This quite small episode was long overdue. But hey! I have a day job too, and some things are a little bit more important than creating a newsletter for my website. So finally I had the time to go over some interesting articles and tools. And even though I had so many plans during my break, in regard to research and new pages on this website, I actually took time off! Yes, I'm surprised as well... So some things that are still in draft will be posted some time in the near future, and of course I'll be hunting down new interesting material for next Monday! But first it's time for the topics covered in this episode:
Ahmed Hassan is a bug-hunter and has been looking into a new feature of Telegram, the 'nearby' feature. When a Telegram user turns this feature on, they send out their location to the Telegram servers. By using the option to look for 'nearby' users Telegram shows a list of accounts and their distance to you. But by spoofing your location and creating multiple measurements, it's possible to triangulate the exact location of a device. The only caveat here is the fact that Telegram makes it so easy to spoof your location, that your 'target' also spoofed his or her location...
Link: https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
Francesco Poldi has created a CSE that searches within social media platforms. In this article he shows you how to add his transform (if you haven't already), and use it to find more leads. He also talks about Twitter, and how the Google search also returns tweets that are liked. Do you want those results? Well, yes... And he explains exactly why you do indeed want those!
Link: https://osintops.com/how-to-use-google-for-osint-on-maltego/
Gonzo shared a new tool that he found on GitHub. Since I've been on leave for some time, I have to thank him for his never ending curiosity and ability to find interesting new tools! This time it's a Python script made by Zarcolio that allows you to search more than 300 different sites for content. The script will then create Google searches for you, depending on what you're searching for, and open up the different queries in a browser. There is one big issue with that though... I tend to run searches in a VM, with a browser that doesn't save history, and usually using a VPN. So... This script will not be helpful for me, since I'll spend more time solving the everlasting Captcha's, than reading through the results.
Wow thx so much! Just added 12 more dorkable websites to SiteDorks (https://t.co/BI1Q36KRsj)🥳
— Zarcolio (@zarcolio) December 5, 2020
Making it a total 316 of similar websites
If anybody has more, please let me know 🤓
Link: https://github.com/Zarcolio/sitedorks
Most readers of this newsletter know ViewDNS, and I suspect that a lot of you have used that some time in their career. But now, there's another site with loads of handy tools and search engines! The tools are all free, and are built by Teguh Aprianto. You need to find out what domains use the same mailserver? You want to search in public buckets for a specific company name? You have a Google Analytics ID that needs checking? That, and a whole lot more can be found there!
Link: https://osint.sh/
Amnesty International's head of Evidence Lab has pointed me to their new, free for all, course on open source intelligence for human rights. It goes over video verification, geolocation, remote sensing, weapon recognition, and a lot more. If you would like to learn more, and want to help fight injustice, this seems a very useful course to follow!
Amnesty's Evidence Lab launches its new free-to-anyone online course on the basics of open source investigations for human rights in English, Spanish, Arabic, and Farsi. We share expertise from @amnesty + our friends @witnessorg @hrcberkeley @Swansea_Lawhttps://t.co/CALMqKFer4 pic.twitter.com/sFpNQ025fd
— Sam Dubberley (@samdubberley) January 15, 2021
Link: https://advocacyassembly.org/en/partners/amnesty/
While going over weeks and weeks of backlogs, browsing Twitter for new tips, looking at my email and DM's, and diving into GitHub for new tools, I found something interesting! A brand new tool to look for subjects on social media platforms. But not only that, it also provides information on the text that is given, by searching in websites like Wikipedia, to provide extra context. With over 300 social media websites, the option to use API's for fast queries, output in JSON format via the command line, and with sleek looks and useful results! I haven't tested this fully yet, but I'll play around with this some day soon to see how useful this might be for me.
Link: https://github.com/qeeqbox/social-analyzer
Time to revisit a tool I've mentioned last year in September. I've noticed that the tool Maigret has surfaced again on Twitter, and I am more than willing to reshare this tool again! The tool Maigret is a fork of the Sherlock script, that is used to find social media profiles. The sheer amount of websites included is amazing and the speed is awesome. There are still lots of false positives due to the way they check for possible profiles, but with the option to create an HTML or PDF report of the findings this one is a truly must-have!
Link: https://github.com/soxoj/maigret
Have a good week and have a good search!