Week in OSINT #2021-21

From Shodan alternatives to an alternative search engine, and from finding witnesses with Strava, to interesting informaiton on indexed Tor nodes.

This week I played around a bit with soar.earth. By zooming in on specific areas, certain maps or imagery sets show up. From old photos taken by spy satellites in the Middle East, to images by weather satellites showing awesome typhoons. Since I'm mostly working in the field of IT, I may not have any use for the site, but I simply love looking at such images. And that's also the topic I start off with in this week's newsletter:

  • Soar.earth Update
  • Shodan Alternatives
  • Private Search Engine
  • Filters in Image Search Engines
  • Finding Witnesses via Strava
  • Chaos on TOR
  • LinkedIn

Site: Soar.earth Update

The website soar.earth has a slightly new layout and has some new tools and image sets. The digital atlas has free imagery from Sentinel and NASA, and currently offers paid imagery from SkyMap50, but more providers will follow. They also have a set of maps that are free to view, and one of the interesting ones is a set of images taken from the Gaza strip. The images were taken between May 21 and 23 and are free to use, as long as you attribute them to Soar.earth.

Hanadi tower in Gaza city
Hanadi tower in Gaza city

Soar.earth images of Gaza: https://soar.earth/?tileLayer=10152

Site: Shodan Alternatives

On Discord a nice list of 'Shodan alternatives' were shared. I would call it slightly different, since there are some sites that offer a very specific service that differ from Shodan. But nonetheless, each of the following sites index internet connected devices in some form. Censys focusses on certificates, Wigle is a crowd-sourced index of Wi-Fi and Bluetooth devices and GreyNoise indexes and tags devices that have vulnerabilities, or are showing malicious behaviour. Have a look at each of these services to understand what they do and offer, if you have at least some basic knowledge of systems connected to the internet.

Searching for internet connected webcams in the UK with Zoomeye
Searching for internet connected webcams in the UK with Zoomeye












NATLAS (layout looks a bit broken)

Tip: Private Search Engine

The privacy aware search engine
The privacy aware search engine

Blackstage4Nsic shared a link about a search engine that was unknown to me before. The search engine 'private.sh' locally encrypts your search query and sends it off to the search engine, that also strips your IP address. The results are encrypted with the public key of an automatically generated key pair, and decrypted again in your browser. So no worries that your free WiFi at insert your fav coffeebar here is somehow snooping on your search queries from now on! And after playing around a bit, I quickly found that at least the following search filters, as we know in Google, also work here:

  • site:
  • inurl:
  • filetype:
  • intitle:
  • + and - (include and exclude words)

Link: https://private.sh/

Tip: Filters in Image Search Engines

The account i_intelligence tweeted a comparison between the search filters in image search engines. It has a good overview of what options each company provides, although it's not entirely correct it seems. Because Google does still offer a way to search for faces. Check this video from Nico to find out how to enable this feature again. And searching within a site by using a search operator, does count to me as 'searching within a specific site', but that might just be me. The most important thing is, that there are differences between search engines, and use them to your advantage.

Link: https://i-intelligence.eu/insights/google-vs-bing-vs-yandex-image-search-comparing-filters

Tutorial: Finding Witnesses via Strava

Finding people in a location at a specific time
Finding people in a location at a specific time

Aware Online has written another great article. This time he shows how it's possible to find people that were in a specific area at a specific time period. This can be useful for investigators or law enforcement to search witnesses of an event. I had the idea of writing a blog about such things about 2 years ago, but it never came to this. Back in the day it was extremely easy to track people in Ingress and Pokémon Go, and I investigated other platforms for that. To find people that were in a location on a specific day, other platforms you could check are:

  • Geocaching (or derivatives like Terracaching, Munzee, Waymarking, etc)
  • Foursquare and Swarm
  • Tripadvisor

But there are a lot of other sites, especially websites that track users during their daily or weekly run.

Link: https://www.aware-online.com/en/finding-witnesses-via-strava/

Site: Chaos on TOR

ChaosD0c has been really busy lately! His Tor indexing service offers a wealth of information, and is growing rapidly with more functionality. He now offers JARM hashes for all of the sites he indexed, and has an RSS feed that shows all the new sites coming in. A really awesome project, that I'm following with great interest. Keep up the good work!

JARM: https://x.chaos.institute/tor/

RSS feed: https://osint.party/api/rss/fresh

Tip: LinkedIn

Ginger T and Ritu Gill wrote an interesting article on how to use Google and Bing to search for LinkedIn profiles. The two search engines show different information in their results, and you can use these differences to your advantage. If you use LinkedIn in your investigations, I highly suggest reading the tips they provide in here.

Link: https://www.cqcore.uk/are-you-linked-in/

Have a good week and a good search!

Previous Post Next Post