Plessas Experts Network


Updates and News

Interning with Plessas Experts Network

Up until now, the intern program at Plessas Experts Network has been very informal. We have enjoyed the work of our fantastic interns and their contributions have helped our clients tremendously. We’ve recently gotten an influx of requests for internship, so it’s time to publicize what we require and expect from our interns and the benefits of interning with us.


  • Student attending a college or university (undergraduate or graduate) located in the United States (we may open this to foreign students in the future, but not at this time)

  • Has consistent access to internet service

  • Can pass a background check

  • Attention to detail

  • Self-motivated (we will do weekly email checkins, but will not micro-manage)

  • If you want college credits, you must negotiate that with your university

The virtual internship:

  • 3 months/unpaid

  • 3 research papers on techniques, methodologies or tools (usually incorporating your field of study)

  • Research papers are due mid-month to allow for editing back-and-forth with staff

  • Work from home/school


  • Real-world valuable OSINT experience

  • Resume material

  • Published reports on

If this fits you, please email your resume to and include the subject line: Intern Inquiry

Kirby Plessas
Alec Miller Demos Recon-ng for new OSINT Investigators

Our second installment from our summer intern, Alec Miller, now a sophomore CS student at the University of Arizona, covers Recon-ng. Alec gives screenshots and lots of details that will get new users started.


Recon-NG is a powerful OSINT penetration tool that I explored for my second project as the Plessas Experts Network intern. While Recon-NG is limited to running in a Linux environment, there are workarounds (dual booting or downloading a virtual machine) that allow a Windows PC user to access its capabilities. For my examples, I used Oracle’s virtual machine known as VirtualBox* to run Kali-Linux on my PC in order to run Recon-NG. For help with downloading and running the virtual machine and Kali-Linux, this video is very helpful.

Download the full report.

toolsKirby Plessas
Alec Miller reviews Spiderfoot for beginners.

Occasionally we will take on interns. We generally have them take on a tool or methodology and learn it and explain it to people who have never used the tool before. This summer, Alec Miller, now a sophomore CS student at the University of Arizona, took on three tools and gave us his notes. Those tools were:

  • Spiderfoot

  • ReconNG

  • Buscador

Over the next few weeks we will be publishing his reports. Here is his conclusion on Spiderfoot:


Spiderfoot as a whole is an amazing OSINT resource, but in the settings tab, there are more in depth options which could allow the user to have deeper searches on their target. Each selection with a lock next to the name has an option to add an API Key. These keys will allow the program to access more sources to gather intel from! These API keys that are gathered from various websites are very useful in regards to OSINT. Every key that is acquired should be kept safe and known in case of future programs requiring certain keys.

Spiderfoot is a great program to begin using when starting out with OSINT. It’s very easy to navigate through the program and gathering information is very straightforward. One of the great things about Spiderfoot is the ease of using the program while also having the ability to go deeper into the settings, add some API keys, maybe change some other settings and as a result have more in depth searches because of it. Spiderfoot is a very dynamic program, great for both beginners and experts of OSINT.”

Download his full report.

toolsKirby Plessas
On Facebook Searching

While Facebook Search appears to be as simple as plugging terms into the search field, the functionality of this search tool has long been complicated by apparent limitations of the results this search method produces. Facebook is a social network filled with vast data; much more information available than a basic search will yield.

Unfortunately, this June, Facebook cut off easy access to the bulk of the searchable data. Most of what can be searched now has to be done through their search interface. That means relying on the search bar again and facing its limitations, but these significant limitations may be overcome if you know how to do it.

This post will hopefully function as a guide to those who want or need to go further with Facebook search but are not web developers or marketing gurus. This is a guide for the lay-person.

Why do I need to go beyond the Facebook search bar?

In short, precision and efficiency drive the need to search beyond the data provided through the basic search field. This precision focuses searches, yielding results that are matched to exact users/pages/places.

