ZeroTrace OSINT
People & Identity
Find a person across the open web, username sweeps, email analysis, phone lookups, breach checks, and permutators, with every finding pinned to an investigation profile.
The People & Identity discipline is where most OSINT work that touches an actual human happens. The toolkit's identity tools share a unifying assumption: every identifier (username, email, phone, alias) maps onto multiple other identifiers, and the investigation is the act of walking the graph.
The tools in this section are designed to feed each other:
- Username in → email permutator → candidate emails out.
- Email in → breach lookup → corroborating breach hits out.
- Email in → email analyzer → carrier and reputation out.
- Email local-part in → username sweep → cross-platform identity out.
- Phone in → carrier and country → cultural context for the rest.
Run them in sequence and attach every finding to an investigation profile, which ties the work together into one sourced case file.
What's in this section
| Tool | What it does | Best when |
|---|---|---|
| Username search | Sweep a username across fifty-plus platforms with profile-photo and last-active hints | Starting from a handle. Cross-platform identity matching. |
| Email analysis | Parts, MX, disposable check, provider reputation, role-account flag, SPF / DMARC verdict, Gravatar | Triage of a single email. Authenticity check. |
| Phone lookup | E.164 parsing, country, carrier, line type, timezone, dial-out format | Triage of a phone. Country / region context. |
| Breach lookup | k-anonymity HIBP check, breach domain list, last-modified | Confirming an email or password appears in known breaches. |
| Permutators | Generate email and username variants for a person | Building target lists for username sweeps and verification. |
Tie the results together by attaching each finding to an investigation profile, the toolkit's case-file system.
Authorisation matters. Identity investigation is the area where the law most often constrains what is permissible. Use these tools only against subjects you have a lawful reason to investigate, research, authorised due diligence, your own infrastructure. See Field Practice → Legal & Ethics for guidance.
Common starting points
| You have... | Best first tool |
|---|---|
| A real name | Permutators (generate handle / email variants), then username sweep, attach hits to a profile |
| An email | Email analysis (then breach lookup, then username sweep with the local-part) |
| A phone | Phone lookup |
| A username / handle | Username search |
| An alias you suspect is the same person as another | Permutators (generate variants), then username sweep |
Privacy note for investigators
Every tool in this section runs locally. Your queries against haveibeenpwned.com, username platforms, and country phone catalogs go from your machine to those services, they do not pass through ZeroTrace. There is no central log of "who searched for whom" because there is no central anything.
This matters because identity investigation often involves sensitive subjects. The toolkit is designed so that the only person who ever knows what you searched for is you.
What this section does not cover
- Face recognition. ZeroTrace OSINT deliberately does not ship face-recognition or biometric-matching capabilities. The legal and ethical risks outweigh the OSINT value, and the available implementations of either are commercially-licensed services we will not subsidise.
- Paid people-search aggregators. PimEyes, Spokeo paid, BeenVerified paid, and similar, out of scope. The toolkit uses free public sources only.
- Active social-engineering tooling. No phishing-page generators, no pretexting templates, no message-fabrication tools. The toolkit is for finding, not for contacting under a false pretence.