How to search for information by phone number
PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.
PhoneInfoga features are as follows:
- Check if phone number exists and is possible
- Gather standard informations such as country, line type and carrier
- OSINT footprinting using external APIs, Google Hacking, phone books & search engines
- Check for reputation reports, social media, disposable numbers and more
- Scan several numbers at once
- Use custom formatting for more effective OSINT reconnaissance
- Automatic footprinting on several custom formats
How to install PhoneInfoga on Kali Linux
The program uses Geckodriver, so start by installing Geckodriver with the following commands:
wget -O geckodriver-linux64.tar.gz echo "https://github.com/`curl -s https://github.com/mozilla/geckodriver/releases | grep -E -o '/mozilla/geckodriver/releases/download/[a-z0-9/.-]{5,}linux64.tar.gz' | head -n 1`" tar xvzf geckodriver-linux64.tar.gz sudo mv geckodriver /bin
Then download the source code and install the PhoneInfoga dependencies:
git clone https://github.com/sundowndev/PhoneInfoga cd PhoneInfoga/ python3 -m pip install -r requirements.txt --user cp config.example.py config.py python3 phoneinfoga.py -v
Dealing with Google captcha
During its searches, the program actively googles. Therefore, Google begins to show the captcha. At this time, the program is displayed
(!) You are temporary blacklisted from Google search. Complete the captcha then press ENTER.
If you check 1-2 phone numbers, then this will not be a problem for you. If you check a lot of numbers, solving the captcha becomes tedious.
We need to get 2 identifiers. One of them is called CX id, and the second is called the CSE API key. If you do not want to do this, you can skip this section (proceed to the next header) – you can use PhoneInfoga without these keys.
Let’s consider getting the keys to search on Google using the API.
How to get CX id
Go to https://cse.google.com/cse/create/new to create a new search engine
Fill the form with a fake domain site like example.com
Select English as language
Give any name to your search engine and click on Create button
Go to https://cse.google.com/cse/all again and click on the search engine you just created.
Select all entries in "Sites to search" and delete them
Turn "Search the entire web" to ON
Click on the "Search engine ID" button and copy your search engine id. This is the value for google_cx_id field in config.py file.
Getting CSE API key
Go to https://console.developers.google.com/apis/credentials
Click on “Create Credentials” and select “API Key”:
It will also need to be enabled:
Now in the PhoneInfoga folder open the config.py file:
gedit config.py
And copy both keys there.
Formatting phone numbers
The tool only accepts E164 and International formats as input.
- E164: +3396360XXXX
- International: +33 9 63 60 XX XX
- National: 09 63 60 XX XX
- RFC3966: tel:+33-9-63-60-XX-XX
- Out-of-country format from US: 011 33 9 63 60 XX XX
E.164 formatting for phone numbers entails the following:
- A + (plus) sign
- International Country Calling code
- Local Area code
- Local Phone number
For example, here’s a US-based number in standard local formatting: (415) 555-2671
Here’s the same phone number in E.164 formatting: +14155552671
In the UK, and many other countries internationally, local dialing may require the addition of a '0' in front of the subscriber number. With E.164 formatting, this '0' must usually be removed.
For example, here’s a UK-based number in standard local formatting: 020 7183 8750
Here’s the same phone number in E.164 formatting: +442071838750
Custom formatting
Sometimes the phone number has footprints but is used with a different formatting. This is a problem because for example if we search for "+15417543010", we'll not find web pages that write it that way : "(541) 754–3010". So the tool use a (optional) custom formatting given by the user to find further and more accurate results. To use this feature properly and make the results more valuable, try to use a format that someone of the number' country would usually use to share the phone number online.
For example, French people usually write numbers that way online : 06.20.30.40.50 or 06 20 30 40 50.
For US-based numbers, the most common format is : 543-456-1234.
Examples
Here are some examples of custom formatting for US-based phone numbers :
- +1 618-555-xxxx
- (+1)618-555-xxxx
- +1/618-555-xxxx
- (618) 555xxxx
- (618) 555-xxxx
- (618) 555.xxxx
- (618)555xxxx
- (618)555-xxxx
- (618)555.xxxx
For European countries (France as example) :
- +3301 86 48 xx xx
- +33018648xxxx
- +33018 648 xxx x
- (0033)018648xxxx
- (+33)018 648 xxx x
- +33/018648xxxx
- (0033)018 648 xxx x
- +33018-648-xxx-x
- (+33)018648xxxx
- (+33)01 86 48 xx xx
- +33/018-648-xxx-x
- +33/01-86-48-xx-xx
- +3301-86-48-xx-xx
- (0033)01 86 48 xx xx
- +33/01 86 48 xx xx
- (+33)018-648-xxx-x
- (+33)01-86-48-xx-xx
- (0033)01-86-48-xx-xx
- (0033)018-648-xxx-x
- +33/018 648 xxx x
How to use PhoneInfoga
So, we got to know that you need to use the E164 format, which is nothing more than a phone number in which “8” is replaced by “+7”, and also all spaces, hyphens, brackets and any other characters except numbers are removed. Example number in this format: +74959999999
To search by phone number, use the -n option, after which you need to specify the number in the international format:
python3 phoneinfoga.py -n "+74959999999"
The data sources in PhoneInfoga are divided into groups called “scanners”. It is not possible to search using a specific scanner. To do this, specify its name after the -s option.
