Week in OSINT #2021-03

Welcome to the first episode of 2021, that should've been sent out a lot earlier. For the first newsletter of 2021 I'm going over some nice tools and articles that have been shared in the last few weeks.

This quite small episode was long overdue. But hey! I have a day job too, and some things are a little bit more important than creating a newsletter for my website. So finally I had the time to go over some interesting articles and tools. And even though I had so many plans during my break, in regard to research and new pages on this website, I actually took time off! Yes, I'm surprised as well... So some things that are still in draft will be posted some time in the near future, and of course I'll be hunting down new interesting material for next Monday! But first it's time for the topics covered in this episode:

  • Telegram Triangulation
  • Google CSE and Maltego
  • Sitedorks
  • OSINT.sh
  • OSINT for Human Rights
  • Social Analyzer
  • Maigret

Article: Telegram Triangulation

Ahmed Hassan is a bug-hunter and has been looking into a new feature of Telegram, the 'nearby' feature. When a Telegram user turns this feature on, they send out their location to the Telegram servers. By using the option to look for 'nearby' users Telegram shows a list of accounts and their distance to you. But by spoofing your location and creating multiple measurements, it's possible to triangulate the exact location of a device. The only caveat here is the fact that Telegram makes it so easy to spoof your location, that your 'target' also spoofed his or her location...

Triangulating Telegram devices
Triangulating Telegram devices

Link: https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html

Tutorial: Google CSE and Maltego

Using Poldi's CSE in Maltego
Using Poldi's CSE in Maltego

Francesco Poldi has created a CSE that searches within social media platforms. In this article he shows you how to add his transform (if you haven't already), and use it to find more leads. He also talks about Twitter, and how the Google search also returns tweets that are liked. Do you want those results? Well, yes... And he explains exactly why you do indeed want those!

Link: https://osintops.com/how-to-use-google-for-osint-on-maltego/

Tool: Sitedorks

Gonzo shared a new tool that he found on GitHub. Since I've been on leave for some time, I have to thank him for his never ending curiosity and ability to find interesting new tools! This time it's a Python script made by Zarcolio that allows you to search more than 300 different sites for content. The script will then create Google searches for you, depending on what you're searching for, and open up the different queries in a browser. There is one big issue with that though... I tend to run searches in a VM, with a browser that doesn't save history, and usually using a VPN. So... This script will not be helpful for me, since I'll spend more time solving the everlasting Captcha's, than reading through the results.

Link: https://github.com/Zarcolio/sitedorks

Site: OSINT.sh

Most readers of this newsletter know ViewDNS, and I suspect that a lot of you have used that some time in their career. But now, there's another site with loads of handy tools and search engines! The tools are all free, and are built by Teguh Aprianto. You need to find out what domains use the same mailserver? You want to search in public buckets for a specific company name? You have a Google Analytics ID that needs checking? That, and a whole lot more can be found there!

More tools for you to play with!
More tools for you to play with!

Link: https://osint.sh/

Tutorial: OSINT for Human Rights

Amnesty International's head of Evidence Lab has pointed me to their new, free for all, course on open source intelligence for human rights. It goes over video verification, geolocation, remote sensing, weapon recognition, and a lot more. If you would like to learn more, and want to help fight injustice, this seems a very useful course to follow!

Link: https://advocacyassembly.org/en/partners/amnesty/

Tool: Social Analyzer

While going over weeks and weeks of backlogs, browsing Twitter for new tips, looking at my email and DM's, and diving into GitHub for new tools, I found something interesting! A brand new tool to look for subjects on social media platforms. But not only that, it also provides information on the text that is given, by searching in websites like Wikipedia, to provide extra context. With over 300 social media websites, the option to use API's for fast queries, output in JSON format via the command line, and with sleek looks and useful results! I haven't tested this fully yet, but I'll play around with this some day soon to see how useful this might be for me.

Getting extra context and finding social media profiles in one go!
Getting extra context and finding social media profiles in one go!

Link: https://github.com/qeeqbox/social-analyzer

Tool: Maigret

Time to revisit a tool I've mentioned last year in September. I've noticed that the tool Maigret has surfaced again on Twitter, and I am more than willing to reshare this tool again! The tool Maigret is a fork of the Sherlock script, that is used to find social media profiles. The sheer amount of websites included is amazing and the speed is awesome. There are still lots of false positives due to the way they check for possible profiles, but with the option to create an HTML or PDF report of the findings this one is a truly must-have!

Running a search on the top 500 sites
Running a search on the top 500 sites

Link: https://github.com/soxoj/maigret

Have a good week and have a good search!

Previous Post Next Post