Listen to this Post

Introduction:
In the rapidly evolving landscape of cybersecurity, Open Source Intelligence (OSINT) has transitioned from a niche skill to a critical competency for threat detection, digital forensics, and attack surface management. Security researcher Mario Santella, an Italian OSINT specialist with over a decade of IT and software development experience, has been at the forefront of this movement, developing and curating a powerful suite of tools that empower investigators to uncover digital traces, map risks, and stay ahead of adversaries in the open web and beyond. This article delves into Santella’s ecosystem—from AI-driven platforms like Sherlockeye to specialized utilities for email permutation and subdomain enumeration—providing a technical blueprint for integrating these resources into your own intelligence-gathering workflows.
Learning Objectives:
- Master the utilization of AI-powered OSINT platforms for rapid reconnaissance across multiple entity types (emails, domains, usernames, and phone numbers).
- Implement specialized open-source tools for social media intelligence (SOCMINT) and identity correlation across platforms like TikTok and YouTube.
- Develop practical command-line and web-based skills for subdomain discovery, attack surface mapping, and dark web monitoring to enhance penetration testing and bug bounty efforts.
You Should Know:
1. AI-Powered Reconnaissance: Mastering Sherlockeye
The cornerstone of modern OSINT is the ability to process vast amounts of data quickly. Sherlockeye, a web-based AI-powered platform reviewed by Santella, exemplifies this capability by serving as a single-pane-of-glass for investigating emails, domains, usernames, and phone numbers. Its strength lies in its enrichment logic, which combines external data sources with artificial intelligence to provide structured, actionable intelligence.
Step‑by‑step guide to using Sherlockeye effectively:
- Access the Platform: Navigate to Sherlockeye.io and create an account (note that the free plan offers limited but functional access for testing).
- Select Input Type: On the dark-themed dashboard, choose your input type from the dropdown menu—options include Auto (smart detection), Domain, IP, Phone, Username, or even Brazilian identifiers (CNPJ/CPF) for LATAM-focused investigations.
- Execute the Search: Enter the target identifier (e.g., a username like “mariosantella”) and initiate the search. The platform will display a progress indicator showing stages like “Initial data gathering” and “Systemic enrichment with AI”.
- Analyze Structured Results: Review the results, which are grouped by account type (GitHub, Trello, StackOverflow, TikTok, etc.). Each entry includes profile URLs, full names, creation dates, and comment counts, with filtering options to refine your view.
- Leverage Geospatial Data: If the search extracts location hints (common with Gmail addresses), use the Map tab to visualize geolocation data on an interactive map.
- Automate with API: For integration into larger workflows, Sherlockeye offers an API, allowing you to automate reconnaissance tasks programmatically.
Linux/Windows Commands for API Integration (Example using cURL):
Example API call to Sherlockeye (replace with actual endpoint and API key)
curl -X POST https://api.sherlockeye.io/v1/search \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"type": "username", "query": "target_user"}'
- Social Media Intelligence (SOCMINT): TikTok and YouTube Analysis
Social media platforms are goldmines of intelligence, but their APIs are often restrictive. Santella’s open-source tools address this by providing alternative methods for data collection and analysis. Two notable projects are TikSpyder and youtube-handles-fuzz.
Step‑by‑step guide for TikTok OSINT with TikSpyder:
- Set Up the Environment: TikSpyder is a Python-based tool that uses a Streamlit web interface. Clone the repository from Santella’s GitHub (link available via his LinkedIn post).
- Install Dependencies: Navigate to the project directory and install required packages:
pip install -r requirements.txt
- Configure APIs: The tool relies on SerpAPI and Apify for data scraping. Obtain API keys from these services and configure them in the environment variables or a `.env` file.
4. Launch the Interface: Run the Streamlit app:
streamlit run app.py
5. Perform Searches: Use the web interface to conduct keyword, user, or hashtag searches. The tool supports video downloads and CSV export for offline analysis.
Step‑by‑step guide for YouTube Handle Fuzzing:
1. Clone the Repository:
git clone https://github.com/mariosantella/youtube-handles-fuzz.git cd youtube-handles-fuzz
2. Run the Bulk Checker: This tool allows you to bulk-check YouTube usernames to uncover hidden profiles and extract channel IDs. Use it to track identity patterns across platforms:
python fuzz.py --handles list_of_handles.txt
3. Analyze Output: The script will output associated channel IDs and metadata, which can be cross-referenced with other OSINT findings to build comprehensive profiles.
3. Email Intelligence and Identity Correlation
Email addresses are often the linchpin of digital identities. Santella’s gmail_permutator is a Python tool designed to generate Gmail address variations, which is invaluable for OSINT profiling and account discovery.
