Garrett Mickley

Tag: OSINT

  • Sockpuppet Account Creation – My Process

    By:

    Garrett Mickley

    Post Date:

    Revision Date:

    Sockpuppet account creation, just like OSINT, is always changing. This page will be updated regularly. Please join the newsletter to be notified of updates.

    The Cyber Mentor and Security Blue Team currently both use this guide in their training, and I’m also published in 2600 Hacker Quarterly (Autumn 2016).

    LATEST UPDATE: November 2025

    I just made a few updates to the guide, but…

    I’m not doing OSINT or any infosec anymore, really. Now I make Music For Hackers/Music To Hack To: https://megabyteghost.bandcamp.com.

    People tell me this process still works, though, so if you find this useful please buy some music at the link above.

    What are sockpuppet accounts?

    Sockpuppet accounts are anonymous or pseudonymous accounts used for various projects.

    • In the news lately for political discord
    • OSINT investigations
    • HUMINT investigations
    • Social engineering
    • And more!

    Are sockpuppet accounts ethical?

    This is up to you. Honestly. But this is my blog so here’s my thoughts on it:

    Sockpuppets, an an OSINT/HUMINT capacity, have generally been used in two ways:

    1. Passive reconnaissance. (Generally OSINT)
    2. Infiltration of groups. (Generally HUMINT)

    I have absolutely no ethical qualms with using sockpuppet accounts for passive recon.

    With HUMINT, infiltrating target groups is a common necessity. In this case, you often have to pretend to be someone you’re not.

    For example, an investigator hired to collect data on a pedophilic ring on the dark web will have to create a persona and convince them they are one of them to get into the group.

    I generally don’t do this sort of work. I would only feel comfortable if I had law enforcement backing me in this because it could turn dangerous or illegal, and they’ll help me with making sure I’m not breaking any laws or getting into any trouble they can’t get me out of.

    I also need to point out in the USA, it’s illegal to impersonate a government employee, especially law enforcement and military.

    It’s also generally not cool to impersonate a real person. Keep your sockpuppets made-up.

    Anonymous Sockpuppet Account Setup Process

    This is my process for setting up an anonymous sockpuppet account.

    1. Come up with a persona for the sockpuppet account.
    2. Use Fake Name Generator to create a person whom you feel fits your sockpuppet persona.
    3. Use This Person Does Not Exist to generate an image. Make sure you inspect the image closely and get one that doesn’t have any obvious flaws, as they often do. It is worth picking up some Photoshop, GIMP, Affinity Photo or Designer, or other basic image manipulation skills to fix them and change the background of the image.
      • July 2020 Update: Social media sites have wised up to this and it doesn’t always work. I have found that “photoshopping” a pair of sunglasses on the face and changing the background seems to work for now.
      • November 2025 Update: There are so much better people generator AIs now. You can probably use any of them.
    4. Get a burner phone, completely wiped and fresh. Can be any brand that will accept a Mint Mobile SIM card.
    5. Get a burner credit card from Privacy.com to use on Amazon and possibly the Mint Mobile setup. They might need it to set up the account.
    6. Set up a burner Amazon account. We’re only going to use it once.
    7. Buy a Mint Mobile SIM card. You can find them in various places online and in stores near you, but you can get one of them for $45 on Amazon (aff). They also give you 1-week free trial with something like 100 text messages, which we’re going to use. This gives you two cards for two sockpuppet accounts for only $5.
      • November 2025 Update: They don’t offer the $5 cards anymore. The link above still works as for the best price I could find.
    8. I like to use Amazon to have the card sent to an Amazon pickup box, which can be anonymous.
    9. Get a VPN that you can set to the physical area in which you want your sockpuppet to “exist.”
    10. Set up the Mint Mobile trial account somewhere away from your home; as far as you’re willing to go.
    11. Use this Mint Mobile trial phone number to set up all of the websites you need.
    12. I recommend at least set up a Google account and Protonmail account. Both will come in handy at different times.
    13. Once you’ve set up all the accounts with your trial Mint SIM, set up 2FA on all of the accounts.
    14. After setting up 2FA on all of the accounts, change the phone number to one you have more permanent access to, such as MySudo or Google Voice.
    15. Make sure everything works!
    16. Destroy the SIM card.
    17. Wipe the phone.

