How to find out or investigate anyone with their email on the Internet

Sometimes we are not aware that our passage through the Internet leaves a trace that can be analyzed. By carefully studying public information, we can sometimes obtain valuable information. A simple public IP address can provide us with a large amount of user information. In this way, we get with relative accuracy where you are geographically, what your Internet service provider is, and more. However, the collection of information has been changing and new techniques and tools such as OSINT have appeared. In this tutorial we will talk about how you can find out everything about a user on the Internet with SpiderFoot HX.

The first thing we are going to do is explain what OSINT is. Then we will explain how by using tools like SpiderFoot HX we can find out a lot of information about a specific person. Next, we will test this recognition tool and put some examples.

find out or investigate anyone with their email

What is OSINT and what can its use contribute to us?

OSINT comes from the acronym for Open Source Intelligence which translated means open source intelligence. In this case, we refer to a set of techniques and tools that we are going to use to collect public information, analyze data and then correlate them to turn them into very useful knowledge. OSINT is a set of techniques used as a very versatile tool that can be used in marketing, financial, law enforcement and more. In addition, if we plan to use it for environments related to computer security, it can be useful to:

  • To perform the recognition phase in penetration or pentesting tests . Thus, we can find out the hosts of an organization, get whois information and more.
  • The application of social engineering techniques to search for information about a user in social networks and documents.
  • Prevention of computer attacks in which we can obtain information about a threat or the potential cyberattack that our company may receive.

In short, thanks to the use of OSINT we can find out everything about a user or an organization.

What is SpiderFoot and what does it offer us

SpiderFoot can be defined as a recognition tool that automatically queries more than 100 OSINT public data sources. Its purpose is to collect information on IP addresses, domain names, emails, names, and more. Its way of working is simple, we specify an objective, we choose the modules that we are going to use and then SpiderFoot will collect the data and see how they are related to each other.

We also have SpiderFoot HX which builds on the base of the open source version module to offer improved functionality. This version is paid and is intended for professionals who want to automate OSINT, threat intelligence, asset discovery, or for security assessments. Among its main characteristics we have:

  • It does not need installation as it is hosted and managed in the cloud. Simply by registering we will be ready to use it.
  • Investigate individually using a single module or by scanning multiple targets quickly.
  • OSINT monitoring in which we can run scans automatically daily, weekly, monthly or schedule them to our liking.
  • Email and Slack notifications when changes occur or analysis is complete.
  • Integration with TOR that provides that no scanned entity knows that we are the ones who performed the scan.
  • Two-factor authentication (2FA) means that the security of our OSINT platform and investigations are secure.
  • Custom scan profiles .

As for this tool, it has a free version and other paid ones. This is a rough example of what we can with each version:

Here the one we are going to use is the free version to know everything about a user. In this case, it allows us 3 scans per month, the analysis duration limit is 1 hour and we have 1 target per scan.

Know everything about a user with SpiderFoot

The first thing we have to do is go to the website of the developer of the tool by clicking on this link . Then we will see a screen like this:

As we have already mentioned before, it is not necessary for us to perform any installation because it runs from the cloud. All we have to do is register by entering an e-mail and click on the blue button to start the process. Next, we go to our email account and copy the 6-digit code. If you don’t see anything, check your Spam folder. Here we enter the code, select any of the options in the fields and complete the registration by clicking on the button Proceed to create account.

Next, a screen will appear to finish creating the account.

All you have to do is copy your unique URL, set a password, and click the Finish account creation button.

First steps with the tool

The first screen that we will see inside SpiderFoot HX is the following:

If we click on the button Run your first scan we could start our first scan. In this case we will click on Close and we will know some things before.

In the registration we were given a unique URL, if we use it and we are logged in, it will send us directly to the main screen. Otherwise, it will send us to a page where we must enter username and password. This would be the main screen of the tool:

Above marked with a red box we have the main SpiderFoot menu:

  • Scan : it is used to make a scan of what we ask for using a series of modules and options. This is the one that we are going to discuss further.
  • Investigate : in this section we can specify an objective of our investigations and a graph is created that reflects it. It is also a payment function.
  • Monitor : to automatically monitor when new data is found. Its underlying purpose is to be notified when a new OSINT is identified. This is a payment function.
  • Configure : in this section we can configure the general options, modules, rule mapping and API key management. We also have a section called subscription in case we want to go to a paid version.
  • Help : there is a complete help in video mode. The first explains how to run a scan.

Find out everything about a user with SpiderFoot

Now we are going to see in depth the Scan section and its way of working:

Here are all the scans that have been carried out in this case 3. If we want to do something with any of them we must activate the corresponding box. In the red box you have a series of buttons that will be very useful:

  • Button with red trash icon : used to delete a scan.
  • Green icon with down arrow : used to export data in CSV, GEXF and JSON format.
  • The green icon with two circular arrows : it is used to refresh.
  • Blue button with two diagonal arrows : to compare scans.

For example, if we activate two boxes and press the blue button to compare two scans, we obtain these results:

On the other hand, if we want to do a new scan to know everything about a user, domain or e-mail, we will click on the New Scan button.

Next, a screen would appear where you could configure the options that we want that scan to have. We give it a name, the target we want it to scan, and then we change modules, options, etc. if we think it is convenient.

Then we click on Run Scan Now and it begins to scan according to the guidelines that we have assigned. The longer it is, the more accurate the results will be. In the red box you can control the scanning options, for example you could stop it if you think it is convenient.

Thanks to SpiderFoot we will be able to know everything about a user, domain, e-mail through this complete tool, if we acquire the paid version we will have many more possibilities and options to carry out OSINT to different people, and find out everything about those people.