If not specified, then the default value is all, that is, all scanners.
Available scanners:
- numverify
- ovh
- footprints
numverify provides standard but useful information such as country code, location, line type, and carrier.
Example:
[!] ---- Fetching informations for 74959999999 ---- [!] [*] Running local scan... [+] International format: +7 495 999-99-99 [+] Local format: 4959999999 [+] Country found: Russia (+7) [+] City/Area: Moscow [+] Carrier: [+] Timezone: Europe/Moscow [i] The number is valid and possible. [*] Running Numverify.com scan... [+] Number: (+7) 84959999999 [+] Country: Russian Federation (RU) [+] Location: Moskva [+] Carrier: [+] Line type: landline (!) This is most likely a landline, but it can still be a fixed VoIP number.
The ovh scanner uses the OVH Telecom API to determine if this company has a VoIP number.
The footprints scanner uses the Google search engine and Google dorks to search for phone numbers across the Internet. This allows you to search for fraud reports, social media profiles, documents and more.
Sometimes the program asks questions:
- Would you like to use an additional format for this number? (y/n)
- Would you like to search for temporary number providers footprints? (Y/n)
- Would you like to rerun OSINT scan? (e.g. to use a different format) (y / N)
Checking multiple numbers and saving the results to a file
The program supports checking multiple numbers. They need to be saved to a file – one number per line and specify the path to this file after the -i option. To save the results to a file, specify the file name after the -o option. To disable color, use the --no-ansi flag:
python3 phoneinfoga.py -i numbers.txt -o results.txt --no-ansi
The input file must contain one phone number per line. Invalid numbers will be skipped.
Footprinting Search
If you are not interested in information about the country, the carrier and other similar data, then with the -s option you can only enable footprints scan:
python3 phoneinfoga.py -n +42837544833 -s footprints
Custom format reconnaissance
You do not know where to look and what user format to use? Let the tool try several custom formats based on your country code.
python3 phoneinfoga.py -n +42837544833 -s any --recon
Resources
Footprinting
Both free and premium resources are included. Be careful, the listing of a data source here does not mean it has been verified or is used in the tool. Data might be false. Use it as an OSINT framework.
Reputation / fraud
- scamcallfighters.com
- signal-arnaques.com
- whosenumber.info
- findwhocallsme.com
- yellowpages.ca
- phonenumbers.ie
- who-calledme.com
- usphonesearch.net
- whocalled.us
- quinumero.info
Disposable numbers
- receive-sms-online.com
- receive-sms-now.com
- hs3x.com
- twilio.com
- freesmsverification.com
- freeonlinephone.org
- sms-receive.net
- smsreceivefree.com
- receive-a-sms.com
- receivefreesms.com
- freephonenum.com
- receive-smss.com
- receivetxt.com
- temp-mails.com
- receive-sms.com
- receivesmsonline.net
- receivefreesms.com
- sms-receive.net
- pinger.com (=> textnow.com)
- receive-a-sms.com
- k7.net
- kall8.com
- faxaway.com
- receivesmsonline.com
- receive-sms-online.info
- sellaite.com
- getfreesmsnumber.com
- smsreceiving.com
- smstibo.com
- catchsms.com
- freesmscode.com
- smsreceiveonline.com
- smslisten.com
- sms.sellaite.com
- smslive.co
Individuals
- True People
- Fast People
- Background Check
- Pipl
- Spytox
- Makelia
- IvyCall
- PhoneSearch
- 411
- USPhone
- WP Plus
- Thats Them
- True Caller
- Sync.me
- WhoCallsMe
- ZabaSearch
- DexKnows
- WeLeakInfo
- OK Caller
- SearchBug
- numinfo.net
Google dork examples
insubject:"+XXXXXXXXX" OR insubject:"+XXXXX" OR insubject:"XXXXX XXX XXX" insubject:"XXXXXXXXX" OR intitle:"XXXXXXXXX" intext:"XXXXXXXXX" AND (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:sxw OR ext:psw OR ext:ppt OR ext:pptx OR ext:pps OR ext:csv OR ext:txt OR ext:html) site:"hs3x.com" "+XXXXXXXXX" site:signal-arnaques.com intext:"XXXXXXXXX" intitle:" | Phone Fraud"
Related articles:
- TIDoS-Framework: Web Application Information Gathering and Manual Scanning Platform (100%)
- How to search subdomains and build graphs of network structure with Amass (100%)
- Revealing the perimeter (CASE) (100%)
- badKarma: Advanced Network Reconnaissance Assistant (81.6%)
- Text sniffing by the sound of the pressed buttons (81.6%)
- How to find out the Autonomous system on the IP and how to find out all the Autonomous System IPs (RANDOM - 50%)