Step‑by‑step guide for using gmail_permutator:
1. Installation:
git clone https://github.com/mariosantella/gmail_permutator.git cd gmail_permutator
2. Generate Variations: Run the script with a base username to generate common permutations (e.g., firstname.lastname, firstnamelastname, etc.):
python permutator.py --username johndoe
3. Integrate with Other Tools: Use the generated list as input for other OSINT tools or email verification services to discover associated accounts across the web.
4. Attack Surface Mapping: Subdomain Enumeration
Reconnaissance is the first phase of any penetration test or bug bounty hunt. Santella highlights tools like yup.gr, an online subdomain finder that quickly maps an organization’s attack surface.
Step‑by‑step guide for subdomain enumeration:
- Web-Based Approach: Simply visit yup.gr and enter the target domain (e.g.,
example.com). The tool will return a list of associated subdomains. - Command-Line Alternative (theHarvester): For a more comprehensive approach, use `theHarvester` on Kali Linux or any Debian-based distribution:
theHarvester -d example.com -b all
This command queries multiple sources (Baidu, Bing, Google, etc.) for emails, subdomains, and hosts.
- Analyze Results: Use the output to identify potential entry points, misconfigured services, or forgotten subdomains that could be vulnerable.
5. Dark Web Monitoring: Proactive Threat Intelligence
Staying ahead of threats means monitoring the dark web for data leaks and breaches. Santella references WhiteIntel.io, a platform that continuously monitors the dark web to safeguard information from data breaches before exploitation.
Step‑by‑step guide for dark web monitoring:
- Access the Platform: Visit WhiteIntel.io and set up monitoring for your organization’s domains or email addresses.
- Configure Alerts: Define keywords (e.g., company name, email domains) to receive real-time alerts when they appear in dark web forums or leaked databases.
- Investigate Findings: When an alert is triggered, use the platform’s interface to review the context of the leak and take appropriate remediation steps.
Linux Command for Dark Web OSINT (Darkdump):
Santella also mentions Darkdump, a command-line tool for searching the dark web:
Example search for a company name darkdump -q "companyname"
This tool queries `.onion` URLs to identify resources that may contain exposed data.
6. Continuous Learning and Resource Aggregation
Santella’s website serves as a hub for OSINT resources, including SlideShare for gathering insights about people and companies, and a collection of free tools.
Step‑by‑step guide to building an OSINT toolkit:
- Bookmark Key Resources: Start with Santella’s resource page mariosantella.com and explore the “Resources” section for free tools.
- Follow Thought Leaders: Engage with the OSINT community on LinkedIn and GitHub. Santella’s activity, such as sharing tools like TikSpyder and Subdomain Finder, provides a continuous stream of new techniques.
- Practice Regularly: Use platforms like OSINT.ROCKS to discover new resources and test your skills in a controlled environment.
What Undercode Say:
- Key Takeaway 1: The integration of AI into OSINT tools like Sherlockeye significantly reduces the time required for reconnaissance, allowing analysts to focus on interpretation rather than data collection.
- Key Takeaway 2: Open-source tools developed by the community, such as Santella’s gmail_permutator and youtube-handles-fuzz, provide cost-effective alternatives to expensive commercial solutions, democratizing access to advanced intelligence capabilities.
Analysis: Mario Santella’s contributions highlight a crucial shift in cybersecurity: the move from reactive defense to proactive intelligence. By leveraging AI and automation, OSINT practitioners can now conduct investigations that were previously manual and time-consuming. However, the effectiveness of these tools depends on the analyst’s ability to interpret results critically—AI can surface data, but human judgment is still essential for contextualizing threats. Furthermore, the proliferation of such tools underscores the need for ethical guidelines, as the line between intelligence gathering and privacy intrusion can easily blur.
Prediction:
- +1 The democratization of AI-powered OSINT tools will lead to a more level playing field, enabling smaller organizations and independent researchers to conduct sophisticated threat intelligence operations previously reserved for well-funded entities.
- +1 As SOCMINT tools like TikSpyder evolve, we will see a greater emphasis on real-time social media monitoring, allowing for faster response to emerging threats like disinformation campaigns and coordinated inauthentic behavior.
- -1 The ease of access to advanced OSINT tools will also lower the barrier for malicious actors, potentially leading to an increase in targeted social engineering attacks and privacy violations.
- -1 Regulatory bodies may respond to the growing capabilities of OSINT with stricter data protection laws, which could limit the functionality of some tools and create compliance challenges for legitimate investigators.
▶️ Related Video (80% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Mariosantella Osint – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


