OSINT Toolbox Talk: Creating local copies of web pages, extracting 4Chan content, and scraping Instagram location data

OSINT Tool Review

Hunting and collecting targeted open-source information with SN0INT


Hunting and collecting targeted open-source information with SN0INT Hunting and collecting targeted open-source information with SN0INT https://github.com/kpcyrd/sn0int

As far as multi-capability tools go, SN0INT is undoubtedly the Swiss Army Knife of OSINT frameworks that is both lightweight and significant in terms of output and scaleability. SN0INT is a semi-automatic framework and package manager that is primarily written in Rust – for our readers who have no idea what Rust is, it is a general-purpose programming language that is somewhat similar to C++. The SN0INT framework itself was primarily built for professionals involved in IT security who require the capability to gather intelligence against a given target and enable them to assess their attack surface. However, when looking at the range of modules included within the framework, it is clear that this tool has significant value for Digital Investigators as it can:

  • Harvest subdomains from certificate transparency logs and passive DNS
  • Enrich IP addresses with ASN and GeoIP info
  • Harvest emails from PGP Keyservers and WHOIS
  • Discover compromised logins in breaches
  • Find somebody’s profiles across the internet
  • Enumerate local networks with unique techniques like passive ARP
  • Gather information about phone numbers
  • Attempt to bypass Cloudflare with Shodan
  • Harvest data and images from Instagram profiles
  • Scan images for nudity

All that said, from a tactical Digital Investigations standpoint, several modules within SN0INT certainly add a greater amount of value to the tool including:

  • Tinder: Search for target profiles on Tinder
  • Exif: Extract all manner of Exif data from images
  • Instagram: Collect user data from Instagram profiles
  • Pornhub: Collect account and user information from Pornhub profiles
  • TikTok: Collect user data from publicly viewable TikTok profiles
  • Twilio-Lookup: Retrieve information regarding telephone numbers
  • Twitch: Collect information from Twitch streams
  • WhatsApp: Fetch public profile information from WhatsApp

The easiest option to install and deploy SN0INT is via Docker by invokingĀ docker run --rm --init -it -v "$PWD/.cache:/cache" -v "$PWD/.data:/data" kpcyrd/sn0int
via the command-line interface. From here, users can use SN0INT to build and deploy their case, then use a wide range of modules to gather information that is pertinent to their case.

What we especially like about the SN0INT framework is the developers’ attention to detail and understanding of user needs by providing a highly detailed series of instructions that can be accessed from https://sn0int.readthedocs.io/en/latest/index.html. However, we do feel that SN0INT could be a particularly tricky framework to use for any novice Docker user, the complex set of commands to run the various modules takes quite a bit of patience – but, we are highly confident that our readers will not be disappointed with SN0INT’s capabilities. That issue aside, SN0INT has searching and data extraction capabilities that cover several web sources that other OSINT tools have yet to fully provide.

To conclude, yes, SN0INT may be complex for some of our readers to run for the very first time; but, it is a highly effective framework that offers plenty of capabilities for Digital Investigators. Patience is key when it comes to learning about the various commands associated with the SN0INT framework and the Rust programming language, but patience does indeed pay off. All-in-all, we really like what SN0INT has to offer, and we can also see that it has the long-term potential to grow into a very comprehensive toolkit for Digital investigators and OSINT’ers. As such, this tool comes highly recommended.


Let's talk today Are you ready to begin discussing our range of training and capability development solutions?