OSINT 101 with Lampyre

We already wrote many publications on advanced and complex OSINT-related topics. However, since more and more people want to familiarize themselves with the world of OSINT, we dedicate this one to all newcomers.

To start with, let’s set a definition of OSINT. One of the features of Internet is that it makes certain information available to the broad public. You can find a lot on websites, social networks, forums etc. The main problem is how to extract the unstructured information and analyze it to achieve the goals of your investigation. And that’s what OSINT is created for. So, OSINT means a set of techniques for collecting, analyzing and making decisions about information accessible in publicly available sources.

We will show you how you can easily collect any open-sourced information on the example of our software called Lampyre, which is a great tool to obtain, visualize and analyze data in one place.

Start with creating an account on Lampyre.io. When done, log into your account, download and install Lampyre desktop app. Of course, for first-time users we have a free demo license! Open Lampyre, import your license file and choose Online mode:

When you see the main window, create a new investigation by clicking a button on the left. Define a file name and path where to store it. Once done, you will see the main window:

On the left hand side, you see a Requests window, where the results of your queries will be stored. In front of you, you see a window called List of requests — this will be your starting point. Here you have the following four tabs:

• Criteria: here you choose what inputs you want to provide (e.g. email, phone number, picture, username and much more)
• Tasks: select where Lampyre should do the search (websites, social network, search engines, databases etc.)
• Parameters: this is where you will enter the inputs you previously chose
• Description: if you click on a task or a parameter, a brief description of it will appear in this window

So let’s move on and do some simple searches.

Let’s imagine that we know a nickname and we want to find accounts by this nickname in some social networks. To do this, we go to List of requests, select Services by nicknames and put in Username field the nickname that we know. This method looks up profiles by nickname in numerous services like Facebook, Twitter, Tumblr, Github, etc.

We could just select Username and run all queries at once with Lampyrise command, but is it worth it to investigate non-existent profiles which predictably won’t give any result? Services by nickname will give us only existing profiles, so that we can easily conduct further research on them. We will try to find Lampyre’s Twitter account by nickname “lampyre_io”. Voila, we have a Twitter account in front of us!:

Now we want to know which email account this account is registered to, because you can find much more with email address! We choose a request: Twitter account registration data search by nickname and put lampyre_io here:

We have received general profile information and, most important, we have part of an email — j.****@l******.** — and, of course, part of a phone number, but it is more challenging:

Twitter has a feature that email part that you get is of the same length as an actual email address. This is where your analytical skills should kick in. We see that domain starts with an “L”. Obviously, this email is registered in @lampyre.io domain, like website, but what does j.**** stand for? For sure we won’t iterate over a million of combinations. So let’s try another method called Snov.io email by domain — we put lampyre.io as domain hit Run, and we get this:

Looks like j.galt@lampyre.io is what we look for. But of course, it is not always that easy — you often need to work hard to get an email. We keep on saying that key things in analyst’s work are imagination and ability to identify cause-and-effect relationships, and Lampyre is here to help you in your research.

Now let’s do the reverse lookup to check which twitter account is registered with an email j.galt@lampyre.io using Twitter account by email request:

We see that it matches!:

Now, when we have an email address, we can use numerous checkers in Lampyre to find any accounts registered with it. For instance, let’s try Facebook. To do this, choose Email in Criteria, then choose Facebook checker by email and input target email address. And let’s see the results:

For this query, the table will show your input email, an indicator showing whether a Facebok account exists, as well as parts of recovery email and phone number.

Hope this post was interesting and useful. Please tell us what you think in Responses section — we will appreciate your feedback. Also, feel free to visit our website to try Lampyre, and of course stay tuned for our future posts!