Phone numbers often contain clues to the owner's
identity and can bring up a lot of data during an OSINT investigation.
Starting with a phone number, we can search through a large number of
online databases with only a few clicks to discover information about a
phone number. It can include the carrier, the owner's name and address,
and even connected online accounts.
While
a phone number may not seem like much information to give out, an OSINT
researcher can quickly discover information that ties a phone number to
a variety of other clues. The data can be used to detect whether a
phone number is a throwaway VoIP number used to hide the owner's
identity or a cell phone belonging to a real person. In the event of
buying something online or replying to an apartment ad, this information
is incredibly useful to know.
For a hacker, the ability to turn a
phone number into multiple connected online accounts, email addresses,
or screen names makes it a perfect starting point for bigger things to
come. A quick scan to discover the carrier of a phone number can provide
everything a hacker needs for a well-crafted phishing email pretending
to be from the victim's carrier. Once a hacker can identify other
details about the target that may be attached to the phone number, it's
easy to identify the weakest link and attack the target using whatever
information that's dug up. Editor's note: The OSINT Tools by Mike Bazzel featured in this article was taken down
from his website due to increased DDoS-style attacks, as well as DMCAs
and cease-and-desists from some of the tools included. Phoneinfoga will
still work in this guide, but for the others, you can try using each
company's individual tool instead. You can see how it used to work,
however, in the video and text below.
OSINT Tools for Phone Numbers
For
quickly searching through phone numbers, we can use both command-line
and browser-based tools. Command line tools give the advantage of simple
operation and greater customization but require you to have Python
installed and updated. Today, we'll be using a tool called Phoneinfoga to quickly determine if the number is associated with a disposable phone number.
One of the best resources for OSINT is Mike Bazzel's IntelTechniques
website, which we'll also be focusing on here. This website contains
several custom tools that Bazzel had organized to be useful for
researchers. Many of these tools are already in Buscador OS, a virtual machine that can be run to provide an operating system geared towards OSINT investigations.
The Scenario
As
an example, we'll take a sample business listing from a classified ad.
How would we verify this? If the ad claims to be from a licensed
professional, could we track down a license attached to the phone
number? A simple reverse phone number lookup may find something, but to
see the real data, you have to dig deeper and utilize more than just one
reverse number lookup tool.
Step 1Install Phoneinfoga
To
supplement the information you find online later, you can use a Python
tool called Phoneinfoga, which allows you to search for details about
phone numbers from the command line. To use Phoneinfoga, open a terminal
window and enter the following four commands one by one or at the same
time.
~$ git clone https://github.com/sundowndev/PhoneInfoga
~$ cd PhoneInfoga/
~/PhoneInfoga$ python3 -m pip install -r requirements.txt
~/PhoneInfoga$ cp config.example.py config.py
Cloning into 'PhoneInfoga'...
remote: Enumerating objects: 85, done.
remote: Counting objects: 100% (85/85), done.
remote: Compressing objects: 100% (79/79), done.
remote: Total 886 (delta 43), reused 12 (delta 6), pack-reused 801
Receiving objects: 100% (886/886), 247.47 KiB | 550.00 KiB/s, done.
Resolving deltas: 100% (461/461), done.
Requirement already satisfied: requests==2.21.0 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 1)) (2.21.0)
Collecting bs4==0.0.1 (from -r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/10/ed/7e8b97591f6f456174139ec089c769f89a94a1a4025fe967691de971f314/bs4-0.0.1.tar.gz
Requirement already satisfied: html5lib==1.0.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 3)) (1.0.1)
Collecting phonenumbers==8.10.2 (from -r requirements.txt (line 4))
Downloading https://files.pythonhosted.org/packages/d9/62/a176cfaf6edb90b68ae3426cf4fb8fd98189df550e2143cafc66bb2c1b82/phonenumbers-8.10.2-py2.py3-none-any.whl (3.2MB)
100% |████████████████████████████████| 3.2MB 381kB/s
Collecting argparse==1.2.1 (from -r requirements.txt (line 5))
Downloading https://files.pythonhosted.org/packages/6f/ad/86448942ad49c5fe05bfdf7ebc874807f521dfcca5ee543afaca2974ad5a/argparse-1.2.1.tar.gz (69kB)
100% |████████████████████████████████| 71kB 5.8MB/s
Collecting urllib3==1.24.2 (from -r requirements.txt (line 6))
Downloading https://files.pythonhosted.org/packages/df/1c/59cca3abf96f991f2ec3131a4ffe72ae3d9ea1f5894abe8a9c5e3c77cfee/urllib3-1.24.2-py2.py3-none-any.whl (131kB)
100% |████████████████████████████████| 133kB 7.4MB/s
Collecting colorama==0.4.1 (from -r requirements.txt (line 7))
Downloading https://files.pythonhosted.org/packages/4f/a6/728666f39bfff1719fc94c481890b2106837da9318031f71a8424b662e12/colorama-0.4.1-py2.py3-none-any.whl
Requirement already satisfied: beautifulsoup4 in /usr/lib/python3/dist-packages (from bs4==0.0.1->-r requirements.txt (line 2)) (4.7.1)
Building wheels for collected packages: bs4, argparse
Running setup.py bdist_wheel for bs4 ... done
Stored in directory: /root/.cache/pip/wheels/a0/b0/b2/4f80b9456b87abedbc0bf2d52235414c3467d8889be38dd472
Running setup.py bdist_wheel for argparse ... done
Stored in directory: /root/.cache/pip/wheels/30/35/38/aa7be52cca01ed539bd6f3789edb8489691cc7d9a010cbc982
Successfully built bs4 argparse
Installing collected packages: bs4, phonenumbers, argparse, urllib3, colorama
Found existing installation: urllib3 1.24.1
Not uninstalling urllib3 at /usr/lib/python3/dist-packages, outside environment /usr
Can't uninstall 'urllib3'. No files were found to uninstall.
