How to Use the Pigfox Tools — A Beginner's Guide

This page explains, in plain language, every free tool on Pigfox: what it does, when you'd reach for it, and exactly how to use it — step by step. No technical background needed.

All of these are what people call OSINT tools. OSINT just means open-source intelligence: finding out things using information that is already public — the kind of thing anyone could look up, gathered in one place and made easy. These tools never break into anything or touch private data; they only read what is already out in the open. Use them responsibly and within the law.

Here's what's covered:

  • TraceCheck — check whether a person really has the public presence they claim.
  • Domain Recon — look up a website's public address records and subdomains.
  • EXIF Metadata — see the hidden data (like GPS location) inside a photo.
  • Fake Recruiter Check — sanity-check a recruiter who contacted you.

1. TraceCheck

What it is. Imagine someone emails you claiming to be a recruiter at a big company, or an investor, or a hiring manager. TraceCheck helps you answer one simple question: does this person actually exist in public, under the name and role they claim? Real professionals usually leave traces — a company profile, past roles, news mentions. TraceCheck runs a live web search and gives you an advisory footprint-consistency score out of 100, along with the links it found.

When you'd use it. A stranger reaches out with an opportunity that sounds great, and you want a quick gut-check before replying or sharing anything about yourself.

How to use it, step by step:

  1. In Subject name, type the person's full name (for example, Jane Smith).
  2. In Claimed role, type the role they say they have — for example recruiter, VC partner, hiring manager, or a company name.
  3. Optionally, attach a profile photo they sent you. This runs a reverse-image / "catfish" check to see whether the picture belongs to someone else.
  4. Click Check footprint and wait a few seconds — it's running a real search, so it isn't instant.

How to read the result. You'll get a score out of 100, a count of how many signals were found, and a list of evidence links (things like a Wikipedia page, LinkedIn profile, or news articles). A higher score means lots of consistent public presence was found. A low score means very little verifiable footprint turned up — which is a reason to be careful and dig deeper, not proof that the person is a scammer. It's an advisory signal to use alongside your own judgement.

Good to know (limits). You get 3 free checks in a rolling 30-day window. After that you'll see a friendly "paid checks coming soon" message instead of a result.

Try TraceCheck →


2. Domain Recon

What it is. Every website lives at a domain (like example.com). Behind that domain is a set of public "phone book" entries called DNS records that say where the site lives and who handles its email. Domain Recon looks those up for you, and also tries to discover the domain's subdomains (like mail.example.com or staging.example.com).

When you'd use it. You're checking out a company, doing a bit of due diligence, or you're simply curious how a website is set up.

How to use it, step by step:

  1. Type a domain like example.com — just the domain, with no http:// and no path after it.
  2. Click Run recon. Results appear below after a few seconds.

How to read the result. You'll see several lists, each explained here in plain terms:

  • IPv4 / IPv6 (A / AAAA) — the numeric internet addresses the domain points to.
  • Mail servers (MX) — the servers that receive the domain's email.
  • Name servers (NS) — who runs the domain's DNS (often the hosting or DNS provider).
  • TXT records — miscellaneous text notes, like anti-spam settings and verification tokens.
  • Subdomains — other hostnames under the domain, discovered from public certificate logs.

Good to know (limits). The tool is completely passive — it only reads already-published information and never contacts the target's own servers. The subdomain part uses a free public service (crt.sh, a log of website security certificates), which can sometimes be slow or unavailable. If that happens, the DNS records still show and a short note explains that subdomain discovery was skipped.

Try Domain Recon →


3. EXIF Metadata

What it is. When a phone or camera takes a photo, it often tucks hidden details inside the image file — this is called EXIF metadata. It can include the exact GPS location where the photo was taken, the camera or phone model, and the date and time. This tool reads that hidden data and shows it to you.

When you'd use it. You want to know whether a photo reveals where it was taken — for example, to check what one of your own photos might be giving away before you post it, or to understand a picture someone sent you.

How to use it, step by step:

  1. Click to choose an image file — a JPEG, PNG, or WebP, up to 5 MB.
  2. Click View metadata.

How to read the result. If the photo carries metadata, you'll see it laid out clearly: if there's a location, you get the GPS coordinates plus a map link; you'll also see the camera make and model, the date taken, and technical details like dimensions and orientation. If you instead see "No metadata found," that's completely normal — screenshots and photos saved from social media usually have their metadata stripped away, so there's simply nothing hidden to show.

Good to know (privacy). Your image is never stored. It's read to pull out the metadata during your request and then discarded — nothing is written to disk or a database.

Try EXIF Metadata →


4. Fake Recruiter Check

What it is. Fake recruiters are one of the most common job scams — someone poses as a recruiter for a real company to get money or personal details out of you. The Fake Recruiter Check is a focused version of TraceCheck built for exactly this situation: it runs the same public-footprint search (with the role already set to "recruiter") and pairs it with a checklist of warning signs.

When you'd use it. A recruiter messages you out of the blue — maybe with an offer that seems too good to be true — and something feels off.

How to use it, step by step:

  1. Enter the recruiter's name. The Claimed role field is already filled in as "recruiter," so you don't have to.
  2. Optionally attach the profile photo they used, for a reverse-image / catfish check.
  3. Click Check footprint and wait a few seconds for the advisory score and evidence links.

Watch for these red flags (any one is worth pausing over; several together is a strong warning):

  • Messaging from a free email address (like gmail) instead of a real company domain.
  • Asking you to pay for training, equipment, or an "onboarding kit."
  • Pressure and urgency — "the offer expires today."
  • Rushing you off-platform to WhatsApp or Telegram.
  • Little or no verifiable public footprint under their name.

How to read the result & limits. Just like TraceCheck, the score is an advisory signal — a low score means "verify further," not "definitely a scammer." Use it together with the red-flag checklist above. This tool shares the same 3-free-checks-per-30-days allowance as TraceCheck.

Try the Fake Recruiter Check →


A note on responsible use: these tools only surface information that is already public. Use what you find thoughtfully, respect people's privacy, and stay within the law and any applicable authorization.