- Joined
- May 8, 2022
To clarify any misinformation:
Google
Yes, just googling something will just work most of the time. You can usually find information by searching someone's username/full name if you already have it. There's nothing much more to explain in this section.
DiscordChatExporter
This is something I use for archiving Discord servers, this tool is great because it also allows you to channels that you wouldn't see on the Discord client. You cannot view/archive the channels that you don't have permission for, but this can be avoided by using the Discord API. It enables you to save messages from channels into separate HTML files. Other than the developer being a massive faggot and shoving the special military operations of Russia in Ukraine down your throat, it's a great tool to archive servers.
They have a GUI or command line version if you like, you just need to get your Discord Session ID,
Social Analyzer
Social Analyzer, an API, CLI, and Web App for analyzing & finding a person's profile across +1000 social media \ websites. It includes different analysis and detection modules, and you can choose which modules to use during the investigation process.
Spy.pet
If you want to look at a specific user's Discord messages, spy.pet is a credits-based system that allows you to do that. As of writing this thread, the website is downbut it's planned to make a return sometime in October. Unless there's a new website/it's up, I'll edit the thread accordingly.
it’s not coming back
SteamID.UK
SteamID.uk is a website that displays Steam profiles and account information. You enter a user’s Steam ID or profile URL in the search bar above and you will be shown that user’s historical information such as the user’s previously used avatars and aliases, as well as historic friends and game information. steamid.uk can also be used to check out Trade, Community, and VAC (Valve Anti-Cheat) bans and their SteamID reputation and search for players using various tools.
A lot of people have asked me what websites do my database leaks come from, and I'm here to publicly announce it in this thread. Exposed.lol is a website that collects data breaches from the internet. It only allows you 4 searches within a 12 hour period, but you can circumvent it by using a VPN. You can search your own to lolcow's email address. This website hasn't failed me since the departure of 0day.search.rocks.
Have I Been Pwned?
a normie website that scrapes emails in spillages and leaks
Archive.ph
A common phrase you'll see on the Farms is "Archive everything", and we take this rule very seriously. Archive.ph is a service that takes snapshots of websites. If you come across something that is worthy of archiving, archive it. Even if it's nothing in the time, you'll never know when you're going to need it. Lolcows tend to DFE (Delete fucking everything) on a whim, which is the reason why we get lost content.
FastPeopleSearch
FastPeopleSearch.com is a service that allows you to search people's name/address/phone numbers, similar to WhitePages. This website shows the current address, home details, other people who may be living there, and a Google Maps view of the property.
Alternative websites: usphonebook.com/truepeoplesearch.com/thatsthem.com
IntelTechniques
IntelTechniques is a website that allows you to mass search full names across all the people finder search engines.
Bellingcat.com makes a good article on how to verify social media accounts. Verifying social media accounts isn't exactly a difficult task. A critical mindset and a close look at the context of an image or post, allied with simple tools such as a Google search or reverse image platforms, are often all it takes to discover whether a piece of content is genuine.
Google Hacking Database
Google Hacking Database (GHDB) is a website that can teach you simple mechanisms to "hack" or narrow your search results. For instance, if you look up intext:"room temp shrimp" those quotations will search pages with that EXACT text match. You can also look for profiles by intitle: or search specific sites with insite:tumblr.com. One very useful feature is the filetype: which can be used to search for PDF, Word documents, spreadsheets, and files with an exact match to say, an email address.
Shodan
Shodan is a search engine that parses and indexes IPv4 addresses instead of web servers. This means that they will list through the 4-something billion ipv4 addresses and effectively knock on their door to see if they're serving something such as an HTTP server, a SCADA (supervisory control and data acquisition), or ICS (industrial control system) device, or even a webcam service. It's free to a point but only $50 for a lifetime, it's worth it if you want to monitor an IP such as your own to monitor if you've gotten hit. The membership features a global map as well, so if there is an address you're interested in, you can look at it to see what is exposed in your general area. Good for a business if you're a cyber security guy....or if you're particularly nosey. Membership also allows an image search which will often list exposed desktops or webcams. I recommend using this to keep yourself safe. It can get creepy. You can look up your IP address to see what you have exposed to the public
WhatsMyName
WhatsMyName.app is a OSINT tool that allows you to search usernames across the Internet. It compiles a list of websites and accounts that have those usernames. The only thing about it is that they require to use cookies.
