SecurityTrails Blog · LAST UPDATED ON Aug 10 2021 · by Esteban Borges

Most Popular OSINT Facebook Tools

Reading time: 9 minutes

We hope you enjoyed the article we wrote about OSINT a while back, which explored the meaning of the term, the history behind the concept and the ease with which one can use it — even without knowing too much about it. We also explored the most popular OSINT Tools you can use on any information security investigation.

Social networks are indeed a big part of any OSINT investigation. They can reveal useful information about individuals, what they look for, how they do it, what they like and many other personal details.

But OSINT Facebook data-gathering doesn't stop with tools that show you only information about Facebook profiles. Today we'll show you the best OSINT utilities that not only gather information about Facebook public data but also dig a little bit deeper under the surface — so keep reading.

10 Popular OSINT Facebook tools

Let's start with the best online tools to help you get the most out of Facebook intel gathering.


NetBootCamp is a great tool for searching different strings within Facebook.

It allows you to generate requests inside Facebook from a simple web-based interface. It will build the query URL for you so you can examine all the details.

In the following examples, we launched a couple of queries using their web interface, which is just a simple front end for common Facebook operations but simplified to help you choose your search without any complications.


This interface and its options will generate a request that looks like this:

For most requests, you need to have a fully activated Facebook account. You can also choose to search for details about the profile, photos, videos and much more.


Whether you're performing an investigation on an organization or an individual, Maltego is an essential OSINT Facebook utility. This excellent software will show you how exposed you are on the Internet.

Maltego can easily help you correlate and find links between individuals, organizations, geolocations, addresses, emails and phone numbers.

In Facebook's case, Maltego offers numerous modules (known as "transforms" within the Maltego community) to investigate social profiles. The most popular ones would be SocialLinks or SocialNet, which are commercial OSINT Facebook modules.


This app is available for Windows, Linux, and Mac OS. Java 1.8 or greater is the only requirement.

FB People Directory

Update March, 2019: Facebook no longer offers access to the People Directory.

FB People Directory is a native tool built by Facebook so you can, as its name suggests, search their people directory. It's super useful and one of the easiest tools to use when you're looking for someone.

The directory will show you the full list of Facebook members worldwide, where you can filter the results by first or last name.

FB People Directory

Search is Back

Search is Back is a similar tool to NetBootCamp, as it allows you to search for people and events on Facebook — but it also lets you search by location, relationships, gender, job title, language spoken, and other details.

Search is Back

StalkScan (known as Facebook Scan)

StalkScan follows on the same line as the tools listed previously but has a nice, wide interface with a lot of options. The bad thing is, most of the queries use old Facebook URLs that no longer work.

But you can still get some details — for this test, we grabbed Kevin Mitnick's profile URL:

Then we ran some tests, and some of the functions were working as expected. For example, getting photos of this user ID from the current year 2018 generated this URL:


The same goes with his 2018 videos and stories:

Facebook Live Map

Update March, 2019: FB livemap isn't working / interactive like it used to be.

Facebook Live Map is an interactive global map function that comes with Facebook by default. Using the URL gives you the ability to watch live streaming videos from anywhere in the world.

In this case, we were able to grab some locations where live transmissions are being streamed right now.

Facebook Live Map

If you zoom in and click on one of the blue dots, you'll be able to see who's streaming the video, the transmitted content and its exact location.

Facebook Email Search

Facebook Email Search is a simple URL that lets search for any Facebook profile by using an email address. The resulting URL will be something like:

You can replace this with any email you know to confirm whether it belongs to the person you suspect.

For example, we searched for the email address [safe-email][email protected][/safe-email], and we discovered that it belongs to the famous Pulitzer Prize winner Toni Morrison. A Facebook page associated with that email appears as the first result.

Facebook Email Search

Facebook Sleep Stats

Facebook Sleep Stats is an interesting app that was built not to fetch email, location or other common details, but to exploit a Facebook security flaw that lets you keep track of any online or offline profile status. Thanks to this utility, you'll know when they connect and disconnect, information that can generate a pretty accurate image of their sleep pattern.

