Close Menu
OSINT

OSINT.industries: a hands-on walkthrough for usernames and emails

Jesse William McGrawBy No Comments6 Mins Read40 Views
A glowing magnifying glass scanning a fragmented digital identity profile with username and email visible

OSINT.industries is the people-search tool I get the most questions about, mostly because it shows up in every "best OSINT tools 2026" listicle and people want to know whether it’s worth the subscription. Short answer: yes, but only if you understand what it actually is, what it isn’t, and what kind of work it’s appropriate for.

This piece is a walkthrough. I’m going to show you what a query looks like, what the output is good for, and where I draw the line on running one. The screenshots are sanitized examples; treat them as illustrative.

What it is

OSINT.industries takes an input (an email address, a username, sometimes a phone number) and queries dozens of public-facing platforms for whether that input is registered there. The output is a panel of "platform: yes/no, with confidence level," sometimes augmented with whatever public-profile metadata each platform exposes (display name, registration date, profile picture, basic description).

It’s an aggregator. It does not break into anything. It doesn’t scrape protected pages. Every signal it returns is something you could obtain by visiting each platform and trying the registration form yourself, which is exactly how the industry-standard tools in this category work. The product is the labor saving, not the access.

Pricing was around $29 per month for the individual plan when I last bought it; team plans run higher. There’s a search-credit model on top of the subscription if you run heavy volume.

What a query looks like in practice

Take a working example. I have a fraudster’s email from a phishing report; let’s call it [email protected]. I drop it into the search box and wait roughly 30 seconds.

The result panel comes back with something like:

  • 23 platforms found
  • High confidence: LinkedIn, GitHub, X/Twitter, Reddit, Gravatar, Disqus
  • Medium confidence: Substack, Medium, ProtonMail
  • Low confidence (likely false positives): Strava, Duolingo, MyAnimeList

Each high-confidence hit gives me a profile URL and, in some cases, the display name and avatar. From there I can pivot to the platform itself, see the actual public profile, and decide whether to follow that thread.

The honest assessment: the tool saves me about an hour of repetitive form-typing per investigation. It’s not magic. It’s a fast, expensive way to do something I could do for free with patience and a list of usernames.

What it’s good for

Three legitimate use cases account for most of my OSINT.industries volume:

Journalism verification. A source emails a tip from an account claiming to be a former employee at Company X. Before I quote them, I want to know whether the email aligns with a real person whose other public footprint is consistent with that claim. OSINT.industries gives me the platform map; I do the actual verification by reading the public profiles.

Due-diligence research. A client is about to sign a contract with a small consulting firm. I’m asked to confirm that the named partners have the public footprint a real consultant would have (LinkedIn, conference talks, GitHub if technical, public writing). The tool turns that question from "spend a day searching" into "spend twenty minutes confirming."

Fraud and impersonation work. A scammer is using a particular email or handle across multiple platforms; I want to map the full footprint so the platforms can act on it. This is collaborative work with platform trust and safety teams; it’s the cleanest legitimate use for the tool.

What it’s not for

It’s not for finding out information about people you have no professional reason to investigate. The same query that supports journalism due-diligence supports stalking, and the platform doesn’t enforce the difference. The line is the investigator’s, not the tool’s.

I run two filters before any query:

  1. Documented legitimate purpose. Either there’s a journalism story, a paying client, a fraud report, or a recognized public-interest investigation. If I can’t articulate the legitimate purpose in a sentence I’d be willing to send to a lawyer, I don’t run the query.

  2. Subject in scope. Public figures acting in their public role are fair targets. Private individuals are not, even if their email is technically discoverable. "Public" is a behavior, not a status.

This isn’t moralizing. It’s a workflow that keeps you out of legal trouble (GDPR Article 6 requires a lawful basis for processing personal data, and "I was curious" is not one of them) and reputational trouble (the OSINT community talks; analysts who use these tools to dox individuals don’t keep their professional standing for long).

How I run a query end to end

For the legitimate-purpose case, the workflow is:

  1. Open a new Hunchly case with the investigation name and the documented purpose written in the notes field.
  2. Open OSINT.industries inside the captured browser session.
  3. Run the query.
  4. Export the result panel (CSV or JSON).
  5. Pivot to each high-confidence platform manually, take screenshots of public profiles.
  6. Cross-reference findings against other sources to confirm identity (e.g., a LinkedIn profile that matches the GitHub commit history that matches the published article in their named publication).
  7. Write the finding up with confidence levels per claim.

The tool is one step in a five-step process. People who treat it as the whole process produce bad reports.

The trap

The trap is mistaking platform presence for identity confirmation. OSINT.industries can tell you that "the email [email protected] is registered at github.com." That does not, by itself, tell you that the GitHub account is run by the same human who owns the inbox. People share emails, recycle them, get phished into providing them, share devices with family members, and so on. A platform-presence map is the start of an investigation, not the end of it.

If you treat every hit as a confirmed identity match you’ll publish or report things that aren’t true, and the consequences fall on real people.

Alternatives worth knowing

If $29/month isn’t in your budget, the free options that get you 70% of the way include:

  • Sherlock for username lookups (open source, command-line)
  • WhatsMyName for the same job, with a web UI
  • Holehe for email-to-platform lookups
  • Epieos for a nicely-presented free tier on email and phone

If you’re doing volume professionally, OSINT.industries pays for itself in saved time. If you’re doing one investigation a quarter, run the free tools and put the difference toward Hunchly.

Bottom line

OSINT.industries is a labor-saving aggregator for a job that’s been done by hand for fifteen years. It’s worth its subscription if you have a real workflow it slots into. It is not a license to investigate anyone you feel like investigating, and the tool will not protect you from the legal or ethical consequences of using it that way. Run it like a professional, document like a professional, and it will pay for itself within the first week of any serious investigation.

Further reading

Share.

Jesse William McGraw, also known as GhostExodus, is a former insider threat and threat actor. He became the first person in recent U.S. history to be convicted of corrupting industrial control systems. Today he focuses on threat intelligence, OSINT, and public speaking, using his knowledge to bring awareness to the security risks that organisations and individuals face.

Related Posts

Comments are closed.