OSINT Search Techniques Exploring LinkedIn, Illicit Services, and Dehashed for Information Gathering


Open Source Intelligence (OSINT) is an increasingly popular method for gathering information. In this blog, we will explore the use of LinkedIn, Illicit Services, and Dehashed for OSINT purposes. We will also discuss ethical and legal considerations for using these techniques.

I. Identifying a Company for the Proof of Concept (POC)

For this blog, we will use Ronin Innovations Group as the company to demonstrate the effectiveness of OSINT techniques. Ronin Innovations Group is a technology company that specialises in innovative solutions for industries like healthcare, finance, and telecommunications. With a global presence and a focus on research and development, Ronin Innovations Group is an ideal target for OSINT investigations.

II. Gathering Information from LinkedIn

A. Utilising Search Filters and Advanced Techniques

LinkedIn is a valuable tool for gathering information about a company’s employees. By using search filters and advanced techniques, we can identify specific industries and job titles.

Results of LinkedIn Scraping

We used the LinkedInDumper tool to scrape employee data from LinkedIn. This tool was able to identify over 1,000 active Ronin Innovations Group employees on LinkedIn. However, due to limitations, only 65 employee accounts were exported. This is because LinkedIn restricts the number of search results to the first 1,000, and not all employee profiles may be public. The LinkedInDumper tool only displays public profiles, so private or default profiles are not included. Additionally, some profiles may have challenging names to filter out. It’s important to note that the LinkedInDumper tool uses an unofficial API and may have limitations in data extraction.

Snippet Excel output of LinkedIn Dumper

III. Exploring Illicit Services

Illicit Services are services available on the dark web that can be used for gathering personal and sensitive information. However, using these services can expose individuals to legal and personal risks. It’s essential to consider the legal implications and exercise caution when using them for OSINT investigations.

A. Risks and Legal Implications

Using Illicit Services for OSINT purposes can violate various laws and regulations, including data privacy and intellectual property laws. It’s crucial to understand the legal implications before accessing these services. Additionally, using these services can result in personal risks, such as the exposure of sensitive information or becoming a victim of cybercrime.

B. Results of OSINT with Illicit Services

By utilising the Illicit-Services-Enum-Script, we conducted an enumeration of accounts based on our search criteria, resulting in the initial identification of 40 accounts. Through manual examination, we validated an additional 14 active employee accounts at Ronin Innovations Group. These accounts were seamlessly integrated into the LinkedInDumper results, resulting in a total of 79 identified accounts that met our OSINT research objectives.

python3 illicit-services.py –email test@RoninInnovationsGroup.org –max-request –email_domain RoninInnovationsGroup.org

Validated Illicit Active Employee List

During the OSINT investigation of Ronin Innovations Group, we uncovered extensive personal information on employee Haley. Her LinkedIn profile provided details on her employment, gender, location, inferred salary, and various social media usernames and contact information. Further research revealed additional information, including her attendance at the University of Toledo and her Twitter username. An online search also uncovered Haley’s address and vehicle information. The investigation also yielded some information on employees Drew and Diana, including their contact information and employment details at Ronin Innovations Group.

Illicit Search result for Haley

Haley’s University to match Illicit search result for school email

Haley’s Phone Number Query providing car make, model, & VIN

While Illicit Services can provide valuable data for OSINT investigations, it’s important to consider the risks and legal implications associated with accessing these services. Use caution and ensure that you only use these services for lawful and ethical purposes.

IV. Leveraging Dehashed for OSINT Investigations

A. Introduction to Dehashed

Dehashed is a paid data breach search engine that can be used to find leaked credentials and sensitive information. We used a combination of the Dehashed Query and Crack and the dehashQuery tool for this investigation.

B. Benefits and Limitations

Using Dehashed for OSINT investigations can provide valuable data, but it’s important to consider the accuracy and completeness of the information obtained. Dehashed is a paid service and requires a subscription to access all features.

C. Results of Dehashed Investigation

The results from Dehashed for the Ronin Innovations Group investigation included 14 cracked hashes and 20 uncracked hashes. However, these were not relevant to the investigation as they were associated with ex-employees. Dehashed also helped us confirm the match and current address of a phone number collected from Illicit Services for Diana.

Diana’s Phone query on Dehashed

V. Combining Techniques and Analysing the Gathered Information

A. Applying Techniques to the Chosen Target

To effectively gather information about potential targets for a phishing campaign, it’s crucial to apply the techniques discussed in this blog. In this case, the chosen target is Ronin Innovations Group. We obtained the following information using OSINT techniques:

  • 79 active employees identified on LinkedIn, including their usernames on Facebook and LinkedIn, email addresses, phone numbers, locations, inferred salaries, and employment details at Ronin Innovations Group.
  • LinkedIn profiles of specific employees at Ronin Innovations Group, including additional details such as gender, inferred salaries, and employment details. Additional information was obtained about their locations, education, and Twitter usernames.
  • Results from Dehashed investigation helped us confirm the match and current address of a phone number collected from Illicit Services for Diana.

By combining and analysing this information, an attacker could create a list of potential targets for a phishing campaign. It would be strategic to target employees in higher positions or departments like finance or human resources. With the information obtained, an attacker could personalise their phishing campaign, increasing the chances of success. It’s important to consider ethical considerations and obtain consent when conducting OSINT investigations.

Countermeasures and Defence Strategies

  • Strengthen privacy settings: Configure privacy settings on social media accounts and online platforms to limit the exposure of personal and sensitive information.
  • Educate employees: Conduct regular training sessions to educate employees about phishing attempts, social engineering tactics, and the importance of protecting sensitive information.
  • Implement a robust cybersecurity policy: Develop and enforce a comprehensive cybersecurity policy that includes guidelines on password management, access control, and data protection.
  • Monitor online presence: Regularly monitor your online presence to identify and address potential vulnerabilities, such as exposed sensitive data or unauthorised access to accounts.


Using LinkedIn, Illicit Services, and Dehashed for OSINT investigations can provide valuable data. However, ethical and legal considerations must be taken into account. These techniques should be used responsibly and with caution. Research and understand the applicable laws and regulations before conducting OSINT investigations. Obtain proper consent when necessary and do not use these techniques for malicious purposes.

This website uses cookies. By continuing to use this site, you accept our use of cookies.  Learn more