Find Information from a Phone Number Using OSINT Tools [Tutorial]

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
during an ocent investigation a subject's phone number can be the gateway to a treasure Trove of information today we'll explore a variety of different tools to extract information from a subject's phone number on this episode of cyberweapons lab [Music] [Applause] [Music] foreign posting something on Craigslist the average person might hesitate to put their phone number out there you don't know why but putting your phone number on the internet just seems wrong because you don't know what someone could really do with it today we're going to show a little bit about what someone can do if they get a hold of your number and we're going to take a phone number that we find online and run it through a couple different tools to determine what we can about the person behind it now when we're expecting to find our online accounts that have been created with that phone number email addresses names and even the carrier and sometimes we can even find other people who are searching for this phone number too because of that you might want to use Tor or a VPN before using some of these tools because they will log requests for a particular phone number so if somebody's checking this it could tip them off to the fact that you're searching for their phone number now you'll need python in order to use one of the command line tools but aside from that you'll just need to use a web browser in order to use this once you have python fully updated on your system then we can get started now to get started using phone numbers in an ocean investigation we're going to need to use a couple tools the first I want to use is phone infogo which was made by uh Sundown Dev and is a really interesting tool that parses and then extracts meaning from a lot of different types of phone numbers so this isn't just the phone number for your particular country it also works on International Date Codes as well and you can generally learn whether or not a phone number is a voice over IP number or whether it has a particular carrier and learn maybe whether that number is publicly listed as a throwaway number as well now what do I mean by that well there are a lot of numbers available where if you're signing up for a service you might just use a publicly listed number to send the verification code so you don't need to list a number that's personally associated with you now there's a lot of these numbers around and they are definitely a way that you could maybe get away with something that you're not supposed to just because you have access to a computer and then a supposedly secure phone number to verify an account that you could use to maybe do something bad now if we wanted to find out whether or not a phone number that is being used for something is from one of those maybe public repositories we can see an example here of a free mobile number and this is just some random 336 number which is from France uh and if I was in France I would be able to register all sorts of different stuff you can see we can even get voicemails so this is a way that somebody could maybe set up a scam or something like that so if we were getting some text from this number we might have no way of knowing that this was a free publicly available number that anybody could get a hold of so as just a regular person how would we get to know this well we could take this number and we could use it in phone infoga to eventually learn that this was publicly listed and not a number on a regular carrier so let's go about doing that well how do we get started if you're interested in this tool you can first check out this really interesting media and post on building this tool because if uh if you've ever been curious about how these sorts of things are made or uh if you've ever wanted to know what it's like to actually see um you know the insides of how these tools are parsed it's a really interesting read and a good idea for developers where it might be considering making something of Their Own now if you're just looking to install it you'll need to have Python 3 and also pip 3 installed and if you want to check to see if you have those you can type python3 and you should get uh this shell right here and then we'll go ahead and just quit and Ctrl L to clear the screen so next we'll need to do a git clone and we can just go ahead and copy this but it won't work for me because there's already files where I'm trying to put them but for you it should go ahead and download everything we need to run this tool so we'll CD into phone infoga and then LS and we can see everything that's inside and we can see that the installation requirements are pretty basic python3 uh attack M pip oops and install tap r requirements.txt now it'll go ahead and say that everything I have is already up to date but for you it'll probably need to install or update some libraries to make sure that info phone and Fogo will work exactly the way it's supposed to now once these finish updating as you can see mine should already be done we can also go ahead and create a configuration file but I've already done that so I'm going to skip it and instead go to the part where we're going to show that we have it successfully installed by requesting the version number and when we run it we should see a little ASCII art and then just yep uh that we have version 1.0.2 great so now we can actually make a request so when we want to verify our previous oops uh when we want to verify our previous phone number that we mentioned we can type first talk H to show a list of all the various commands that we can run so we can see if we want to input a number it's Talk N so we'll add Tac n and then we can copy and paste this uh obviously very sketchy number in here and see what kind of result we get foreign we can also type osent which we will do here but a fair warning this can take some time so let's go