF IFD1 information (thumbnail image IFD).

15) undefined

    exiftool "-*resolution*" image.jpg

    Extract all tags with names containing the word "Resolution" from an image.

16) undefined

    exiftool -xmp:author:all -a image.jpg

    Extract all author-related XMP information from an image.

17) undefined

    exiftool -xmp -b a.jpg > out.xmp

    Extract complete XMP data record intact from a.jpg and write it to out.xmp using the special XMP tag (see the Extra Tags).

18) undefined

    exiftool -p "$filename has date $dateTimeOriginal" -q -f dir

    Print one line of output containing the file name and DateTimeOriginal for each image in directory dir.

20) undefined

    exiftool -ee -p "$gpslatitude, $gpslongitude, $gpstimestamp" a.m2ts

    Extract all GPS positions from an AVCHD video.

22) undefined

    exiftool -icc_profile -b -w icc image.jpg

    Save complete ICC_Profile from an image to an output file with the same name and an extension of C<.icc>.

23) undefined

    exiftool -htmldump -w tmp/%f_%e.html t/images

    Generate HTML pages from a hex dump of EXIF information in all images from the C directory. The output HTML files are written to the C directory (which is created if it didn't exist), with names of the form "FILENAME_EXT.html".


This method is a way of recommendation, you can collaborate with social engineering techniques to be more powerful

- Hunt with mestaspolit   

Metasploit, this tool has a lot of uses for web testing, social engineering, and virtual machine trials. This tool can also be used for dorking such as dorking camera using shodan and others. This method is quite difficult to do because the operating system and software today have been updated. Payload metasploit will be easily detected by antivirus and this technique is not easy you have to be able to social engineering to trap targets in our network and payload will be executed. To do this you need one network with the target. If you succeed one network with the next target you create a payload you are required to be able to inhabit a metasploit meterpreter to expand each command line What can metasploit do?


1. Know the system used

2. Approve all files

3. View browsing history, sms, phone and more

4. Spy camera

5. Spy mic audio

6. Copy the file

7. Access rights to the system


- Hunt with Geo OSINT 


Okok in the next point is geo OSINT. In this case you can find the location of an image or a video. You can analyze the place and try to find where the position of the image is. Geolocation serving can be used in many ways. It is used by governments and police for safety purposes, such as unmanned flying boats or ankle bracelets, which has some unsettling effects when we think about the fact that there is no reliable form of data collection. Use geolocation to track altitude changes, view position history, find nearby stores, tag social media photos, check in to locations, get local weather, etc. You can learn geo OSINT with GeoGuessr    


Tautan : https://www.geoguessr.com/ 


There are various tools that you can use including:







- Hunt with social engineering  

At the last point is social engineering. You can collect your dataset with this method, social engineering techniques that are difficult and challenging to do not just anyone can master this technique. I think this technique is difficult to do, unless your target is weak and lack of literacy may be very young, but imagine if your target is a person who knows the ins and outs and high litration this is very difficult. So what can social engineering do?    


1. Know the full name of the target 

2. Know the target details 


Can we be immune from social engineering? Hmmm I don't think so, it could be at any time me or you can be hit by this attack, social engineering can attack at any time and do not know who you are (indiscriminate). This technique could be used by hackers for personal gain, ordinary pleasure or threatening someone, each hacker must have a certain purpose, for that we as users (users) must be careful and always vigilant.


# OSINT report 

Once you collect data, analyze it is time for you to create a report. You can create osint reports from what you find, here is a simple OSINT report template


1. Name 

2. Photo 

3. Location 

4. Date born 

5. Social media :

- Facebook

- Instagram 

- Linkedin 

- Telegram 

6. School

7. Last location 

8. Close friend 



# How to minimize OSINT attacks? 

After learning various OSINT techniques it's time to discuss how to minimize OSINT attacks. Surely you don't want to be on OSINT, do you? Doxing? Well for that you can do this way


- Reduce the perpetuation of personal information to the public 

You can reduce things that smell of personal information to the public such as your resume, where you play, your preferences and transaction history that complains about account numbers and others. You simply reduce something like this basically what you uplaod on the internet will become public property anyone can see, claim, use and so on. And the digital footprint is very hard to lose for that you are careful and always vigilant. 


- Never trust with people 

Reduce your trust in strangers or new people. You don't have to instill 100% trust in strangers, if you want to entrust someone it would be nice for that person to be your relative, your parents and your true friend and don't send anything personal to a stranger.  


- Deleting your metadata file  

Okok the last way. Always delete your file metada this is aimed at keeping your identity against others (strangers) As I explained above someone can track and know you through a metadata on the file suati for that you can use online tools or offline tools to remove your metada. Here are the tools


1. https://jimpl.com/ (online tools)

2. exif tool untuk mengedit metadata Anda  (offline tools recomend)
- Don't make trouble 
If you don't want to be on OSINT or Doxing just reduce the troublemakers or stupid things you do. Because this way can provoke someone's emotions and track you already many cases like this happen the social media for it always take care of each of you

Keyword search : 

  • OSINT technique
  • Learn OSINT  

Bayu_Ajie  knowledge is free you can learn anything