Found existing installation: colorama 0.3.7
Not uninstalling colorama at /usr/lib/python3/dist-packages, outside environment /usr
Can't uninstall 'colorama'. No files were found to uninstall.
Successfully installed argparse-1.2.1 bs4-0.0.1 colorama-0.4.1 phonenumbers-8.10.2 urllib3-1.24.2
Next, you can run the program with the options displayed in the help file.
~/PhoneInfoga$ python3 phoneinfoga.py -h
usage: phoneinfoga.py -n <number> [options]
Advanced information gathering tool for phone numbers
(https://github.com/sundowndev/PhoneInfoga) version v1.6.4
optional arguments:
-h, --help show this help message and exit
-n number, --number number
The phone number to scan (E164 or international
format)
-i input_file, --input input_file
Phone number list to scan (one per line)
-o output_file, --output output_file
Output to save scan results
-s scanner, --scanner scanner
The scanner to use
--recon Launch custom format reconnaissance
--no-ansi Disable colored output
-v, --version Show tool version
Step 2Search a Phone Number with Phoneinfoga
To search for a phone number, we just need to add the -n flag and then whatever number we want to search for. If you use the --recon argument, it will perform an advanced search.
Would you like to use an additional format for this number ? (y/N) n
[i] ---- Web pages footprints ----
[i] Searching for footprints on web pages... (limit=10)
[+] Result found: https://www.reverse-lookup.co/717-███-9539
[+] Result found: https://www.revealname.com/717-███-9539
[+] Result found: https://who-called.biz/state/pennsylvania/phones/1717███0000
[+] Result found: http://v-postal-cn.com/phones/note_17172780000_1717███9999_all2.htm
[+] Result found: http://www.jihaoba.com/haoduan/xiaogan/1717███.htm
[+] Result found: http://sm.cidu.net/gujialogall.asp?hm=1717███
[+] Result found: https://review-call.com/1717███0000
[+] Result found: https://number-review.com/1717███0000
[+] Result found: https://fast-scan.com/1717███0000
[i] Searching for documents... (limit=10)
[i] ---- Reputation footprints ----
[i] Searching for reputation report on whosenumber.info...
[i] Searching for phone fraud footprints...
[i] Searching for reputation report on findwhocallsme.com...
[i] Searching for reputation report on yellowpages.ca...
[i] Searching for reputation report on phonenumbers.ie...
[i] Searching for reputation report on who-calledme.com...
[i] Searching for reputation report on usphonesearch.net...
[i] Searching for reputation report on whocalled.us...
[i] Searching for reputation report on quinumero.info...
[i] Searching for reputation report on uk.popularphotolook.com...
[i] Generating URL on scamcallfighters.com...
[+] http://www.scamcallfighters.com/search-phone-1717███9539.html
Would you like to search for temporary number providers footprints ? (Y/n) n
[i] ---- Social media footprints ----
[i] Searching for footprints on facebook.com...
[i] Searching for footprints on twitter.com...
[i] Searching for footprints on linkedin.com...
[i] Searching for footprints on instagram.com...
[i] ---- Phone books footprints ----
[i] Generating URL on True People...
[+] https://www.truepeoplesearch.com/results?phoneno=+1717-███-9539
[i] Searching for footprints on numinfo.net...
[i] Searching for footprints on sync.me...
[i] Searching for footprints on whocallsyou.de...
[i] Searching for footprints on pastebin.com...
[i] Searching for footprints on whycall.me...
[i] Searching for footprints on locatefamily.com...
[i] Searching for footprints on spytox.com...
