Week in OSINT #2020-07

A nice mix of cars, tools, tips and media in this weeks WiO!

Here we are yet again with another weekly overview from the world of OSINT. This time there were lots of interesting things that were shared, but I don’t always have enough time to dive into each and every link, so let’s hope this list of topics satisfies everybody’s thirst for now:

  • Russian Car Plates
  • Car Auction History
  • Podcasts
  • S3 Buckets
  • Shodan Pentesting Guide
  • Sn0int Update

Site: Russian Car Plates

Gonzo shared a link on OSINT.team the other day, that has a collection of Russian car photos. The best thing of this site is that one can search for a license plate and it shows you the all images that are uploaded of this particular vehicle.

Link: https://www.nomerogram.ru/

Site: Car Auction History

And another car site that was share by Gonzo, this time it’s about car auctions. The site claims to crawl European car auctions, but while doing some testing I found that there were only US based auctions. Another issue is that the search option seems to be broken, so no matter what I searched for, nothing was found. So let’s hope that gets fixed in the near future, because this is a nice resource!

Link: https://poctra.com/

Media: Podcasts

Another user on OSINT.team shared links last week, like Theo who created a simple site where he lists a bunch of podcasts that touch the topics security, OSINT, social engineering, counter terrorism and darkweb. In case you have recommendations, feel free to reach out to him to have another one added!

Photo by Mohammad Metri on Unsplash
Photo by Mohammad Metri on Unsplash

Link: https://i4.pm/

Site: S3 Buckets

The S3 bucket search from Grayhat Warfare has been growing steadily for quite some time now, from 42 million files indexed about a year ago to 830 million today! And the best thing of all is, they even temporarily have a discount for their yearly plan.

Buckets on AWS, a treasure trove of personal information
Buckets on AWS, a treasure trove of personal information

Link: https://buckets.grayhatwarfare.com/

Article: Shodan Pentesting Guide

For people that could brush up their skills when it comes to Shodan, there now is an awesome guide made by noraj_rawsec! It goes over the command line interface, the website and all its features, the REST API, programming tips, searching and third party tools. And of course their is a special mention of the ‘fav-up’ tool by Pielco11/noneprivacy is in there too. Thanks for the share Gonzo (yes, it’s him again 😉)

Photo by NASA on Unsplash
Photo by NASA on Unsplash

Link: https://community.turgensec.com/shodan-pentesting-guide/

Tool: Sn0int Update

The tool sn0int has been revamped over the last few weeks, and this is a tool that I haven’t been using as much as I would and could have. It’s a one-stop-shop for anything related to online connected entities. Whether it’s username, an IP address, domain name, crypto currency, anything goes! I found out too late the tool has had loads of pull requests, so I didn’t have time to dive into all the enhancements. Maybe I can make it up by writing reviews of awesome software like this once in a while 😎

Link: https://github.com/kpcyrd/sn0int


For the people that have the latest edition of Michael Bazzell’s latest ‘Open Source Intelligence’ book, know that there is a lot of information on how to build a virtual machine, and how to maintain it. But what if you’re lazy? Well, someone just did all that heavy work for you. I would still recommend to build it from scratch yourself, since you will probably learn a lot when doing so. But hey, it’s never a bad idea to have an escape plan at hand right?

Building your own VM and learn on the job!
Building your own VM and learn on the job!

Link: https://github.com/axlshear/dora-osint-vm

Have a good week and have a good search!

Previous Post Next Post