There are many online phone number services that offer free or cheap temporary phone number facilities. Although the temporary phone service providers discourage the misuse of the services, scammers use these numbers to send fake messages or make phone calls to the target audience. One way to track these phone numbers is to find their online existence using open-source intelligence tools. Phoneinfoga is one such tool that can accurately gather useful information about the target phone number using free and publicly available resources. Phoneinfoga is an advanced phone number information-gathering tool that collects standard phone information as well as the online footprints using resources like search engines, phone books, Google hacking, and external APIs. The standard results show country, carrier, and line type information. The online footprints are individual results, social media related record, and service providers-related information.
HOW TO INSTALL PHONEINFOGA
The Phoneinfoga framework has a major shift from Python to Go programming language. The earlier version (1.XX) of the tool is a Python-based script that can be downloaded from the following repository.
https://github.com/sundowndev/PhoneInfoga/tree/v1.11
In this tutorial, we are going to install the latest version from the following release page.
https://github.com/sundowndev/PhoneInfoga/releases
The screenshot shows all the latest available versions supported by different OS architectures.
The Linux users can get their system information using the following command.
uname -m
Download the appropriate version according to your system’s specification.
The 64 bit Linux OS users can locate and extract the downloaded compressed file using the following terminal command.
tar xzf <file name>
The above command extracts the ready-to-use Phoneinfoga binary file as shown below.
There is no other installation required to use the framework.
HOW PHONEINFOGA WORKS?
As discussed earlier, Phoneinfoga explores open-source databases to collect standard and footprinting information. The following command displays all the Phoneinfoga’s scanning features.
./phoneinfoga
There are two main command options in the help section. The scan option is used to scan the phone numbers using the command line interface. The serve command is used to explore the phone numbers using the web interface. Both of these command options are explained below.
COMMAND LINE INTERFACE SCAN EXAMPLE
The scan help command displays all the available scan-related parameters.
./phoneinfoga scan -h
The following command-syntax is used to scan the target phone number.
./phoneinfoga scan -n <phonenumber>
we have selected a free VOIP phone number to test the tool’s information-gathering capabilities.
./phoneinfoga scan -n +4915207829823
The information-gathering process starts with the local scan results, showing the different phone number formats and the origin country.
In the next step, the tool tries to find the phone number carrier and line type (whether it is a mobile or landline number).
After completing the standard scanning process, Phoneinfoga searches the online resources to get phone number reputation, social media traces, and online phone number service providers’ footprints. The reputation footprints help in tracking the user information related to the phone number.
The social media footprints give a hint about the social media accounts of popular networks (Facebook, LinkedIn, Instagram, etc.) who might have used the number for account verification purposes.
The temporary phone-number-providers’ footprints show the possible online services where the number is hosted for public use.
WEB INTERFACE SCAN EXAMPLE
The latest version of Phoneinfoga is loaded with the ability to scan phone numbers through a web interface. The web interface can be initiated using the serve command.
./phoneinfoga serve –help
A port number is required to run Phoneinfoga’s web tool. Use the following command to set up the desired port number.
./phoneinfoga serve -p <port number>
Example:
./phoneinfoga serve -p 5586
After setting up the port number, type your local IP and port number in a web browser to open Phoneinfoga’s web interface. The IP can be located using the following commands.
ipconfig # for Windows users ifconfig # for Linux users
In our case, the local IP address is 10.0.2.15. Hence, we use the following address to open the web interface of the framework.
10.0.2.15:5558
Type the desired phone number in the input field to fetch the information. The results are gathered in the following format.
One can verify the available information by exploring these results. For instance, we can visit the gathered phone number providers’ links to verify the phone number’s ownership information.
CONCLUSION
Phoneinfoga can help in tracing the temporary phone numbers and avoiding the Vishing and Smishing attacks. The footprinting information is quite a handy feature available in the tool. However, the footprinting results are invalidated. A manual verification process is required to visit and test each link gathered by the framework.