Watching how it works will give you a general idea about the potential privacy implications of modern social media, information that's largely unfamiliar to the average non-technical person:

Top 9 Popular OSINT Facebook Tools

This application makes it possible to get a full list of Facebook users IDs, along with timestamps of their most recent online activity:

"lastActiveTimes": {
"3443534": 1456065265,
"675631492": 1456066386,
"8657643": 1456062331,

The above data can later be translated into human readable date and time information, such as "John Doe was last active on Dec 03 2018 12:50:22."

The only requirements to get it running are Node.js and Git.

Intelligence X

The open source intelligence and forensic tools offered by Intelligence X include a Facebook tool that’s divided into two parts.

The first part is the Facebook Graph Searcher, with Intelligence X allowing for more customization than would be possible by simply running it directly in the Facebook search option. You can search for a keyword and select the day, month, time interval or a certain user or page by entering their ID.

Facebook Graph Searcher

The tool’s second part is the Alternative Facebook Graph Searcher. This feature allows you to search by post, person, page, place, video and event by filtering or combining multiple searches with a time frame.

Alternative Facebook Graph Searcher


While all these tools can be helpful for gathering details about social profiles from individuals, there is much more to gathering OSINT Facebook data. We're talking about investigating Facebook and all of its domains, servers, IPs and its SSL infrastructure from a single place.

Our passive DNS technology allows you to investigate everything you can imagine about any organization or company in the world, way beyond a simple citizen profile. Let's see it in action for

  • Move to
  • Enter in the first text bot
  • A full interface with all details will appear, as shown below:
Facebook DNS

As you can see, you'll be able to grab numerous details from the domain name, which includes current DNS records from A, AAA, TXT, MX, SOA, and CNAME.

By querying our passive DNS API you'll also be able to grab the entire Facebook DNS History, ordered by date or value, as seen here:

Facebook DNS History

This DNS history is also available for the rest of the AAA, MX, NS, SOA and TXT records. But our intel information about doesn't end there. SecurityTrails technology lets you explore the entire list of Facebook subdomains from the same web interface:

Facebook subdomains

In this example, we filtered the exact 2,056 results to match any subdomain that contains the word "edge." There many more filters and options to explore in our DSL documentation. You can also order the results by hosting provider or by WHOIS historical records.

By using our passive DNS API, you can fetch those details along with:

  • WHOIS History
  • Associated Domains
  • IP Subnet
  • PTR Search
  • Open Ports

A tremendous advantage is the ability to integrate our API with your apps, using popular programming languages such as PHP, Node, Ruby, JavaScript, and Python.

You can even launch manual requests using curl command, as you see below:

curl --request GET  --url  --header 'apikey: >'

Furthermore, our recently launched SurfaceBrowser product enables you to integrate all these great tools into one single powerful interface, now one of the best sources available for your OSINT Facebook investigation.


No company is immune from getting spied on or analyzed, and the fact that Facebook is one of the most popular social networks in use makes it an easy target in the infosec market.

The good thing is there are ways to protect yourself. Now you know the right OSINT Facebook tools to analyze not only individuals but your own organization or company, helping you prevent exposing too many details about your online domains and internet infrastructure.

Have you tried SurfaceBrowser, our rock star product that offers WHOIS live data from all the popular domain names, as well as historical WHOIS records?

SecurityTrails strives to be the biggest cybersecurity treasure trove available, so you can easily use it as your #1 OSINT tool to audit your domain names, subdomains, IP addresses, SSL certificates and much more. Start testing our fabulous API by opening a free account today.

If you need anything you don't see here yet, get in touch with us. We can build a wide range of custom solutions to match your needs!

Esteban Borges Blog Author

Esteban is a seasoned cybersecurity specialist, and marketing manager with nearly 20 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.

Subscribe to the SecurityTrails newsletter
Sign up for our newsletter today!

Get the best cybersec research, news, tools,
and interviews with industry leaders