ZeroTrace OSINT
People & Identity
Find a person across the open web — username sweeps, email analysis, phone lookups, breach checks, permutators, and a full investigation composer.
The People & Identity discipline is where most OSINT work that touches an actual human happens. The toolkit's identity tools share a unifying assumption: every identifier (username, email, phone, alias) maps onto multiple other identifiers, and the investigation is the act of walking the graph.
The tools in this section are designed to feed each other:
- Username in → email permutator → candidate emails out.
- Email in → breach lookup → corroborating breach hits out.
- Email in → email analyzer → carrier and reputation out.
- Email local-part in → username sweep → cross-platform identity out.
- Phone in → carrier and country → cultural context for the rest.
The person-investigation composer ties all of this together as one workflow.
What's in this section
| Tool | What it does | Best when |
|---|---|---|
| Username search | Sweep a username across thirty-plus platforms with profile-photo and last-active hints | Starting from a handle. Cross-platform identity matching. |
| Email analysis | Parts, MX, disposable check, provider reputation, role-account flag, SPF / DMARC verdict, Gravatar | Triage of a single email. Authenticity check. |
| Phone lookup | E.164 parsing, country, carrier, line type, timezone, dial-out format | Triage of a phone. Country / region context. |
| Breach lookup | k-anonymity HIBP check, breach domain list, last-modified | Confirming an email or password appears in known breaches. |
| Permutators | Generate email and username variants for a person | Building target lists for username sweeps and verification. |
| Person investigation | Compose every identity tool around a single subject; auto-create a profile | The full workflow tool. Use when you have multiple identifiers and want one place to investigate from. |
Authorisation matters. Identity investigation is the area where the law most often constrains what is permissible. Use these tools only against subjects you have a lawful reason to investigate — research, authorised due diligence, your own infrastructure. See Field Practice → Legal & Ethics for guidance.
Common starting points
| You have... | Best first tool |
|---|---|
| A real name | Person investigation composer |
| An email | Email analysis (then breach lookup, then username sweep with the local-part) |
| A phone | Phone lookup |
| A username / handle | Username search |
| An alias you suspect is the same person as another | Permutators (generate variants), then username sweep |
Privacy note for investigators
Every tool in this section runs locally. Your queries against haveibeenpwned.com, username platforms, and country phone catalogs go from your machine to those services — they do not pass through ZeroTrace. There is no central log of "who searched for whom" because there is no central anything.
This matters because identity investigation often involves sensitive subjects. The toolkit is designed so that the only person who ever knows what you searched for is you.
What this section does not cover
- Face recognition. ZeroTrace OSINT deliberately does not ship face-recognition or biometric-matching capabilities. The legal and ethical risks outweigh the OSINT value, and the available implementations of either are commercially-licensed services we will not subsidise.
- Paid people-search aggregators. PimEyes, Spokeo paid, BeenVerified paid, and similar — out of scope. The toolkit uses free public sources only.
- Active social-engineering tooling. No phishing-page generators, no pretexting templates, no message-fabrication tools. The toolkit is for finding, not for contacting under a false pretence.