When you perform a search in Facebook, based on the category of search that you choose, you will have a set of filters on the left sidebar to choose from. These filters vary greatly by topic. There are options for custom filters in almost all of these, but they are not keyword searches nor can you use ID numbers if you know them. Instead, the custom filters will populate with suggestions based on your keywords and you must choose one of the suggestions. If your desired custom filter is a specific user named “Mike Smith”, you must find the right Mike Smith among those suggested to you - and there will only be up to five suggestions to select from. Obviously there are more than five users named Mike Smith, and your Mike Smith may not show up on the suggestions unless you are friends or friends of friends. If you were able to identify the right Mike Smith and get his ID number, you still cannot use that as a search query in Facebook’s native search.

Nevertheless, that is not where this guide ends. There are a few tools out there that can help. Our favorite solutions include one created by S0wdust and another by Intelx.

While the tools are great shortcuts, when tools breakdown or go offline, it is important to know the information is still available and manually performing the searches is achievable for a layperson. With an understanding of the methodology a user may create new combinations and discover new searches. While this may be intimidating at first - with formulas starting in one format (JSON) and then being converted (encoded) into a gibberish-looking code (Base64) - it is a recipe that can be followed by anyone.

Knowing what JSON and Base64 are is not necessary to complete your searches. If you are interested to learn more about them, here are some references: JSON and Base64.

How to use the Facebook Matrix of formulas

  1. On, perform a keyword search.

    • This search can be for anything and is changeable later.

    • Best practice is to keep it very short or to search for the same word as a result you would like to see. For example, if you will be looking for people named Mike Smith, search for “smith”

  2. On the Facebook search results page, choose the category of search that matches your goals.

    • Posts, People, Photos, etc

    • If you are looking for someone named Mike Smith, choose People

  3. Select a filter, any filter.

    • The goal is to get the Facebook URL to include the =FILTERS&filters= language

    • After this point in the URL, you will notice a string of letters and numbers. This is where the Base64 code begins.

  4. Delete the current Base64 code so that the URL ends with =FILTERS&filters=

  5. In a different tab, identify the ID numbers that you will need for your search

    • This could be a place ID, person ID, page ID, Group ID, etc

    • Go to to learn how to get Facebook ID numbers

  6. In the Facebook matrix at the bottom of, identify the searches/JSON formulas you intend to use

  7. Copy the JSON formula into a Base64 encoding tool

    • There are many Base64 encoding tools

    • Maybe the easiest to use for beginners is

    • If you are combining two (or more?) JSON formulas

      • Remember that the outside braces of the formulas are only needed once

      • Put both formulas inside one set of braces

      • Separate the formulas with a comma

  8. Copy the ID numbers previously identified on Facebook and insert into the JSON in the Base64 encoder

    • This must be done before running the encoder


  10. Copy the Base64 results and return to Facebook. Paste the Base64 results immediately after =FILTERS&filters= and hit Enter or Return

  11. The results should match your search choices

  12. To edit the search keyword, look into the URL for it and change it

    • Do not edit it in the Facebook search field, this will reset your filters

    • If you are using two words, use %20 in the place of any spaces

  13. Troubleshooting

    • Search results don’t seem right?

      • Check your category choice

      • Make sure you inserted your ID numbers in to JSON before encoding to Base 64

      • Check your keyword search

    • No results?

      • Check your category choice

      • Check your keyword search

    • Blank page or error page?

      • Make sure you converted the JSON to Base64

      • Make sure you inserted your ID numbers in to JSON before encoding to Base 64

If you want to get advanced, consider doing some of the searches through the regular Facebook interface and the converting them back from Base64 to discover the JSON strings used.

Kirby Plessas

There are many great sources of OSINT tips and training online now. From the OSINT RocketChat to the OSINT Framework to Technisette’s great list of resources… and very many more. But something new is a coalition of OSINT professionals into a loose group called OSINTCurious. OSINTCurious hosts a biweekly live webcast (which is also broadcast as a podcast), a series of 10-minute videos and a blog.

OSINTCurious stickers are available if you find one of the members in person!

OSINTCurious stickers are available if you find one of the members in person!

Our own Kirby Plessas is a member of OSINTCurious, and you can read up on the other members on the website.

Kirby Plessas