Week in OSINT #2019-45

API’s and onions, locations and leaks…

What a week it has been! First there was a huge dump of the Iron March forum, then Vortimo got accepted by Google (planning a review of that later on) and I also found way too many awesome links to share! It doesn’t look so much with only four topics, but there are enough links below!

  • Facebook API v5.0
  • Bulk Extractor
  • Onions
  • IP2GeoAPIs

Tutorial: Facebook API v5.0

Photo by NeONBRAND on Unsplash
Photo by NeONBRAND on Unsplash

On October 31 Facebook launched the latest version of their Graph API. A day earlier the new Messenger API was launched and last month the Instagram API got an upgrade too. I didn’t look at the new Facebook Graph API yet, so I can’t say yet whether things might break again, or whether we have to write new tools and queries yet again, but time will tell!

Facebook API: https://developers.facebook.com/docs/graph-api

Instagram Basic Display API: https://developers.facebook.com/docs/instagram-basic-display-api

Tool: Bulk Extracting Iron March

When last week the database of the Iron March came online, a lot of (independent) investigators jumped right on it! People started building interactive maps with the IP addresses, recreated a searchable index of the forum, posted tips on how to handle this type of data, started analysing the OpSec of the community but there was one tweet that caught my attention!

I never heard of this tool before, and even though forensics isn’t my main area of expertise, I’m shocked I never used it before. The tool is absolutely awesome and by simply following the blog post of Matt everybody can scrape an SQL file like in no time!

Link: https://digitalforensicstips.com/2019/11/using-bulk-extractor-for-quick-osint-wins/

Download: http://downloads.digitalcorpora.org/downloads/bulk_extractor/

Links: Onions

Last week on OSINT.team GONZO shared two onion lists that are reachable on the surface web. The first one is ‘deep onion web’ that shows a list of markets, vendors and the likes. And the second one is ‘onion.live’ that seems to have even more sites and an easy search function. What I like about both of these sites is that they also provide alternative links for whatever target you want to reach.

Link: https://deeponionweb.com

Link: https://onion.live/

Article: IP2GeoAPIs

Yes, that’s quite a title! Since the dump of the Iron March forum people have been looking at ways to grab the location of IP addresses. Of course these coordinates are only as accurate as technically possible, so don’t value the results too much. Because it van lead to horrific stories where innocent people can be victimised. But since I am into sharing sources, I did find a nice blog where multiple Geo2IP services are being discussed. Depending on the location database that is used, the different services can yield different results. Just test some out, most have a free tier, and see what suits you best.

I personally still love ipinfo.io and ipapi.co, even though they don’t have the most accurate ‘location’. But their services are fast, results are complete and have all the info I want and getting an exact location only happens in movies… So have a read and see what you like best!

Link: https://ahmadawais.com/best-api-geolocating-an-ip-address/

Have a good week and have a good search!

Previous Post Next Post