ahead and run it and see what we get [Music] so we'll go ahead and press n for using an additional format now after some of the results come in I can expand this and see a little bit more information here we can see that it's based in France uh it is on this particular carrier and it also is possibly a voice over IP number which is an indicator it could be used for something sketchy but in this case we also already have a lot of hits on free smscode.com so we know that it's probably a free SMS number and not a number we should put very much stock in when it comes to maybe actually representing a real person instead this is the number that could be used by pretty much anyone to register anything so we definitely wouldn't want to trust someone who's representing this as their real number now I'm going to go ahead and let this search in the background because this tool can take quite some time if you have a slow internet connection but I want to show you an interesting way of just using a web browser to get a lot of the same results and maybe verify a claim that you find online now in Firefox I'm going to go ahead and go to a random classified ad that I found and look for something that we can attempt to verify using ocean information now I'm going to go ahead and look at for sale um let's see wanted there we go so uh we have someone who's claiming to be a licensed professional so wanted uh highest cash paid for junk or good cars licensed professional and then a phone number so this is a business I don't feel so bad for actually looking them up can we verify that this phone number belongs to an actual licensed professional as this person says or could this be a sketchy free SMS code number and this is actually some sort of scam well before we sell our precious junk car let's make sure to do our due diligence and one of the best ways of doing this is to go to a website operated by Mike bazel so uh inteltechnics.com is a fantastic website for learning everything there is about oscent and Mike's techniques are amazing all of them are really interesting and cool and today we're going to use one of his tools which if you go on his main website we'll start here uh click on tools and that's inteltechnics.com uh and then go to the telephone number and telephone Search tool now we're going to go ahead and type in the number I'll just put it up here so I can see it that we found that we're attempting to verify and that's going to be yes so one of the things that Mike has done is make it so it's really easy to Surf through all of the various resources he's found to basically get a result so we'll populate all of these and when we scroll down we can see that when we hit submit all we're hitting all these public databases at the same time now many of these have uh paid offerings and pretty much all of them will get you to try to pay but the majority of them will offer partial information scrape from various databases that will allow you to learn more about the person behind this and hopefully verify this claim of being a licensed professional so let's go ahead and click submit all and a whole bunch of windows will open now again what Mike has done here is take all these databases and automate our ability to search through them really quickly so already we can see that this links back to someone named Paul and that uh we have a address already so that's great uh and we can verify now maybe we could go back and identify whether or not a business was registered at this or a home address although I suspect this would probably be a home address so one thing you'll notice is a lot of these actually won't find anything and a lot of these will also detect that it's an automated uh you can see it's asking me to prove I'm not a robot and I generally I can see behind it that it doesn't have that much information for me so I'm already I'm I don't have anything to prove to this one I don't think oh no there we go so we now we get a name um and if we exit out of this one we get a couple that just straight up don't work uh here we can see that this is a mobile number we can see that it's a sprint number um and that gives us a little bit more information about kind of what's going on and then we see this so we see the person's age group we see the length so that they've lived there the household size it's trying to give us their IP address and then this even has some sort of insane score about their wealth and their shopping score how much they travel occupation Blue Collar man like what does that even mean but either way aside from also an insane estimation of their net worth we've really learned a lot more information about this person than we thought but are they a licensed professional we still don't know so let's continue to dig a little bit deeper so we have no results in this particular database uh and then we have a lot of information about uh just relatives and stuff like that again not particularly helpful uh we have a confirmation that this is a Sprint mobile number which um again not super super helpful but that's okay uh so we'll go ahead and keep searching and again what I'm looking for is some sort of verification that this is in fact a licensed professional and this is not somebody who's just kind of jerking us around so let's continue to search see if we've got anything here and this search engine particular is extra creepy and whoa all right we have like a full readout uh oh and a photo I didn't need that I want a username oh I didn't need that at all associated with we have his whole family okay so this is um why sometimes on the internet you shouldn't just give out your phone number um we have a personal Facebook and a bunch of other information I'm sure we'll blur out so uh great all right we know that this is uh and we can see that he's also a salesperson so that's that's great we can leave we're starting to go closer to our conclusion um but for the love of God can we just find out if this person is a