Conducting OSINT on Social Media Accounts

In today’s digital age, social media platforms have become a primary source of information for people. Individuals and organizations alike use social media to share their thoughts, ideas, and experiences. This makes social media a valuable source for open-source intelligence (OSINT) gathering. I hope you enjoy this tutorial!

OSINT is a valuable tool for many organizations and individuals, from law enforcement agencies to journalists and researchers, and in this case pentesting! By gathering information from publicly available sources, OSINT can provide valuable insights into a variety of subjects. In this article, we will discuss how to conduct OSINT on social media accounts.

1. Identify the target social media account

The first step in conducting OSINT on social media accounts is to identify the target account. This can be done by using search engines or social media platforms’ internal search features. Start with basic information such as the person’s name, username, email address, or phone number to find the social media accounts they use. This will help you gather all the relevant information about the person or entity you are researching.

2. Understand the Platform

Each social media platform has its unique features and limitations. For example, Twitter has a character limit for tweets, whereas Instagram is a photo-sharing platform. Knowing the limitations and features of each platform will help you to identify what kind of information can be gathered.

3. Collect Basic Information

Once you have identified the social media accounts, you need to gather the basic information, such as the person’s full name, location, and employment details. You can also search for any other publicly available information such as their contact details or personal website.

4. Analyze Social Media History

After collecting the basic information, start analyzing their social media activity. Look for patterns, such as posting times and topics, and try to determine their interests and behavior. This information can be useful for building a profile of the person or entity.

5. Look For Connections

Social media platforms are an excellent source for finding connections between people and organizations. You can use social media to identify friends, family members, colleagues, and other connections. This can provide valuable information on the person’s affiliations, interests, and relationships.

6. Follow The Breadcrumbs

Following the breadcrumbs means looking for any links or references that the person has shared on their social media accounts. For example, they may have shared an article or linked to a website. This can help you to identify the person’s interests and affiliations.

7. Using OSINT Tools

There are many OSINT tools available that can help you to gather information from social media platforms. These tools can provide valuable insights into the person’s social media activity, such as the frequency of their posts, their followers, and the hashtags they use. Some popular OSINT tools include Maltego, SpiderFoot, and Social-Searcher.

In conclusion, conducting OSINT on social media accounts can provide valuable insights into people and organizations. By identifying the target account, understanding the platform, collecting basic information, analyzing social media activity, looking for connections, following breadcrumbs, and using OSINT tools, you can gather valuable information that can be used for research, investigations, or other purposes. However, it is important to note that OSINT should always be conducted legally and ethically.


What are some of the tools you would recommend we use?


Hello @nukedukem welcome to 0x00sec! To answer your question, there are a number of helpful tools you can use to conduct OSINT.

FROM What is OSINT? 15 top open source intelligence tools | CSO Online

  • Maltego specializes in uncovering connections among people, companies, domains and publicly accessible information on the internet. It’s also known for taking the sometimes enormous amount of discovered information and plotting it all out in easy-to-read charts and graphs. The graphs do a good job of taking raw intelligence and making it actionable, and each graph can have up to 10,000 data points.

  • Available as a Chrome extension and Firefox add-on, Mitaka lets you search over six dozen search engines for IP addresses, domains, URLs, hashes, ASNs, Bitcoin wallet addresses, and various indicators of compromise (IOCs) from your web browser.

  • Spyse describes itself as the “most complete internet assets registry” geared toward cybersecurity professionals. Relied on by projects like OWASP, IntelligenceX, and the aforementioned Spiderfoot, Spyse collects publicly available data on websites, their owners, associated servers, and IoT devices. This data is then analyzed by the Spyse engine to spot any security risks in and connections between these different entities.
    A free plan is available, although for developers planning on building apps using the Sypse API, paid subscriptions may be required.

  • Intelligence X is a first-of-its-kind archival service and search engine that preserves not only historic versions of web pages but also entire leaked data sets that are otherwise removed from the web due to the objectionable nature of content or legal reasons. Although that may sound similar to what Internet Archive’s Wayback Machine does, Intelligence X has some stark differences when it comes to the kind of content the service focuses on preserving. When it comes to preserving data sets, no matter how controversial, Intelligence X does not discriminate.

Intelligence X has previously preserved the list of over 49,000 Fortinet VPNs that were found vulnerable to a Path Traversal flaw. Later during the week, plaintext passwords to these VPNs were also exposed on hacker forums which, again, although removed from these forums, were preserved by Intelligence X.

Previously, the service has indexed data collected from email servers of prominent political figures like Hillary Clinton and Donald Trump. Another recent example of the media indexed by on Intelligence X is the footage from the 2021 Capitol Hill riots and the Facebook’s data leak of 533 million profiles. To intel gatherers, political analysts, news reporters, and security researchers, such information can be incredibly valuable in various way

  • Shodan is a dedicated search engine used to find intelligence about devices like the billions that make up the internet of things (IoT) that are not often searchable, but happen to be everywhere these days. It can also be used to find things like open ports and vulnerabilities on targeted systems. Some other OSINT tools like theHarvester use it as a data source, though deep interaction with Shodan requires a paid account.

The number of places that Shodan can monitor and search as part of an OSINT effort is impressive. It’s one of the few engines capable of examining operational technology (OT) such as the kind used in industrial control systems at places like power plants and manufacturing facilities. Any OSINT gathering effort in industries that deploy both information technology and OT would miss a huge chunk of that infrastructure without a tool like Shodan.

In addition to IoT devices like cameras, building sensors and security devices, Shodan can also be turned to look at things like databases to see if any information is publicly accessible through paths other than the main interface. It can even work with videogames, discovering things like Minecraft or Counter-Strike: Global Offensive servers hiding on corporate networks where they should not be, and what vulnerabilities they generate.

Anyone can purchase a Freelancer license and use Shodan to scan up to 5,120 IP addresses per month, with a return of up to a million results. That costs $59 per month. Serious users can buy a Corporate license, which provides unlimited results and scanning of up to 300,000 IPs monthly. The Corporate version, which costs $899 per month, includes a vulnerability search filter and premium support.

I hope that you find this helpful!


Nice post! Great job!

Wonderful post sir :handshake: