Last Updated on 2 weeks by NovaTraceHQ

When working on scam investigations or phishing analysis, I rely on a growing toolkit of OSINT tools — some browser-based, some CLI-based. Here’s a breakdown of the tools I use the most and real examples of how they’ve helped.

Sometimes, the simplest moments hold the deepest wisdom. Let your thoughts settle, and clarity will find you.

Google Dorking

Google Dorking, or Google hacking, is an OSINT technique that uses advanced search operators to find information hidden in plain sight. By combining keywords with operators like site:, filetype:, intitle:, and inurl:, you can filter results to uncover data more efficiently than a basic search.

For example, site:linkedin.com “Security Analyst” can help locate public LinkedIn profiles, while filetype:pdf site:example.com finds PDFs on a specific domain. Chaining multiple operators allows investigators to zero in on valuable intelligence for reconnaissance, research, or security assessments.

When used ethically, Google Dorking is a legitimate way to identify publicly accessible information and highlight potential security risks. However, attempting to access private or restricted content without permission is illegal—so always operate within the law.

Have I Been Pwned (HIBP)

One of the most useful tools for investigating data breaches is Have I Been Pwned. It’s a free service that allows anyone to check if an email address or username has appeared in a known breach. For OSINT practitioners, it’s often the first stop when looking into account compromises, scam investigations, or brand security checks.

_{^{“Image from Have I Been Pwned (haveibeenpwned.com)”}}

Using HIBP is simple: enter an email address, and the site will show if it has been exposed in any public breaches. It also lists the breach source (like LinkedIn, Dropbox, or smaller forums) and what type of data was leaked (emails, passwords, phone numbers, etc.). This helps determine the risk level and how the account might have been used in scams or phishing campaigns.

For deeper work, HIBP offers a “Paste” search (looking at data dumps shared online) and an API for automation. While the tool doesn’t provide passwords, it gives enough context to understand whether an account has been compromised and how attackers could have exploited it.

In OSINT, this tool is especially valuable when researching targets, identifying exposure in scams, or verifying if a company’s employees may be at risk. It’s quick, reliable, and an essential part of any investigator’s toolkit.

_{⚠️ Disclaimer: Have I Been Pwned is a powerful and widely used resource, but it is not the only tool available for breach checks and account exposure analysis. Investigators should consider using multiple sources and methods for a more complete picture.}