A collection of powerful one-liner commands for Open-Source Intelligence (OSINT) gathering. This repository provides quick and efficient command-line solutions to extract valuable information from public sources, including domain reconnaissance, social media analysis, metadata extraction, and more. Perfect for security researchers, bug bounty hunters, and ethical hackers looking to automate OSINT tasks with minimal effort.
- Find a person's email address:
"John Doe" "@gmail.com" | "@yahoo.com" | "@outlook.com" -www
- Find leaked email addresses in data breaches:
"John Doe" site:pastebin.com | site:throwbin.io | site:breachforums.st
- Look for email addresses from a specific domain:
site:targetcompany.com "@targetcompany.com" - Search for phone numbers:
"John Doe" "phone" | "contact" | "mobile" | "WhatsApp"
- Find a person’s email in GitHub repositories:
site:github.com "John Doe" "@gmail.com"
- Find all social media accounts of a person:
"John Doe" site:linkedin.com | site:facebook.com | site:twitter.com | site:instagram.com
- Find someone’s Facebook profile even if hidden:
"John Doe" site:facebook.com/public/ - Search for Instagram profiles:
site:instagram.com "John Doe" - Look for their posts on forums (Quora, Reddit, etc.):
"John Doe" site:reddit.com | site:quora.com | site:stackoverflow.com
- Search for personal blogs and old web profiles:
"John Doe" site:medium.com | site:tumblr.com | site:blogspot.com
- Find their Amazon wishlist:
"John Doe" site:amazon.com "wishlist"
- Look for mentions in news articles:
"John Doe" site:nytimes.com | site:bbc.com | site:cnn.com
- Find someone’s pictures across the web:
"John Doe" site:flickr.com | site:500px.com | site:pinterest.com
- Find someone's resume or CV:
"John Doe" filetype:pdf | filetype:doc "resume" | "curriculum vitae"
- Look for employment history on LinkedIn:
site:linkedin.com/in "John Doe" - Find past job applications:
"John Doe" site:indeed.com | site:glassdoor.com
- Find all subdomains of a company:
site:*.targetcompany.com -www - Search for sensitive open directories:
intitle:"index of" site:targetcompany.com - Check for publicly accessible FTP servers:
inurl:ftp:// targetcompany.com
- Find internal company documents:
site:targetcompany.com ext:pdf | ext:doc | ext:ppt "confidential"
- Look for job postings to understand their tech stack:
site:targetcompany.com "hiring" | "we are looking for"
- Check for network devices and login portals:
site:targetcompany.com inurl:admin | inurl:dashboard | inurl:login
-
Search for past security incidents:
"targetcompany.com" "data breach" | "leaked database"
-
Look for exposed database files:
site:targetcompany.com ext:sql | ext:db | ext:json
-
Find security vulnerabilities related to the organization:
site:targetcompany.com inurl:CVE- | intext:"vulnerability"
- Locate Publicly Available Emails
site:pastebin.com OR site:throwbin.io "@gmail.com" OR "@yahoo.com"
- Search for Leaked Passwords
site:github.com OR site:pastebin.com "password" "username"
- Find Corporate Email Addresses
site:linkedin.com "@company.com"
- Look for Sensitive PDF Documents
filetype:pdf OR filetype:docx "confidential" OR "internal"
- Discover Public Google Drive Links
site:drive.google.com "private" OR "restricted"
- Identify Open FTP Servers
intitle:"index of" "ftp" site:target.com
- Unprotected MongoDB Instances
inurl:27017 "_id" - Open Elasticsearch Instances
inurl:9200 "_search" - Public Firebase Databases
site:firebasestorage.googleapis.com
- Find Profiles Across Social Platforms
site:facebook.com OR site:twitter.com OR site:instagram.com "John Doe" - Search for Usernames on Websites
site:github.com OR site:reddit.com "username123" - Find a Person’s Facebook Profile by Location
site:facebook.com "John Doe" "New York"
- Search Tweets from a Specific Area
site:twitter.com "New York" geocode:40.7128,-74.0060,5km - Extract GPS Data from Images
exiftool image.jpg
- Perform Reverse Image Search
🔗 Google Reverse Image Search
- Check if an Email is Breached
🔗 Have I Been Pwned - Look for Exposed Passwords on Dark Web
site:darksearch.io "email@example.com" - Find Leaked Data on Pastebin
site:pastebin.com "password" OR "login"
- Search Government & Military Docs
site:gov OR site:mil filetype:pdf "confidential" - Find Public AWS Buckets
site:s3.amazonaws.com "target" - Look for API Keys in GitHub Repositories
site:github.com "api_key" "secret"
- Find Hidden Subdomains
subfinder -d target.com
- Locate Public API Endpoints
site:target.com "api/v1/"
- Look for Employee LinkedIn Profiles
site:linkedin.com "company.com" - Find Open Zoom Meetings
site:zoom.us "join" "meeting"
- Discover Public Slack Channels
site:slack.com "company"
- SpiderFoot – Automated OSINT tool
spiderfoot -s target.com
- theHarvester – Gather emails & subdomains
theHarvester -d target.com -b all
- Amass – Network mapping & reconnaissance
amass enum -d target.com
- Metagoofil – Extract metadata from files
metagoofil -d target.com -t pdf -o results/
- Sherlock – Locate Social Media Accounts
sherlock username
- Instagram Scraper – Extract Data from Instagram
instaloader --login username target_account
- ExifTool – Extract Metadata from Images
exiftool image.jpg
- Reverse Image Search on Google
🔗 Google Images
- Find Personal Information on a Website
site:target.com intext:"phone number" OR "email" OR "address"
- Find Login Pages
site:target.com inurl:login
- Find PDFs & Documents Containing Emails
filetype:pdf OR filetype:docx OR filetype:xls intext:"@gmail.com" - Find Public FTP Servers
intitle:"index of" "ftp" site:target.com
📍 Find Hidden Data & Cached Info
- Search in Google Cache
cache:target.com
- Find Deleted Pages via Wayback Machine
site:web.archive.org target.com
- Search for Sensitive PDF Reports
site:gov OR site:mil OR site:edu filetype:pdf "confidential"
-
People Search Engines
-
Find Phone Numbers & Emails
site:target.com "phone number" OR "email"
-
Reverse Email Lookup
site:linkedin.com OR site:facebook.com "email@example.com"
- Find All Social Media Accounts for a Username
site:twitter.com OR site:instagram.com OR site:facebook.com "username" - Find Facebook Posts About Someone
site:facebook.com "John Doe" "lives in New York"
- Find Instagram & TikTok Accounts via Google
site:instagram.com "john_doe" OR site:tiktok.com "john_doe"
- Use Sherlock for Automated Social Media OSINT
sherlock username
- Extract GPS from Image Metadata
exiftool image.jpg
- Search Google for Images from a Location
site:instagram.com "New York City" "Times Square"
- Find Someone's Location via Twitter