Would you like to rerun OSINT scan ? (e.g to use a different format) (y/N) n
[i] Scan finished.
Sometimes, this tool can get you temporarily blacklisted from Google searches because of the way it's programmed. It's annoying but easily resolved with a Google abuse exemption, detailed at the end of the video above.
As
you can see above, there are lots of links to dive into, and right away
the name and business associated with the phone number are available in
the output.
Step 3Access the IntelTechniques OSINT Portal
Now,
let's concentrate on the web tools that are free on Bazzel's website
since they're a little bit easier to work with than with the command
line tool above. To follow along, you can go to inteltechniques.com/menu.html, then click on the "Telephone Number" tab.
A
submenu appears when you click on "Telephone Number," and you'll need
to select the "Telephone Search Tool" to bring up the page that will
allow us to search many tools at once.
As you can see, it's a
healthy mix of people-searching tools, phonebook directories, scam
reporting websites, and social media connections. These are free, public
resources combined into one easy-to-use search tool, allowing anyone
with a browser and internet connection to begin researching who is on
the other end of a phone number.
We
can input a number into each tool one by one, but the easiest way is to
enter the number into the field at the top, and click "Populate All."
In
the search tool, enter the number into the field next to the "Populate
All" button, then click the button to auto-populate the number into the
rest of the fields. Next, select "Submit All" under the list of services
to run all searches on the phone number. All of the services will open
up in different tabs or pop-ups with the search already submitted (you
may need to allow pop-ups in your browser).
Step 5Search Results for Clues & Patterns
Now,
check out some of the resources loaded from the search. Here, some of
the people searching services have turned our phone number into a name.
Along
with the person's name is a startling amount of information, the most
important of which is a location and address for us to tie together
further details. We found a lot of results with the name, making a
pretty strong likelihood that this is the person behind our ad. So how
would we prove they are a licensed professional?
Step 6Locate Information That Can Be Verified
On
another search site result, we can see the name of a business
associated with the phone number, which is what we're looking for! If we
can tie the name of a company and the name we've found associated with
the number, we can look up a source we trust, like a state listing of
active businesses, to determine whether this is a real business. Here,
we have a name, address, and business name; everything we need to verify
whether a business exists.
Step 7Verify with Primary Source Data
To
check out the information we found, we should look for some primary
source information that backs up our discovery. In our case, the best
database to search is the Department of State business database for the
state we discovered the business in. Here, we were able to pull a valid
business listing, one which matches the address we previously found. It
appears the person behind the online advertisement is honest — they are a
licensed professional after all.
Phone Numbers Can Tie Everything Together
As
a starting point, a phone number can provide everything you need to
locate information about a target. With tools like Phoneinfoga, you can
quickly discover whether a phone number is a throwaway or a legitimate
number. If the number is real, the IntelTecniques website tools can
piece together clues to build a picture of the person behind the phone
number, sometimes quite literally.
With
the right tools, a single phone number can lead you from clue to clue,
piecing together everything you need to learn about a target.
I
hope you enjoyed this guide to using phone numbers in an OSINT
investigation! If you have any questions about this tutorial on phone
number recon, or if you have a comment, ask below or feel free to reach
me on Twitter @KodyKinzie.
Difference Between POP3 and IMAP POP3 and IMAP are the protocols that are used to retrieve mail from the mailbox at the mail server to the recipient’s computer. Both are message accessing agents (MAA). The two protocols POP3 and IMAP are used when both the sender and recipient of mail are connected to the mail server by WAN or LAN . SMTP protocol transfers the mail from client’s computer to the mail server and from one mail server to another mail server.POP3 has a limited functionality whereas, the IMAP has extra features over POP3. The basic difference between POP3 and IMAP is that using POP3 ; the user has to download the email before checking its content whereas, the user can partially check the content of mail before downloading it, using IMAP . Let us check out some more differences between POP and IMAP with the help of comparison chart. Content: POP3 Vs IMAP Comparison Chart Definition Key Differences Conclusion Comparison Chart Basis for Comparison POP...
How to use hping3 in kali Linux (Performing dos attack) What is hping3 hping3 is a network tool able to send custom TCP/IP packets and to dis‐ play target replies like ping program does with ICMP replies. hping3 handle fragmentation, arbitrary packets body and size and can be used in order to transfer files encapsulated under supported protocols. Hping3 is extremely powerful you can do following things with hping3 Test firewall rules Advanced port scanning Test net performance using different protocols, packet size, TOS (type of service) and fragmentation. Path MTU discovery Transferring files between even really fascist firewall rules. Traceroute-like under different protocols. Firewalk-like usage. What is dos Attack Dos stands for denial of service. Dos attack shuts down Webservers/systems and completely makes them inaccessible to users. Dos attack floods target network with excess ...
Comments
Post a Comment