PhoneInfoga - Advanced information gathering & OSINT framework for phone numbers

PhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier, and line type on any international phone numbers with very good accuracy. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.

Features

  • Check if phone number exists and is possible
  • Gather standard informations such as country, line type and carrier
  • OSINT footprinting using external APIs, Google Hacking, phone books & search engines
  • Check for reputation reports, social media, disposable numbers and more
  • Scan several numbers at once
  • Use custom formatting for more effective OSINT reconnaissance
  • NEW: Serve a web client along with a REST API to run scans from the browser
  • NEW: Run your own web instance as a service
  • NEW: Programmatic usage with Go modules

Anti-features

  • Does not claim to provide relevant or verified data, it's just a tool !
  • Does not allow to "track" a phone or its owner in real time
  • Does not allow to get the precise phone location
  • Does not allow to hack a phone

Current status

This project is under active development but is stable and production-ready. Numverify scan is pointless on demo instance because my server's IP got blocked due to spam. Roadmap is here.

This project has recently been rewritten in Go language (previously Python). Why ? To improve code base, maintainability, have a stronger test suite and be able to compile code base. PhoneInfoga v2 brings new features such as serving a REST API and a web client. Usage of scanners was improved in order to drop usage of Selenium/Geckodriver which has caused many users to have troubleshot using the tool. You can still use the legacy version in tag v1.11 and the legacy Docker image (sundowndev/phoneinfoga:legacy). Some features were not included in the v2 MVP such as input/output CLI options. The roadmap of the project changed so we can focus on the web client features such as downloading scan results as CSV, Instagram/Whatsapp lookup, and more. Version 2 does not scan Google results anymore, read more.

DocumentationAPI documentationDemo instanceRelated blog post

Installation

To install PhoneInfoga, you'll need to download the binary or build the software from its source code.

For now, only Linux and MacOS are supported. If you don't see your OS/arch on the release page on GitHub, it means it's not explicitly supported. You can always build from source by yourself. Want your OS to be supported ? Please open an issue on GitHub.

Binary installation (recommended)

Follow the instructions :

  • Go to release page on GitHub
  • Choose your OS and architecture
  • Download the archive, extract the binary then run it in a terminal

You can also do it from the terminal:

# Download the archive
curl -L "https://github.com/sundowndev/phoneinfoga/releases/download/v2.0.8/phoneinfoga_$(uname -s)_$(uname -m).tar.gz" -o phoneinfoga.tar.gz

# Extract the binary
tar xfv phoneinfoga.tar.gz

# Run the software
./phoneinfoga --help

# You can install it globally
mv ./phoneinfoga /usr/bin/phoneinfoga

If the installation fails, it probably means your OS/arch is not suppored.

Please check the output of echo "$(uname -s)_$(uname -m)" in your terminal and see if it's available on the GitHub release page.

Using Docker

From docker hub

You can pull the repository directly from Docker hub

docker pull sundowndev/phoneinfoga:latest

Then run the tool

docker run --rm -it sundowndev/phoneinfoga version

Docker-compose

You can use a single docker-compose file to run the tool without downloading the source code.

version: '3.7'

services:
    phoneinfoga:
      container_name: phoneinfoga
      restart: on-failure
      image: phoneinfoga:latest
      command: serve
      ports:
        - "80:5000"

From the source code

You can download the source code, then build the docker images

Build

Build the image

docker-compose build

CLI usage

docker-compose run --rm phoneinfoga --help

Run web services

docker-compose up -d

DISABLE WEB CLIENT

Edit docker-compose.yml and add the --no-client option

# docker-compose.yml
command: "serve --no-client"

Troubleshooting

All output is sent to stdout so it can be inspected by running:

docker logs -f <container-id|container-name>

Getting started

Here is the documentation for CLI usage of the tool.

$ phoneinfoga

PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources.

Usage:
  phoneinfoga [command]

Available Commands:
  help        Help about any command
  scan        Scan a phone number
  serve       Serve web client
  version     Print current version of the tool

Flags:
  -h, --help   help for phoneinfoga

Use "phoneinfoga [command] --help" for more information about a command.

Basic scan

phoneinfoga scan -n "+1 (555) 444-1212"
phoneinfoga scan -n "+33 06 79368229"
phoneinfoga scan -n "33679368229"

Country code and special chars such as ( ) - + will be escaped so typing US-based numbers stay easy :

phoneinfoga scan -n "+1 555-444-3333"

Note that the country code is essential. You don't know which country code to use ? Find it here

Available scanners

  • Numverify
  • Google search
  • OVH

Numverify provide standard but useful informations such as number's country code, location, line type and carrier.

OVH is, besides being a web and cloud hosting company, a telecom provider with several VoIP numbers in Europe. Thanks to their API-key free REST API, we are able to tell if a number is owned by OVH Telecom or not.

Google search uses Google search engine and Google Dorks to search phone number's footprints everywhere on the web. It allows you to search for scam reports, social media profiles, documents and more. This scanner does only one thing: generating several Google search links from a given phone number. You then have to manually open them in your browser to see results. You may therefore have links that do not return any results.

Launch web client & REST API

Run the tool through a REST API with a web client. The API has been written in Go and web client in Vue.js.

phoneinfoga serve
phoneinfoga serve -p 8080 # default port is 5000

You should then be able to see the web client at http://localhost:<port>.

Run the REST API only

You can choose to only run the REST API without the graphical interface :

phoneinfoga serve --no-client

Demo: https://demo.phoneinfoga.crvx.fr

More: https://github.com/sundowndev/PhoneInfoga

May 28, 2020
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013