Week in OSINT #2020-11
Some tips on TikTok, ClustrMaps, curiosity, curating data and comprehensive scans.
It's been quite a week again, with some very interesting information being shared online. There were some good articles, some new sources and tips being shared. So it's time to dive into last week's links:
- TikTok Data
- ClustrMaps
- Stay Curious
- Area Assessments
- Open Data Sets
- Internet Scan Data Repository
- Geolocating McAfee
Tip: TikTok Data
Aware Online shared a tip last week about how to see the JSON data of a TikTok user, including follower and following counts, larger avatar and other information. Simply use the following URL to retrieve the data in JSON:
https://www.tiktok.com/node/share/user/@UserName
Also check out his tweet underneath, to find a way to retrieve the largest avatar possible via the Development Tools.
Tip: https://twitter.com/aware_online/status/1237104037520117760
Site: ClustrMaps
ClustrMaps is a website that collect US based datasets and offers them online for you to search through, There are data sets to find addresses, people and companies for free. I ran a few tests on some people from the US and so far it looks okay-ish, but not everything was found. So it may not be as extensive as other sites, like Pipl, but for US based targets, it's nice to find something that is completely free!
Link: https://clustrmaps.com
Tip: Stay Curious
It is always important to stay curious, also in times of uproar. This was nicely demonstrated by fs0c131y when he caught wind of a "COVID-19 detection app". You couldn't make it up, but surely someone else did! And that's when he got curious and wanted to find out a bit more about who's behind it. Follow the thread for some information.
Link: https://twitter.com/fs0c131y/status/1237340403256430593
Article: Area Assessments
Talking about the COVID-19/Corona virus, Twitter user 'OSINT Combine' shared a lengthy article about area assessments, what tools to use, how to conduct it in a correct way and what pieces of information are key. An absolute must-read, especially if you are interested in this field of expertise.
Link: https://www.osintcombine.com/post/country-area-assessments
Archive: Open Data Sets
Last week Rickey Gevers had a question about where to find certificate information, besides the usual Certificate Transparency offered by multiple sites. Websites like Censys offer this information, but there is another big data set out there, that offers scan data: Open Data by Rapid7 Labs. If you are interested in reverse DNS information, certificates found per IP address, TCP scan information or anything like that, this is something to have a look at. Lots of information for free, but historical information is available after registering with an address and stating your usage.
Link: https://opendata.rapid7.com/
Links: Internet Scan Data Repository
After you didn't find what you were looking for after looking at the open data sets by Rapid7, you can also have a look at the scan data repository, that has links to multiple free data sets. It seems though that they stopped indexing August 2019 via their own JSON interface, so if you want more recent results you have to check the source manually.
Link: https://scans.io/
Article: Geolocating McAfee
Benjamin Strick wrote a new blog about how to dive into social media to find information that can help geolocating a subject. Geolocating based purely on a photo can be tricky at times, so researching a subject's previous or future whereabouts can shed some light on the location you are trying to find. This article shows exactly how this kind of information can be handy to find answers on your questions.
FUNINT: Don't F**k With Penguins
Hunting an Internet Copycat...
Not on NetFlix, but on Nixintel's Blog: https://nixintel.info/osint/who-stole-my-stuff-finding-out-who-is-behind-a-website/
Have a good week and have a good search!