site:twitter.com "New York" geocode:40.7128,-74.0060,5km
-
Find Someone’s Profile Picture on Other Sites 🔗 https://www.tineye.com
🔗 https://images.google.com -
Find Images in Cached Archives
site:web.archive.org "target image name"
- Check if an Email is Breached 🔗 https://haveibeenpwned.com
- Find Leaked Databases on Pastebin
site:pastebin.com "password" "target.com"
- Search for Leaked Credentials on the Dark Web
site:darksearch.io "email@example.com"
- Search for Open MongoDB
inurl:27017 "_id" - Search for Open Elasticsearch Instances
inurl:9200 "_search" - Find Firebase Databases
site:firebasestorage.googleapis.com
- Find Hidden Subdomains
subfinder -d target.com
- Find Exposed API Endpoints
site:target.com "api/v1/"
- Find Company Email Patterns with Hunter.io
🔗 https://hunter.io - Search for Leaked Employee Emails
site:linkedin.com "@target.com"
- Find Public Google Drive Links
site:drive.google.com "confidential" - Find Public AWS S3 Buckets
site:s3.amazonaws.com "target"
- SpiderFoot – Automated OSINT tool
spiderfoot -s target.com
- theHarvester – Gather emails & subdomains
theHarvester -d target.com -b all
- Amass – Network mapping & reconnaissance
amass enum -d target.com
- Metagoofil – Extract metadata from public files
metagoofil -d target.com -t pdf -o results/
- Maltego – Visualize OSINT data connections
🔗 https://www.maltego.com
- Wayback Machine (Internet Archive) – View old versions of websites
🔗 https://web.archive.orgcurl "http://web.archive.org/cdx/search/cdx?url=target.com&output=json" - Google Cache – View cached pages of deleted content
cache:target.com
- Bing Cache – Alternative for Google Cache
inurl:cache:target.com
- HTTrack – Clone websites for offline analysis
httrack https://target.com
- wget – Download full websites
wget -r -np -k https://target.com
- Scrapy – Python framework for web scraping
scrapy startproject target_spider
🔎 Find Hidden Personal Information
-
People Search Engines
-
Find Phone Numbers & Emails
site:target.com "phone number" OR "contact email"
-
Search for Social Security Numbers (SSNs)
filetype:xls OR filetype:csv "SSN" -
Username Lookups (Deep Search)
inurl:profile "username"
- Hunter.io – Find email patterns from company domains
🔗 https://hunter.io - Holehe – Check if an email is linked to online accounts
holehe email@example.com
- Email Permutator – Generate possible email variations
permute.py first last company.com
- ExifTool – Extract geolocation from images
exiftool image.jpg
- Google Earth Historical Imagery – View past satellite images
🔗 https://earth.google.com
-
WhitePages & PeopleFinders
-
Reverse Address Lookup
site:whitepages.com "target address"
- Have I Been Pwned? – Check if email is breached
🔗 https://haveibeenpwned.com - H8mail – Search for leaked credentials
h8mail -t email@example.com
- BreachForums (Mirror) – Search data leaks
🔗 https://breachforums.st
- Find Public MongoDB Databases
inurl:27017 "MongoDB" - Search for Open Elasticsearch DBs
inurl:9200 "_search" - Check for Firebase Data Leaks
site:firebasestorage.googleapis.com
🛑 Search Hidden Onion Sites
- Ahmia – Search the dark web
🔗 https://ahmia.fi - TorBot – Automate OSINT on onion sites
git clone https://github.com/DedSecInside/TorBot.git
- OnionSearch – Find stolen credentials
python3 onionsearch.py target
- DarkSearch.io – Search dark web leaks
🔗 https://darksearch.io - IntelX – Search breached data
🔗 https://intelx.io
🔎 Find Hidden Subdomains
- Subfinder – Collect subdomains
subfinder -d target.com
- Amass – Map an organization's infrastructure
amass enum -d target.com
- Find API Keys in GitHub
site:github.com "api_key" "target.com"
- Search for Publicly Accessible APIs
site:target.com "api/v1/"
- SpiderFoot – Full OSINT automation
spiderfoot -s target.com
- Metagoofil – Extract metadata from public files
metagoofil -d target.com -t pdf -o results/
- theHarvester – Find emails, subdomains, and metadata
theHarvester -d target.com -b all
- Maltego – Visualize OSINT data connections
🔗 https://www.maltego.com
📍 Find Hidden Data & Leaks
- Shodan – Search for exposed servers, IoT devices
🔗 https://www.shodan.ioshodan search "Default password" - Censys – Find exposed devices, certificates, open ports
🔗 https://censys.iocensys search target.com
- ZoomEye – Chinese version of Shodan with more results
🔗 https://www.zoomeye.org - BinaryEdge – Advanced IP and port scanning
🔗 https://www.binaryedge.io
- WeLeakInfo (Mirror) – Search for exposed credentials
🔗 https://weleakinfo.to - LeaksDB – Find leaked usernames and passwords
🔗 https://leaksdb.com - Snusbase – Advanced breach database
🔗 https://snusbase.com - Scylla.sh – Search credentials from past dumps
🔗 https://scylla.sh
🔍 Find Hidden Social Media Accounts
- WhatsMyName – Search username across multiple platforms
🔗 https://whatsmyname.app - Sherlock – Find accounts linked to a username
python3 sherlock.py username
- Maigret – More powerful than Sherlock for finding social accounts
python3 maigret.py username
- Yandex – Best for finding hidden social media profiles
🔗 https://yandex.com/images - Google Lens – Identifies faces, places, and objects
🔗 https://lens.google - PimEyes – AI-powered face recognition
🔗 https://pimeyes.com
- GeoCreepy – Extracts geolocation from social media posts
git clone https://github.com/ilektrojohn/creepy.git
- ExifTool – Extracts GPS coordinates from photos
exiftool image.jpg
- Google Earth Historical Imagery – View past satellite images
🔗 https://earth.google.com
📂 Hidden Metadata in Files
- FOCA – Extracts metadata from documents, PDFs
🔗 https://elevenpaths.com/foca - ExifTool – Extract hidden details from images and documents
exiftool document.docx
- Strings – Find hidden text in binary files
strings target.pdf
- Metadata2Go – Online metadata extraction
🔗 https://www.metadata2go.com
🔍 Find Hidden Subdomains
- Subfinder – Finds subdomains via multiple sources
subfinder -d target.com
- Findomain – Fast subdomain enumeration
findomain -t target.com
- CRT.sh – Find SSL certificates linked to subdomains
🔗 https://crt.sh
- GoBuster – Find hidden directories and files
gobuster dir -u target.com -w wordlist.txt
- Dirsearch – More advanced directory brute-forcing
python3 dirsearch.py -u target.com -e php,html,js
- Search for SQL dumps
inurl:.sql filetype:sql
- Find public Firebase databases
site:firebasestorage.googleapis.com
- Locate public MongoDB instances
inurl:27017 filetype:log
- Find internal reports
site:target.com filetype:pdf "confidential" - Search for exposed .env files (credentials)
inurl:.env "DB_PASSWORD" - Look for exposed config files
intitle:"index of" "wp-config.php"
- Holehe – Check if an email is linked to social accounts
holehe email@example.com
- H8mail – Find leaked passwords
h8mail -t email@example.com
- GHunt – Extract data from Google accounts
python3 ghunt.py email@example.com
- TorBot – Automates OSINT on dark web sites
git clone https://github.com/DedSecInside/TorBot.git
- OnionSearch – Searches dark web for stolen data
python3 onionsearch.py target
- Intelius – Background checks, addresses, phone numbers
🔗 https://www.intelius.com - PeekYou – Finds social media profiles and online presence
🔗 https://www.peekyou.com - Pipl – Deep web search for emails, numbers, social links
🔗 https://pipl.com - Spokeo – Search for personal details, addresses, relatives
🔗 https://www.spokeo.com
- Have I Been Pwned – Check if an email is in a data breach
🔗 https://haveibeenpwned.com - DeHashed – Advanced search for breached credentials
🔗 https://www.dehashed.com - LeakCheck – Finds leaked passwords, usernames, emails
🔗 https://leakcheck.io - IntelX – Search dark web leaks, emails, pastes
🔗 https://intelx.io
- Ahmia – Search the Tor network
🔗 https://ahmia.fi - OnionLand Search – Index of hidden .onion sites
🔗 https://onionlandsearchengine.com - DarkSearch – Crawls dark web marketplaces, forums
🔗 https://darksearch.io - TorBot – Open-source dark web search tool
git clone https://github.com/DedSecInside/TorBot.git
- ExifTool – Extract metadata from photos, PDFs, docs
exiftool target.jpg
- strings – Find hidden text in binary files
strings target.docx
- pdf-parser – Search for hidden data in PDFs
pdf-parser target.pdf
- OpenMetadata – Online metadata extractor
🔗 https://metapicz.com
- Google Lens – Reverse image search
🔗 https://lens.google - Yandex Images – More accurate than Google for faces
🔗 https://yandex.com/images - PimEyes – AI-powered face recognition
🔗 https://pimeyes.com - TinEye – Reverse image lookup
🔗 https://tineye.com
- Sublist3r – Find subdomains of a target
python sublist3r.py -d target.com
- Amass – Powerful OSINT reconnaissance tool
amass enum -d target.com
- CRT.sh – Find SSL certificates revealing hidden subdomains
🔗 https://crt.sh
- NumVerify – Check phone number validity
🔗 https://numverify.com - Truecaller – Find registered names of phone numbers
🔗 https://www.truecaller.com - OSINTFramework – Collection of phone lookup resources
🔗 https://osintframework.com
- Find plaintext passwords
intext:"password" filetype:log - Search for exposed email lists
site:pastebin.com "email" | "password"
- Locate hidden admin panels
site:target.com inurl:admin
Find all email formats used by a company:
site:targetcompany.com "@targetcompany.com"Search for leaked emails:
"john.doe@email.com" site:pastebin.com | site:breachforums.stLook for leaked phone numbers:
"+123456789" site:pastebin.com | site:throwbin.ioFind if a number is linked to Telegram:
site:t.me "+123456789"Find hidden social media profiles:
"John Doe" site:linkedin.com | site:facebook.com | site:instagram.comLocate images of a person:
site:instagram.com "John Doe" | site:flickr.com "John Doe"Find all subdomains of a company:
site:*.targetcompany.com -wwwCheck for open directories:
intitle:"index of" site:targetcompany.comFind API keys leaked in GitHub repositories:
site:github.com "api_key" | "AWS_SECRET" | "password" targetcompany.comSearch for environment files:
site:targetcompany.com ext:env "DB_PASSWORD" | "SECRET_KEY"Find leaked internal documents:
site:targetcompany.com ext:pdf | ext:doc "confidential"Look for mentions of a company in hacking forums:
"targetcompany.com" site:breachforums.st | site:raidforums.com- Find social media profiles:
"John Doe" site:facebook.com | site:twitter.com | site:linkedin.com | site:instagram.com
- Find email addresses linked to a person:
"John Doe" "@gmail.com" | "@yahoo.com" | "@outlook.com"
- Search for phone numbers:
"John Doe" "contact" | "phone" | "mobile" | "WhatsApp" site:pastebin.com | site:github.com
- Find resume or CV:
"John Doe" filetype:pdf | filetype:doc "resume" | "curriculum vitae"
- Look for mentions in data leaks:
"John Doe" site:pastebin.com | site:github.com | site:throwbin.io
- Check for forum posts:
"John Doe" site:reddit.com | site:quora.com | site:stackoverflow.com
- Search for person’s photos:
"John Doe" site:instagram.com | site:pinterest.com | site:flickr.com
- Find Amazon wishlists:
"John Doe" site:amazon.com "wishlist"
- Find subdomains of a company:
site:*.targetcompany.com -www - Look for internal documents:
site:targetcompany.com ext:pdf | ext:doc | ext:ppt "confidential"
- Search for employee emails:
"@targetcompany.com" -www - Find job postings to understand technology stack:
"hiring" | "we are looking for" site:targetcompany.com
- Check for API keys and credentials on GitHub:
site:github.com "targetcompany.com" "api_key" | "password"
- Find exposed databases:
site:targetcompany.com ext:sql | ext:db | ext:json
- Search for network devices and login portals:
site:targetcompany.com inurl:login | inurl:admin - Look for configuration files:
site:targetcompany.com ext:conf | ext:ini | ext:log
- Check for past security incidents:
"targetcompany.com" "data breach" | "leaked database"
- Find person’s profiles on lesser-known sites:
"John Doe" site:myspace.com | site:medium.com | site:tumblr.com
- Check for old cached pages:
site:targetcompany.com cache:
- Find hidden directories:
intitle:"index of" site:targetcompany.com
# Extract tweets, likes, and followers via API
twint -u username --followers --following --tweets# Search for leaked credentials in tweets
twint -s "password OR API_KEY OR AWS_SECRET_ACCESS_KEY"# Extract Twitter followers without rate limits
twint -u username --followers --csv -o followers.csv# Find accounts linked to a phone number
twint -s "+1234567890"# Monitor target’s tweets in real-time
twint -u username --rt# Find tweets with geotagged locations
twint -s "keyword" --near "New York"# Find all Facebook groups a user is in
google "site:facebook.com/groups username"# Extract hidden friends list from a Facebook profile
curl -s "https://graph.facebook.com/v14.0/username/friends?access_token=YOUR_ACCESS_TOKEN"# Scrape Facebook public posts by a user
facebook-scraper username --posts# Search for leaked Facebook IDs in breaches
google "site:pastebin.com facebook.com/profile.php?id="# Find Facebook posts from a specific location
google "site:facebook.com intext:'📍 New York'"# Download all Instagram stories from a target
instaloader --stories username# Extract Instagram metadata (location, device info, etc.)
instaloader --metadata-json username# Find all Instagram profiles linked to an email
google "site:instagram.com intext:email@example.com"# Extract geotagged Instagram posts
google "site:instagram.com intext:'📍 London'"# Find Instagram users with similar interests
google "site:instagram.com intext:'#hacking #cybersecurity'"# Scrape all employees from a company
linkedin-scraper -c "Google"# Extract job postings and hidden email contacts
google "site:linkedin.com/jobs 'Cybersecurity Analyst' 'Remote'"# Find LinkedIn profiles with leaked credentials
google "site:linkedin.com/in 'password' OR 'email@example.com'"# Identify LinkedIn users who worked for a company in the past
google "site:linkedin.com/in 'Worked at Google'"# Find LinkedIn profiles linked to an IP address
shodan search "org:'LinkedIn Corp'"# Download metadata from a YouTube channel
yt-dlp -J "https://www.youtube.com/c/username"# Extract subtitles and hidden keywords from videos
yt-dlp --write-auto-sub --skip-download "https://www.youtube.com/watch?v=VIDEO_ID"# Find YouTube videos from a specific geolocation
google "site:youtube.com intext:'📍 New York'"# Extract YouTube video analytics & insights
google "site:socialblade.com youtube username"# Find deleted YouTube videos
google "site:archive.org youtube.com/watch?v="# Scrape TikTok videos from a user
tiktok-scraper user username -n 50 -d# Extract TikTok comments and engagement analytics
tiktok-scraper user username -t comments# Find TikTok accounts linked to an email
google "site:tiktok.com intext:email@example.com"# Download TikTok videos and metadata
tiktok-scraper video VIDEO_ID# Extract hashtags and trends from TikTok
google "site:tiktok.com intext:'#OSINT #Cybersecurity'"# Reverse search social media profile pictures
google "site:tineye.com inurl:result image.jpg"# Find deep-web social media leaks
google "site:pastebin.com OR site:ghostbin.com 'email@example.com'"# Extract hidden metadata from social media images
exiftool image.jpg# Search for hidden social media accounts using an IP
shodan search "ip:xxx.xxx.xxx.xxx"# Find accounts linked to an email or phone
whatsmyname -u email@example.com# Check username presence across 500+ platforms
python3 sherlock username# Scrape all social media links from a website
python3 photon.py -u example.com# Identify hidden social media accounts of a target
theHarvester -d target.com -b all# Check for social media accounts linked to an IP
shodan search "org:'Target ISP' http.title:'Login'"# Get all tweets from a specific time range
twint -u username --since 2024-01-01 --until 2024-03-01# Extract user email from tweets (if leaked)
twint -u username --email# Find accounts created in a specific year
twint --year 2010# Get tweets containing geolocation data
twint -u username --geocode# Identify all hashtags used by a user
twint -u username --hashtags# Extract all retweets of a specific user
twint -u username --retweets# Find a user’s Facebook ID
curl -s "https://graph.facebook.com/username?access_token=YOUR_ACCESS_TOKEN"# Find Facebook pages associated with an email
google "site:facebook.com intext:'email@example.com'"# Extract all friends of a target (if public)
google "site:facebook.com intext:'Friends' username"# Get public posts mentioning a keyword
google "site:facebook.com/public keyword"# Search for Facebook profiles linked to a phone number
google "site:facebook.com intext:'+1234567890'"# Find Instagram accounts linked to an email
google "site:instagram.com intext:email@example.com"# Search for Instagram users by location
google "site:instagram.com intext:'📍 Location'"# Extract all captions from an Instagram profile
instaloader --comments --metadata-json profile_username# Get all Instagram stories from a public account
instaloader --stories username# Extract all tagged photos of a user
google "site:instagram.com inurl:tags username"# Find all employees of a company
theHarvester -d company.com -b linkedin# Extract LinkedIn profile email from commits
git log --pretty=format:"%ae" | sort -u# Search for LinkedIn users by job title
google "site:linkedin.com/in 'Cybersecurity Researcher' 'India'"# Extract all skills listed on a LinkedIn profile
google "site:linkedin.com/in username 'Skills'"# Search for LinkedIn profiles linked to a phone number
google "site:linkedin.com/in intext:'+1234567890'"# Find all videos uploaded by a user
google "site:youtube.com/c/username"# Extract metadata from a YouTube video
yt-dlp -J "https://www.youtube.com/watch?v=VIDEO_ID"# Search for YouTube comments mentioning a keyword
google "site:youtube.com 'keyword' 'comments'"# Download all subtitles from a YouTube channel
yt-dlp --write-auto-sub --sub-lang en --skip-download "https://www.youtube.com/c/username"# Scrape TikTok videos from a user
tiktok-scraper user username -n 50 -d# Find TikTok videos based on geolocation
google "site:tiktok.com intext:'📍 New York'"# Extract TikTok user bio information
tiktok-scraper user username -d --store# Search for deleted Reddit posts
google "site:removeddit.com user username"# Find Reddit users discussing a keyword
google "site:reddit.com 'keyword' 'thread'"# Extract all posts made by a Reddit user
reddit-scraper -s "username"# Find Reddit users who commented on a specific post
google "site:reddit.com inurl:comments 'keyword'"# Search for exposed API keys in GitHub
google "site:github.com intext:'AWS_SECRET_ACCESS_KEY'"# Find GitHub repositories linked to an email
google "site:github.com intext:'email@example.com'"# Extract GitHub commits mentioning a keyword
github-search "keyword"# Search for leaked credentials in GitHub
google "site:github.com intext:'password='"# Search for Telegram groups related to a topic
google "site:t.me keyword"# Extract messages from a public Telegram group
telegram-history-dump -c "https://t.me/group_name"# Find public WhatsApp groups
google "site:chat.whatsapp.com keyword"# Check if a phone number is linked to WhatsApp
curl -s "https://api.whatsapp.com/send?phone=+1234567890"# Reverse search social media profile pictures
google "site:tineye.com inurl:result image.jpg"# Find data leaks related to an email