BUT OSAMA, HOW CAN I PROTECT MYSELF FROM THIS?
Being able to shut the fuck up and not using the same alias everywhere is usually a tell-tale way to not get attention onto you on this website. However, we are not the entire Internet. So, I will help you to protect yourself on the Internet.
@Null has made a thread when you click the Register button, you should see it. It's highly recommended that everyone (new and oldfags) should read it if they care about their own security.
- Operational security (OPSEC) is a security and risk management process that prevents sensitive information from getting into the wrong hands.
- Open Source Intelligence (OSINT) is a volunteer, community-based information collection.
- "Doxing" has no real definition. Some states outlaw releasing personal information, but that is an offense for the person releasing it, it is not an offense for the people collecting it. You cannot put a genie back in a bottle and no law in the US attempts to try.
- PII (personal identifying information) is usually made available by data aggregators, which are a variety of industries (including marketers and whitepages) that buy and sell your personal information completely legally. This isn't just legal, a lot of state governments participate! Your voter registration and driver registration are often public or sold directly by the DMV to marketers.
Yes, just googling something will just work most of the time. You can usually find information by searching someone's username/full name if you already have it. There's nothing much more to explain in this section.
DiscordChatExporter
This is something I use for archiving Discord servers, this tool is great because it also allows you to channels that you wouldn't see on the Discord client. You cannot view/archive the channels that you don't have permission for, but this can be avoided by using the Discord API. It enables you to save messages from channels into separate HTML files. Other than the developer being a massive faggot and shoving the special military operations of Russia in Ukraine down your throat, it's a great tool to archive servers.
They have a GUI or command line version if you like, you just need to get your Discord Session ID,
Social Analyzer
Social Analyzer, an API, CLI, and Web App for analyzing & finding a person's profile across +1000 social media \ websites. It includes different analysis and detection modules, and you can choose which modules to use during the investigation process.
Spy.pet
If you want to look at a specific user's Discord messages, spy.pet is a credits-based system that allows you to do that. As of writing this thread, the website is down
it’s not coming back
SteamID.UK
SteamID.uk is a website that displays Steam profiles and account information. You enter a user’s Steam ID or profile URL in the search bar above and you will be shown that user’s historical information such as the user’s previously used avatars and aliases, as well as historic friends and game information. steamid.uk can also be used to check out Trade, Community, and VAC (Valve Anti-Cheat) bans and their SteamID reputation and search for players using various tools.
Exposed.lolA lot of people have asked me what websites do my database leaks come from, and I'm here to publicly announce it in this thread. Exposed.lol is a website that collects data breaches from the internet. It only allows you 4 searches within a 12 hour period, but you can circumvent it by using a VPN. You can search your own to lolcow's email address. This website hasn't failed me since the departure of 0day.search.rocks.
Have I Been Pwned?
a normie website that scrapes emails in spillages and leaks
Archive.ph
A common phrase you'll see on the Farms is "Archive everything", and we take this rule very seriously. Archive.ph is a service that takes snapshots of websites. If you come across something that is worthy of archiving, archive it. Even if it's nothing in the time, you'll never know when you're going to need it. Lolcows tend to DFE (Delete fucking everything) on a whim, which is the reason why we get lost content.
FastPeopleSearch
FastPeopleSearch.com is a service that allows you to search people's name/address/phone numbers, similar to WhitePages. This website shows the current address, home details, other people who may be living there, and a Google Maps view of the property.
Alternative websites: usphonebook.com/truepeoplesearch.com/thatsthem.com
IntelTechniques
IntelTechniques is a website that allows you to mass search full names across all the people finder search engines.
