Week in OSINT #2020-48
The last stretch before the holidays, with another weekly newsletter with some nifty tools and nice tips!
It is almost time for me to take my yearly break again, so this feels a bit like the last little sprint til the end of the year. So many links that have passed my eyes this year, so many awesome tools, sites, developments and documents. And best of all: All of them free! Okay, I've added some tools or sites that offer paid subscriptions, but I love to use free resources that are transparent. And that got me thinking, what are YOUR favourite tools? What is a resource that you can't find yet in my site when you search for it, or in the links? Let me know via sector035pm.me or leave a DM on Twitter! I will collect them and share them on December 14, when I plan to start my yearly break. But first things first, time to look at the following topics:
- Distill.io
- Graphsense
- Facebook Scraping
- Holehe
- GeoTips
Tool: Distill.io
Not too long ago I looked for a free tool to track changes in websites and the other day Webbreacher shared an awesome little tool for that. Distill.io provide a cloud based service for this, but they also have browser plugins that you can run for free. It's as simple as: Install the plugin, open a webpage, select the part of the page you want to track and setup the interval. There's no need to create an account if you only need to receive popups, and they have extensions for Chrome, Firefox and Opera.
Link: https://distill.io/
Tool: Graphsense
Let's start with an important question: Did I test this tool? No, I did not! Why not? Because of the recommended specs. Gonzo shared this last week, and I can say that this is not your average tool to analyse cryptocurrency transactions. Not single transactions, but it's capable of tracking hundred of millions of transactions and run analytics on them. So make sure you have a cluster of servers with hundreds of GB's of RAM at hand, or ask access to their demo environment if you seriously want to work with it. Check out their website and GitHub repo for more information.
Link: https://graphsense.info/
Facebook Scraping
OSINT Research notified me of a tweet by Molfar. They explain in a few steps how you can use the plugin 'Instant Data Scraper' to extract a list of friends within Facebook. Especially the option 'infinite scroll' looks handy! A little warning though: If you use options like infinite scrolling, remember that it is not impossible for Facebook to detect it by behaviour analysis or even scripts. Not saying you will be blocked, but it wouldn't surprise me one bit if they do.
#OSINT Quick Tip: Exporting #Facebook friends
— molfar (@molfar_bi) November 27, 2020
1. Install Instant Data Scraper add-on for Google Chrome
2. Click on “Friends” Tab
3. Run the add-on and check the “Infinite scroll” box
4. Press “Start crawling”
5. Download results in csv or xlsx format pic.twitter.com/Yz2cAQmQmY
Link: https://chrome.google.com/webstore/detail/instant-data-scraper/ofaokhiedipichpaobibbnahnkdoiiah
Tool: Holehe
This tool has been popping up in my timeline recently, so I finally took the time to give it a test run. This little Python tool checks the availability of accounts on different platforms, by checking the password reset forms provided. I've ran a few tests with accounts that I own and the well known 'John Doe' tests, and so far it looks promising in regard to the lack of notifications. I did receive some errors when I was connected to a VPN, but after switching to a mobile connection all went smooth. I do feel a strong warning is in place! Websites and social platforms can change overnight, and it is possible that a platform you've recently checked will be different tomorrow. So please be aware that using such automated tools can result in alerting a person of interest!
Link: https://github.com/megadose/holehe
Site: GeoTips
Lockpicking Pete shared a link to a website that was unknown to me so far, GeoTips. It's a site that has lots of interesting information on countries from all over the world, aimed at helping you out with geolocation. From common trees to road signs, and from electricity poles to license plates, they've got it all. Well, nearly all. Some countries are still somewhat empty, but I'm sure they're being filled at the moment you are reading this!
Link: https://geotips.net/
FUNINT : Monolith
Who hasn't seen the news story about the steel or metal monolith that was erected in the Utah desert? Well, a Reddit user with an interesting nickname geolocated it!
PS: It's gone now, the aliens probably took it back...
Have a good week and have a good search!