dehashed -q email@example.com# Extract EXIF metadata from social media images
exiftool image.jpg# Search for a username across multiple social media platforms
curl -s "https://usersearch.org/?q=username" | grep -Eo 'https://[a-zA-Z0-9./?=_-]+'# Check if a username exists on multiple sites using Sherlock
python3 sherlock username# Search for tweets from a specific user containing a keyword
curl -s "https://nitter.net/username/search?q=keyword"# Find all images posted by a Twitter user
twint -u username --media# Search for email addresses in tweets
twint -s "@gmail.com OR @yahoo.com OR @protonmail.com" --output emails.txt --csv# Search for a Facebook profile by name
google "site:facebook.com inurl:profile Name"# Find Facebook posts mentioning a keyword
google "site:facebook.com/posts keyword"# Extract Instagram user information
instaloader --login your_username profile_username# Find all tagged photos of a user
google "site:instagram.com/tagged/ username"# Search for employees of a company
google "site:linkedin.com/in company name"# Extract LinkedIn profile data
python3 linkedin2username.py -u "Company Name"# Search for a Reddit user’s posts
google "site:reddit.com/user/username"# Find comments from a user
curl -s "https://www.reddit.com/user/username/comments.json"# Find all videos uploaded by a user
google "site:youtube.com/user OR site:youtube.com/channel username"# Extract YouTube video metadata
yt-dlp --get-title --get-id --get-description --get-duration --get-upload-date "https://www.youtube.com/watch?v=VIDEO_ID"# Search for a TikTok user's profile
google "site:tiktok.com/@username"# Extract TikTok videos and metadata
tiktok-scraper user username -n 50 -d# Find public Snapchat stories
google "site:map.snapchat.com username"# Search for Snapchat users by name
google "site:snapchat.com add username"# Find all Pinterest boards of a user
google "site:pinterest.com/username"# Search for pins related to a keyword
google "site:pinterest.com/pin/ keyword"# Search for sensitive data in a user's GitHub repo
google "site:github.com username password OR api_key OR token"# Find email addresses in GitHub commits
git log --pretty=format:"%ae" | sort -u# Find Telegram groups related to a keyword
google "site:t.me keyword"# Check if a Telegram username exists
curl -s "https://t.me/username"# Find Discord servers related to a keyword
google "site:discord.gg keyword"# Search for Discord user profiles
google "site:discord.com users username"# Search for public WhatsApp groups
google "site:chat.whatsapp.com keyword"# Check if a phone number has a WhatsApp account
curl -s "https://api.whatsapp.com/send?phone=+1234567890"# Find all social media profiles of a user
holehe username@example.com# Check username availability on multiple sites
python3 maigret username# Extract metadata from an image (EXIF data)
exiftool image.jpg- Find social media profiles using name & location:
site:facebook.com "John Doe" "New York"
- Search for a username across multiple sites:
curl -s https://usersearch.org/?q=username | grep -oP 'https?://\S+'
- Check if a username exists on social networks (Sherlock):
python3 sherlock username
- Google dork for public records:
"John Doe" site:whitepages.com OR site:spokeo.com OR site:intelius.com - Find someone’s name linked to a phone number:
site:truepeoplesearch.com "123-456-7890"
-
Check if an email is in a data breach (Have I Been Pwned API):
curl -s "https://haveibeenpwned.com/api/v3/breachedaccount/test@example.com" -H "hibp-api-key: YOUR_API_KEY"
-
Find email format for a company:
hunter.io "example.com" -
Reverse lookup email to find associated accounts:
site:linkedin.com intext:"test@example.com" -
Search for email leaks using Google dorks:
"test@example.com" filetype:txt OR filetype:csv OR filetype:log -
Check email reputation (MXToolbox):
curl -s "https://mxtoolbox.com/SuperTool.aspx?action=blacklist:test@example.com" -
Find someone's old accounts via Wayback Machine:
curl -s "http://web.archive.org/cdx/search/cdx?url=facebook.com/johndoe*&output=text&fl=original" -
Get full details of a phone number (Numverify API):
curl -s "http://apilayer.net/api/validate?access_key=YOUR_API_KEY&number=+11234567890" -
Find all images of a person using face recognition (PimEyes):
site:pimeyes.com "John Doe" -
Locate someone's forum activity using email hash (Gravatar):
curl -s "https://en.gravatar.com/avatar/$(echo -n 'test@example.com' | md5sum | awk '{print $1}')" -
Find a person's connections & mentions on the web:
site:about.me OR site:angel.co OR site:medium.com "John Doe" -
Reverse image search a profile picture (Google Images):
curl -F "encoded_image=@profile.jpg" https://www.google.com/searchbyimage/upload
- Find email aliases used by a person:
site:pastebin.com OR site:throwawaymail.com "JohnDoe@example.com" - Find an email in GitHub repositories:
site:github.com "JohnDoe@example.com" - Search for breached email data (Dehashed API):
curl -u "user:password" -X GET "https://api.dehashed.com/search?query=test@example.com"
- Check SPF, DKIM, and DMARC records for an email domain:
dig TXT example.com | grep "spf"
dig TXT _dmarc.example.com | grep "v=DMARC1"
- Find subdomains linked to an email provider (for company investigation):
amass enum -d example.com
- Extract emails from a webpage using regex (wget & grep):
wget -qO- "https://example.com" | grep -E -o "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}"
- Generate possible email variations for a person:
echo "John Doe" | awk '{print tolower($1$2"@example.com"), tolower($1"."$2"@example.com"), tolower(substr($1,1,1)$2"@example.com")}'
- Find hidden social media profiles using Google dorks:
site:instagram.com | site:tiktok.com | site:twitter.com "John Doe" "New York"
- Find someone's aliases, old usernames, and accounts:
site:usernamecheck.com OR site:checkusernames.com "JohnDoe" - Check if a phone number is linked to an online account (PhoneInfoga):
phoneinfoga scan -n "+11234567890" - Check for leaked personal details on public databases:
site:publicrecords.directory "John Doe" "Los Angeles"
- Find associated domains with a name or business:
curl -s "https://crt.sh/?q=%25example.com&output=json" | jq .