licensed professional or not I don't need to know what his Facebook is so of course if we were a hacker or someone else we've already managed to find enough information to really track this guy down especially the we found a screen name and that would be instrumental in finding email addresses but this this is what I was looking for here we can see his business is listed as an LLC and in fact it also includes his last name so that leads me to think that perhaps this is actually a licensed professional now the way we would do this is to cross-reference us with publicly available data so I'm going to go to my third favorite website which of course is the Pennsylvania Secretary of State business search so I will go ahead and go to let me see if I have it sure I have this in my bookmarks alright so let's go ahead and type in the business name that we found run a quick search and here we can see that we have a current Transportation entity that is a active status limited liability company so as an LLC so we have in fact proved that this random phone number on the internet does in fact belong to a licensed professional now this is pretty much going out of her way to prove a point but there is a lot we can do by cross-referencing information we find associated with a phone number with other publicly searchable databases like for example the Pennsylvania Secretary of State business license so if you have access to all this information and you can start with maybe a name or an address or other things you can put into these databases you can begin to build a picture of a Target and either figure out if they are a legitimate person to do business with or if they might be a scammer who's using a public phone number to get around verification and just create a bunch of spam accounts now one last tip before we finish up there are a couple downsides to using the first tool because if I go back to the tool as you can see here we can sometimes accidentally get blacklisted from Google Search now this is really annoying but the way to get around it is fairly simple and I want to show you so that if it happens to you and you get stuck you can also go ahead and fix it so if you open this link then it will give you a capture to fill out and once you successfully complete it you should get a special cookie now I've already completed the capsha and if you press alt f 12 ALT F12 yep and then go to storage you should be able to scroll through the cookies that have been received and you're looking for one that's titled Google abuse exemption that means you're exempt from this ban so we're going to go ahead and copy the value of this cookie like this and paste it into the script like that and that will get you unbanned from Google so that you can continue to do your scans now I'm not going to continue doing this one because it does take quite some time but as you can see we got some great results on this and provided we can continue to get extensions we can continue to scan and get more information about this phone number [Music] during an ocent investigation our goal is to take small pieces of data and begin stringing them together into a larger picture starting with a phone number we can use the sources we've defined to start building up that picture into online accounts or even complaints against a phone number that might be listing an apartment that seems too good to be true obviously these techniques aren't just useful for hackers or researchers they're also useful for regular people who might want to check out a phone number behind an account or a posting that seems too good to be true that's all we have for this episode of cyber weapons lab if you have any questions you can check out the novite article Linked In the description and if you have any ideas for future episodes you can send me a message on Twitter because I'd love to hear from you we'll see you next time
Info
Channel: Null Byte
Views: 4,389,662
Rating: undefined out of 5
Keywords: wht, wonderhowto, nullbyte, null byte, hack, hacking, hacker, hacks, hackers, how to hack, howto, how to, tutorial, guide, cyber weapon, cyber weapons, cyber, OSINT, OSINT Investigations, Open Source Intelligence, Phone numbers, Phone #, PhoneInfoga, IntelTechniques, Kali Linux, People Searches, Michael Bazzell, Sundowndev, phone number, number, people search, phone search, reverse phone, reverse phone lookup, phone lookup, lookup, white pages, phone directory, voip, mobile, landline
Id: WW6myutKBYk
Channel Id: undefined
Length: 16min 59sec (1019 seconds)
Published: Fri May 31 2019
Related Videos
Track & Connect to Smartphones with a Beacon Swarm [Tutorial]
Null Byte
1M
how Hackers Remotely Control Any phone!? check if your phone is already hacked now!
Loi Liang Yang
1M
Backup et Paramétrage DEM 11
IT World
221
The Creepiest OSINT Tool to Date
The Cyber Mentor
412K
OSINT tools to track you down. You cannot hide.
David Bombal
528K
Hack With SMS | SMS Spoofing like Mr. Robot!
zSecurity
245K
find social media accounts with Sherlock (in 5 MIN)
NetworkChuck
2.8M
Flipper Zero: Hottest Hacking Device for 2023?
David Bombal
5.7M
Track Phone & Computers on The Internet 🌎
zSecurity
979K
Linux for Ethical Hackers (Kali Linux Tutorial)
freeCodeCamp.org
4.9M
Best WiFi Hacking Adapters in 2021 (Kali Linux / Parrot OS)
David Bombal
479K
Catch Catfish on the Internet with Grabify Tracking Links [Tutorial]
Null Byte
618K
Radio Hacking: Cars, Hardware, and more! - Samy Kamkar - AppSec California 2016
OWASP Foundation
1.5M
Instagram OSiNT
NetworkChuck
1.2M
Track the Location of Anyone On the Internet!
Tech Raj
1.3M
How To Disappear Completely and Never Be Found
Sumsub
2.8M
How to HACK Website Login Pages | Brute Forcing with Hydra
CertBros
222K
How to Stalk People Effectively and Legally Through OSINT
Sumsub
255K
Tor vs VPN | What's the Difference? (and which should you use?)
All Things Secured
521K
Brute force WiFi WPA2
David Bombal
694K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.