The “I Know Nothing” Guide to Finding Anything Online
The “I Know Nothing” Guide to Finding Anything Online
One-Line Flow: Paste something → get everything connected to it → feel like you work for the FBI
Why this matters:
Someone just leaked your email in a data breach. Your ex has a secret Instagram. That “legit business” asking for your money has a sketchy digital footprint. The internet remembers everything — and now you can find it too. No coding. No hacking skills. Just copy, paste, and watch the magic happen.
The 60-Second Win
Before we go deeper — prove this works to yourself right now.
- Open haveibeenpwned.com
- Paste your email
- See every data breach you’re in
That uncomfortable feeling? That’s called awareness. Now imagine having that power for any email, any username, any website.
🧰 TIER 0: Paste & Click Tools (Zero Install, Zero Skill)
These work in your browser. No downloads. No accounts. No patience required.
| Tool | What You Paste | What You Get |
|---|---|---|
| WhatsMyName | Any username | Every account using that name across 600+ sites |
| Web-Check | Any website URL | 40+ intel points: IP, tech stack, DNS, trackers, SSL |
| Have I Been Pwned | Any email | Every data breach that email appeared in |
| Epieos | Email or phone | All linked accounts (140+ services) — stealth mode |
| DorkGPT | What you want to find | Auto-generates the perfect Google search hack |
| TinEye | Any image | Where else that image exists online |
| DNS Dumpster | Any domain | Visual map of subdomains + DNS records |
| URLScan.io | Any URL | Scans the site, shows everything it secretly loads |
| crt.sh | Any domain | All SSL certificates (reveals hidden subdomains) |
The combo move: Username in WhatsMyName → find their email → Epieos that email → find more accounts → repeat until you’ve mapped their entire digital life.
🔍 Google Dorks: Search Engine Cheat Codes
Google indexes stuff it shouldn’t. Exposed passwords. Internal documents. Admin panels. You just need to ask the right way.
What’s a “dork”? A special search query that finds hidden stuff. Paste these directly into Google.
Find exposed passwords:
site:pastebin.com "password"
filetype:env "DB_PASSWORD"
filetype:sql "INSERT INTO" password
Find login pages:
intitle:"login" site:targetsite.com
inurl:admin site:targetsite.com
Find leaked documents:
site:targetsite.com filetype:pdf confidential
site:targetsite.com filetype:xlsx
filetype:doc "internal use only"
Find info about anyone:
"John Smith" site:linkedin.com
"john.smith@" filetype:pdf
"@gmail.com" "John Smith" resume
Don’t want to learn syntax? Just tell DorkGPT or DorkGenius what you want in plain English. AI writes the dork for you.
7000+ ready-to-use dorks: Google Hacking Database
📧 Email → Everything
One email address can unravel an entire identity. Here’s how.
| Tool | What It Does | Free Limit |
|---|---|---|
| Epieos | Email → all connected social accounts (silent lookup) | Limited/month |
| Have I Been Pwned | Email → all data breaches | Unlimited |
| Hunter.io | Find all emails at any company | 25/month |
| EmailRep.io | Email reputation + breach history | Unlimited |
| Holehe | Check which sites an email registered on | Unlimited (CLI) |
| Snov.io | Email finder + verifier | 50/month |
The move: Found an email? Run it through Epieos first (stealth), then HIBP for breaches, then Hunter to find their coworkers.
🧑 Username → Everything
Same username across sites = same person. People are lazy. Exploit that.
| Tool | Sites Checked | Link |
|---|---|---|
| WhatsMyName | 600+ | whatsmyname.app |
| Sherlock (web) | 400+ | sherlockeye.io |
| Namechk | 100+ (includes domains) | namechk.com |
| KnowEm | 500+ | knowem.com |
| InstantUsername | 100+ | instantusername.com |
Pro tip: When you find an email like [email protected], the username part (coolguy87) often works on WhatsMyName. People reuse everything.
🌐 Website → Everything
Want to know what a website is hiding? What tech it runs? Who owns it? What it used to look like?
| Tool | What It Reveals |
|---|---|
| Web-Check | 40+ data points in one click |
| BuiltWith | Every technology the site uses |
| Shodan | Exposed servers, cameras, devices |
| Censys | Same angle, different database |
| SecurityTrails | Historical DNS + subdomains |
| Wayback Machine | What the site looked like years ago |
| Wappalyzer | Browser extension — auto-detects tech as you browse |
The move: Run a sketchy site through Web-Check before giving them your info. Check Wayback Machine to see if they recently changed their whole identity.