- Reverse lookup a street address to find past owners:
site:rehold.com OR site:spokeo.com OR site:truthfinder.com "123 Main St, NY" - Find images linked to a name (Google Reverse Image):
site:images.google.com "John Doe"
-
Extract emails from a website recursively:
theharvester -d example.com -l 100 -b google
-
Find all mentions of an email in forum posts:
site:reddit.com OR site:quora.com "test@example.com" -
Search for email leaks in plaintext files:
"test@example.com" ext:txt OR ext:csv OR ext:log OR ext:sql -
Find old email addresses linked to a domain:
curl -s "http://web.archive.org/cdx/search/cdx?url=example.com&fl=original" -
Find the social media accounts linked to an email:
holehe test@example.com
-
Check if an email is linked to a PayPal account:
curl -s -X POST -d "cmd=_notify-validate&receiver_email=test@example.com" https://www.paypal.com/cgi-bin/webscr -
Generate potential email variations for a target:
echo "John Doe" | awk '{print tolower($1$2"@example.com"), tolower($1"."$2"@example.com"), tolower(substr($1,1,1)$2"@example.com")}'
-
Check SPF, DKIM, and DMARC for an email domain:
nslookup -q=TXT example.com
-
Check if an email is being used in spam campaigns (Spamhaus API):
curl -s "https://check.spamhaus.org/test@example.com" -
Find an old username linked to a person via Pastebin dumps:
site:pastebin.com "John Doe" OR "johndoe123"
-
Find hidden profiles & associated links using WHOIS history:
curl -s "https://whois-history.whoisxmlapi.com/api/v1?apiKey=YOUR_API_KEY&domainName=example.com" -
Discover someone’s political donations (USA only):
site:fec.gov "John Doe" "New York"
-
Check court records, arrest logs & criminal history:
site:unicourt.com OR site:pacer.gov OR site:arrestfacts.com "John Doe" -
Find if a person has been involved in a lawsuit:
site:justia.com "John Doe" lawsuit OR defendant OR plaintiff -
Reverse search job applications & résumés online:
site:linkedin.com/in OR site:indeed.com "John Doe" "resume"
-
Find possible relatives or family members linked to a person:
site:familytreenow.com "John Doe" "New York"
-
Get personal details leaked in public government databases:
site:data.gov "John Doe" OR "123-45-6789"
-
Find websites & domains registered with an email:
curl -s "https://www.whoxy.com/?whois=test@example.com" -
Find hidden email leaks in public FTP servers:
intitle:"index of" "test@example.com" ext:txt | ext:csv | ext:sql
-
Check if an email is linked to an Apple ID:
curl -X POST "https://iforgot.apple.com/password/verify/appleid" -d "id=test@example.com"
-
Find metadata in email headers (SPF, DKIM, DMARC validation):
exiftool email.eml
-
Check for compromised accounts in combo lists:
grep -i "test@example.com" breached-database.txt -
Extract all emails from a PDF file:
pdfgrep -o "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}" file.pdf -
Find email-associated subdomains via DNS:
subfinder -d example.com
-
Check if an email is linked to cryptocurrency wallets:
site:blockchain.com OR site:etherscan.io "test@example.com" -
Find disposable or temporary emails linked to a person:
site:temp-mail.org OR site:10minutemail.com "test@example.com" -
Check for SMTP open relay on an email server:
swaks --to test@example.com --server mail.example.com --data "Subject: Test" -
Check if a person’s phone number is in a spam database:
curl -s "https://api.callinsider.com/v1/search?number=+11234567890&apikey=YOUR_API_KEY" -
Find deleted social media posts (cached Google & Bing results):
cache:twitter.com/johndoe OR cache:facebook.com/johndoe
-
Search for user profiles in data breaches:
site:haveibeenpwned.com "John Doe" OR "test@example.com"
-
Find out if someone has a Medium or Substack account:
site:medium.com OR site:substack.com "John Doe" -
Check for public Amazon wishlists linked to a name:
site:amazon.com "John Doe" wishlist -
Search property ownership records (USA only):
site:realtor.com OR site:zillow.com "123 Main St, NY" -
Check past travel history via flight logs (Private Jet owners):
site:flightaware.com OR site:flightradar24.com "John Doe" -
Look for someone's online dating profiles (Tinder, Bumble, etc.):
site:tinder.com OR site:bumble.com "John Doe" -
Find a person's reviews on websites (Amazon, Yelp, TrustPilot):
site:amazon.com OR site:yelp.com OR site:trustpilot.com "John Doe" -
Check if a person has been mentioned in news articles:
site:bbc.com OR site:cnn.com OR site:forbes.com "John Doe"
-
Find alternate emails linked to a domain using Hunter.io:
curl -s "https://api.hunter.io/v2/domain-search?domain=example.com&api_key=YOUR_API_KEY" -
Extract email addresses from a CSV file:
awk -F, '{print $2}' emails.csv | grep -E -o "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}"
-
Check if an email is linked to a Steam account:
curl -s "https://steamcommunity.com/actions/WhoIsOnline/test@example.com" -
Search old forum posts linked to an email (4chan, Reddit, etc.):
site:4chan.org OR site:reddit.com "test@example.com" -
Find if an email is listed in PGP key databases:
gpg --search-keys test@example.com
-
Extract emails from a Word document (.docx):
strings file.docx | grep -E -o "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}"
-
Find subdomains linked to an email provider:
amass enum -d example.com
-
Check if an email is used in crypto forums (BitcoinTalk, etc.):
site:bitcointalk.org "test@example.com" -
Check if an email is linked to a Patreon account:
site:patreon.com "test@example.com" -
Verify if an email has been involved in fraud cases:
site:ripoffreport.com OR site:scamwarners.com "test@example.com" -
Find a person’s past usernames across multiple platforms:
site:namemc.com OR site:usersearch.org OR site:instantusername.com "JohnDoe" -
Check if a person is registered on genealogy websites:
site:ancestry.com OR site:familysearch.org OR site:genealogy.com "John Doe" -
Look up past marriages & divorces (US only):
site:divorcerecords.org OR site:marriagerecords.com "John Doe" -
Check public campaign donations (US politicians & donors):
site:opensecrets.org OR site:fec.gov "John Doe" -
Find someone’s car registration details (some countries):
site:vehiclehistory.com OR site:carfax.com "John Doe" -
Search for hidden YouTube channels linked to a person:
site:youtube.com "John Doe" -
Find someone’s frequently used locations via check-ins:
site:foursquare.com OR site:swarmapp.com "John Doe" -
Look up private business records or LLC registrations:
site:opencorporates.com "John Doe" OR "Doe Enterprises"
-
Check if a person has published academic papers or research:
site:researchgate.net OR site:academia.edu "John Doe" -
Find an author’s books, blog posts, or past writings:
site:goodreads.com OR site:medium.com OR site:substack.com "John Doe"
- Check if an email is linked to a Facebook account:
curl -X POST -d "email=test@example.com" https://www.facebook.com/login/identify - Find if an email is mentioned in Telegram groups:
site:t.me OR site:telegram.me "test@example.com" - Look up emails linked to an IP address using AbuseIPDB:
curl -s "https://api.abuseipdb.com/api/v2/check?ipAddress=1.2.3.4&apiKey=YOUR_API_KEY" - Extract email addresses from HTML source code of a website:
curl -s "http://example.com" | grep -oP '[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}'
- Find all emails ever used on a specific website:
site:example.com "email" - Search for past email leaks using HIBP API:
curl -s "https://haveibeenpwned.com/api/v2/breachedaccount/test@example.com" - Generate common email permutations for OSINT scanning:
python3 EmailPermutator.py -n "John Doe" -d example.com - Check if an email is linked to a Zoom account:
curl -X POST "https://zoom.us/signup" -d "email=test@example.com"
- Find if an email is associated with a LinkedIn account:
curl -X POST "https://www.linkedin.com/checkpoint/lg/login-submit" -d "session_key=test@example.com"
- Discover if an email is linked to an Instagram account:
curl -X POST "https://www.instagram.com/accounts/account_recovery_send_ajax/" -d "email_or_username=test@example.com"
# Extract tweets, likes, and followers via API
twint -u username --followers --following --tweets# Search for leaked credentials in tweets
twint -s "password OR API_KEY OR AWS_SECRET_ACCESS_KEY"# Extract Twitter followers without rate limits
twint -u username --followers --csv -o followers.csv# Find accounts linked to a phone number
twint -s "+1234567890"# Monitor target’s tweets in real-time
twint -u username --rt# Find tweets with geotagged locations
twint -s "keyword" --near "New York"# Find all Facebook groups a user is in
google "site:facebook.com/groups username"# Extract hidden friends list from a Facebook profile
curl -s "https://graph.facebook.com/v14.0/username/friends?access_token=YOUR_ACCESS_TOKEN"# Scrape Facebook public posts by a user
facebook-scraper username --posts# Search for leaked Facebook IDs in breaches
google "site:pastebin.com facebook.com/profile.php?id="# Find Facebook posts from a specific location
google "site:facebook.com intext:'📍 New York'"# Download all Instagram stories from a target
instaloader --stories username# Extract Instagram metadata (location, device info, etc.)
