When I started in cybersecurity, I did not have a laptop. Everything in this guide was developed and tested on an Android phone running Termux. The OSINT toolkit I have assembled here is what I actually use — not theoretical recommendations.
Termux Setup
# Install Termux from F-Droid (not Play Store) pkg update && pkg upgrade -y pkg install python3 git curl wget nmap pkg install ruby golang nodejs termux-setup-storagebash
Username Enumeration
# Sherlock — 300+ platforms pip install sherlock-project sherlock zidhuxd # WhatsMyName — more accurate git clone https://github.com/WebBreacher/WhatsMyName python3 whats_my_name.py -u zidhuxdbash
Email and Domain OSINT
# theHarvester — emails, subdomains, IPs pip install theHarvester theHarvester -d target.com -b all # Holehe — check email on 100+ sites pip install holehe holehe target@gmail.combash
Subdomain Enumeration
# Subfinder go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest subfinder -d target.com -o subdomains.txt cat subdomains.txt | dnsx -silent | httpx -title -status-codebash
Full Recon Script
#!/bin/bash # TeenSquad Quick Recon Script v1.2 TARGET="$1" echo "[*] Starting recon on $TARGET" subfinder -d $TARGET -silent > subs.txt cat subs.txt | dnsx -silent > live_subs.txt cat live_subs.txt | httpx -title -status-code -tech-detect > web.txt cat web.txt | grep "200" > live_web.txt echo "[+] Done."bash
Pro Tips for Mobile OSINT
- Use
tmuxin Termux to run multiple tools simultaneously in split panes - Store all output in
/sdcard/osint/for easy access from file managers - Use a VPN before any active reconnaissance — passive OSINT is generally safe without one
- Set up SSH on your VPS and run heavy scans there, using Termux only as the control terminal