📸 Image → Everything
Reverse image search finds where photos came from, who else uses them, and sometimes… who’s lying about their identity.
| Tool | Best For |
|---|---|
| TinEye | Finding exact matches |
| Google Images | General reverse search |
| Yandex Images | Best for faces (seriously) |
| PimEyes | Face search across the web (paid) |
| FaceCheck.ID | Face search (limited free) |
Catfish detection 101: Right-click their profile pic → Search image → If it shows up on stock photo sites or other profiles, you have your answer.
🎓 Actually Learning This (Free Resources)
If you want to go from “paste and click” to “actually dangerous,” here’s the path.
Zero to Hero Training:
| Resource | What It Is | Cost |
|---|---|---|
| PortSwigger Web Security Academy | Real hacking labs with guidance | Free forever |
| TryHackMe | Gamified hacking challenges | Free tier |
| 390+ Free TryHackMe Rooms | Curated list of all free content | Free |
| Nahamsec’s Beginner Resources | The definitive starting list | Free |
| OSINT Framework | Visual tree of 500+ tools | Free |
Bug Bounty Collections:
| Repo | What’s Inside |
|---|---|
| Awesome Google VRP Writeups | 100+ Google bounty reports by payout |
| Awesome Bugbounty Writeups | Writeups sorted by bug type |
| Awesome Bug Bounty Tools | Every tool you’d need |
| Bug Bounty Beginner Roadmap | Step-by-step career path |
| OSINT Cheat Sheet | Massive tool dump |
🔬 The $20,000 Bug Bounty Breakdown (For the Curious)
This is what professional security research looks like. A researcher named BruteCat found a way to leak any YouTube creator’s email address. Google paid $20,000 for it.
How it worked (simplified):
- Found a hidden parameter — YouTube’s API had a secret setting called
includeSuspendedthat wasn’t documented - Leaked internal IDs — Enabling it exposed “Content Owner IDs” for any monetized channel
- Chained to another API — Those IDs could be fed into Google’s Content ID API
- Email extraction — That API returned the creator’s “conflict notification email”
Result: Any monetized YouTube channel could extract any other creator’s email. Silently.
Why it matters to you: This is the mindset — find hidden things, chain them together, get paid. The technique of sending wrong data types to leak API structures? That’s req2proto. The discovery documents that revealed the hidden parameters? Archived here.
Follow the researcher:
- Blog: brutecat.com
- Bluesky: @brutecat.com
- The full writeup: YouTube Creator Emails
🧩 Browser Extensions (Install Once, Intel Forever)
These run automatically as you browse. Passive reconnaissance while you scroll Twitter.
| Extension | What It Does |
|---|---|
| Wappalyzer | Shows tech stack of every site you visit |
| Shodan | Displays Shodan data for current site’s IP |
| BuiltWith | Same as website, but always-on |
| Instant Data Scraper | One-click scrape any table or list |
| Wayback Machine | Check any page’s historical versions |
| ExifViewer | See hidden metadata in images |
💬 How to Sound Like You Know What You're Doing
When someone asks what you do:
“I do passive reconnaissance and digital footprint analysis using OSINT enumeration techniques across distributed platform surfaces.”
Translation: You paste usernames into WhatsMyName.
Vocabulary cheat sheet:
| Say This | Instead Of |
|---|---|
| OSINT | Looking stuff up online |
| Reconnaissance | Research |
| Enumeration | Listing things out |
| Digital footprint | Online presence |
| Attack surface | All the ways something could be vulnerable |
| Dork | Fancy Google search |
| Pivot | Use one finding to find more |
The 5-Minute Starter Kit
Right now, you can:
Check your breaches → haveibeenpwned.com- Find your forgotten accounts → whatsmyname.app
- Scan any website → web-check.xyz
- Generate search hacks → dorkgpt.com
- Look up any email → epieos.com
That’s it. You’re doing OSINT now.
The Philosophy
If it exists online, it’s findable.
Wrong results = wrong question.
Reframe the query until it answers.
The information isn’t hidden. It’s just ignored. The “secret” resources aren’t secret — they’re just not on page one of Google. The tools exist. The techniques are documented. Most people just never look past the surface.
You’re not most people anymore.
!