instaloader --metadata-json username# Find all Instagram profiles linked to an email
google "site:instagram.com intext:email@example.com"# Extract geotagged Instagram posts
google "site:instagram.com intext:'📍 London'"# Find Instagram users with similar interests
google "site:instagram.com intext:'#hacking #cybersecurity'"# Scrape all employees from a company
linkedin-scraper -c "Google"# Extract job postings and hidden email contacts
google "site:linkedin.com/jobs 'Cybersecurity Analyst' 'Remote'"# Find LinkedIn profiles with leaked credentials
google "site:linkedin.com/in 'password' OR 'email@example.com'"# Identify LinkedIn users who worked for a company in the past
google "site:linkedin.com/in 'Worked at Google'"# Find LinkedIn profiles linked to an IP address
shodan search "org:'LinkedIn Corp'"# Download metadata from a YouTube channel
yt-dlp -J "https://www.youtube.com/c/username"# Extract subtitles and hidden keywords from videos
yt-dlp --write-auto-sub --skip-download "https://www.youtube.com/watch?v=VIDEO_ID"# Find YouTube videos from a specific geolocation
google "site:youtube.com intext:'📍 New York'"# Extract YouTube video analytics & insights
google "site:socialblade.com youtube username"# Find deleted YouTube videos
google "site:archive.org youtube.com/watch?v="# Reverse search social media profile pictures
google "site:tineye.com inurl:result image.jpg"# Find deep-web social media leaks
google "site:pastebin.com OR site:ghostbin.com 'email@example.com'"# Extract hidden metadata from social media images
exiftool image.jpg# Search for hidden social media accounts using an IP
shodan search "ip:xxx.xxx.xxx.xxx"# Find accounts linked to an email or phone
whatsmyname -u email@example.com# Check username presence across 500+ platforms
python3 sherlock username# Scrape all social media links from a website
python3 photon.py -u example.com# Identify hidden social media accounts of a target
theHarvester -d target.com -b all# Check for social media accounts linked to an IP
shodan search "org:'Target ISP' http.title:'Login'"# Get all tweets from a specific time range
twint -u username --since 2024-01-01 --until 2024-03-01# Extract user email from tweets (if leaked)
twint -u username --email# Find accounts created in a specific year
twint --year 2010# Get tweets containing geolocation data
twint -u username --geocode# Identify all hashtags used by a user
twint -u username --hashtags# Extract all retweets of a specific user
twint -u username --retweets# Find a user’s Facebook ID
curl -s "https://graph.facebook.com/username?access_token=YOUR_ACCESS_TOKEN"# Find Facebook pages associated with an email
google "site:facebook.com intext:'email@example.com'"# Extract all friends of a target (if public)
google "site:facebook.com intext:'Friends' username"# Get public posts mentioning a keyword
google "site:facebook.com/public keyword"# Search for Facebook profiles linked to a phone number
google "site:facebook.com intext:'+1234567890'"# Find Instagram accounts linked to an email
google "site:instagram.com intext:email@example.com"# Search for Instagram users by location
google "site:instagram.com intext:'📍 Location'"# Extract all captions from an Instagram profile
instaloader --comments --metadata-json profile_username# Get all Instagram stories from a public account
instaloader --stories username# Extract all tagged photos of a user
google "site:instagram.com inurl:tags username"# Find all employees of a company
theHarvester -d company.com -b linkedin# Extract LinkedIn profile email from commits
git log --pretty=format:"%ae" | sort -u# Search for LinkedIn users by job title
google "site:linkedin.com/in 'Cybersecurity Researcher' 'India'"# Extract all skills listed on a LinkedIn profile
google "site:linkedin.com/in username 'Skills'"# Search for LinkedIn profiles linked to a phone number
google "site:linkedin.com/in intext:'+1234567890'"# Find all videos uploaded by a user
google "site:youtube.com/c/username"# Extract metadata from a YouTube video
yt-dlp -J "https://www.youtube.com/watch?v=VIDEO_ID"# Search for YouTube comments mentioning a keyword
google "site:youtube.com 'keyword' 'comments'"# Download all subtitles from a YouTube channel
yt-dlp --write-auto-sub --sub-lang en --skip-download "https://www.youtube.com/c/username"# Scrape TikTok videos from a user
tiktok-scraper user username -n 50 -d# Find TikTok videos based on geolocation
google "site:tiktok.com intext:'📍 New York'"# Extract TikTok user bio information
tiktok-scraper user username -d --store# Find public WhatsApp groups
google "site:chat.whatsapp.com keyword"# Check if a phone number is linked to WhatsApp
curl -s "https://api.whatsapp.com/send?phone=+1234567890"# Reverse search social media profile pictures
google "site:tineye.com inurl:result image.jpg"# Find data leaks related to an email
dehashed -q email@example.com# Extract EXIF metadata from social media images
exiftool image.jpg# Search for hidden social media accounts using an IP
shodan search "ip:xxx.xxx.xxx.xxx"🔹 Check image metadata for GPS coordinates
exiftool image.jpg | grep -i "GPS"🔹 Extract metadata from videos (if available)
ffmpeg -i video.mp4 -f ffmetadata metadata.txt🔹 Check metadata of PDFs for location info
pdfinfo file.pdf🔹 Find location from an IP address
curl -s "http://ip-api.com/json/8.8.8.8"🔹 More detailed IP location data (including ISP & ASN)
curl -s "https://ipinfo.io/8.8.8.8/json"🔹 Check IP geolocation with MaxMind
geoiplookup 8.8.8.8🔹 Get approximate IP location from Shodan
shodan host 8.8.8.8🔹 Find address from GPS coordinates
curl -s "https://nominatim.openstreetmap.org/reverse?format=json&lat=40.748817&lon=-73.985428"🔹 Find nearby locations using OpenStreetMap
curl -s "https://nominatim.openstreetmap.org/search?q=Eiffel+Tower&format=json"🔹 Search places via Google Maps API
curl -s "https://maps.googleapis.com/maps/api/geocode/json?address=Eiffel+Tower&key=YOUR_API_KEY"🔹 Find historical satellite images
https://livingatlas.arcgis.com/wayback/🔹 Find location from Wi-Fi BSSID (if known)
