PhoneInfoga – Advanced information gathering & OSINT framework for phone numbers
PhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier, and line type on any international phone numbers with very good accuracy. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.
Features
- Check if phone number exists and is possible
- Gather standard informations such as country, line type and carrier
- OSINT footprinting using external APIs, Google Hacking, phone books & search engines
- Check for reputation reports, social media, disposable numbers and more
- Scan several numbers at once
- Use custom formatting for more effective OSINT reconnaissance
- NEW: Serve a web client along with a REST API to run scans from the browser
- NEW: Run your own web instance as a service
- NEW: Programmatic usage with Go modules
Anti-features
- Does not claim to provide relevant or verified data, it’s just a tool !
- Does not allow to “track” a phone or its owner in real time
- Does not allow to get the precise phone location
- Does not allow to hack a phone
Current status
This project is under active development but is stable and production-ready. Numverify scan is pointless on demo instance because my server’s IP got blocked due to spam. Roadmap is here.
This project has recently been rewritten in Go language (previously Python). Why ? To improve code base, maintainability, have a stronger test suite and be able to compile code base. PhoneInfoga v2 brings new features such as serving a REST API and a web client. Usage of scanners was improved in order to drop usage of Selenium/Geckodriver which has caused many users to have troubleshot using the tool. You can still use the legacy version in tag v1.11 and the legacy Docker image (sundowndev/phoneinfoga:legacy). Some features were not included in the v2 MVP such as input/output CLI options. The roadmap of the project changed so we can focus on the web client features such as downloading scan results as CSV, Instagram/Whatsapp lookup, and more. Version 2 does not scan Google results anymore, read more.
Documentation • API documentation • Demo instance • Related blog post
Installation
To install PhoneInfoga, you’ll need to download the binary or build the software from its source code.
For now, only Linux and MacOS are supported. If you don’t see your OS/arch on the release page on GitHub, it means it’s not explicitly supported. You can always build from source by yourself. Want your OS to be supported ? Please open an issue on GitHub.
Binary installation (recommended)
Follow the instructions :
- Go to release page on GitHub
- Choose your OS and architecture
- Download the archive, extract the binary then run it in a terminal
You can also do it from the terminal:
# Download the archive
curl -L "https://github.com/sundowndev/phoneinfoga/releases/download/v2.0.8/phoneinfoga_$(uname -s)_$(uname -m).tar.gz" -o phoneinfoga.tar.gz
# Extract the binary
tar xfv phoneinfoga.tar.gz
# Run the software
./phoneinfoga --help
# You can install it globally
mv ./phoneinfoga /usr/bin/phoneinfogaIf the installation fails, it probably means your OS/arch is not suppored.
Please check the output of echo "$(uname -s)_$(uname -m)" in your terminal and see if it’s available on the GitHub release page.
Using Docker
From docker hub
You can pull the repository directly from Docker hub
docker pull sundowndev/phoneinfoga:latestThen run the tool
docker run --rm -it sundowndev/phoneinfoga versionDocker-compose
You can use a single docker-compose file to run the tool without downloading the source code.
version: '3.7'
services:
phoneinfoga:
container_name: phoneinfoga
restart: on-failure
image: phoneinfoga:latest
command: serve
ports:
- "80:5000"From the source code
You can download the source code, then build the docker images
Build
Build the image
docker-compose buildCLI usage
docker-compose run --rm phoneinfoga --helpRun web services
docker-compose up -dDISABLE WEB CLIENT
Edit docker-compose.yml and add the --no-client option
# docker-compose.yml
command: "serve --no-client"Troubleshooting
All output is sent to stdout so it can be inspected by running:
docker logs -f <container-id|container-name>Getting started
Here is the documentation for CLI usage of the tool.
$ phoneinfoga
PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources.
Usage:
phoneinfoga [command]
Available Commands:
help Help about any command
scan Scan a phone number
serve Serve web client
version Print current version of the tool
Flags:
-h, --help help for phoneinfoga
Use "phoneinfoga [command] --help" for more information about a command.Basic scan
phoneinfoga scan -n "+1 (555) 444-1212"
phoneinfoga scan -n "+33 06 79368229"
phoneinfoga scan -n "33679368229"Country code and special chars such as ( ) - + will be escaped so typing US-based numbers stay easy :
phoneinfoga scan -n "+1 555-444-3333"Note that the country code is essential. You don’t know which country code to use ? Find it here
Available scanners
- Numverify
- Google search
- OVH
Numverify provide standard but useful informations such as number’s country code, location, line type and carrier.
OVH is, besides being a web and cloud hosting company, a telecom provider with several VoIP numbers in Europe. Thanks to their API-key free REST API, we are able to tell if a number is owned by OVH Telecom or not.
Google search uses Google search engine and Google Dorks to search phone number’s footprints everywhere on the web. It allows you to search for scam reports, social media profiles, documents and more. This scanner does only one thing: generating several Google search links from a given phone number. You then have to manually open them in your browser to see results. You may therefore have links that do not return any results.
Launch web client & REST API
Run the tool through a REST API with a web client. The API has been written in Go and web client in Vue.js.
phoneinfoga serve
phoneinfoga serve -p 8080 # default port is 5000You should then be able to see the web client at http://localhost:<port>.
Run the REST API only
You can choose to only run the REST API without the graphical interface :
phoneinfoga serve --no-client