    Notes:

    A lot of these websites are blocking MySudo, Google Voice, and other VoIP numbers. That’s why we go through the Mint phone number first.

    They should be less stringent using Mint.

    People tell me this process still works so if you want to thank me you can buy some music at this link: https://megabyteghost.bandcamp.com

  • Google Dorking

    Also known as “Google Hacking”, this is the practice of using Google operators (symbols and special keywords) to narrow down search results.

    For example, searching Google for site:garrettmickley.com "OSINT" | "open source intelligence" will show you every page on my site only that contains the words “OSINT” and/or “open source intelligence”.

    Try it!

    Is Google Dorking Illegal?

    Google Dorking itself is not illegal, however, it has been used in the past to preface illegal actions such as:

    • identity theft
    • server intrusion
    • “doxing”
    • stalking
    • harassment
    • “SWATing”
    • industrial espionage
    • cyberterrorism
    • etc

  • Instagram OSINT Tips, Techniques, Tools

    Instagram OSINT Tips, Techniques, Tools

    As you know, Instagram OSINT is always changing, and so this page will be updated regularly. Please join the newsletter to be notified of updates.

    Instagram OSINT Guide

    The Instagram OSINT guide is coming soon!

    Instagram OSINT Tips

    1. Most of the time, you’ll be using Google Dorking instead of Instagram’s built in search engine.
    2. To search only Instagram posts, use site:instagram.com/p in Google.
    3. To search only Instagram profiles, use site:instagram.com "[first name]" | "[first name] [last name] on" (including quotes"", but remove the brackets[]) in Google.
    4. More Instagram OSINT tips coming soon.

    Instagram OSINT Tools

    • IntelTechniques Custom Instagram Tools – I use this frequently, and it’s pretty much the tool I start with (even before Google Dorking). IntelTechniques is created and run by Michael Bazzell who is pretty much the guy when it comes to OSINT and Privacy.
    • Google Search – Honestly, Google Dorking indexed Instagram content is probably where most of what I find is.
    • More Instagram OSINT tools coming soon.

    Case Studies

    Case 1: Find user name with real name and possible associate account (such as company they work for or own).

    This case can be seen on Reddit. First, their question:

    instagram advanced search
    lets say that I am looking for a “John Doe” on instagram who I know has posts related to “johndoeacademy”. Is there a way for me to search instagram with filters so that it only shows me results for John Doe’s who have posts related to johndoeacademy?

    Posted by u/historicalrhino

    My solution:

    I’m a little unsure of some specifics here. Is “johndoeacademy” a hashtag or a username?

    If it’s a username, I would use Google Dorking (AKA Google Hacking) to do this.

    site:instagram.com/p "@johndoeacademy" & "John on" | "John Smith on" -site:instagram.com/johndoeacademy

    Breakdown:

    site:instagram.com/p tells Google we only want to search for results from Instagram.com/p which is what all posts are under.

    "@johndoeacademy" tells Google we only want to search for any pages (posts) by @johndoeacademy, so we need to add -site:instagram.com/johndoeacademy to remove most (if not all) posts by @johndoeacademy.

    Since we’re pulling up any page that mentions @johndoeacademy, we want to add & "John on" | "John Smith on" which will help limit a lot of the SERs (Search Engine Results) down to Instagram Profiles. & makes sure we’re including these searches so the SER must have “@johndoeacademy” AND “John on” OR “John Smith on”, with | representing the OR.

    Here’s an example:

    site:instagram.com/p "@zuck" & "Harvard on" | "Harvard University on" -site:instagram.com/zuck

    Drop that in Google and see what you get. We’ll get 3 SERs:

    • Two posts from Harvard University’s Instagram account mentioning @zuck, and then
    • One from Edwardo Saverin mentioning both @zuck and Harvard University in the same post.

    You can see it prioritized the Harvard ones over the Saverin one because of what we specified we were searching for.

    Also, as /u/JackedRightUp said, you can change “site:” to “+” to get broader SERs for checking Instagram caching sites.

    Example:

    +Instagram "@zuck" & "Harvard on" | "Harvard University on" -site:instagram.com/zuck

    or 

    +instagram.com/p "@zuck" & "Harvard on" | "Harvard University on" -site:instagram.com/zuck

Secret Link