curl "https://wigle.net/api/v2/network/search?netid=XX:XX:XX:XX:XX:XX"🔹 Check if a Wi-Fi SSID has been mapped
curl -s "https://api.mylnikov.org/geolocation/wifi?v=1.1&bssid=XX:XX:XX:XX:XX:XX"🔹 Check Bluetooth device locations (if tracked)
https://www.bluetooth.com/specifications/assigned-numbers/company-identifiers/🔹 Check cell tower geolocation (for mobile tracking)
curl -s "https://opencellid.org/cell/get?mcc=310&mnc=410&lac=7033&cellid=17811&key=YOUR_API_KEY"🔹 Find location from Instagram post (if geotagged)
https://www.instagram.com/p/POST_ID/🔹 Find location from Twitter post (if enabled)
https://twitter.com/username/status/POST_ID🔹 Extract location from Facebook check-ins
https://www.facebook.com/search/places/?q=locationname🔹 Reverse search a Snapchat map story
https://map.snapchat.com/🔹 Track Uber/Lyft rides (if shared link available)
https://www.uber.com/track/TRACKING_CODE🔹 Look up a car’s geotagged photos (if available)
https://www.instagram.com/explore/tags/carnumberplate/🔹 Find ship locations (via AIS data)
https://www.marinetraffic.com/🔹 Find aircraft locations (real-time flight tracking)
https://www.flightradar24.com/🔹 View live satellite imagery (if available)
https://www.planet.com/explorer/🔹 Search for satellite images from past years
https://eos.com/landviewer/🔹 NASA Earth data for environmental tracking
https://earthdata.nasa.gov/📌 Extract GPS from images (Exif metadata)
exiftool image.jpg | grep -E "GPS Latitude|GPS Longitude"📍 Reverse image search location (Google)
curl -F 'encoded_image=@image.jpg' https://www.google.com/searchbyimage🗺 Find location from Wi-Fi BSSID
curl "https://wigle.net/api/v2/network/search?netid=XX:XX:XX:XX:XX:XX"📍 Find location from an IP address
curl -s "http://ip-api.com/json/IP_ADDRESS"🌍 Get geolocation from phone number
python3 phoneinfoga.py -n +1234567890📌 Check Google Maps Timeline (if accessible)
https://www.google.com/maps/timeline🛰 Get satellite images of a location
https://www.google.com/maps/place/lat,long📍 Reverse Geocode Coordinates
curl -s "https://nominatim.openstreetmap.org/reverse?format=json&lat=LAT&lon=LON"🚗 Track Uber/Lyft ride details (if link available)
https://www.uber.com/track/XXXXXXXX🌐 Find location from social media posts
https://maps.google.com/?q=LAT,LON# Search for keywords on Ahmia (Tor Search Engine)
torify curl -s "https://ahmia.fi/search/?q=your_keyword"
# Search on OnionLand (Dark Web Search Engine)
torify curl -s "https://onionlandsearchengine.com/search?q=your_keyword"
# Extract all .onion links from a webpage
torify curl -s "http://example.onion" | grep -oP '(?<=href=")http://[^"]+\.onion'
# Find indexed .onion sites on DuckDuckGo
torify curl -s "https://www.duckduckgo.com/html?q=site:onion your_keyword"
# Check if a dark web site is online
torify curl -Is http://example.onion | head -n 1# Search for leaked credentials on Pastebin
curl -s "https://www.google.com/search?q=site:pastebin.com your_keyword"
# Scrape Pastebin for recent pastes (requires API key)
curl -s "https://scrape.pastebin.com/api_scraping.php?limit=10"
# Check for mentions of an email in recent pastes
curl -s "https://www.google.com/search?q=site:pastebin.com your_email@example.com"
# Find pastes mentioning a specific domain
curl -s "https://www.google.com/search?q=site:pastebin.com yourdomain.com"
# Check for leaked credentials using DeHashed (API required)
curl -s "https://api.dehashed.com/search?query=email@example.com" -u "your_api_key"curl -s "https://www.foia.gov/how-to.html"curl -s "https://www.nfoic.org/coalitions/state-foi-resources/"curl -s "https://www.whatdotheyknow.com/"curl -s "https://www.asktheeu.org/en/request/new"curl -s "https://www.justice.gov/news?q=John+Doe"curl -s "https://www.interpol.int/en/Crimes/Cultural-heritage-crime/Stolen-Works-of-Art-Database"curl -s "https://www.usmarshals.gov/investigations/most_wanted/state.htm?q=Texas"curl -s "https://www.dea.gov/fugitives?q=John+Doe"curl -s "https://www.afp.gov.au/what-we-do/services/criminal-records"curl -s "https://www.oyez.org/cases?q=John+Doe"curl -s "https://pacer.uscourts.gov"curl -s "https://www.supremecourt.uk/cases/search.html?q=John+Doe"curl -s "https://ecourts.gov.in/services/cases?q=John+Doe"curl -s "https://hudoc.echr.coe.int/eng#{%22fulltext%22:[%22John+Doe%22]}"curl -s "https://www.federalreserve.gov/supervisionreg/enforcement-actions.htm?q=John+Doe"curl -s "https://apps.irs.gov/app/eos/details/?q=NonprofitName"curl -s "https://sanctionssearch.ofac.treas.gov/"curl -s "https://www.gov.uk/government/collections/hmrc-annual-reports"curl -s "https://www.bankingsupervision.europa.eu/banking/sanctions/html/index.en.html?q=John+Doe"curl -s "https://www.hud.gov/program_offices/housing/rmra/oe/rpts/mfh_f47/mf_f47?q=123+Main+Street"curl -s "https://www.lro.gov.on.ca/en/home"curl -s "https://landregistry.data.gov.uk/app/ppd/"curl -s "https://www.govdata.de/web/guest/suchen/-/results/q/immobilien"curl -s "https://www.cia.gov/readingroom/search/site/John+Doe"curl -s "https://vault.fbi.gov/search?q=John+Doe"curl -s "https://www.defense.gov/News/Contracts/Search?q=CompanyName"curl -s "https://www.gov.uk/government/publications?departments%5B%5D=ministry-of-defence&q=John+Doe"curl -s "https://www.russiancontracts.ru/"
curl -s "https://www.chinadefense.com.cn/"curl -s "https://data.census.gov/cedsci/?q=John+Doe"curl -s "https://www.canada.ca/en/revenue-agency/services/tax/individuals/identification-information/change-marital-status.html"curl -s "https://www.gro.gov.uk/gro/content/certificates/"curl -s "https://www.bdm.vic.gov.au/research-and-family-history/search-your-family-history"curl -s "https://uidai.gov.in/ecosystem/authentication-services.html"🎭 Miscellaneous & Hidden OSINT Gems
curl -s "https://wireless2.fcc.gov/UlsApp/UlsSearch/searchAdvanced.jsp?q=John+Doe"curl -s "https://www.faa.gov/licenses-certificates/airmen-inquiry?q=John+Doe"curl -s "https://www.npinumberlookup.org/?q=John+Doe"curl -s "https://vehicleenquiry.service.gov.uk/"curl -s "https://vahan.parivahan.gov.in/vahanservice/vahan/ui/statevalidation/homepage.xhtml"