Bellingcat.com makes a good article on how to verify social media accounts. Verifying social media accounts isn't exactly a difficult task. A critical mindset and a close look at the context of an image or post, allied with simple tools such as a Google search or reverse image platforms, are often all it takes to discover whether a piece of content is genuine.
Google Hacking Database
Google Hacking Database (GHDB) is a website that can teach you simple mechanisms to "hack" or narrow your search results. For instance, if you look up intext:"room temp shrimp" those quotations will search pages with that EXACT text match. You can also look for profiles by intitle: or search specific sites with insite:tumblr.com. One very useful feature is the filetype: which can be used to search for PDF, Word documents, spreadsheets, and files with an exact match to say, an email address.
Shodan
Shodan is a search engine that parses and indexes IPv4 addresses instead of web servers. This means that they will list through the 4-something billion ipv4 addresses and effectively knock on their door to see if they're serving something such as an HTTP server, a SCADA (supervisory control and data acquisition), or ICS (industrial control system) device, or even a webcam service. It's free to a point but only $50 for a lifetime, it's worth it if you want to monitor an IP such as your own to monitor if you've gotten hit. The membership features a global map as well, so if there is an address you're interested in, you can look at it to see what is exposed in your general area. Good for a business if you're a cyber security guy....or if you're particularly nosey. Membership also allows an image search which will often list exposed desktops or webcams. I recommend using this to keep yourself safe. It can get creepy. You can look up your IP address to see what you have exposed to the public
WhatsMyName
WhatsMyName.app is a OSINT tool that allows you to search usernames across the Internet. It compiles a list of websites and accounts that have those usernames. The only thing about it is that they require to use cookies.
BUT OSAMA, HOW CAN I PROTECT MYSELF FROM THIS?
Being able to shut the fuck up and not using the same alias everywhere is usually a tell-tale way to not get attention onto you on this website. However, we are not the entire Internet. So, I will help you to protect yourself on the Internet.
@Null has made a thread when you click the Register button, you should see it. It's highly recommended that everyone (new and oldfags) should read it if they care about their own security.
I get criticized a lot for hand-holding with this community. People think I should more often let users get doxed or harassed or ridiculed, but those things do not grow a community. A more aware userbase makes it harder to fuck with.
When the people we talk about become frustrated, they will often lash out at members by "doxing" them, or pulling the real-identity information of the person to try and scare them. This is almost always a scare tactic, but real-life problems can arise -- especially if you're someone who does not work for themselves and is prone to saying stupid things.
#1: Consider what every post you make would look like with your real name and picture next to it.
Unless you're a fucking weirdo like me who knows nobody who would ever care about these things, the best advice you can get is: An ounce of prevention is worth a pound of the cure.
#2: Never use the same name twice.
The most common mistake. The best way to deal with this, of course, is to not use the same username more than one place. Especially not here. If there's no way to link you back to a Facebook account or another place you might've used your real name, there's no threat. 90% of the time, this is how people fuck up.
The forum ordinarily does not change names, but in the extraordinary circumstance where: 1) your username links to your identity, and 2) you have not already made a fool of yourself, make a thread in Talk To Staff and we may resolve this for you.
#3: Be careful signing up to other communities.
This is especially pertinent with communities in our Community Watch board that you are joining to fuck with. If you use your email address for personal accounts, they can and will use it to identify you. If your IP is residential, there is a possibility that they can call your ISP and try to find out who you are. ISPs are not supposed to give out dox, but telephone operators are less-than-savvy, poorly-paid human beings who can potentially oblige a charismatic caller.
#4: Don't host images with account-based image sharing sites.
- Image hosting sites that host albums frequently tag your username in the URL, giving people a way to trace it back. Photobucket is a massive fucking culprit of this. Do not ever host images posted here on Photobucket. Upload directly the site.
- Never post an image from Facebook. It is 100% possible to take a Facebook URL and get your profile from use. Upload directly the site (but change the filename).
#5: Don't make enemies if you don't want enemies.
Last edited:
